中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

102 records (took 0.03 seconds)

    Cryptographic key distribution
    81.
    发明授权
    Cryptographic key distribution 有权

    公开(公告)号:US10554392B2

    公开(公告)日:2020-02-04

    申请号:US15492270

    申请日:2017-04-20

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Alan Rubin Benjamin Philip Grubin

    IPC: H04L9/08 H04L29/06 H04L9/14 H04L9/30 H04L9/32

    Abstract: An HSM management hub coordinates the distribution and synchronization of cryptographic material across a fleet of connected hardware security modules (“HSMs”). Cryptographic material is exchanged between HSMs in the fleet in a cryptographically protected format. In some examples, the cryptographic material is encrypted using a common fleet key maintained by the HSMs in the fleet. In other examples, the cryptographic material is protected using asymmetric cryptographic keys that are associated with the members of the HSM fleet. The HSM management hub may be used to divide the HSM fleet into subdomains by providing domain keys to subsets of HSMs within the HSM fleet. Cryptographic information that is encrypted with particular domain keys can be distributed across the entire HSM fleet, and restricted to use by authorized HSMs that are in possession of the particular domain keys.

    TRUSTED MALWARE SCANNING
    86.
    发明申请
    TRUSTED MALWARE SCANNING 审中-公开

    公开(公告)号:US20190108343A1

    公开(公告)日:2019-04-11

    申请号:US16195125

    申请日:2018-11-19

    Applicant: Amazon Technologies, Inc.

    Inventor: Eric Jason Brandwine Matthew John Campagna Gregory Alan Rubin

    IPC: G06F21/56 H04L9/32 H04L29/06

    CPC classification number: G06F21/567 H04L9/3247 H04L9/3265 H04L63/0428 H04L63/0823 H04L63/1408 H04L63/18

    Abstract: A trusted co-processor can provide a hardware-based observation point into the operation of a host machine owned by a resource provider or other such entity. The co-processor can be installed via a peripheral card on a fast bus, such as a PCI bus, on the host machine. The co-processor can execute malware detection software, and can use this software to analyze data and/or code obtained from the relevant resources of the host machine. The trusted co-processor can notify the customer or another appropriate entity of the results of the scan, such that an appropriate action can be taken if malware is detected. The results of the scan can be trusted, as malware will be unable to falsify such a notification or modify the operation of the trusted co-processor.

    CONFIGURATION UPDATES FOR ACCESS-RESTRICTED HOSTS
    87.
    发明申请
    CONFIGURATION UPDATES FOR ACCESS-RESTRICTED HOSTS 审中-公开

    公开(公告)号:US20190089541A1

    公开(公告)日:2019-03-21

    申请号:US16179548

    申请日:2018-11-02

    Applicant: Amazon Technologies, Inc.

    Inventor: Justin Lee Werner Gregory Alan Rubin Matthew John Campagna Michael Bentkofsky

    IPC: H04L9/32 H04L12/24 G06F9/4401

    Abstract: A host machine operated for a specific purpose can have restricted access to other components in a multi-tenant environment in order to provide for the security of the host machine. The access restriction can prevent the host machine from obtaining updates to critical system-level configurations, but such information can be obtained through a signed command received to an API for the host machine. The command can be signed by a quorum of operators, and the host machine can be configured to verify the signatures and the quorum before processing the command. The host machine can store the updates to ephemeral storage as well as persistent storage, such that upon a reboot or power cycle the host machine can operate with current configuration data.

    Signature delegation
    88.
    发明授权
    Signature delegation 有权

    公开(公告)号:US10218511B2

    公开(公告)日:2019-02-26

    申请号:US15390176

    申请日:2016-12-23

    Applicant: Amazon Technologies, Inc.

    Inventor: Matthew John Campagna Gregory Alan Rubin Nicholas Alexander Allen Andrew Kyle Driggs Eric Jason Brandwine

    IPC: H04L9/32 H04L9/06 H04L9/08 H04L9/14 H04L9/30

    Abstract: A signature authority generates a master seed value that is used as the root of a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values which are distributed to one or more key generators, each of which generates a set of one-time-use cryptographic keys. Each key generator generates a hash tree from its set of one-time-use cryptographic keys, and the root of its hash tree is returned to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree. The root of the comprehensive hash tree acts as a public key for the signature authority.

    Binding digitally signed requests to sessions
    89.
    发明授权
    Binding digitally signed requests to sessions 有权

    公开(公告)号:US10142111B2

    公开(公告)日:2018-11-27

    申请号:US15723003

    申请日:2017-10-02

    Applicant: Amazon Technologies, Inc.

    Inventor: Bradley Jeffery Behm Gregory Branchek Roth Gregory Alan Rubin

    IPC: H04L29/06 H04L9/32 H04L9/08

    Abstract: A client establishes an cryptographically protected communications session and determines information usable to distinguish the session from other sessions. The client digitally signs the information using a cryptographic key that is independent of the session to enable a server to check whether the information matches the session that it established and whether the digital signature is correct. The server may perform mitigating operations if either or both of the information or the digital signature is/are invalid.

Patent Agency Ranking