公开(公告)号：US20220417036A1

公开(公告)日：2022-12-29

申请号：US17362899

申请日：2021-06-29

Applicant: Amazon Technologies, Inc.

Inventor： Bryan James Donlan ,  Petr Praus ,  Douglas Stewart Laurence ,  Andrew C. Schleit ,  Daniel Leon Gregory Gardner ,  Zaher Dannawi

IPC: H04L9/32 ,  H04L29/06

Abstract: Systems and methods are described for rotating keys in a trust store to be used by a group of peer devices for secure communications between the peers in the group. In some examples, a service, such as an identify authority service, may make a determination that a set of peers that individually trust at least one public key from a group of public keys satisfies a set of conditions. As a result of the determination, the service may update the plurality of public keys by at least removing at least one public key from the group of public keys and indicate the updated plurality of public keys to at least one of the peers in the group. The service may remove the at least one public key from the group upon determining that less than a threshold number of peers in the group use the at least one public key.

公开(公告)号：US10263997B2

公开(公告)日：2019-04-16

申请号：US15217624

申请日：2016-07-22

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Gregory Alan Rubin ,  Matthew John Campagna ,  Petr Praus

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/60 ,  G06F21/64

Abstract: A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.

公开(公告)号：US20190238557A1

公开(公告)日：2019-08-01

申请号：US16380741

申请日：2019-04-10

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Gregory Alan Rubin ,  Matthew John Campagna ,  Petr Praus

IPC: H04L29/06 ,  G06F21/64 ,  G06F21/60

CPC classification number: H04L63/123 ,  G06F21/602 ,  G06F21/604 ,  G06F21/64 ,  G06F21/645 ,  H04L63/061

Abstract: A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.

公开(公告)号：US09405920B1

公开(公告)日：2016-08-02

申请号：US14284266

申请日：2014-05-21

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Gregory Alan Rubin ,  Matthew John Campagna ,  Petr Praus

IPC: G06F21/00 ,  G06F21/60 ,  G06F21/64

CPC classification number: H04L63/123 ,  G06F21/602 ,  G06F21/604 ,  G06F21/64 ,  G06F21/645 ,  H04L63/061

Abstract: A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.

Abstract translation: 系统利用可用于验证明文有效性的信息来执行加密操作。 为了通过提供可用于验证明文有效性的信息来防止提供关于明文的信息，在实体被授权访问明文的条件下，系统提供可用于验证明文的有效性的信息给实体。 可用于验证明文有效性的信息可以与明文一起保持密文，以便在解密时能够验证明文。

公开(公告)号：US11240042B2

公开(公告)日：2022-02-01

申请号：US16826973

申请日：2020-03-23

Applicant: Amazon Technologies, Inc.

Inventor： Slavka Praus ,  Matthew John Campagna ,  Nicholas Alexander Allen ,  Petr Praus

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: A first public key is generated based at least in part on a first plurality of signing keys and a second public key is generated based at least in part on a second plurality of signing keys. The signing keys may be used to generate digital signatures. The second public key may be made available to verify a digital signature generated using a signing key from the second plurality of signing keys. In some cases, a first Merkle tree may be formed by the first public key and the first plurality of signing keys, and a second Merkle tree may be formed by the second public key, the first public key, and the second plurality of signing keys.

公开(公告)号：US20200220735A1

公开(公告)日：2020-07-09

申请号：US16826973

申请日：2020-03-23

Applicant: Amazon Technologies, Inc.

Inventor： Slavka Praus ,  Matthew John Campagna ,  Nicholas Alexander Allen ,  Petr Praus

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: A first public key is generated based at least in part on a first plurality of signing keys and a second public key is generated based at least in part on a second plurality of signing keys. The signing keys may be used to generate digital signatures. The second public key may be made available to verify a digital signature generated using a signing key from the second plurality of signing keys. In some cases, a first Merkle tree may be formed by the first public key and the first plurality of signing keys, and a second Merkle tree may be formed by the second public key, the first public key, and the second plurality of signing keys.

公开(公告)号：US10567394B2

公开(公告)日：2020-02-18

申请号：US16380741

申请日：2019-04-10

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Gregory Alan Rubin ,  Matthew John Campagna ,  Petr Praus

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/60 ,  G06F21/64

Abstract: A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.

公开(公告)号：US10650003B1

公开(公告)日：2020-05-12

申请号：US15087906

申请日：2016-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Alan Rubin ,  Petr Praus ,  Benjamin Tillman Farley

IPC: G06F16/00 ,  G06F16/2457 ,  G06F16/28 ,  G06F16/23

Abstract: A computing resource service receives a request. In response to the request, the computing resource service queries a probabilistic data structure for an entry corresponding to the request. The computing resource service obtains, from the probabilistic data structure, a value that corresponds to the entry. Based at least in part on this value, the computing resource service determines whether the entry has expired. If the entry is expired, the request is fulfilled. However, if the entry has not expired, the request is denied.

公开(公告)号：US10608824B1

公开(公告)日：2020-03-31

申请号：US15402063

申请日：2017-01-09

Applicant: Amazon Technologies, Inc.

Inventor： Slavka Praus ,  Matthew John Campagna ,  Nicholas Alexander Allen ,  Petr Praus

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: A first public key is generated based at least in part on a first plurality of signing keys and a second public key is generated based at least in part on a second plurality of signing keys. The signing keys may be used to generate digital signatures. The second public key may be made available to verify a digital signature generated using a signing key from the second plurality of signing keys. In some cases, a first Merkle tree may be formed by the first public key and the first plurality of signing keys, and a second Merkle tree may be formed by the second public key, the first public key, and the second plurality of signing keys.

公开(公告)号：US20160330214A1

公开(公告)日：2016-11-10

申请号：US15217624

申请日：2016-07-22

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Gregory Alan Rubin ,  Matthew John Campagna ,  Petr Praus

IPC: H04L29/06

CPC classification number: H04L63/123 ,  G06F21/602 ,  G06F21/604 ,  G06F21/64 ,  G06F21/645 ,  H04L63/061

Abstract: A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.

Abstract translation: 系统利用可用于验证明文有效性的信息来执行加密操作。 为了通过提供可用于验证明文有效性的信息来防止提供关于明文的信息，在实体被授权访问明文的条件下，系统提供可用于验证明文的有效性的信息给实体。 可用于验证明文有效性的信息可以与明文一起保持密文，以便在解密时能够验证明文。