Preventing persistent storage of cryptographic information using signaling

US 10,178,077 B2
Filed: 06/06/2017
Issued: 01/08/2019
Est. Priority Date: 11/12/2013
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:

cause a virtual machine instance to be executed under the control of a hypervisor that manages interaction between the virtual machine instance and hardware of the computer system;

determine a memory location of the virtual machine instance containing a cryptographic key;

determine a serialization event of at least a portion of the virtual machine instance will occur;

generate serialization data associated with the virtual machine instance, the serialization data lacking the cryptographic key based at least in part on the hypervisor not serializing data stored in the memory location; and

transmit, in response to restarting the virtual machine instance, a request to a security module to restore the cryptographic key to the virtual machine instance.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations.

63 Citations

20 Claims

1. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
- cause a virtual machine instance to be executed under the control of a hypervisor that manages interaction between the virtual machine instance and hardware of the computer system;
  
  determine a memory location of the virtual machine instance containing a cryptographic key;
  
  determine a serialization event of at least a portion of the virtual machine instance will occur;
  
  generate serialization data associated with the virtual machine instance, the serialization data lacking the cryptographic key based at least in part on the hypervisor not serializing data stored in the memory location; and
  
  transmit, in response to restarting the virtual machine instance, a request to a security module to restore the cryptographic key to the virtual machine instance.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The non-transitory computer-readable storage medium of claim 1, wherein the instructions that cause the computer system to generate serialization data further comprise instructions that, if executed by the one or more processors, cause the computer system to generate the serialization data based at least in part on receiving an indication from the virtual machine instance that the cryptographic key is duplicated outside of the memory location.
  - 3. The non-transitory computer-readable storage medium of claim 1, wherein the instructions further comprise instructions that, if executed by the one or more processors, cause the computer system to at least:
    - cause the virtual machine instance to be restarted after the serialization event.
  - 4. The non-transitory computer-readable storage medium of claim 3, wherein the instructions that cause the computer system to transmit the request to the security module to restore the cryptographic key to the virtual machine instance further comprise instructions that, if executed by the one or more processors, cause the computer system to transmit the request based at least in part on the virtual machine instance registering a function with the hypervisor.
  - 5. The non-transitory computer-readable storage medium of claim 1, wherein the instructions that cause the computer system to determine the memory location further comprise instructions that, if executed by the one or more processors, cause the computer system to determine an ephemeral key area that is indicated by a service provider not to be written to persistent storage.
  - 6. The non-transitory computer-readable storage medium of claim 1, wherein the instructions that cause the computer system to determine the memory location further comprise instructions that, if executed by the one or more processors, cause the computer system to determine the memory location by at least obtaining the memory location from instance metadata.

7. A system, comprising:
- one or more processors; and
  
  memory that includes instructions that, if executed by the one or more processors, cause the system to at least;
  
  cause a hypervisor and a guest virtual machine to be executed;
  
  determine a memory location of the guest virtual machine to contain a cryptographic key;
  
  cause the cryptographic key to be stored in the memory location such that the cryptographic key is accessible to the guest virtual machine;
  
  determine a serialization event will occur;
  
  generate serialization data of the guest virtual machine that lacks serialized data associated with the memory location; and
  
  transmit, in response to restarting the guest virtual machine, a request to a cryptographic security module to restore the cryptographic key to the guest virtual machine.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the memory further includes instructions that, if executed by the one or more processors, cause the system to cause the hypervisor to obtain the cryptographic key from a security module executed by the system and store the cryptographic key to the memory location.
  - 9. The system of claim 7, wherein the memory further includes instructions that, if executed by the one or more processors, cause the system to generate an audit log including information associated with a use of the cryptographic key by the guest virtual machine.
  - 10. The system of claim 9, wherein the memory further includes instructions that, if executed by the one or more processors, cause the system to perform the serialization event based at least in part on receiving an indication from the guest virtual machine that the cryptographic key has not been exposed based at least in part on the audit log.
  - 11. The system of claim 7, wherein the memory further includes instructions that, if executed by the one or more processors, cause the system to perform the serialization event based at least in part on receiving an indication from the guest virtual machine that the cryptographic key has been destroyed.
  - 12. The system of claim 7, wherein the memory further includes instructions that, if executed by the one or more processors, cause the system to request the cryptographic key be restored by a cryptographic security module based at least in part on calling a second function after the serialization event.

13. A computer-implemented method, comprising:
- causing a hypervisor and a virtual machine instance to be launched;
  
  receiving an indication of a memory location of the virtual machine instance not to be persisted in plaintext data during a serialization event;
  
  detecting that a serialization will be completed;
  
  generating serialization data as part of the serialization event such that the serialization lacks plaintext data associated with the memory location; and
  
  transmitting, in response to restarting the virtual machine instance, a request to a security module to restore a cryptographic key to the virtual machine instance.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computer-implemented method of claim 13, wherein the memory location further comprises a storage location for the virtual machine instance to maintain a cryptographic key used to encrypt data generated by the virtual machine instance such that the storage location is not included in the serialization data.
  - 15. The computer-implemented method of claim 14, wherein the computer-implemented method further comprises transmitting a request for the cryptographic key to a security module on behalf of the virtual machine instance.
  - 16. The computer-implemented method of claim 15, wherein the computer-implemented method further comprises:
    - encrypting data stored in the memory location with the cryptographic key; and
      
      destroying the cryptographic key prior to generating the serialization data.
  - 17. The computer-implemented method of claim 13, wherein the computer-implemented method further comprises generating an audit log indicating access to the memory location.
  - 18. The computer-implemented method of claim 13, wherein causing the hypervisor to generate the serialization data further comprises waiting for a response indicating that the memory location has been overwritten before generating the serialization data.
  - 19. The computer-implemented method of claim 18, wherein the computer-implemented method further comprises:
    - after completion of the serialization event, restoring the cryptographic key by at least transmitting the request for the cryptographic key to the security module on behalf of the virtual machine instance; and
      
      causing the cryptographic key to be stored in the memory location.
  - 20. The computer-implemented method of claim 13, wherein the computer-implemented method further comprises preventing the plaintext data from being stored persistently in the serialization data by at least encrypting the plaintext data with a cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Cignetti, Todd Lawrence, Brandwine, Eric Jason, Fitzgerald, Robert Eric, Doane, Andrew J.
Primary Examiner(s)
Chang, Kenneth W
Assistant Examiner(s)
Lane, Gregory A

Application Number

US15/615,727
Publication Number

US 20170272417A1
Time in Patent Office

581 Days
Field of Search

713155
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/4812   by interrupt, e.g. masked

H04L 63/061   for key exchange, e.g. in p...

Preventing persistent storage of cryptographic information using signaling

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

63 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Preventing persistent storage of cryptographic information using signaling

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others