公开(公告)号：US12058113B2

公开(公告)日：2024-08-06

申请号：US16903873

申请日：2020-06-17

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen ,  Matthew J. Campagna

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/40 ,  H04L9/32

CPC classification number: H04L63/045 ,  H04L9/14 ,  H04L63/205

Abstract: A first computing system establishes a cryptographically protected communication session with a second computing system by proposing a hybrid cryptographic scheme. In response to the proposed hybrid cryptographic scheme, a second computing system transmits cryptographic materials to the first computing system, and the first computing system transmits cryptographic materials to the second computing system. Using the cryptographic materials, two or more cryptographic keys are derived. One cryptographic key is used to perform an inner cryptographic operation on one or more data items, and another cryptographic key is used to perform an outer cryptographic operation on the one or more data items that have been cryptographically protected by the inner cryptographic operation.

公开(公告)号：US12095909B1

公开(公告)日：2024-09-17

申请号：US16588918

申请日：2019-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Matthew J. Campagna ,  Jin Peng ,  Jason Wrang

IPC: H04L9/08 ,  H04L9/14

CPC classification number: H04L9/0866 ,  H04L9/0825 ,  H04L9/0869 ,  H04L9/0891

Abstract: A customer of a computing resource provider is associated with a key provided by a key management system. When the key is generated, a value is generated and encrypted with the key. In response to a detection of a trigger to re-encrypt the customer's key, the encrypted value is used to verify validity of the re-encrypted customer's key before committing it to storage and made available for use.

公开(公告)号：US20240340273A1

公开(公告)日：2024-10-10

申请号：US18745913

申请日：2024-06-17

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen ,  Matthew J. Campagna

IPC: H04L9/40 ,  H04L9/14

CPC classification number: H04L63/045 ,  H04L9/14 ,  H04L63/205

Abstract: A first computing system establishes a cryptographically protected communication session with a second computing system by proposing a hybrid cryptographic scheme. In response to the proposed hybrid cryptographic scheme, a second computing system transmits cryptographic materials to the first computing system, and the first computing system transmits cryptographic materials to the second computing system. Using the cryptographic materials, two or more cryptographic keys are derived. One cryptographic key is used to perform an inner cryptographic operation on one or more data items, and another cryptographic key is used to perform an outer cryptographic operation on the one or more data items that have been cryptographically protected by the inner cryptographic operation.