Resource locators with keys

US 10,412,059 B2
Filed: 10/17/2017
Issued: 09/10/2019
Est. Priority Date: 09/25/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a request for information from a user, the request including a uniform resource locator comprising a first cryptographic key, a portion signed with the first cryptographic key, and an unsigned portion; and

providing access to the information to the user based, at least in part, on the first cryptographic key and on information in the unsigned portion modified by a third party without affecting validity of the signed portion.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.

221 Citations

20 Claims

1. A method, comprising:
- receiving a request for information from a user, the request including a uniform resource locator comprising a first cryptographic key, a portion signed with the first cryptographic key, and an unsigned portion; and
  
  providing access to the information to the user based, at least in part, on the first cryptographic key and on information in the unsigned portion modified by a third party without affecting validity of the signed portion.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, whereinthe method further comprises determining that the signed portion is valid using a second cryptographic key.
  - 3. The method of claim 2, further comprising providing access to the information as a result of determining that the cryptographic signature is valid.
  - 4. The method of claim 2, wherein:
    - the request is provided to the user by an authorizing entity; and
      
      the second cryptographic key is associated with the authorizing entity.
  - 5. The method of claim 1, further comprising acquiring the information by at least performing a cryptographic operation using the first cryptographic key.
  - 6. The method of claim 5, wherein the cryptographic operation comprises decrypting an encrypted version of the information using the first cryptographic key.

7. A system, comprising:
- one or more processors; and
  
  memory including instructions that, as a result of execution by the one or more processors, cause the system to;
  
  receive a request for information from a user, the request including a uniform resource locator that includes a first cryptographic key and an unsigned portion, the first cryptographic key associated with a signed portion of the uniform resource locator; and
  
  provide access to the requested information to the user based, at least in part, on the first cryptographic key and on information in the unsigned portion modified by a third party, the modification by the third party not affecting validity of the signed portion.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, wherein:
    - the request includes a cryptographic signature of the uniform resource locator and the first cryptographic key; and
      
      the instructions further include instructions that, if executed by the one or more processors, determines that the cryptographic signature is valid using a second cryptographic key.
  - 9. The system of claim 8, wherein the instructions further include instructions that, if executed by the one or more processors, causes the system to:
    - provide access to the information as a result of determining that the cryptographic signature is valid.
  - 10. The system of claim 8, wherein:
    - the request is provided to the user by an authorizing entity; and
      
      the second cryptographic key is associated with the authorizing entity.
  - 11. The system of claim 7, wherein the instructions further include instructions that, if executed by the one or more processors, causes the system to:
    - acquire the information by at least performing a cryptographic operation using the first cryptographic key.
  - 12. The system of claim 11, wherein the cryptographic operation comprises decrypting an encrypted version of the information using the first cryptographic key.
  - 13. The system of claim 10, wherein:
    - the second cryptographic key is a public key of a public-private key pair associated with the authorizing entity; and
      
      a private key of the public-private key pair is not accessible to the system.

14. A non-transitory computer-readable storage medium having stored thereon instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to:
- acquire a request, the request including a first cryptographic key, a signed portion, and an unsigned portion of a uniform resource locator, the signed portion associated with the first cryptographic key;
  
  transmit the request; and
  
  receive a response to the request generated based at least in part on the first cryptographic key and information in the unsigned portion, the information in the unsigned portion modified without affecting validity of the signed portion.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further include instructions that, as a result of execution by one or more processors of a computer system, causes the computer system to:
    - receive a cryptographic signature with the request, the cryptographic signature generated with a second cryptographic key; and
      
      transmit the cryptographic signature with the request.
  - 16. The non-transitory computer-readable storage medium of claim 15, wherein the second cryptographic key is not available to the computer system.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein:
    - the second cryptographic key is a private key of a public-private key pair; and
      
      the cryptographic signature is cryptographically verifiable using a public key of the public-private key pair.
  - 18. The non-transitory computer-readable storage medium of claim 14, wherein:
    - the request is in a form of a uniform resource locator for a Web service; and
      
      the request is transmitted to a Web service.
  - 19. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further include instructions that, as a result of being executed by the one or more processors, causes the computer system to:
    - transmit encrypted data with the request, the encrypted data encrypted with the first cryptographic key; and
      
      receive a plaintext version of the encrypted data.
  - 20. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further include instructions that, as a result of being executed by the one or more processors, causes the computer system to:
    - transmit data with the request; and
      
      receive an encrypted version of the data, the encrypted version of the data encrypted with the first cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory Branchek, Brandwine, Eric Jason
Primary Examiner(s)
Reza, Mohammad W

Application Number

US15/786,322
Publication Number

US 20180041480A1
Time in Patent Office

693 Days
Field of Search

713168
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 63/123   received data contents, e.g...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

Resource locators with keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

221 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Resource locators with keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

221 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links