Transparently scalable virtual hardware security module

US 10,461,943 B1
Filed: 11/14/2016
Issued: 10/29/2019
Est. Priority Date: 11/14/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

under the control of a hardware security module (HSM);

obtaining, from a client computer system, a client identity certificate, the client identity certificate being a digital certificate that comprises a client identity public key, the client identity public key associated with a client identity private key;

generating an instance identity certificate, wherein the instance identity certificate comprises an instance identity public key and is digitally signed by a HSM service key and an HSM manufacturer key, the instance identity public key associated with an instance identity private key;

issuing a certificate signing request that includes the instance identity certificate;

establishing a cryptographically protected communication session with the client computer system;

via the cryptographically protected communication session, obtaining a client instance identity certificate (CIIC), wherein validity of the CIIC is verifiable using at least the client identity public key;

using at least the client identity public key to verify that the CIIC is valid and digitally signed using the client identity private key;

generating an instance application certificate, wherein the instance application certificate comprises an instance application public key and is digitally signed by the instance identity private key, the instance application public key associated with an instance application private key;

making the instance application certificate available via the cryptographically protected communication session;

obtaining a client application certificate, wherein the client application certificate comprises a client application public key and is digitally signed by the client identity private key; and

verifying, using at least the client identity public key, the client application certificate is valid and digitally signed using the client identity private key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A virtual hardware security module (“HSM”) is used to perform cryptographic operations. The virtual HSM may provision and coordinate requests between one or more HSMs within a fleet of HSMs. A set of cryptographic keys and/or digital certificates may be exchanged between a client and the virtual HSM such that the client and the virtual HSM may communicate with each other via a cryptographically protected communication session. The fleet of HSMs of a virtual HSM may be scaled up or scaled down according to various criteria. Cryptographic key material may be propagated between HSMs of the fleet using a fleet transfer key. Digital certificates may be used to demonstrate that one or more cryptographic keys were generated by a service provider and/or manufacturer.

46 Citations

View as Search Results

20 Claims

1. A computer-implemented method, comprising:
- under the control of a hardware security module (HSM);
  
  obtaining, from a client computer system, a client identity certificate, the client identity certificate being a digital certificate that comprises a client identity public key, the client identity public key associated with a client identity private key;
  
  generating an instance identity certificate, wherein the instance identity certificate comprises an instance identity public key and is digitally signed by a HSM service key and an HSM manufacturer key, the instance identity public key associated with an instance identity private key;
  
  issuing a certificate signing request that includes the instance identity certificate;
  
  establishing a cryptographically protected communication session with the client computer system;
  
  via the cryptographically protected communication session, obtaining a client instance identity certificate (CIIC), wherein validity of the CIIC is verifiable using at least the client identity public key;
  
  using at least the client identity public key to verify that the CIIC is valid and digitally signed using the client identity private key;
  
  generating an instance application certificate, wherein the instance application certificate comprises an instance application public key and is digitally signed by the instance identity private key, the instance application public key associated with an instance application private key;
  
  making the instance application certificate available via the cryptographically protected communication session;
  
  obtaining a client application certificate, wherein the client application certificate comprises a client application public key and is digitally signed by the client identity private key; and
  
  verifying, using at least the client identity public key, the client application certificate is valid and digitally signed using the client identity private key.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-implemented method of claim 1, wherein:
    - there is a first chain of trust between a service certificate authority and the instance identity certificate, the first chain of trust being verifiable based at least in part on the digital signature by the HSM service key; and
      
      there is a second chain of trust between a manufacturer certificate authority and the instance identity certificate, the second chain of trust being verifiable based at least in part on the digital signature by the HSM manufacturer key.
  - 3. The computer-implemented method of claim 1, wherein communications over the cryptographically protected communication session are encrypted to comply with FIPS 140-2 encryption standard.
  - 4. The computer-implemented method of claim 1, wherein the client identity certificate is stored in persistent storage.

5. A non-transitory computer-readable storage medium storing executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least:
- make a client identity certificate available to a virtual hardware security module (HSM), wherein the client identity certificate comprises a client identity public key and is digitally signed by a client identity private key;
  
  obtain a certificate signing request including an instance identity certificate, wherein the instance identity certificate comprises an instance identity public key and is digitally signed by an instance identity private key;
  
  digitally sign the certificate signing request;
  
  provide the digitally signed certificate signing request to the virtual HSM;
  
  obtain an instance application certificate, wherein the instance application certificate comprises an instance application public key and is digitally signed by an instance identity private key; and
  
  verify, using at least the instance identity public key, the instance application certificate is valid and digitally signed using the instance identity private key.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The non-transitory computer-readable storage medium of claim 5, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to:
    - generate a client application certificate, wherein the client application certificate comprises a client application public key and is digitally signed by the client identity private key; and
      
