公开(公告)号：US11709941B1

公开(公告)日：2023-07-25

申请号：US17305135

申请日：2021-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Ori Cohen ,  Barak Wasserstrom ,  Andrew Robert Sinton

IPC: H04L29/06 ,  G06F21/57 ,  H04L9/30 ,  H04L9/32

CPC classification number: G06F21/575 ,  H04L9/3073 ,  H04L9/3265 ,  G06F2221/034

Abstract: A modified measured boot approach is utilized for establishing a secure communication link between two devices. Each device may execute a respective boot process until the device reaches the stage responsible for establishing the communication link with the other device. Each device may exchange its respective self-signed certificate and extend its certificate chain with the self-signed certificate received from the other device. Each device can then generate a new pair of keys based on its extended certificate chain that includes the identity of the other device, and exchange the public key of the new key pair with the other device. A secure link can be established using the public key of the other device as a based key for a key exchange protocol. A central management entity can attest the measurements of the boot stages for each device using the corresponding public key.

公开(公告)号：US12235967B1

公开(公告)日：2025-02-25

申请号：US18323868

申请日：2023-05-25

Applicant: Amazon Technologies, Inc.

Inventor： Ori Cohen ,  Barak Wasserstrom ,  Andrew Robert Sinton

IPC: H04L29/06 ,  G06F21/57 ,  H04L9/30 ,  H04L9/32

Abstract: A modified measured boot approach is utilized for establishing a secure communication link between two devices. Each device may execute a respective boot process until the device reaches the stage responsible for establishing the communication link with the other device. Each device may exchange its respective self-signed certificate and extend its certificate chain with the self-signed certificate received from the other device. A secure link can be established using the public key of the other device as a based key for a key exchange protocol.

公开(公告)号：US11544436B1

公开(公告)日：2023-01-03

申请号：US17353715

申请日：2021-06-21

Applicant: Amazon Technologies, Inc.

Inventor： Uri Leder ,  Ori Cohen ,  Benzi Denkberg ,  Max Chvalevsky

IPC: G06F30/3323 ,  G01R31/317 ,  G06F30/31 ,  G06F117/08

Abstract: Hardware-software interaction testing is performed using formal verification for language-specified hardware designs. A description of valid access using an interface for a configuration space of a language specified hardware design and a description of a valid output of the language-specified hardware design is received. Formal verification is performed on the language-specified hardware design using the interface for the configuration space according to the description of valid access using the interface. A sequence of access to the configuration space using the interface that causes a failure to produce the valid output of the language-specified hardware design according to the description of valid output to identify as an error for the language-specified hardware design.

公开(公告)号：US12223052B1

公开(公告)日：2025-02-11

申请号：US17695630

申请日：2022-03-15

Applicant: Amazon Technologies, Inc.

Inventor： Barak Wasserstrom ,  Ori Cohen ,  Andrew Robert Sinton

IPC: H04L9/08 ,  G06F21/54 ,  G06F21/57 ,  G06F21/60 ,  G06F21/76

Abstract: A boot process for a computing device, such as integrated circuit, includes security features that are inaccessible during certain operation modes. An image including permission to access those security features is received during the boot process and may be verified using one or more keys. In operation, access to the security features is permitted during the operation modes after the image is verified. Such an approach enables a boot process to permit access to certain features after receipt and verification of different images.

公开(公告)号：US12216921B1

公开(公告)日：2025-02-04

申请号：US17710489

申请日：2022-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Erez Tsidon ,  Ori Cohen ,  Barak Wasserstrom ,  Andrew Robert Sinton ,  Asaf Modelevsky ,  Moshe Raz

IPC: G06F3/06

Abstract: Technologies are disclosed for using hardware-embedded monitors to monitor pages of local memory and detect attribute violations or other unauthorized operations relating to the memory. The attribute violations may include mismatches of attributes (e.g., designating a page as writeable versus executable or vice versa) in entries in a translation buffer that point to a same physical address or other mismatches between designations of attributes for a page in physical and virtual space. Responsive to detecting a violation, an alert or other mitigation protocol, which may include an audit of activities surrounding the violation, may be performed.

公开(公告)号：US12164641B1

公开(公告)日：2024-12-10

申请号：US17592016

申请日：2022-02-03

Applicant: Amazon Technologies, Inc.

Inventor： Ori Cohen ,  Barak Wasserstrom

IPC: G06F21/00 ,  G06F9/4401 ,  G06F9/445 ,  G06F15/78 ,  G06F21/57 ,  G06F21/76

Abstract: An operational mode can be designated for a computing device, such as an integrated circuit. In particular, an input signal may be used to determine an operational mode, which may lead to bypassing or otherwise restricting one or more boot operations to permit use of the computing device. Such an approach provides improved flexibility to permit use of the computing device for testing or debugging while maintaining security features used during other operational modes.