知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

70 records (took 0.095 seconds)

    REVOCABLE SHREDDING OF SECURITY CREDENTIALS
    31.
    发明申请
    REVOCABLE SHREDDING OF SECURITY CREDENTIALS 审中-公开

    公开(公告)号:US20180167381A1

    公开(公告)日:2018-06-14

    申请号:US15878957

    申请日:2018-01-24

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Matthew James Wren Eric Jason Brandwine

    IPC: H04L29/06 H04L9/08

    CPC classification number: H04L63/0823 H04L9/0822 H04L9/0891 H04L9/0894 H04L63/06 H04L63/061 H04L2463/062

    Abstract: Customers accessing resources and/or data in a multi-tenant environment can obtain assurance that a provider of that environment will honor only requests associated with the customer. A multi-tenant cryptographic service can be used to manage cryptographic key material and/or other security resources in the multi-tenant environment. The cryptographic service can provide a mechanism in which the service can receive requests to use the cryptographic key material to access encrypted customer data, export key material out of the cryptographic service, destroy key material managed by the cryptographic service, among others. Such an approach can enable a customer to manage key material without exposing the key material outside a secure environment.

    SESSION NEGOTIATIONS
    32.
    发明申请
    SESSION NEGOTIATIONS 审中-公开

    公开(公告)号:US20180083929A1

    公开(公告)日:2018-03-22

    申请号:US15823450

    申请日:2017-11-27

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Matthew James Wren Eric Jason Brandwine Brian Irl Pratt

    IPC: H04L29/06 H04L9/32

    Abstract: A plurality of devices are each operable to provide information that is usable for to prove authorization with any of the other devices. The devices may have common access to a cryptographic key. A device may use the cryptographic key to encrypt a session key and provide both the session key and the encrypted session key. Requests to any of the devices can include the encrypted session key and a digital signature generated using the session key. In this manner, a device that receives the request can decrypt the session key and use the decrypted session key to verify the digital signature.

    Federated key management
    33.
    发明授权
    Federated key management 有权

    公开(公告)号:US09667421B2

    公开(公告)日:2017-05-30

    申请号:US13765209

    申请日:2013-02-12

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Matthew James Wren Eric Jason Brandwine Brian Irl Pratt

    IPC: H04L29/06 H04L9/08 H04L9/32

    Abstract: A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system. Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches.

    Policy enforcement with associated data
    34.
    发明授权
    Policy enforcement with associated data 有权
    具有关联数据的策略执行

    公开(公告)号:US09547771B2

    公开(公告)日:2017-01-17

    申请号:US13764995

    申请日:2013-02-12

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Matthew James Wren Eric Jason Brandwine Brian Irl Pratt

    IPC: G06F17/00 H04L29/06 G06F21/62 G06F21/60 H04L9/08

    CPC classification number: G06F21/6209 G06F21/602 H04L9/088 H04L9/0891 H04L9/3242 H04L63/0428 H04L63/20

    Abstract: Requests submitted to a computer system are evaluated for compliance with policy to ensure data security. Plaintext and associated data are used as inputs into a cipher to produce ciphertext. Whether a result of decrypting the ciphertext can be provided in response to a request is determined based at least in part on evaluation of a policy that itself is based at least in part on the associated data. Other policies include automatic rotation of keys to prevent keys from being used in enough operations to enable cryptographic attacks intended to determine the keys.

    Abstract translation: 对提交给计算机系统的请求进行评估,以符合政策以确保数据安全。 明文和相关数据用作密码的输入以产生密文。 至少部分地基于本身至少部分地基于相关数据的策略的评估来确定响应于请求而提供解密密文的结果。 其他策略包括自动旋转密钥,以防止在足够的操作中使用密钥来启用旨在确定密钥的加密攻击。

    Multiple authority data security and access
    35.
    发明授权
    Multiple authority data security and access 有权
    多权限数据安全和访问

    公开(公告)号:US09407440B2

    公开(公告)日:2016-08-02

    申请号:US13922875

    申请日:2013-06-20

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Matthew James Wren

    IPC: H04L29/06 H04L9/32 H04L9/08 H04L9/14

    CPC classification number: H04L9/083 G06F21/6209 H04L9/0822 H04L9/0825 H04L9/0894 H04L9/14 H04L63/0435 H04L63/06

    Abstract: Data is encrypted such that multiple keys are needed to decrypt the data. The keys are accessible to different entities so that no single entity has access to all the keys. At least one key is managed by a service provider. A customer computer system of the service provider may be configured with executable instructions directing the orchestration of communications between the various entities having access to the keys. As a result, security compromise in connection with a key does not, by itself, render the data decryptable.

    Abstract translation: 数据被加密,使得需要多个密钥来解密数据。 密钥可以访问不同的实体,以便没有一个实体可以访问所有的密钥。 至少一个密钥由服务提供商管理。 服务提供商的客户计算机系统可以配置有指导在具有访问密钥的各种实体之间的通信协调的可执行指令。 因此,与密钥相关的安全性妥协本身不会使数据可解密。

    POLICY ENFORCEMENT WITH ASSOCIATED DATA
    37.
    发明申请
    POLICY ENFORCEMENT WITH ASSOCIATED DATA 有权
    具有相关数据的政策执行

    公开(公告)号:US20140230007A1

    公开(公告)日:2014-08-14

    申请号:US13764995

    申请日:2013-02-12

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Matthew James Wren Eric Jason Brandwine Brian Irl Pratt

    IPC: G06F21/62

    CPC classification number: G06F21/6209 G06F21/602 H04L9/088 H04L9/0891 H04L9/3242 H04L63/0428 H04L63/20

    Abstract: Requests submitted to a computer system are evaluated for compliance with policy to ensure data security. Plaintext and associated data are used as inputs into a cipher to produce ciphertext. Whether a result of decrypting the ciphertext can be provided in response to a request is determined based at least in part on evaluation of a policy that itself is based at least in part on the associated data. Other policies include automatic rotation of keys to prevent keys from being used in enough operations to enable cryptographic attacks intended to determine the keys.

    Abstract translation: 对提交给计算机系统的请求进行评估,以符合政策以确保数据安全。 明文和相关数据用作密码的输入以产生密文。 至少部分地基于本身至少部分地基于相关数据的策略的评估来确定响应于请求而提供解密密文的结果。 其他策略包括自动旋转密钥,以防止在足够的操作中使用密钥来启用旨在确定密钥的加密攻击。

    Immediate policy effectiveness in eventually consistent systems
    39.
    发明授权
    Immediate policy effectiveness in eventually consistent systems 有权

    公开(公告)号:US10911457B2

    公开(公告)日:2021-02-02

    申请号:US16297421

    申请日:2019-03-08

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Matthew James Wren

    IPC: H04L29/06

    Abstract: Policy changes are propagated to access control devices of a distributed system. The policy changes are given immediate effect without having to wait for the changes to propagate through the system. A token comprises the policy change and can be provided in connection with access requests. Before an access control device has received a propagated policy change, the access control device can evaluate a token provided in connection with a request to determine, consistent with the policy change, whether to fulfill the request.

Patent Agency Ranking