公开(公告)号：US11115223B2

公开(公告)日：2021-09-07

申请号：US16523908

申请日：2019-07-26

Applicant: Amazon Technologies, Inc.

Inventor： Todd Lawrence Cignetti ,  Andrew Jeffrey Doane ,  Stefan Popoveniuc ,  Matthew Allen Estes ,  Alexander Edward Schoof ,  Robert Eric Fitzgerald ,  Peter Zachary Bowen

IPC: H04L9/00 ,  H04L9/32 ,  H04L9/08

Abstract: A method and apparatus for distributing cryptographic material are disclosed. In the method and apparatus, cryptographic material is obtained and it is determined that the cryptographic material is to be made available for use by one or more computing resources. The cryptographic material is then sent to one or more secure modules, whereby a secure module of the one or more secure modules is programmatically accessible to a computing resource of the one or more computing resources and programmatic access enables the computing resource to request performance of one or more cryptographic operations using the cryptographic material while exporting the cryptographic material to the computing resource is denied.

公开(公告)号：US10757139B1

公开(公告)日：2020-08-25

申请号：US15195957

申请日：2016-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Todd Lawrence Cignetti ,  Robert Eric Fitzgerald ,  Eric Wayne Schultze

IPC: H04L29/06

Abstract: A security service of a computing resource service provider provides security scores for application program interfaces (APIs) and other security information to an API marketplace or other endpoints. The security score may be based at least in part on component information associated with computing resources implementing the API. The security service may obtain access to the computing resources and collect various components from the computing resources. The components may then be used to determine a security score of an API offered from consumption on the API marketplace. The security service may then publish the security score to the API marketplace or other endpoint.

公开(公告)号：US10652030B1

公开(公告)日：2020-05-12

申请号：US15912184

申请日：2018-03-05

Applicant: Amazon Technologies, Inc.

Inventor： Marcel Andrew Levy ,  Peter Zachary Bowen ,  Todd Lawrence Cignetti ,  Brandonn Gorman ,  Ronald Andrew Hoskinson ,  Brenda Lee Leary ,  Timothy Sterling Loverin ,  James Spencer ,  Nicholas Wexler

IPC: H04L29/06 ,  H04L9/32

Abstract: A method and system for generating multiple profiles corresponding to different digital certificates. The profile includes intrinsic attributes and derived attributes associated with a digital certificate. The system enables a customer system to filter digital certificates based on a suitability of the various digital certificates for use with a given application to be executed by or on behalf of the customer system. The suitability may be determined based on a comparison of certificate requirements associated with a customer system's request and one or more of the intrinsic attributes and derived attributes.

公开(公告)号：US10178077B2

公开(公告)日：2019-01-08

申请号：US15615727

申请日：2017-06-06

Applicant: Amazon Technologies, Inc.

Inventor： Todd Lawrence Cignetti ,  Eric Jason Brandwine ,  Robert Eric Fitzgerald ,  Andrew J. Doane

IPC: H04L29/06 ,  G06F21/60 ,  G06F9/455 ,  G06F9/48 ,  G06F21/62

Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations.

公开(公告)号：US09235714B1

公开(公告)日：2016-01-12

申请号：US14078351

申请日：2013-11-12

Applicant: Amazon Technologies, Inc.

Inventor： Todd Lawrence Cignetti ,  Eric Jason Brandwine ,  Robert Eric Fitzgerald ,  Andrew J. Doane

IPC: G06F21/60

CPC classification number: H04L63/061 ,  G06F9/45558 ,  G06F9/4812 ,  G06F21/602 ,  G06F21/6218 ,  G06F2221/2101 ,  G06F2221/2143

Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. Signaling methods are used to notify virtual machine instances of serialization events in order to prevent keying material from being stored persistently.

