-
公开(公告)号:US10411886B1
公开(公告)日:2019-09-10
申请号:US14983242
申请日:2015-12-29
摘要: Systems and processes are described for establishing and using a secure channel. A shared secret may be used for authentication of session initiation messages as well as for generation of a private/public key pair for the session. A number of ways of agreeing on the shared secret are described and include pre-sharing the keys, reliance on a key management system, or via a token mechanism that uses a third entity to manage authentication, for example. In some instances, the third party may also perform endpoint selection by providing a particular endpoint along with the token. The particular cipher suite applied in a particular implementation may be configurable. The process is applicable to either implicit key confirmation (e.g., handshake negotiation) or explicit key confirmation (e.g., full negotiation).
-
公开(公告)号:US20190238557A1
公开(公告)日:2019-08-01
申请号:US16380741
申请日:2019-04-10
CPC分类号: H04L63/123 , G06F21/602 , G06F21/604 , G06F21/64 , G06F21/645 , H04L63/061
摘要: A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.
-
公开(公告)号:US10313319B2
公开(公告)日:2019-06-04
申请号:US15945975
申请日:2018-04-05
摘要: Performing cryptographic operations such as encryption and decryption may be computationally expensive. In some contexts, initialization vectors and keystreams operable to perform encryption operations are generated and stored in a repository, and later retrieved for use in performing encryption operations. Multiple devices in a distributed system can each generate and store a subset of a larger set of keystreams.
-
公开(公告)号:US10243968B2
公开(公告)日:2019-03-26
申请号:US14967142
申请日:2015-12-11
摘要: Clients within a computing environment may establish a secure communication session. Sometimes, a client may trust another client to read, but not modify, a message. Clients may utilize a cryptography service to generate a message protected against improper modification. Clients may utilize a cryptography service to verify whether a protected message has been improperly modified.
-
公开(公告)号:US10230525B2
公开(公告)日:2019-03-12
申请号:US15389686
申请日:2016-12-23
摘要: An organizational signature authority delegates signature authority to one or more subordinate signature authorities by rolling up public keys from the subordinate signature authorities into a public key for the organization. A subordinate signature authority of the organizational signature authority generates cryptographic keys for use by the subordinate signature authority, and cryptographically derives a public key for the subordinate signature authority based at least in part on the cryptographic keys. In some examples, the subordinate signature authority acquires public keys from a lower subordinate signature authority, and the public key of the subordinate signature authority is cryptographically derived in part from the public key of the lower subordinate signature authority. The public key of the subordinate signature authority is provided to the organizational signature authority. A hash tree is generated from the public keys of the subordinate signature authorities to create the public key for the organization.
-
公开(公告)号:US20190068363A1
公开(公告)日:2019-02-28
申请号:US16174033
申请日:2018-10-29
IPC分类号: H04L9/08
摘要: A cryptographic key management service receives a request to import a first cryptographic key. In response to the request, the service creates a public cryptographic key and a private cryptographic key. The private cryptographic key is encrypted using a second cryptographic key to create an import key token. The import key token and the public cryptographic key are provided in response to the request. The service receives an encrypted first cryptographic key, which the service decrypts using the private cryptographic key to obtain the first cryptographic key. The service stores the first cryptographic key and enables its use for the performance of cryptographic operations.
-
公开(公告)号:US20180343127A1
公开(公告)日:2018-11-29
申请号:US15589808
申请日:2017-05-08
CPC分类号: H04L9/3268 , H04L9/0825 , H04L9/0844 , H04L9/085 , H04L9/14 , H04L9/30 , H04L9/3093 , H04L9/321
摘要: A first entity and a second entity establish a protected authenticated communication channel using an implicit certificate issued by a certificate authority. In some examples, the implicit certificate is generated based at least in part on the ring learning with errors (“RLWE”) problem. Using the implicit certificate, the first entity and the second entity exchange information that enables the entities to negotiate a shared secret. The shared secret may be used to establish a cryptographically protected communication channel. Successful use of the shared secret authenticates the identity of the first entity and the second entity.
-
公开(公告)号:US10133867B1
公开(公告)日:2018-11-20
申请号:US15083728
申请日:2016-03-29
摘要: A trusted co-processor can provide a hardware-based observation point into the operation of a host machine owned by a resource provider or other such entity. The co-processor can be installed via a peripheral card on a fast bus, such as a PCI bus, on the host machine. The co-processor can execute malware detection software, and can use this software to analyze data and/or code obtained from the relevant resources of the host machine. The trusted co-processor can notify the customer or another appropriate entity of the results of the scan, such that an appropriate action can be taken if malware is detected. The results of the scan can be trusted, as malware will be unable to falsify such a notification or modify the operation of the trusted co-processor.
-
公开(公告)号:US10129034B2
公开(公告)日:2018-11-13
申请号:US15946614
申请日:2018-04-05
发明人: Matthew John Campagna , Gregory Alan Rubin , Nicholas Alexander Allen , Andrew Kyle Driggs , Eric Jason Brandwine
摘要: A signature authority generates a master seed value that is used to generate a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values from the seed tree which are distributed to one or more subordinates, each of which generates a set of one-time-use cryptographic keys from the provided seed. Each subordinate generates a hash tree from its set of one-time-use cryptographic keys, and returns the root of its hash tree to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree, and the root of the hash tree acts as a public key for the signature authority.
-
公开(公告)号:US20180324176A1
公开(公告)日:2018-11-08
申请号:US15589798
申请日:2017-05-08
摘要: Two parties to a communication establish public and private keys through the use of implicit certificates. Each party establishes a new static key pair, and determines a difference between the new static key pair and the previously established keys. The differences are exchanged and used to determine new public static keys. Each party generates an ephemeral key pair from the static key pair, and a shared secret is derived from a combination of the ephemeral keys and the new static keys.
-
-
-
-
-
-
-
-
-
搜索结果
119 条记录 (耗时 0.031 秒)
