公开(公告)号：US10484372B1

公开(公告)日：2019-11-19

申请号：US14968422

申请日：2015-12-14

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Rami Kawach

IPC: H04L9/32 ,  H04L29/06

Abstract: Secure interactions between a client device executing an application and a remote server associated with the application are enabled without credentials such as passwords. The application may acquire an encryption key pair, store a first key of the pair on the client device, and secure access to it by associated biometric data. The second key of the pair is stored on the remote server in association with the user's account. Responsive to a request on the application for an action that requires authentication with the remote server, the user must input biometric data which, only if verified, enables access to use the first key. The first key is then used to encrypt authentication data for submission to the remote server. The server accesses the public key and uses it to decrypt the data and verify the source of the request. If verified, the server then authorizes the requested action.

公开(公告)号：US10218682B1

公开(公告)日：2019-02-26

申请号：US15001077

申请日：2016-01-19

Applicant: Amazon Technologies, Inc.

Inventor： Rami Kawach ,  Jesper Mikael Johansson

IPC: H04L29/06 ,  G06F21/60 ,  H04L9/32

Abstract: The present document describes systems and methods that utilize a cryptographic service for establishing a cryptographically protected communication session, such as a TLS connection, between a client computer system and a TLS termination point. The cryptographic service retains cryptographic material associated with a server that is represented by the TLS termination point. The TLS termination point uses the cryptographic service to perform cryptographic operations associated with establishing and maintaining the cryptographically protected communication session. The cryptographic service may be provided by the server itself, a cryptographic server, or a cryptographic accelerator such as an HSM. In some embodiments, the cryptographic service tokenizes unencrypted data to be provided to the TLS termination point. If a cryptographic accelerator is used, the cryptographic accelerator may include facilities to accelerate asymmetric cryptographic operations as well as symmetric cryptographic operations.