Abstract translation: 组织使用服务提供商的计算机硬件资源和服务维护和生成大量敏感信息。 此外，需要能够通过使用密钥加密数据并销毁密钥来安全而快速地删除大量的数据。 为确保远程存储的信息得到保护并能够进行安全删除，组织使用的加密密钥在串行化操作期间应防止持久存储。 信令方法用于通知序列化事件的虚拟机实例，以防止密钥材料被永久存储。

公开(公告)号：US09231923B1

公开(公告)日：2016-01-05

申请号：US14078360

申请日：2013-11-12

Applicant: Amazon Technologies, Inc.

Inventor： Todd Lawrence Cignetti ,  Andrew J. Doane ,  Eric Jason Brandwine ,  Robert Eric Fitzgerald

IPC: H04L29/06

CPC classification number: H04L63/061 ,  G06F9/45533 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/0876

Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.

Abstract translation: 组织使用服务提供商的计算机硬件资源和服务维护和生成大量敏感信息。 此外，需要能够通过使用密钥加密数据并销毁密钥来安全而快速地删除大量的数据。 为确保远程存储的信息得到保护并能够进行安全删除，组织使用的加密密钥在串行化操作期间应防止持久存储。 如果用于加密数据的密钥在序列化操作期间未被暴露，则可能会删除或破坏数据，从而能够销毁使用密钥加密的数据。

公开(公告)号：US20230099597A1

公开(公告)日：2023-03-30

申请号：US18076097

申请日：2022-12-06

Applicant: Amazon Technologies, Inc.

Inventor： Andrew Jeffrey Doane ,  Alexander Edward Schoof ,  Robert Eric Fitzgerald ,  Todd Lawrence Cignetti

IPC: G06F9/455 ,  G06F21/44 ,  H04L9/40 ,  G06Q30/06

Abstract: A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.

公开(公告)号：US11323274B1

公开(公告)日：2022-05-03

申请号：US16018004

申请日：2018-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen ,  Todd Lawrence Cignetti ,  Preston Anthony Elder, III ,  Brandonn Gorman ,  Ronald Andrew Hoskinson ,  Jonathan Kozolchyk ,  Kenneth Lawler ,  Marcel Andrew Levy ,  Kyle Benjamin Schultheiss ,  Sandeep Shantharaj ,  Param Sharma ,  Jose Maria Silveira Neto

IPC: H04L9/32 ,  H04L9/08

Abstract: In an embodiment, a computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by private certificate authorities. In an embodiment, a private certificate authority hosted by the computing resource service provider is able to issue signed certificates to network entities within the customer enterprise. In an embodiment, the certificate management service provides a network-accessible application programming interface to the private certificate authority that allows applications to create and deploy private certificates programmatically. In an embodiment, the system provides the flexibility to create private certificates for applications that require custom certificate lifetimes or resource names.

公开(公告)号：US20200326972A1

公开(公告)日：2020-10-15

申请号：US16914116

申请日：2020-06-26

Applicant: Amazon Technologies, Inc.

Inventor： Andrew Jeffrey Doane ,  Alexander Edward Schoof ,  Robert Eric Fitzgerald ,  Todd Lawrence Cignetti

IPC: G06F9/455 ,  G06F21/44 ,  H04L29/06 ,  G06Q30/06

Abstract: A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.

公开(公告)号：US10263789B1

公开(公告)日：2019-04-16

申请号：US15083060

申请日：2016-03-28

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Stefan Popoveniuc ,  Nicholas James Lynch ,  Preston Anthony Elder, III ,  Param Sharma ,  Todd Lawrence Cignetti ,  Dmitry Berkovich ,  Iftach Ragoler

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/30

Abstract: A service provider network includes a certificate manager that auto-generates and auto-renews security certificates for customers of the provider network. The security certificates may be usable to implement a Secure Sockets Layer (SSL) protocol, or other types of security protocols. The certificate manager generates a public key, private key pair for the customer, generates the certificate signing request (CSR) on behalf of the customer, transmits the CSR to the certificate authority (CA), and binds the resulting CA-generated certificate and private key to whatever internet-facing service the customer chooses (e.g., a load balancer).