-
公开(公告)号:US12003637B1
公开(公告)日:2024-06-04
申请号:US18222951
申请日:2023-07-17
IPC分类号: H04L29/06 , G06F21/60 , H04L9/06 , H04L9/08 , H04L9/14 , H04L9/16 , H04L9/32 , H04L9/40 , H04L9/30
CPC分类号: H04L9/16 , G06F21/602 , H04L9/0618 , H04L9/0637 , H04L9/0816 , H04L9/14 , H04L9/3239 , H04L9/3242 , H04L63/06 , H04L9/0643 , H04L9/30 , H04L63/0428 , H04L63/123
摘要: A plaintext and cryptographic key are used to generate an initialization vector to be used in a cryptographic algorithm, such as an encryption algorithm. In some examples, the plaintext and cryptographic key are input into an effectively one-way function, such as a cryptographic hash function, the output of which is usable as an initialization vector. Cryptographic keys may be rotated probabilistically based at least in part on probabilities of output collisions of the effectively one-way function to ensure a low probability of two different plaintexts resulting in calculation of the same initialization vector for use with the same cryptographic key.
-
公开(公告)号:US11626996B2
公开(公告)日:2023-04-11
申请号:US15865016
申请日:2018-01-08
摘要: A web of trust in a distributed system is established. A root of trust for at least two components in the distributed system validates information for the distributed system. The validated information is then used to create additional information for the distributed system. Versions of the information are usable to validate subsequent versions of the information such that validation of a version of the information can be performed by using one or more previous versions to verify that the version is a valid successor of a previously validated previous version.
-
公开(公告)号:US11184157B1
公开(公告)日:2021-11-23
申请号:US16007927
申请日:2018-06-13
发明人: Shay Gueron , Matthew John Campagna
摘要: Protection against the obsolescence of cryptographic algorithms is provided by generating a cryptographic key pair for future use and storing the public key on a device. The cryptographic key pair supports a signature scheme that is potentially resistant to quantum computing attacks. In an embodiment, a key management server generates a set of one-time use keys sufficient to sign the anticipated number of software updates to be applied to a device. The key management server provides a public key which is stored on the device for later use. In an embodiment, an update to the device us signed with the one-time-use private key, and can be authenticated by the device using the public key. In an embodiment, the key pair supports the use of a one-time signature technique such as a Merkle signature scheme, Winternitz signature, or Lampert signature.
-
公开(公告)号:US11050844B2
公开(公告)日:2021-06-29
申请号:US16518455
申请日:2019-07-22
摘要: A trusted co-processor can provide a hardware-based observation point into the operation of a host machine owned by a resource provider or other such entity. The co-processor can be installed via a peripheral card on a fast bus, such as a PCI bus, on the host machine. The provider can provide the customer with expected information that the customer can verify through a request to an application programming interface (API) of the card, and after the customer verifies the information the customer can take logical ownership of the card and lock out the provider. The card can then function as a trusted but limited environment that is programmable by the customer. The customer can subsequently submit verification requests to the API to ensure that the host has not been unexpectedly modified or is otherwise operating as expected.
-
公开(公告)号:US11036861B2
公开(公告)日:2021-06-15
申请号:US16298867
申请日:2019-03-11
摘要: A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.
-
公开(公告)号:US20210044426A1
公开(公告)日:2021-02-11
申请号:US17060760
申请日:2020-10-01
摘要: One or more systems implement a plurality of blockchains to track event data. The plurality of blockchains are arranged in tiered form, and the content and/or integrity of blockchains in higher tiers depends on, or at least derives from, the content and/or integrity of the blockchains in lower tiers. Depending on the specific structure and implementation, assurances, verifications, and the like may be provided for services and other resources using such blockchains in a repeatable manner.
-
公开(公告)号:US10826685B1
公开(公告)日:2020-11-03
申请号:US15195803
申请日:2016-06-28
摘要: One or more systems implement a plurality of blockchains to track event data. The plurality of blockchains are arranged in tiered form, and the content and/or integrity of blockchains in higher tiers depends on, or at least derives from, the content and/or integrity of the blockchains in lower tiers. Depending on the specific structure and implementation, assurances, verifications, and the like may be provided for services and other resources using such blockchains in a repeatable manner.
-
公开(公告)号:US10798086B2
公开(公告)日:2020-10-06
申请号:US15589783
申请日:2017-05-08
摘要: An implicit certificate is based on a ring learning with errors (“RLWE”) public keys that are, in some examples, resistant to quantum-based computing attacks. Various methods are described that request, generate, verify, and use the implicit certificates. In some examples, the system provides an implicit certificate that enables communication between two parties that are identified at the time of certificate generation. In another example, the system provides a certificate that may be used to communicate with a variety of different parties. The implicit certificate generation algorithm yields a public key purportedly bound to U. Confirmation that the public key is bound to U is obtained after use of the corresponding private key. Binding of an entity to its associated public key and accessibility to the private key, are verified as a result of successful key use.
-
公开(公告)号:US10693638B1
公开(公告)日:2020-06-23
申请号:US15367114
申请日:2016-12-01
摘要: A secret cryptographic key is stored in a protected state. While in the protected state, the secret cryptographic key is encrypted with a plurality of cryptographic keys, each of which is used to re-create the plaintext version of the secret cryptographic key. A service operated by an online service provider creates an isolated network environment containing a bastion computer system in communication with an HSM. After establishing the isolated network environment, the online service provider provides a service provider key to the HSM. An HSM key is present on the HSM, and an administrator key is provided by one or more key administrators. Using the HSM key, the service provider key, and the administrator key, the HSM performs cryptographic operations using the secret cryptographic key. When complete, the isolated network environment is deconstructed and the secret cryptographic key is returned to online storage in a protected state.
-
公开(公告)号:US10608824B1
公开(公告)日:2020-03-31
申请号:US15402063
申请日:2017-01-09
摘要: A first public key is generated based at least in part on a first plurality of signing keys and a second public key is generated based at least in part on a second plurality of signing keys. The signing keys may be used to generate digital signatures. The second public key may be made available to verify a digital signature generated using a signing key from the second plurality of signing keys. In some cases, a first Merkle tree may be formed by the first public key and the first plurality of signing keys, and a second Merkle tree may be formed by the second public key, the first public key, and the second plurality of signing keys.
-
-
-
-
-
-
-
-
-
搜索结果
119 条记录 (耗时 0.027 秒)
