公开(公告)号：EP3017561A4

公开(公告)日：2017-01-25

申请号：EP14819866

申请日：2014-06-30

申请人： AMAZON TECH INC

发明人： ROTH GREGORY BRANCHEK ,  BRANDWINE ERIC JASON ,  WREN MATTHEW JAMES

IPC分类号： H04L9/00 ,  H04L29/06

CPC分类号： H04L63/20 ,  H04L63/0471 ,  H04L63/06

公开(公告)号：EP2956852A4

公开(公告)日：2016-09-21

申请号：EP14752191

申请日：2014-02-07

申请人： AMAZON TECH INC

发明人： ROTH GREGORY BRANCHEK ,  WREN MATTHEW JAMES ,  BRANDWINE ERIC JASON ,  PRATT BRIAN IRL

IPC分类号： G06F9/00 ,  G06F15/16 ,  G06F21/60 ,  H04L29/06 ,  H04L29/08

CPC分类号： H04L63/0471 ,  G06F21/602 ,  G06F21/6218 ,  G06F2221/2101 ,  H04L9/0894 ,  H04L9/3242 ,  H04L9/3247 ,  H04L63/045 ,  H04L63/08 ,  H04L67/1097 ,  H04L2209/76

摘要： A distributed computing environment utilizes a cryptography service. The cryptography service manages keys securely on behalf of one or more entities. The cryptography service is configured to receive and respond to requests to perform cryptographic operations, such as encryption and decryption. The requests may originate from entities using the distributed computing environment and/or subsystems of the distributed computing environment.

公开(公告)号：EP2956880A4

公开(公告)日：2016-10-12

申请号：EP14751237

申请日：2014-02-07

申请人： AMAZON TECH INC

发明人： ROTH GREGORY BRANCHEK ,  WREN MATTHEW JAMES ,  BRANDWINE ERIC JASON ,  PRATT BRIAN IRL

IPC分类号： G06F21/62 ,  H04L9/08 ,  H04L29/06

CPC分类号： G06F21/6218 ,  G06F2221/2137 ,  H04L9/088 ,  H04L63/0442 ,  H04L63/06

摘要： A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system. Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches.

摘要翻译： 系统使用与请求相关联的信息来确定是否以及如何处理请求。 信息可以由请求者使用密钥电子签名，使得处理请求的系统可以验证请求者具有密钥并且信息是真实的。 信息可以包括识别处理请求所需的密钥的持有者的信息，其中密钥的持有者可以是系统，或者另一个，可能是第三方系统。 可以处理对数据解密的请求，以确保在访问解密的数据之前经过一段时间，从而提供取消这种请求和/或以其他方式减轻潜在安全漏洞的机会。

公开(公告)号：EP2957063A4

公开(公告)日：2016-08-03

申请号：EP14751881

申请日：2014-02-07

申请人： AMAZON TECH INC

发明人： ROTH GREGORY BRANCHEK ,  WREN MATTHEW JAMES ,  BRANDWINE ERIC JASON ,  PRATT BRIAN IRL

IPC分类号： H04L9/00 ,  G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  H04L29/06

CPC分类号： G06F21/6209 ,  G06F21/602 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/20

摘要： Requests submitted to a computer system are evaluated for compliance with policy to ensure data security. Plaintext and associated data are used as inputs into a cipher to produce ciphertext. Whether a result of decrypting the ciphertext can be provided in response to a request is determined based at least in part on evaluation of a policy that itself is based at least in part on the associated data. Other policies include automatic rotation of keys to prevent keys from being used in enough operations to enable cryptographic attacks intended to determine the keys.

摘要翻译： 对提交给计算机系统的请求进行评估以符合政策以确保数据安全。 明文和相关数据用作密码的输入以产生密文。 至少部分地基于本身至少部分地基于相关数据的策略的评估来确定响应于请求而提供解密密文的结果。 其他策略包括自动旋转密钥，以防止密钥在足够的操作中被使用，以实现旨在确定密钥的加密攻击。

公开(公告)号：EP3011429A4

公开(公告)日：2017-02-15

申请号：EP14813097

申请日：2014-06-16

申请人： AMAZON TECH INC

发明人： ROTH GREGORY BRANCHEK ,  WREN MATTHEW JAMES

IPC分类号： G06F7/04 ,  G06F21/62 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

CPC分类号： H04L9/083 ,  G06F21/6209 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0894 ,  H04L9/14

摘要： Data is encrypted such that multiple keys are needed to decrypt the data. The keys are accessible to different entities so that no single entity has access to all the keys. At least one key is managed by a service provider. A customer computer system of the service provider may be configured with executable instructions directing the orchestration of communications between the various entities having access to the keys. As a result, security compromise in connection with a key does not, by itself, render the data decryptable.

摘要翻译： 数据被加密，使得需要多个密钥来解密数据。 密钥可以访问不同的实体，以便没有一个实体可以访问所有的密钥。 至少一个密钥由服务提供商管理。 服务提供商的客户计算机系统可以配置有指导在具有访问密钥的各种实体之间的通信协调的可执行指令。 因此，与密钥相关的安全性损害本身不会使数据可解密。

公开(公告)号：EP2957065A4

公开(公告)日：2016-10-12

申请号：EP14751612

申请日：2014-02-07

申请人： AMAZON TECH INC

发明人： ROTH GREGORY BRANCHEK ,  WREN MATTHEW JAMES ,  BRANDWINE ERIC JASON ,  PRATT BRIAN IRL

IPC分类号： H04L9/32 ,  H04L9/08

CPC分类号： H04L9/088 ,  H04L9/0618 ,  H04L9/0643 ,  H04L9/0891 ,  H04L9/14 ,  H04L9/30 ,  H04L9/321 ,  H04L9/3247

摘要： A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system. Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches.

公开(公告)号：EP2956888A4

公开(公告)日：2016-10-12

申请号：EP14751256

申请日：2014-02-11

申请人： AMAZON TECH INC

发明人： ROTH GREGORY BRANCHEK ,  WREN MATTHEW JAMES ,  BRANDWINE ERIC JASON ,  PRATT BRIAN IRL

IPC分类号： G06F21/62 ,  G06F21/60 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06

CPC分类号： G06F21/602 ,  G06F2221/2135 ,  G06F2221/2143 ,  G06F2221/2151 ,  H04L63/0428 ,  H04L63/062