-
公开(公告)号:US11829794B2
公开(公告)日:2023-11-28
申请号:US18076097
申请日:2022-12-06
Applicant: Amazon Technologies, Inc.
Inventor: Andrew Jeffrey Doane , Alexander Edward Schoof , Robert Eric Fitzgerald , Todd Lawrence Cignetti
CPC classification number: G06F9/45558 , G06F21/44 , G06Q30/0601 , H04L63/0823 , H04L63/20 , G06F2009/4557 , G06F2009/45587 , G06F2009/45595
Abstract: A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.
-
公开(公告)号:US10419205B2
公开(公告)日:2019-09-17
申请号:US15685669
申请日:2017-08-24
Applicant: Amazon Technologies, Inc.
Inventor: Andrew Jeffrey Doane , Todd Lawrence Cignetti
Abstract: Servers in datacenters, mobile devices and virtualized servers without human interaction may experience difficulties in establishing entropy in a virtualized computing environment. Entropy is an important foundation for cryptography and a lack of entropy has led to weaknesses that can be used to break cryptographic systems in the past.
-
公开(公告)号:US09705855B2
公开(公告)日:2017-07-11
申请号:US14981804
申请日:2015-12-28
Applicant: Amazon Technologies, Inc.
CPC classification number: H04L63/061 , G06F9/45533 , H04L9/3247 , H04L63/0428 , H04L63/06 , H04L63/0876
Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.
-
4.发明申请
公开(公告)号:US20160127336A1
公开(公告)日:2016-05-05
申请号:US14992980
申请日:2016-01-11
Applicant: Amazon Technologies, Inc.
CPC classification number: H04L63/061 , G06F9/45558 , G06F9/4812 , G06F21/602 , G06F21/6218 , G06F2221/2101 , G06F2221/2143
Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. Signaling methods are used to notify virtual machine instances of serialization events in order to prevent keying material from being stored persistently.
Abstract translation: 组织使用服务提供商的计算机硬件资源和服务维护和生成大量敏感信息。 此外,需要能够通过使用密钥加密数据并销毁密钥来安全而快速地删除大量的数据。 为确保远程存储的信息得到保护并能够进行安全删除,组织使用的加密密钥在串行化操作期间应防止持久存储。 信令方法用于通知序列化事件的虚拟机实例,以防止密钥材料被永久存储。
-
公开(公告)号:US20150254451A1
公开(公告)日:2015-09-10
申请号:US14196818
申请日:2014-03-04
Applicant: Amazon Technologies, Inc.
Inventor: Andrew Jeffrey Doane , Alexander Edward Schoof , Robert Eric Fitzgerald , Todd Lawrence Cignetti
CPC classification number: G06F9/45558 , G06F21/44 , G06F2009/4557 , G06F2009/45587 , G06F2009/45595 , G06Q30/0601 , H04L63/0823 , H04L63/20
Abstract: A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.
Abstract translation: 虚拟机映像的供应商访问虚拟计算机系统服务以将数字签名的虚拟机映像上载到由虚拟计算机系统服务的客户可用的数据存储,以选择用于创建虚拟机实例的映像。 如果与虚拟机映像一起上传数字证书,则虚拟计算机系统服务可以确定数字证书是否已被信任以供使用。 如果数字证书被信任使用,则虚拟计算机系统服务可以使用公共密码密钥来解密包含在图像中的散列签名以获得第一哈希值。 该服务可以另外向图像本身应用散列函数以获得第二哈希值。 如果两个散列值匹配,则虚拟机映像可能被认为是真实的。
-
公开(公告)号:US11997222B1
公开(公告)日:2024-05-28
申请号:US17732362
申请日:2022-04-28
Applicant: Amazon Technologies, Inc.
Inventor: Peter Zachary Bowen , Todd Lawrence Cignetti , Preston Anthony Elder, III , Brandonn Gorman , Ronald Andrew Hoskinson , Jonathan Kozolchyk , Kenneth Lawler , Marcel Andrew Levy , Kyle Benjamin Schultheiss , Sandeep Shantharaj , Param Sharma , Jose Maria Silveira Neto
CPC classification number: H04L9/3268 , H04L9/0897 , H04L9/3247 , H04L9/3297
Abstract: A computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by private certificate authorities. A private certificate authority hosted by the computing resource service provider is able to issue signed certificates to network entities within the customer enterprise. The certificate management service provides a network-accessible application programming interface to the private certificate authority that allows applications to create and deploy private certificates programmatically. The system provides the flexibility to create private certificates for applications that require custom certificate lifetimes or resource names.
-
公开(公告)号:US11563590B1
公开(公告)日:2023-01-24
申请号:US16018009
申请日:2018-06-25
Applicant: Amazon Technologies, Inc.
Inventor: Peter Zachary Bowen , Todd Lawrence Cignetti , Preston Anthony Elder, III , Brandonn Gorman , Ronald Andrew Hoskinson , Jonathan Kozolchyk , Kenneth Lawler , Marcel Andrew Levy , Kyle Benjamin Schultheiss , Sandeep Shantharaj , Param Sharma , Jose Maria Silveira Neto
IPC: H04L9/32
Abstract: A computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by public and/or private certificate authorities. In an embodiment, when a new certificate is generated, a certificate template is used to apply various settings and policies for the new certificate. In various examples, templates may be used to establish default values, enforce required and optional values, place restrictions on one or more data fields, and enforce signature requirements. In some embodiments, the template establishes rules for rejecting certificate requests that don't conform to the template.
-
公开(公告)号:US10460114B1
公开(公告)日:2019-10-29
申请号:US16186351
申请日:2018-11-09
Applicant: Amazon Technologies, Inc.
Inventor: Stefan Popuveniuc , Peter Zachary Bowen , Alexander Edward Schoof , Andrew Jeffrey Doane , Todd Lawrence Cignetti , Robert Eric Fitzgerald
Abstract: Techniques are disclosed for mitigating against registering a domain name that is confusingly similar to a pre-existing domain name, possibly for the purpose of fooling users. In embodiments, a domain name is presented for registration. The domain name is rendered as an image, and optical character recognition is performed on the image to extract the rendered text. This extracted text is compared against a list of domain names for which confusingly similar domain names cannot be registered, and when the extracted text matches a domain name in this list of domain names, registration of the domain name is denied.
-
公开(公告)号:US20170373833A1
公开(公告)日:2017-12-28
申请号:US15685669
申请日:2017-08-24
Applicant: Amazon Technologies, Inc.
Inventor: Andrew Jeffrey Doane , Todd Lawrence Cignetti
CPC classification number: H04L9/002 , G06F7/582 , H04L9/0662 , H04L9/0877 , H04L63/164 , H04L67/10
Abstract: Servers in datacenters, mobile devices and virtualized servers without human interaction may experience difficulties in establishing entropy in a virtualized computing environment. Entropy is an important foundation for cryptography and a lack of entropy has led to weaknesses that can be used to break cryptographic systems in the past.
-
公开(公告)号:US09749127B1
公开(公告)日:2017-08-29
申请号:US14294997
申请日:2014-06-03
Applicant: Amazon Technologies, Inc.
Inventor: Andrew Jeffrey Doane , Todd Lawrence Cignetti
CPC classification number: H04L9/002 , G06F7/582 , H04L9/0662 , H04L9/0877 , H04L63/164 , H04L67/10
Abstract: Servers in datacenters, mobile devices and virtualized servers without human interaction may experience difficulties in establishing entropy in a virtualized computing environment. Entropy is an important foundation for cryptography and a lack of entropy has led to weaknesses that can be used to break cryptographic systems in the past.
