中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

119 records (took 0.032 seconds)

    Authenticating Secure Channel Establishment Messages Based on Shared-Secret
    11.
    发明申请
    Authenticating Secure Channel Establishment Messages Based on Shared-Secret 审中-公开

    公开(公告)号:US20190394029A1

    公开(公告)日:2019-12-26

    申请号:US16563687

    申请日:2019-09-06

    Applicant: Amazon Technologies, Inc.

    Inventor: Allan Henry Vermeulen Matthew John Campagna Colm Gearóid MacCárthaigh

    IPC: H04L9/08 H04L9/32 H04L29/06

    Abstract: Systems and processes are described for establishing and using a secure channel. A shared secret may be used for authentication of session initiation messages as well as for generation of a private/public key pair for the session. A number of ways of agreeing on the shared secret are described and include pre-sharing the keys, reliance on a key management system, or via a token mechanism that uses a third entity to manage authentication, for example. In some instances, the third party may also perform endpoint selection by providing a particular endpoint along with the token. The particular cipher suite applied in a particular implementation may be configurable. The process is applicable to either implicit key confirmation (e.g., handshake negotiation) or explicit key confirmation (e.g., full negotiation).

    Key export techniques
    13.
    发明授权
    Key export techniques 有权

    公开(公告)号:US10469477B2

    公开(公告)日:2019-11-05

    申请号:US14675614

    申请日:2015-03-31

    Applicant: Amazon Technologies, Inc.

    Inventor: Matthew John Campagna Gregory Branchek Roth

    IPC: H04L29/06 G06F21/62 H04L9/08

    Abstract: A computer system performs cryptographic operations as a service. The computer system is configured to allow users of the service to maintain control of their respective cryptographic material. The computer system uses inaccessible cryptographic material to encrypt a user's cryptographic material in a token that is then provided to the user. The user is unable to access a plaintext copy of the cryptographic material in the token, but can provide the token back to the service to cause the service to decrypt and use the cryptographic material.

    TRUSTED MALWARE SCANNING
    16.
    发明申请
    TRUSTED MALWARE SCANNING 审中-公开

    公开(公告)号:US20190108343A1

    公开(公告)日:2019-04-11

    申请号:US16195125

    申请日:2018-11-19

    Applicant: Amazon Technologies, Inc.

    Inventor: Eric Jason Brandwine Matthew John Campagna Gregory Alan Rubin

    IPC: G06F21/56 H04L9/32 H04L29/06

    CPC classification number: G06F21/567 H04L9/3247 H04L9/3265 H04L63/0428 H04L63/0823 H04L63/1408 H04L63/18

    Abstract: A trusted co-processor can provide a hardware-based observation point into the operation of a host machine owned by a resource provider or other such entity. The co-processor can be installed via a peripheral card on a fast bus, such as a PCI bus, on the host machine. The co-processor can execute malware detection software, and can use this software to analyze data and/or code obtained from the relevant resources of the host machine. The trusted co-processor can notify the customer or another appropriate entity of the results of the scan, such that an appropriate action can be taken if malware is detected. The results of the scan can be trusted, as malware will be unable to falsify such a notification or modify the operation of the trusted co-processor.

    CONFIGURATION UPDATES FOR ACCESS-RESTRICTED HOSTS
    17.
    发明申请
    CONFIGURATION UPDATES FOR ACCESS-RESTRICTED HOSTS 审中-公开

    公开(公告)号:US20190089541A1

    公开(公告)日:2019-03-21

    申请号:US16179548

    申请日:2018-11-02

    Applicant: Amazon Technologies, Inc.

    Inventor: Justin Lee Werner Gregory Alan Rubin Matthew John Campagna Michael Bentkofsky

    IPC: H04L9/32 H04L12/24 G06F9/4401

    Abstract: A host machine operated for a specific purpose can have restricted access to other components in a multi-tenant environment in order to provide for the security of the host machine. The access restriction can prevent the host machine from obtaining updates to critical system-level configurations, but such information can be obtained through a signed command received to an API for the host machine. The command can be signed by a quorum of operators, and the host machine can be configured to verify the signatures and the quorum before processing the command. The host machine can store the updates to ephemeral storage as well as persistent storage, such that upon a reboot or power cycle the host machine can operate with current configuration data.

    Signature delegation
    18.
    发明授权
    Signature delegation 有权

    公开(公告)号:US10218511B2

    公开(公告)日:2019-02-26

    申请号:US15390176

    申请日:2016-12-23

    Applicant: Amazon Technologies, Inc.

    Inventor: Matthew John Campagna Gregory Alan Rubin Nicholas Alexander Allen Andrew Kyle Driggs Eric Jason Brandwine

    IPC: H04L9/32 H04L9/06 H04L9/08 H04L9/14 H04L9/30

    Abstract: A signature authority generates a master seed value that is used as the root of a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values which are distributed to one or more key generators, each of which generates a set of one-time-use cryptographic keys. Each key generator generates a hash tree from its set of one-time-use cryptographic keys, and the root of its hash tree is returned to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree. The root of the comprehensive hash tree acts as a public key for the signature authority.

Patent Agency Ranking