Virtual cryptographic module with load balancer and cryptographic module fleet

US 10,447,668 B1
Filed: 11/14/2016
Issued: 10/15/2019
Est. Priority Date: 11/14/2016
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a fleet of hardware security modules comprising a plurality of physical hardware security modules; and

a virtual load balancer comprising a hardware security module interface that;

monitors utilization of the fleet of hardware security modules to generate utilization information about the fleet of hardware security modules;

determines, based at least in part on the utilization information, that at least one condition to scale the fleet of hardware security modules is satisfied;

selects, from a pool of hardware security modules outside of the fleet of hardware security modules, a first hardware security module;

provides, to a second hardware security module that is in the fleet of hardware security modules, a network address of the first hardware security module;

obtains an indication that a cryptographically protected communications session was established between the first hardware security module and the second hardware security module and as a result generates a determination that the first hardware security module has joined the fleet;

updates a fleet directory to include the network address of the first hardware security module, as a result of obtaining the indication;

receives, to the hardware security module interface, a request to perform a cryptographic operation; and

routes the request to the first hardware security module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A virtual cryptographic module is used to perform cryptographic operations. The virtual cryptographic module may include a fleet of cryptographic modules and a load balancer that determines when a cryptographic module should be added to or removed from the fleet. The fleet size may be adjusted based on detecting a set of conditions that includes the utilization level of the fleet. One or more cryptographic modules of the fleet may be used to fulfill requests to perform cryptographic operations. A cryptographic module may be a hardware security module (“HSM”).

23 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a fleet of hardware security modules comprising a plurality of physical hardware security modules; and
  
  a virtual load balancer comprising a hardware security module interface that;
  
  monitors utilization of the fleet of hardware security modules to generate utilization information about the fleet of hardware security modules;
  
  determines, based at least in part on the utilization information, that at least one condition to scale the fleet of hardware security modules is satisfied;
  
  selects, from a pool of hardware security modules outside of the fleet of hardware security modules, a first hardware security module;
  
  provides, to a second hardware security module that is in the fleet of hardware security modules, a network address of the first hardware security module;
  
  obtains an indication that a cryptographically protected communications session was established between the first hardware security module and the second hardware security module and as a result generates a determination that the first hardware security module has joined the fleet;
  
  updates a fleet directory to include the network address of the first hardware security module, as a result of obtaining the indication;
  
  receives, to the hardware security module interface, a request to perform a cryptographic operation; and
  
  routes the request to the first hardware security module.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein:
    - the fleet directory also stores utilization levels for the plurality of physical hardware security modules; and
      
      the virtual load balancer further selects a hardware security module of the fleet of hardware security modules to route the request based at least in part on the utilization levels.
  - 3. The system of claim 1, wherein determining to scale further includes conditions for scaling the fleet of hardware security modules that comprise a condition that utilization of the fleet of hardware security modules exceeds a predetermined threshold.
  - 4. The system of claim 1, wherein the pool of hardware security modules is available to one or more other fleets of hardware security modules.
  - 5. The system of claim 1, wherein the at least one condition to scale the fleet of hardware security modules indicates that the fleet of hardware security modules is to be scaled down.

6. A computer-implemented method, comprising:
- determining that at least one condition for scaling up a fleet of cryptographic modules is satisfied, the fleet of cryptographic modules comprising at least one physical cryptographic module and backing a virtual cryptographic module comprising a cryptographic module interface;
  
  providing, to a first cryptographic module in the fleet of cryptographic modules, information that causes the first cryptographic module to communicate with a second cryptographic module outside of the fleet of cryptographic modules;
  
  verifying that the second cryptographic module has joined the fleet of cryptographic modules by at least obtaining an indication that configuration data of the fleet of cryptographic modules was successfully transmitted through a cryptographically protected session established between the first cryptographic module and the second cryptographic module;
  
  updating, as a result of obtaining the indication, a fleet directory to indicate that the second cryptographic module has been added to the fleet of cryptographic modules; and
  
  causing a request to perform a cryptographic operation received to the cryptographic module interface to be fulfilled using the second cryptographic module.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method of claim 6, further comprising:
    - determining that at least one second condition for scaling down the fleet of cryptographic modules is satisfied;
      
      selecting a third cryptographic module in the fleet of cryptographic modules to remove from the fleet of cryptographic modules;
      
