公开(公告)号：US11811919B2

公开(公告)日：2023-11-07

申请号：US18045068

申请日：2022-10-07

Applicant: Amazon Technologies, Inc.

Inventor： Rodrigo Rubira Branco ,  Shay Gueron ,  John Totah

IPC: H04L9/08 ,  H04L41/5061 ,  G06N10/00 ,  H04L9/32 ,  G06F11/36 ,  H04L67/133

CPC classification number: H04L9/085 ,  G06F11/3648 ,  G06N10/00 ,  H04L9/3234 ,  H04L41/5061 ,  H04L67/133

Abstract: A system coordinates with remote hardware to execute customer workloads. The system uses an architecture for ensuring trust to ensure that debugging is not performed at the remote hardware while the customer workload is being executed on the remote hardware without customer consent. For example, debugging at the remote hardware may enable an entity performing the debugging to view certain aspects of the customer's workload. The architecture for ensuring trusts uses a shared secret to ensure customer consent is given before debugging can be performed while the customer's workload is being executed on the remote hardware.

公开(公告)号：US11469887B1

公开(公告)日：2022-10-11

申请号：US16915771

申请日：2020-06-29

Applicant: Amazon Technologies, Inc.

Inventor： Rodrigo Rubira Branco ,  Shay Gueron ,  John Totah

IPC: H04L9/08 ,  H04L41/5061 ,  G06N10/00 ,  H04L9/32 ,  G06F11/36 ,  H04L67/133

Abstract: A system coordinates with remote hardware to execute customer workloads. The system uses an architecture for ensuring trust to ensure that debugging is not performed at the remote hardware while the customer workload is being executed on the remote hardware without customer consent. For example, debugging at the remote hardware may enable an entity performing the debugging to view certain aspects of the customer's workload. The architecture for ensuring trusts uses a shared secret to ensure customer consent is given before debugging can be performed while the customer's workload is being executed on the remote hardware.

公开(公告)号：US20230115187A1

公开(公告)日：2023-04-13

申请号：US18045068

申请日：2022-10-07

Applicant: Amazon Technologies, Inc.

Inventor： Rodrigo Rubira Branco ,  Shay Gueron ,  John Totah

IPC: H04L9/08 ,  H04L41/5061 ,  G06N10/00 ,  H04L9/32 ,  G06F11/36 ,  H04L67/133

Abstract: A system coordinates with remote hardware to execute customer workloads. The system uses an architecture for ensuring trust to ensure that debugging is not performed at the remote hardware while the customer workload is being executed on the remote hardware without customer consent. For example, debugging at the remote hardware may enable an entity performing the debugging to view certain aspects of the customer's workload. The architecture for ensuring trusts uses a shared secret to ensure customer consent is given before debugging can be performed while the customer's workload is being executed on the remote hardware.

公开(公告)号：US11184157B1

公开(公告)日：2021-11-23

申请号：US16007927

申请日：2018-06-13

Applicant: Amazon Technologies, Inc.

Inventor： Shay Gueron ,  Matthew John Campagna

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/06 ,  H04L9/14 ,  H04L9/32 ,  G06F8/65

Abstract: Protection against the obsolescence of cryptographic algorithms is provided by generating a cryptographic key pair for future use and storing the public key on a device. The cryptographic key pair supports a signature scheme that is potentially resistant to quantum computing attacks. In an embodiment, a key management server generates a set of one-time use keys sufficient to sign the anticipated number of software updates to be applied to a device. The key management server provides a public key which is stored on the device for later use. In an embodiment, an update to the device us signed with the one-time-use private key, and can be authenticated by the device using the public key. In an embodiment, the key pair supports the use of a one-time signature technique such as a Merkle signature scheme, Winternitz signature, or Lampert signature.

公开(公告)号：US11108552B1

公开(公告)日：2021-08-31

申请号：US15969611

申请日：2018-05-02

Applicant: Amazon Technologies, Inc.

Inventor： Shay Gueron ,  Matthew John Campagna

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/06 ,  H04L9/32

Abstract: Plaintext data is encrypted and decrypted using a symmetric encryption algorithm that generates a sequence of pseudorandom values from a cryptographic key. A portion of the sequence of pseudorandom values is discarded. For example, in an embodiment, each value in the sequence of pseudorandom values is truncated by a number of bits. Encryption and decryption is performed by combining plaintext or ciphertext with the truncated sequence of pseudorandom values. In an embodiment, the combination is made by performing a bitwise exclusive or operation between the truncated pseudorandom values and the plaintext or ciphertext. In an embodiment, a number of bits discarded from each value is encoded into a message authentication code which is provided with any resulting ciphertext.

公开(公告)号：US10963593B1

公开(公告)日：2021-03-30

申请号：US16216814

申请日：2018-12-11

Applicant: Amazon Technologies, Inc.

Inventor： Matthew John Campagna ,  Shay Gueron

IPC: G06F21/78 ,  H04L9/08 ,  G06F21/60 ,  H04L29/06 ,  H04L9/14

Abstract: Techniques described herein enhance information security in contexts that utilize key management systems and other providers of cryptographic services. A user of a key, management system is able to use a secret that is outside the control of the key management system combined with a secret that is cryptographically protected by the key management system (e.g., by encryption using a key managed by the key management system) to generate a message encryption key, thereby rendering the secrets individually insufficient for access to data encrypted using the message encryption key.