      make the client application certificate available to the virtual HSM.
  - 7. The non-transitory computer-readable storage medium of claim 6, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to establish a cryptographically protected communication session with the virtual HSM using at least the client application certificate to demonstrate the computer system'"'"'s identity and using at least the instance application certificate to verify the virtual HSM'"'"'s identity.
  - 8. The non-transitory computer-readable storage medium of claim 7, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to:
    - provide a plurality of requests to the virtual HSM via the cryptographically protected communication session;
      
      obtain a first response to a first request of the plurality of requests, wherein the first request is fulfilled at least in part by a first HSM of the virtual HSM; and
      
      obtain a second response to a second request of the plurality of requests, wherein the second request is fulfilled at least in part by a second HSM of the virtual HSM.
  - 9. The non-transitory computer-readable storage medium of claim 5, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to verify the validity of the instance identity certificate by at least establishing a first chain of trust to a service certificate authority based at least in part on a first digital signature of the instance identity certificate and establishing a second chain of trust to a manufacturer certificate authority based at least in part on a second digital signature of the instance identity certificate.
  - 10. The non-transitory computer-readable storage medium of claim 9, wherein at least one of the first chain of trust or the second chain of trust includes one or more intermediate certificates between a root certificate authority and the instance identity key, the root certificate authority being either the service certificate authority or the manufacturer certificate authority.
  - 11. The non-transitory computer-readable storage medium of claim 5, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to:
    - establish a cryptographically protected communication session;
      
      the digitally signed certificate signing request is provided to the virtual HSM via the cryptographically protected communication session; and
      
      the instance application certificate is obtained via the cryptographically protected communication session.
  - 12. The non-transitory computer-readable storage medium of claim 5, wherein format of the certificate signing request is in accordance with PKCS #10 specification.

13. A system, comprising:
- one or more processors; and
  
  one or more memories storing instructions that, as a result of execution by the one or more processors, cause the system to;
  
  make a client identity certificate available to a virtual hardware security module (HSM), wherein the client identity certificate comprises a client identity public key and is digitally signed by a client identity private key;
  
  obtain a certificate signing request including an instance identity certificate, wherein the instance identity certificate comprises an instance identity public key and is digitally signed by an instance identity private key;
  
  digitally sign the certificate signing request;
  
  provide the digitally signed certificate signing request to the virtual HSM;
  
  obtain an instance application certificate, wherein the instance application certificate comprises an instance application public key and is digitally signed by an instance identity private key; and
  
  verify, using at least the instance identity public key, the instance application certificate is valid and digitally signed using the instance identity private key.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the system to:
    - generate a client application certificate, wherein the client application certificate comprises a client application public key and is digitally signed by the client identity private key; and
      
      make the client application certificate available to the virtual HSM.
  - 15. The system of claim 14, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the system to establish a cryptographically protected communication session with the virtual HSM using at least the client application certificate to demonstrate the system'"'"'s identity and using at least the instance application certificate to verify the virtual HSM'"'"'s identity.
  - 16. The system of claim 15, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the system to:
    - provide a plurality of requests to the virtual HSM via the cryptographically protected communication session;
      
      obtain a first response to a first request of the plurality of requests, wherein the first request is fulfilled at least in part by a first HSM of the virtual HSM; and
      
      obtain a second response to a second request of the plurality of requests, wherein the second request is fulfilled at least in part by a second HSM of the virtual HSM.
  - 17. The system of claim 13, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the system to verify the validity of the instance identity certificate by at least establishing a first chain of trust to a service certificate authority based at least in part on a first digital signature of the instance identity certificate and establishing a second chain of trust to a manufacturer certificate authority based at least in part on a second digital signature of the instance identity certificate.
  - 18. The system of claim 17, wherein at least one of the first chain of trust or the second chain of trust includes one or more intermediate certificates between a root certificate authority and the instance identity key, the root certificate authority being either the service certificate authority or the manufacturer certificate authority.
  - 19. The system of claim 13, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the system to:
    - establish a cryptographically protected communication session;
      
      the digitally signed certificate signing request is provided to the virtual HSM via the cryptographically protected communication session; and
      
      the instance application certificate is obtained via the cryptographically protected communication session.
  - 20. The system of claim 13, wherein format of the certificate signing request is in accordance with PKCS #10 specification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Norum, Steven Preston Lightner
Primary Examiner(s)
King, John B
Assistant Examiner(s)
Dhruv, Darshan I

Application Number

US15/351,255
Time in Patent Office

1,079 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 9/0897   involving additional device...

H04L 9/12   Transmitting and receiving ...

H04L 9/3247   involving digital signatures

H04L 9/3265   using certificate chains, t...

H04L 9/3268   using certificate validatio...

Transparently scalable virtual hardware security module

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Transparently scalable virtual hardware security module

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links