公开(公告)号：US20250047504A1

公开(公告)日：2025-02-06

申请号：US18923396

申请日：2024-10-22

Applicant: Amazon Technologies, Inc.

Inventor： Trevor Freeman ,  Param Sharma ,  Todd Cignetti

IPC: H04L9/32 ,  H04L9/00

Abstract: Approaches presented herein relate to the management of secure secrets, such as digital certificates. When an operation is performed by a certificate authority (CA) with respect to a digital certificate, information for the operation is written to a blockchain (or other distributed and verifiable ledger) in addition to a secure database accessible to the CA. The ability of an external party to access the blockchain and independently verify information about a digital certificate can help to increase a level or assurance in the integrity of the CA, which can be important when an entity wants to act as (or offer) their own private certificate authority. Information in the blockchain can also help to identify “dark” certificates, which may appear valid but were not issued by a CA using a valid and secure process, and thus can be identified by a lack of valid transactions included in the corresponding blockchain.

公开(公告)号：US20240097918A1

公开(公告)日：2024-03-21

申请号：US17947957

申请日：2022-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Param Sharma ,  Todd Cignetti ,  Trevor Freeman

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L9/321

Abstract: Approaches presented herein relate to the management of secure secrets in a distributed environment. In particular, various embodiments provide for the management of unique digital identities across multiple regions, where each region can include its own certificate authority. While these certificate authorities may operate independently, they can be part of a multi-primary system where unique identities and keys are stored redundantly across environments. In the event of a failure of a certificate authority in one region, another certificate authority in another region can continue security and authentication management, without a need to issue new identities or change operation of any of the regions. Parties to secure communications, such as application containers, can each receive their own unique identity which can be shared across various regions to allow related tasks (e.g., certificate issuance or revocation) to be performed identically from any of those regions.

公开(公告)号：US11323274B1

公开(公告)日：2022-05-03

申请号：US16018004

申请日：2018-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen ,  Todd Lawrence Cignetti ,  Preston Anthony Elder, III ,  Brandonn Gorman ,  Ronald Andrew Hoskinson ,  Jonathan Kozolchyk ,  Kenneth Lawler ,  Marcel Andrew Levy ,  Kyle Benjamin Schultheiss ,  Sandeep Shantharaj ,  Param Sharma ,  Jose Maria Silveira Neto

IPC: H04L9/32 ,  H04L9/08

Abstract: In an embodiment, a computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by private certificate authorities. In an embodiment, a private certificate authority hosted by the computing resource service provider is able to issue signed certificates to network entities within the customer enterprise. In an embodiment, the certificate management service provides a network-accessible application programming interface to the private certificate authority that allows applications to create and deploy private certificates programmatically. In an embodiment, the system provides the flexibility to create private certificates for applications that require custom certificate lifetimes or resource names.

公开(公告)号：US10263789B1

公开(公告)日：2019-04-16

申请号：US15083060

申请日：2016-03-28

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Stefan Popoveniuc ,  Nicholas James Lynch ,  Preston Anthony Elder, III ,  Param Sharma ,  Todd Lawrence Cignetti ,  Dmitry Berkovich ,  Iftach Ragoler

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/30

Abstract: A service provider network includes a certificate manager that auto-generates and auto-renews security certificates for customers of the provider network. The security certificates may be usable to implement a Secure Sockets Layer (SSL) protocol, or other types of security protocols. The certificate manager generates a public key, private key pair for the customer, generates the certificate signing request (CSR) on behalf of the customer, transmits the CSR to the certificate authority (CA), and binds the resulting CA-generated certificate and private key to whatever internet-facing service the customer chooses (e.g., a load balancer).