公开(公告)号：US11431514B1

公开(公告)日：2022-08-30

申请号：US16867234

申请日：2020-05-05

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Sarath Geethakumar ,  Krutarth Mukesh Gathani ,  Bruce Cooper ,  Eric Crahen

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/14

Abstract: During provisioning of a biometric device, a hardware root of trust is established between the biometric device and a server. The biometric device includes a cryptographic processor with a first encryption key stored in secure storage. The first encryption key is used to establish a mutually authenticated communication channel with the server. A set of additional encryption keys between the device and the server are established via the communication channel. Biometric data generated by the biometric device is encrypted using the additional keys and digitally signed. The server receives the encrypted and signed data via the communication channel and verifies the signature. Once the signature is verified, the biometric data is then decrypted. The server then processes the decrypted biometric data. Data that does not arrive via the communication channel, that fails the verification, or that fails decryption is deleted or disregarded.

公开(公告)号：US11121869B1

公开(公告)日：2021-09-14

申请号：US16870447

申请日：2020-05-08

Applicant: Amazon Technologies, Inc.

Inventor： Eric Crahen ,  Krutarth Mukesh Gathani

IPC: H04L29/06 ,  H04L9/08 ,  G06F9/54 ,  H04L9/32

Abstract: Cryptographic keys are generated for components of a distributed system in a decentralized manner. A root key is generated for a universe of components, including capturing data and components for processing the data. A cryptographic key for a processing component is derived from the root key and one or more attributes or identifiers of the processing component, which may be provided in a specific region or domain. Cryptographic keys for capturing components (e.g., cameras) within the region or domain are derived from the cryptographic keys of the processing component and one or more attributes or identifiers of the respective capturing components. The capturing components encrypt data using their respective cryptographic keys and transfer the encrypted data to the processing component, which re-derives the cryptographic keys for such capturing components and decrypts the encrypted data using the re-derived cryptographic keys.