-
公开(公告)号:US11258769B2
公开(公告)日:2022-02-22
申请号:US16450801
申请日:2019-06-24
Applicant: Amazon Technologies, Inc.
Inventor: Matthew John Campagna , Derek Del Miller , Nachiketh Rao Potlapally , Gregory Branchek Roth
Abstract: A device is provisioned and authorized for use on a network. The device may generate a cryptographic key and provide a digital certificate the cryptographic key, a hardware identifier, and attribute information and provide such information to an authorization host as part of the provisioning process. The authorization host may use attribute information to determine whether to authorize the device for use on the network, and whether the generated cryptographic key should be trusted for use on the network.
-
公开(公告)号:US11240042B2
公开(公告)日:2022-02-01
申请号:US16826973
申请日:2020-03-23
Applicant: Amazon Technologies, Inc.
Inventor: Slavka Praus , Matthew John Campagna , Nicholas Alexander Allen , Petr Praus
Abstract: A first public key is generated based at least in part on a first plurality of signing keys and a second public key is generated based at least in part on a second plurality of signing keys. The signing keys may be used to generate digital signatures. The second public key may be made available to verify a digital signature generated using a signing key from the second plurality of signing keys. In some cases, a first Merkle tree may be formed by the first public key and the first plurality of signing keys, and a second Merkle tree may be formed by the second public key, the first public key, and the second plurality of signing keys.
-
公开(公告)号:US11108552B1
公开(公告)日:2021-08-31
申请号:US15969611
申请日:2018-05-02
Applicant: Amazon Technologies, Inc.
Inventor: Shay Gueron , Matthew John Campagna
Abstract: Plaintext data is encrypted and decrypted using a symmetric encryption algorithm that generates a sequence of pseudorandom values from a cryptographic key. A portion of the sequence of pseudorandom values is discarded. For example, in an embodiment, each value in the sequence of pseudorandom values is truncated by a number of bits. Encryption and decryption is performed by combining plaintext or ciphertext with the truncated sequence of pseudorandom values. In an embodiment, the combination is made by performing a bitwise exclusive or operation between the truncated pseudorandom values and the plaintext or ciphertext. In an embodiment, a number of bits discarded from each value is encoded into a message authentication code which is provided with any resulting ciphertext.
-
公开(公告)号:US11089032B2
公开(公告)日:2021-08-10
申请号:US16365441
申请日:2019-03-26
Applicant: Amazon Technologies, Inc.
Inventor: Matthew John Campagna
Abstract: Clients within a computing environment may establish a secure communication session. Sometimes, a client may trust another client to read, but not modify, a message. Clients may utilize a cryptography service to generate a message protected against improper modification. Clients may utilize a cryptography service to verify whether a protected message has been improperly modified.
-
公开(公告)号:US11023595B1
公开(公告)日:2021-06-01
申请号:US16213489
申请日:2018-12-07
Applicant: Amazon Technologies, Inc.
Inventor: Nicholas Alexander Allen , Matthew John Campagna , Xianrui Jeri Meng
IPC: G06F21/60 , G06F21/62 , G06F16/248 , G06F16/2455 , H04L9/08
Abstract: A requester submits a request to perform an encrypted search that is received by an encrypted search provider. The encrypted search provider processes the request and produces a set of intermediate results which are loaded onto a mobile computer system that includes a mobile power source. The mobile computer system is shipped to the requester, and while in transit to the requester, the mobile computer system processes the intermediate results to produce a completed search result. After the mobile computer system arrives at the requester, the mobile computer system provides the completed search result to the requester.
-
Patent Agency Ranking
公开(公告)号:US10963593B1
公开(公告)日:2021-03-30
申请号:US16216814
申请日:2018-12-11
Applicant: Amazon Technologies, Inc.
Inventor: Matthew John Campagna , Shay Gueron
Abstract: Techniques described herein enhance information security in contexts that utilize key management systems and other providers of cryptographic services. A user of a key, management system is able to use a secret that is outside the control of the key management system combined with a secret that is cryptographically protected by the key management system (e.g., by encryption using a key managed by the key management system) to generate a message encryption key, thereby rendering the secrets individually insufficient for access to data encrypted using the message encryption key.
-
公开(公告)号:US20200220735A1
公开(公告)日:2020-07-09
申请号:US16826973
申请日:2020-03-23
Applicant: Amazon Technologies, Inc.
Inventor: Slavka Praus , Matthew John Campagna , Nicholas Alexander Allen , Petr Praus
Abstract: A first public key is generated based at least in part on a first plurality of signing keys and a second public key is generated based at least in part on a second plurality of signing keys. The signing keys may be used to generate digital signatures. The second public key may be made available to verify a digital signature generated using a signing key from the second plurality of signing keys. In some cases, a first Merkle tree may be formed by the first public key and the first plurality of signing keys, and a second Merkle tree may be formed by the second public key, the first public key, and the second plurality of signing keys.
-
公开(公告)号:US20200099674A1
公开(公告)日:2020-03-26
申请号:US16673703
申请日:2019-11-04
Applicant: Amazon Technologies, Inc.
Inventor: Matthew John Campagna , Gregory Branchek Roth
Abstract: A computer system performs cryptographic operations as a service. The computer system is configured to allow users of the service to maintain control of their respective cryptographic material. The computer system uses inaccessible cryptographic material to encrypt a user's cryptographic material in a token that is then provided to the user. The user is unable to access a plaintext copy of the cryptographic material in the token, but can provide the token back to the service to cause the service to decrypt and use the cryptographic material.
-
公开(公告)号:US10587405B2
公开(公告)日:2020-03-10
申请号:US15947690
申请日:2018-04-06
Applicant: Amazon Technologies, Inc.
Abstract: A request a request to perform a cryptographic operation is received, the request including a first identifier assigned to a key group, the key group comprising a plurality of second identifiers, with the plurality of second identifiers corresponding to a plurality of cryptographic keys. A second identifier is determined, according to a distribution scheme, from the plurality of second identifiers, and the cryptographic operation is performed using a cryptographic key of the plurality of cryptographic keys that corresponds to the second identifier that was determined.
-
公开(公告)号:US10567394B2
公开(公告)日:2020-02-18
申请号:US16380741
申请日:2019-04-10
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Gregory Alan Rubin , Matthew John Campagna , Petr Praus
Abstract: A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.
-
-
-
-
-
-
-
-
-
Search Results
119
records
(took 0.027 seconds)