      updating a fleet directory of the virtual cryptographic module to reflect that the third cryptographic module has been selected for removal; and
      
      de-initializing the third cryptographic module by at least erasing one or more cryptographic keys.
  - 8. The method of claim 7, further comprising:
    - providing a network address of the third cryptographic module to a fourth cryptographic module of the fleet of cryptographic modules with an indication that the third cryptographic module is being removed from the fleet of cryptographic modules.
  - 9. The method of claim 7, wherein the de-initializing of the third cryptographic module includes reformatting a subdivision of a disk that includes the one or more cryptographic keys being erased within the third cryptographic module.
  - 10. The method of claim 6, further comprising causing a second request to perform a second cryptographic operation received to the cryptographic module interface to be fulfilled using the first cryptographic module.
  - 11. The method of claim 6, wherein determining the at least one condition for scaling up the fleet of cryptographic modules includes querying one or more cryptographic modules of the fleet of cryptographic modules to determine a utilization level for cryptographic modules of the one or more cryptographic modules of the fleet of cryptographic modules.
  - 12. The method of claim 6, wherein causing the request to be fulfilled using the second cryptographic module includes determining a utilization level of the second cryptographic module.
  - 13. The method of claim 6, wherein the at least one physical cryptographic module of the fleet of cryptographic modules is shared with at least one other fleet of cryptographic modules.

14. A non-transitory computer-readable storage medium comprising executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least:
- detect satisfaction of a condition for scaling a fleet of cryptographic modules, two or more cryptographic modules of the fleet of cryptographic modules sharing copies of shared cryptographic information and performing cryptographic operations based at least in part on the shared cryptographic information;
  
  cause a first cryptographic module in the fleet of cryptographic modules to provide a copy of the shared cryptographic information to a second cryptographic module that is outside of the fleet of cryptographic modules;
  
  obtain an indication that an add operation was completed successfully and the copy of the shared cryptographic information is encrypted;
  
  update, as a result of obtaining the indication, a fleet directory to indicate that the second cryptographic module has been added to the fleet of cryptographic modules; and
  
  cause a first request transmitted by a requestor to a cryptographic module interface associated with the fleet of cryptographic modules to be fulfilled using the second cryptographic module.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to:
    - receive instructions to initialize a virtual hardware security module from a client, the instructions including a digital certificate comprising a cryptographic key;
      
      select a third cryptographic module that is outside of the fleet of cryptographic modules; and
      
      provide instructions to the third cryptographic module to perform an initialization routine using at least the digital certificate.
  - 16. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to:
    - cause a second request transmitted to the cryptographic module interface to be fulfilled by the first cryptographic module, wherein both the first request and the second request are over a Transport Layer Security session.
  - 17. The non-transitory computer-readable storage medium of claim 14, wherein enabling the first cryptographic module to provide cryptographic information to the second cryptographic module includes providing a network address of the second cryptographic module.
  - 18. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to:
    - monitor utilization levels and latencies to the requestor for one or more cryptographic modules of the fleet of cryptographic modules; and
      
      as part of detecting the condition for scaling the fleet of cryptographic modules is satisfied;
      
      calculate a score of the utilization levels of the one or more cryptographic modules, wherein a first cryptographic module of the one or more cryptographic modules performs at a lower latency than a second cryptographic module of the one or more cryptographic modules is more heavily weighted; and
      
      determine whether the score exceeds a threshold.
  - 19. The non-transitory computer-readable storage medium of claim 18, wherein the threshold is adjusted based at least in part on traffic patterns.
  - 20. The non-transitory computer-readable storage medium of claim 14, wherein the first cryptographic module in the fleet of cryptographic modules is a member of a second fleet of cryptographic modules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Norum, Steven Preston Lightner
Primary Examiner(s)
Turchen, James R

Application Number

US15/351,229
Time in Patent Office

1,065 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

H04L 2209/127   Trusted platform modules [TPM]

H04L 2463/062   applying encryption of the ...

H04L 63/0471   applying encryption by an i...

H04L 63/0485   Networking architectures fo...

H04L 63/06   for supporting key manageme...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 9/0822   using key encryption key

H04L 9/0897   involving additional device...

H04L 9/12   Transmitting and receiving ...

H04L 9/3234   involving additional secure...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

Virtual cryptographic module with load balancer and cryptographic module fleet

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual cryptographic module with load balancer and cryptographic module fleet

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links