公开(公告)号：US11533185B1

公开(公告)日：2022-12-20

申请号：US16910010

申请日：2020-06-23

Applicant: Amazon Technologies, Inc.

Inventor： Param Sharma ,  Jonathan Kozolchyk ,  Todd Cignetti ,  Kyle Benjamin Schultheiss ,  Josh Rosenthol ,  Jose Maria Silveira Neto ,  Yiwen Wu

IPC: H04L9/32

Abstract: Systems and method for generating and managing certificate authorities. For instance, a certificate service may provide one or more user interfaces for creating certificate authorities, such as a root certificate authority, a subordinate certificate authority, and/or an intermediate certificate authority. For example, a user may use a user device to create a certificate hierarchy. The certificate service may also provide one or more user interfaces for issuing certificates using the certificate authorities. One or more computing resources may then use the end-entity certificates issued from the certificate authority hierarchy for authentication and/or encryption. For security purposes, the certificate authority may also allow the user to set policies representing users that are able to access and/or utilize the certificate authorities to perform actions, such as issuing certificates. The certificate service may also generate audit reports indicating certificates that are created using the certificate authorities.

公开(公告)号：US11888994B1

公开(公告)日：2024-01-30

申请号：US17364232

申请日：2021-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Param Sharma ,  Josh Rosenthol ,  Todd Cignetti ,  Jonathan Kozolchyk

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3263 ,  H04L9/0825 ,  H04L9/0836 ,  H04L9/0891

Abstract: Described are automated systems and methods for providing a template design for a public-key infrastructure (PKI) system. For example, certain infrastructure information and stored PKI information can be processed to determine a PKI template, which can specify the configuration for a proposed PKI hierarchy. A configurable representation of the proposed PKI hierarchy can be generated and presented to the user, which can facilitate review, modification, and further customization of the proposed PKI hierarchy. Aspects of the present disclosure can also determine costs associated with the proposed PKI hierarchy, and can create and deploy the proposed PKI hierarchy.

公开(公告)号：US12137175B1

公开(公告)日：2024-11-05

申请号：US17364160

申请日：2021-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Param Sharma ,  Todd Cignetti ,  Josh Rosenthol ,  Jonathan Kozolchyk

IPC: H04L9/32 ,  H04L9/30

Abstract: Described are automated systems and methods for employing certificate authority meta-resources to facilitate automatic renewal and/or rotation of certificates and/or certificate authorities in a PKI hierarchy. For example, embodiments of the present disclosure can provide creating a certificate authority meta-resource, which can maintain and monitor certain information to facilitate automatic renewal and rotation of certificates and/or certificate authorities in a PKI hierarchy. The certificate authority meta-resource can also keep track of the active certificate authorities and certificates to ensure that trust is maintained without manual configuration of the PKI hierarchy.

公开(公告)号：US12088738B2

公开(公告)日：2024-09-10

申请号：US17541998

申请日：2021-12-03

Applicant: Amazon Technologies, Inc.

Inventor： Josh Rosenthol ,  Param Sharma ,  Kyle Benjamin Schultheiss ,  Marcel Andrew Levy ,  Todd Cignetti

IPC: G06F21/00 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L9/3268 ,  H04L9/0825 ,  H04L9/3213 ,  H04L63/102 ,  H04L63/20

Abstract: Techniques are described for enabling users of a certificate management service to create certificate issuance policies that can be applied to certificate issuance requests across both public and private certificate authorities (CAs) and other certificate-related services. According to embodiments described herein, a certificate issuance policy includes one or more certificate issuance rules to be applied to requests associated with one or more specified user accounts or roles for certificate-related resources (e.g., public certificates, private certificates, etc.). The application of a certificate issuance rule can be conditioned on a particular request context (e.g., based on a user account or role associated with a request, a type of certificate requested, a subject name identified in the request, etc.) and can specify a wide range of actions to be performed on requests matching a rule (e.g., allowing or denying a request, modifying one or more parameters of the request, etc.).