公开(公告)号：US20250047504A1

公开(公告)日：2025-02-06

申请号：US18923396

申请日：2024-10-22

Applicant: Amazon Technologies, Inc.

Inventor： Trevor Freeman ,  Param Sharma ,  Todd Cignetti

IPC: H04L9/32 ,  H04L9/00

Abstract: Approaches presented herein relate to the management of secure secrets, such as digital certificates. When an operation is performed by a certificate authority (CA) with respect to a digital certificate, information for the operation is written to a blockchain (or other distributed and verifiable ledger) in addition to a secure database accessible to the CA. The ability of an external party to access the blockchain and independently verify information about a digital certificate can help to increase a level or assurance in the integrity of the CA, which can be important when an entity wants to act as (or offer) their own private certificate authority. Information in the blockchain can also help to identify “dark” certificates, which may appear valid but were not issued by a CA using a valid and secure process, and thus can be identified by a lack of valid transactions included in the corresponding blockchain.

公开(公告)号：US20240097918A1

公开(公告)日：2024-03-21

申请号：US17947957

申请日：2022-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Param Sharma ,  Todd Cignetti ,  Trevor Freeman

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L9/321

Abstract: Approaches presented herein relate to the management of secure secrets in a distributed environment. In particular, various embodiments provide for the management of unique digital identities across multiple regions, where each region can include its own certificate authority. While these certificate authorities may operate independently, they can be part of a multi-primary system where unique identities and keys are stored redundantly across environments. In the event of a failure of a certificate authority in one region, another certificate authority in another region can continue security and authentication management, without a need to issue new identities or change operation of any of the regions. Parties to secure communications, such as application containers, can each receive their own unique identity which can be shared across various regions to allow related tasks (e.g., certificate issuance or revocation) to be performed identically from any of those regions.

公开(公告)号：US12166904B1

公开(公告)日：2024-12-10

申请号：US17957665

申请日：2022-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Trevor Freeman ,  Param Sharma ,  Todd Cignetti

IPC: H04L9/32 ,  H04L9/00

Abstract: Approaches presented herein relate to the management of secure secrets, such as digital certificates. When an operation is performed by a certificate authority (CA) with respect to a digital certificate, information for the operation is written to a blockchain (or other distributed and verifiable ledger) in addition to a secure database accessible to the CA. The ability of an external party to access the blockchain and independently verify information about a digital certificate can help to increase a level or assurance in the integrity of the CA, which can be important when an entity wants to act as (or offer) their own private certificate authority. Information in the blockchain can also help to identify “dark” certificates, which may appear valid but were not issued by a CA using a valid and secure process, and thus can be identified by a lack of valid transactions included in the corresponding blockchain.