公开(公告)号：US09292711B1

公开(公告)日：2016-03-22

申请号：US14149710

申请日：2014-01-07

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Gregory Alan Rubin

IPC: G06F21/71 ,  G06F21/31

CPC classification number: H04L63/108 ,  G06F12/1408 ,  G06F21/31 ,  G06F21/34 ,  G06F21/71 ,  G06F2212/1052 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/0876

Abstract: A hardware secret is securely maintained in a computing device. The device operates in accordance with a usage limit corresponding to a limited number of operations using the hardware secret that the device is able to perform. Once the device reaches a usage limit, the device becomes temporarily or permanently unable to perform additional operations using the hardware secret.

Abstract translation: 安全地维护计算设备中的硬件秘密。 该设备根据使用设备能够执行的硬件密码的有限数量的操作的使用限制进行操作。 一旦设备达到使用限制，设备将暂时或永久地无法使用硬件密码执行其他操作。

公开(公告)号：US09288208B1

公开(公告)日：2016-03-15

申请号：US14020494

申请日：2013-09-06

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Gregory Branchek Roth ,  Graeme David Baer

IPC: G06F21/00 ,  H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  G06F21/33 ,  G06F21/31

CPC classification number: H04L9/3271 ,  G06F9/45533 ,  G06F21/31 ,  G06F21/335 ,  H04L9/08 ,  H04L9/0816 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/302 ,  H04L9/3242 ,  H04L9/3247 ,  H04L9/3249 ,  H04L63/0807 ,  H04L63/0876 ,  H04L63/0884 ,  H04L63/126 ,  H04L63/20 ,  H04L67/02 ,  H04L2209/56 ,  H04L2209/76

Abstract: An escrow platform is described that can be used to enable access to devices. The escrow platform can be used to sign cryptographic network protocol challenges on behalf of clients so that the secrets used to sign cryptographic network protocol challenges do not have to be exposed to the clients. The escrow platform can store or control access to private keys, and the corresponding public keys can be stored on respective target platforms. A client can attempt to access a target platform and in response the target platform can issue a challenge. The client platform can send the challenge to the escrow platform, which can use the corresponding private key to sign the challenge. The signed challenge can be sent back to the client, which can forward it to the target platform. The target platform can verify the expected private key and grant access.

Abstract translation: 描述了可用于启用对设备的访问的托管平台。 托管平台可以用于代表客户端签署加密网络协议挑战，以便用于签署加密网络协议挑战的秘密不必暴露给客户端。 托管平台可以存储或控制对私钥的访问，相应的公钥可以存储在各自的目标平台上。 客户端可以尝试访问目标平台，并且响应目标平台可以发出挑战。 客户端平台可将挑战发送到托管平台，该平台可以使用相应的私钥来签署挑战。 签署的挑战可以发送回客户端，可以将其转发到目标平台。 目标平台可以验证预期的私钥并授予访问权限。

公开(公告)号：US09276919B1

公开(公告)日：2016-03-01

申请号：US13940625

申请日：2013-07-12

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Popoveniuc ,  Cristian Marius Ilac ,  Gregory Branchek Roth ,  Eric J. Brandwine

IPC: H04L29/06 ,  G06F21/55

CPC classification number: H04L63/083 ,  G06F21/316 ,  G06F21/552 ,  H04L63/08 ,  H04L63/102 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20

Abstract: In certain embodiments, a system having a memory and a processor. The memory is operable to store a credential verifier associated with a user account and a counter. The processor is coupled to the memory and the memory includes executable instructions that cause the system to receive a first authentication attempt and increment the counter if validation of the first authentication attempt against the credential verifier fails. The instructions also cause the system to receive a second authentication attempt and increment the counter only if validation of the second authentication attempt against the credential verifier fails and the second authentication attempt is distinct from the first authentication attempt.

Abstract translation: 在某些实施例中，具有存储器和处理器的系统。 存储器可操作地存储与用户帐户和计数器相关联的凭证验证器。 处理器耦合到存储器，并且存储器包括可执行指令，其使得系统接收第一认证尝试，并且如果针对证书验证器的第一认证尝试的验证失败则递增计数器。 指令还使得系统接收第二认证尝试，并且只有当对证书验证者的第二认证尝试的验证失败并且第二认证尝试与第一认证尝试不同时才递增计数器。

公开(公告)号：US09237019B2

公开(公告)日：2016-01-12

申请号：US14037282

申请日：2013-09-25

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine

IPC: H04L9/32

CPC classification number: H04L63/0428 ,  H04L9/321 ,  H04L9/3247 ,  H04L63/10 ,  H04L63/102 ,  H04L63/123 ,  H04L63/168 ,  H04L67/02

Abstract: Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.

Abstract translation: 请求被预先生成以包括用于满足请求的加密密钥。 请求可以在统一资源定位符中编码，并且可以包括认证信息，以使能够提交请求的服务提供商确定请求是否被授权。 请求可以被传递给各种实体，然后可以将请求提交给服务提供商。 服务提供商在接收到请求后，可以使用在请求中编码的加密密钥验证认证信息并完成请求。

公开(公告)号：US09071429B1

公开(公告)日：2015-06-30

申请号：US13873083

申请日：2013-04-29

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Matthew James Wren ,  Eric Jason Brandwine

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/0822 ,  H04L9/0891 ,  H04L9/0894 ,  H04L63/06 ,  H04L63/061 ,  H04L2463/062

Abstract: Customers accessing resources and/or data in a multi-tenant environment can obtain assurance that a provider of that environment will honor only requests associated with the customer. A multi-tenant cryptographic service can be used to manage cryptographic key material and/or other security resources in the multi-tenant environment. The cryptographic service can provide a mechanism in which the service can receive requests to use the cryptographic key material to access encrypted customer data, export key material out of the cryptographic service, destroy key material managed by the cryptographic service, among others. Such an approach can enable a customer to manage key material without exposing the key material outside a secure environment.

