公开(公告)号：US11206143B2

公开(公告)日：2021-12-21

申请号：US16659074

申请日：2019-10-21

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Popoveniuc ,  David Ripton ,  Alexandr Ukrainchik ,  Yuk-Chung Eric Kam ,  Mikhail Denisenko ,  Robert Eric Fitzgerald ,  Matthew Allen Estes ,  Tyler Eckstein

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/14 ,  H04L9/30

Abstract: Digital certificates include pointers to remote certificate information stores that maintain usage information associated with digital certificates. The pointers provide a mechanism for enabling the remote certificate information stores to be queried for usage information associated with a particular digital certificate. The usage information can be used to determine a validity of the digital certificate.

公开(公告)号：US09560010B1

公开(公告)日：2017-01-31

申请号：US14673573

申请日：2015-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Matthew Allen Estes ,  David Eugene Walter Koenig ,  Robert Eric Fitzgerald ,  Brent William Farrell

IPC: H04L29/06 ,  G06F21/60

CPC classification number: H04L63/123 ,  H04L63/0209

Abstract: A technology is described for transferring a file from an unsecure network to a secure network. An example method may include identifying an unsecure account profile and determining that a file is to be transmitted from an unsecure network to a secure network using a one-way transfer device. In response, the file may be obtained from a file storage location and an unsecure account profile name for the unsecure account profile may be identified. A request may be made that the one-way transfer device to transmit the file and the unsecure account profile name to the secure network. The file and the unsecure account profile name may then be transmitted to the secure network, where a secure account profile corresponding to the unsecure account profile may be identified in the secure network and the file may be placed in a folder associated with the secure account profile.

Abstract translation: 描述了将文件从不安全网络传输到安全网络的技术。 示例性方法可以包括识别不安全帐户简档并且使用单向传送设备来确定文件将从不安全网络传输到安全网络。 作为响应，文件可以从文件存储位置获得，并且可以识别不安全帐户简档的不安全的帐户简档名称。 可以请求单向传输设备将文件和不安全的帐户配置文件名称传输到安全网络。 然后可以将文件和不安全的帐户配置文件名称发送到安全网络，其中可以在安全网络中识别对应于不安全帐户简档的安全帐户简档，并且该文件可以被放置在与安全帐户简档相关联的文件夹中 。

公开(公告)号：US11115223B2

公开(公告)日：2021-09-07

申请号：US16523908

申请日：2019-07-26

Applicant: Amazon Technologies, Inc.

Inventor： Todd Lawrence Cignetti ,  Andrew Jeffrey Doane ,  Stefan Popoveniuc ,  Matthew Allen Estes ,  Alexander Edward Schoof ,  Robert Eric Fitzgerald ,  Peter Zachary Bowen

IPC: H04L9/00 ,  H04L9/32 ,  H04L9/08

Abstract: A method and apparatus for distributing cryptographic material are disclosed. In the method and apparatus, cryptographic material is obtained and it is determined that the cryptographic material is to be made available for use by one or more computing resources. The cryptographic material is then sent to one or more secure modules, whereby a secure module of the one or more secure modules is programmatically accessible to a computing resource of the one or more computing resources and programmatic access enables the computing resource to request performance of one or more cryptographic operations using the cryptographic material while exporting the cryptographic material to the computing resource is denied.

公开(公告)号：US10454690B1

公开(公告)日：2019-10-22

申请号：US15669845

申请日：2017-08-04

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Popoveniuc ,  David Ripton ,  Alexandr Ukrainchik ,  Yuk-Chung Eric Kam ,  Mikhail Denisenko ,  Robert Eric Fitzgerald ,  Matthew Allen Estes ,  Tyler Eckstein

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/14 ,  H04L9/30

Abstract: Digital certificates include pointers to remote certificate information stores that maintain usage information associated with digital certificates. The pointers provide a mechanism for enabling the remote certificate information stores to be queried for usage information associated with a particular digital certificate. The usage information can be used to determine a validity of the digital certificate.

公开(公告)号：US20200052911A1

公开(公告)日：2020-02-13

申请号：US16659074

申请日：2019-10-21

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Popoveniuc ,  David Ripton ,  Alexandr Ukrainchik ,  Yuk-Chung Eric Kam ,  Mikhail Denisenko ,  Robert Eric Fitzgerald ,  Matthew Allen Estes ,  Tyler Eckstein

IPC: H04L9/32 ,  H04L9/30 ,  H04L9/14

Abstract: Digital certificates include pointers to remote certificate information stores that maintain usage information associated with digital certificates. The pointers provide a mechanism for enabling the remote certificate information stores to be queried for usage information associated with a particular digital certificate. The usage information can be used to determine a validity of the digital certificate.

公开(公告)号：US10367646B1

公开(公告)日：2019-07-30

申请号：US14520048

申请日：2014-10-21

Applicant: Amazon Technologies, Inc.

Inventor： Todd Lawrence Cignetti ,  Andrew Jeffrey Doane ,  Stefan Popoveniuc ,  Matthew Allen Estes ,  Alexander Edward Schoof ,  Robert Eric Fitzgerald ,  Peter Zachary Bowen

IPC: G06F21/00 ,  H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  G06F11/07 ,  G06F12/14

Abstract: A method and apparatus for distributing cryptographic material are disclosed. In the method and apparatus, cryptographic material is obtained and it is determined that the cryptographic material is to be made available for use by one or more computing resources. The cryptographic material is then sent to one or more secure modules, whereby a secure module of the one or more secure modules is programmatically accessible to a computing resource of the one or more computing resources and programmatic access enables the computing resource to request performance of one or more cryptographic operations using the cryptographic material while exporting the cryptographic material to the computing resource is denied.

公开(公告)号：US09552485B1

公开(公告)日：2017-01-24

申请号：US14520168

申请日：2014-10-21

Applicant: Amazon Technologies, Inc.

Inventor： Todd Lawrence Cignetti ,  Andrew Jeffrey Doane ,  Stefan Popoveniuc ,  Matthew Allen Estes ,  Alexander Edward Schoof ,  Robert Eric Fitzgerald ,  Peter Zachary Bowen

IPC: H04L29/06 ,  G06F21/60 ,  H04L9/32

CPC classification number: G06F21/602 ,  G06F8/65 ,  H04L9/3263

Abstract: A method and apparatus for renewing cryptographic material are disclosed. In the method and apparatus a cryptographic material renewal entity of a computing resource service provider detects that cryptographic material stored by a secure module is to be renewed. Renewing the cryptographic material may include rekeying a private key associated with a certificate. Further, a digital certificate may be renewed, and the renewed certificate may be provided for use by the computing resource. The cryptographic material is used to fulfill requests made by a computing resource provisioned by the computing resource service provider for a customer. The renewed cryptographic material is provided to the secure module, whereby the renewed cryptographic material is used by the secure module to fulfill further requests made by the computing resource.

Abstract translation: 公开了一种更新加密材料的方法和装置。 在方法和装置中，计算资源服务提供者的密码材料更新实体检测到由安全模块存储的密码资料将被更新。 更新加密材料可以包括重新键入与证书相关联的私钥。 此外，可以更新数字证书，并且可以提供更新的证书供计算资源使用。 加密材料用于满足由计算资源服务提供商为客户提供的计算资源所做的请求。 更新的加密材料被提供给安全模块，由此安全模块使用更新的密码材料来完成由计算资源进一步的请求。