公开(公告)号：US10909250B2

公开(公告)日：2021-02-02

申请号：US15969695

申请日：2018-05-02

Applicant: Amazon Technologies, Inc.

Inventor： Aleksandrs J. Rudzitis ,  Sreekumar Mukundan Pisharody ,  John Kenneth Beer ,  Benjamin Tillman Farley

IPC: G06F21/60 ,  G06F21/72 ,  H04L9/08

Abstract: A network-based service for the management of cryptographic key, such as a key management service (“KMS”), provides a web service application programming interface (“API”). Cryptographic keys managed by the service may be stored in a one or more network-connected cryptographic devices such as network-connected hardware security modules (“HSM”). The key management service maintains metadata associated with the cryptographic keys. When a request is received by the key management service, the key management service uses an identifier provided with the request to identify metadata associated with a cryptographic key used to fulfill the request. The key management service uses the metadata to identify a cryptographic device containing the cryptographic key. The key management service generates a set of commands for fulfilling the request such that the commands are compatible with a protocol implemented by the identified cryptographic device, and the set of commands are sent to the identified cryptographic device.

公开(公告)号：US11626985B1

公开(公告)日：2023-04-11

申请号：US16699406

申请日：2019-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Rajkumar Copparapu ,  Peter Da-Ming Zieske ,  John Kenneth Beer

IPC: H04L9/08

Abstract: A computer-implemented method for reencrypting data. A key management service receives a web service application programming interface or other request to reencrypt data from a first key to a second key, where the first key and the second key are managed by the key management service on behalf of a user of the service. The key management service response to the request by performing the associated operations and providing a response with the reencrypted data.

公开(公告)号：US20190342079A1

公开(公告)日：2019-11-07

申请号：US15969695

申请日：2018-05-02

Applicant: Amazon Technologies, Inc.

Inventor： Aleksandrs J. Rudzitis ,  Sreekumar Mukundan Pisharody ,  John Kenneth Beer ,  Benjamin Tillman Farley

IPC: H04L9/08 ,  G06F21/72

Abstract: A network-based service for the management of cryptographic key, such as a key management service (“KMS”), provides a web service application programming interface (“API”). Cryptographic keys managed by the service may be stored in a one or more network-connected cryptographic devices such as network-connected hardware security modules (“HSM”). The key management service maintains metadata associated with the cryptographic keys. When a request is received by the key management service, the key management service uses an identifier provided with the request to identify metadata associated with a cryptographic key used to fulfill the request. The key management service uses the metadata to identify a cryptographic device containing the cryptographic key. The key management service generates a set of commands for fulfilling the request such that the commands are compatible with a protocol implemented by the identified cryptographic device, and the set of commands are sent to the identified cryptographic device.

公开(公告)号：US09246686B1

公开(公告)日：2016-01-26

申请号：US14307357

申请日：2014-06-17

Applicant: Amazon Technologies, Inc.

Inventor： Ryan Christopher Holland ,  Thomas Charles Stickle ,  John Kenneth Beer

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L9/3236 ,  H04L9/0863 ,  H04L9/3226 ,  H04L63/083 ,  H04L63/12

Abstract: A technology is described for a salt service. An example method may include generating a salt value and a salt identifier used to reference the salt value in response to a salt value setup request. Storing the salt value in a data store where the salt value may be referenced by the salt identifier. The salt value and the salt identifier may then be provided in response to the salt value setup request to enable the salt identifier to be stored in association with a first hash value generated from the salt value and a customer password for future customer authentications. In response to an authentication request, the salt value may be retrieved from the data store and the salt value may be provided, enabling customer authentication to be performed by comparing the first hash value with a second hash value generated from the salt value and a customer password.

Abstract translation: 描述了一种盐业务的技术。 示例性方法可以包括响应于盐值设置请求产生盐值和用于引用盐值的盐标识符。 将盐值存储在盐值可以由盐标识符引用的数据存储中。 然后可以响应于盐值设置请求提供盐值和盐标识符，以使得能够将盐标识符与从盐值生成的第一散列值和用于未来客户认证的客户密码相关联地存储。 响应于认证请求，可以从数据存储器检索盐值，并且可以提供盐值，使得可以通过将第一散列值与从盐值生成的第二散列值进行比较来执行客户认证，并且客户 密码。