Abstract translation: 在多租户环境中访问资源和/或数据的客户可以确保该环境的提供商只会履行与客户相关的请求。 可以使用多租户加密服务来管理多租户环境中的加密密钥资料和/或其他安全资源。 加密服务可以提供一种机制，其中服务可以接收使用加密密钥材料的访问加密客户数据的请求，从密码服务导出密钥材料，销毁密码服务管理的密钥材料等。 这种方法可以使客户能够管理关键材料，而不会将密钥材料暴露在安全环境之外。

公开(公告)号：US09037854B2

公开(公告)日：2015-05-19

申请号：US13746924

申请日：2013-01-22

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Nachiketh Rao Potlapally

IPC: G06F21/00 ,  G06F21/72

CPC classification number: G06F21/72 ,  G06F21/53 ,  G06F21/57 ,  G06F21/575 ,  G06F21/602 ,  G06F21/64

Abstract: A privileged cryptographic service is described, such as a service running in system management mode (SMM). The privileged service is operable to store and manage cryptographic keys and/or other security resources in a multitenant remote program execution environment. The privileged service can receive requests to use the cryptographic keys and issue responses to these requests. In addition, the privileged service can measure the hypervisor at runtime (e.g., either periodically or in response to the requests) in an attempt to detect evidence of tampering with the hypervisor. Because the privileged service is operating in system management mode that is more privileged than the hypervisor, the privileged service can be robust against virtual machine escape and other hypervisor attacks.

Abstract translation: 描述了一种特权加密服务，例如在系统管理模式（SMM）中运行的服务。 特权服务可操作以在多租户远程程序执行环境中存储和管理加密密钥和/或其他安全资源。 特权服务可以接收使用加密密钥的请求并发出对这些请求的响应。 此外，特权服务可以在运行时（例如，周期性地或响应于请求）来测量管理程序，以试图检测篡改管理程序的证据。 由于特权服务在比管理程序更具特权的系统管理模式下运行，因此特权服务可以针对虚拟机逃脱和其他管理程序攻击而强大。

公开(公告)号：US20140380402A1

公开(公告)日：2014-12-25

申请号：US13923004

申请日：2013-06-20

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth

IPC: G06F21/60

CPC classification number: G06F21/64 ,  G06F21/604

Abstract: Policies are used to control access to resources. Requests to change a set of policies may be fulfillable, at least in some circumstances, only if the requests are submitted such that the requested changes would become effective at a time in the future that is in compliance with a requirement for delayed enforcement. The requirement for delayed enforcement may be encoded in a policy in the set of policies.

Abstract translation: 策略用于控制资源的访问。 至少在某些情况下，只有在提交请求时，要求更改一组政策的请求才能实现，以便所要求的更改将在以后的时间内生效，以符合延迟执行的要求。 延迟执行的要求可以编码在一组策略中的策略中。

公开(公告)号：US20140380054A1

公开(公告)日：2014-12-25

申请号：US13922875

申请日：2013-06-20

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Matthew James Wren

IPC: H04L9/32

CPC classification number: H04L9/083 ,  G06F21/6209 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0894 ,  H04L9/14 ,  H04L63/0435 ,  H04L63/06

Abstract: Data is encrypted such that multiple keys are needed to decrypt the data. The keys are accessible to different entities so that no single entity has access to all the keys. At least one key is managed by a service provider. A customer computer system of the service provider may be configured with executable instructions directing the orchestration of communications between the various entities having access to the keys. As a result, security compromise in connection with a key does not, by itself, render the data decryptable.

Abstract translation: 数据被加密，使得需要多个密钥来解密数据。 密钥可以访问不同的实体，以便没有一个实体可以访问所有的密钥。 至少一个密钥由服务提供商管理。 服务提供商的客户计算机系统可以配置有指导在具有访问密钥的各种实体之间的通信协调的可执行指令。 因此，与密钥相关的安全性妥协本身不会使数据可解密。

公开(公告)号：US20140282950A1

公开(公告)日：2014-09-18

申请号：US14292404

申请日：2014-05-30

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Cristian M. Ilac

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L9/0872 ,  H04L9/0891 ,  H04L63/061 ,  H04L63/0838 ,  H04W12/04 ,  H04W12/06

Abstract: Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.

Abstract translation: 可以在至少一个发送者和至少一个接收者之间自动重新协商秘密信息，例如种子，密码和密钥。 诸如计数器，事件或挑战等各种机制可用于通过各种请求或通信来触发自动重新谈判。 这些更改可能导致当前的秘密信息与旧版本的秘密信息分歧，这些秘密信息可能是由非预期的第三方获得的。 在一些实施例中，秘密可以被配置为随着时间的推移“衰减”，或者周期性地引入可以被授权方确定为有效的小变化，但是可以降低秘密信息的先前版本的有效性。

公开(公告)号：US20140229732A1

公开(公告)日：2014-08-14

申请号：US13765265

申请日：2013-02-12

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Matthew James Wren ,  Eric Jason Brandwine ,  Brian Irl Pratt

IPC: G06F21/62

CPC classification number: G06F21/602 ,  G06F2221/2135 ,  G06F2221/2143 ,  G06F2221/2151 ,  H04L63/0428 ,  H04L63/062

Abstract: A distributed computing environment utilizes a cryptography service. The cryptography service manages keys securely on behalf of one or more entities. The cryptography service is configured to receive and respond to requests to perform cryptographic operations, such as encryption and decryption. The requests may originate from entities using the distributed computing environment and/or subsystems of the distributed computing environment.