FEDERATED KEY MANAGEMENT

US 20170093581A1
Filed: 12/12/2016
Published: 03/30/2017
Est. Priority Date: 02/12/2013
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

one or more processors; and

memory including instructions that, when executed by the one or more processors, cause the computer system to;

store a set of one or more keys in association with a first key;

receive a request that requires use of the first key for fulfillment; and

as a result of the first key being held by a third party, cause the third party to;

use a second key from the set of one or more keys to determine whether the request should be fulfilled; and

as a result of determining that the request should be fulfilled, use the first key to perform one or more cryptographic operations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system. Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches.

11 Citations

View as Search Results

20 Claims

1. A system, comprising:
- one or more processors; and
  
  memory including instructions that, when executed by the one or more processors, cause the computer system to;
  
  store a set of one or more keys in association with a first key;
  
  receive a request that requires use of the first key for fulfillment; and
  
  as a result of the first key being held by a third party, cause the third party to;
  
  use a second key from the set of one or more keys to determine whether the request should be fulfilled; and
  
  as a result of determining that the request should be fulfilled, use the first key to perform one or more cryptographic operations.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the holder of the first key is a third party system.
  - 3. The system of claim 1, wherein the set of one or more keys includes a subset of administrative keys, each usable for electronic signature verification required for changing the set of one or more keys.
  - 4. The system of claim 1, wherein the system is hosted by an entity and the entity lacks access to the first key in plaintext form.
  - 5. The system of claim 1, wherein the request specifies the first key.
  - 6. The system of claim 1, wherein using the second key from the set of one or more keys to determine whether the request should be fulfilled includes using the second key to verify an electronic signature submitted in connection with the request.

7. One or more computer-readable storage media, having stored thereon instructions that, when executed by one or more processors of a computer system, cause the computer system to:
- associate a set of one or more keys with a first key; and
  
  use a second key from the set of one or more keys to determine whether to enable fulfillment of a request by at least causing a holder of the first key to use the first key in one or more cryptographic operations.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The one or more computer-readable storage media of claim 7, wherein the holder of the first key is a third party.
  - 9. The one or more computer-readable storage media of claim 7, wherein:
    - the request is submitted in connection with request information;
      
      the instructions further cause the computer system to verify that one or more conditions on the request information are satisfied; and
      
      satisfaction of the one or more conditions are required for enabling fulfillment of the request.
  - 10. The one or more computer-readable storage media of claim 7, wherein:
    - the set of one or more keys includes a subset of administrative keys; and
      
      each administrative key in the subset of administrative keys is usable to determine whether to fulfill a request to change the set of one or more keys.
  - 11. The one or more computer-readable storage media of claim 7, wherein changing the set of one or more keys includes adding or removing a key from the set of one or more keys.
  - 12. The one or more computer-readable storage media of claim 7, wherein the request is submitted in connection with information identifying the holder of the first key.
  - 13. The one or more computer-readable storage media of claim 7, wherein the holder of the first key is the computer system.

14. A computer-implemented method, comprising:
- under the control of one or more computer systems configured with executable instructions,associating a set of one or more keys with a first key; and
  
  using a second key from the set of one or more keys to determine whether to enable fulfillment of a request by at least causing a holder of the first key to use the first key in one or more cryptographic operations.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer-implemented method of claim 14, wherein the holder of the first key is a third party.
  - 16. The computer-implemented method of claim 14, wherein:
    - the request is submitted in connection with request information;
      
      the instructions further cause the computer system to verify that one or more conditions on the request information are satisfied; and
      
      satisfaction of the one or more conditions are required for enabling fulfillment of the request.
  - 17. The computer-implemented method of claim 14, wherein:
    - the set of one or more keys includes a subset of administrative keys; and
      
      each administrative key in the subset of administrative keys is usable to determine whether to fulfill a request to change the set of one or more keys.
  - 18. The computer-implemented method of claim 14, wherein changing the set of one or more keys includes adding or removing a key from the set of one or more keys.
  - 19. The computer-implemented method of claim 14, wherein the request is submitted in connection with information identifying the holder of the first key.
  - 20. The computer-implemented method of claim 14, wherein the holder of the first key is the computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory Branchek, Wren, Matthew James, Brandwine, Eric Jason, Pratt, Brian Irl

Granted Patent

US 10,666,436 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

FEDERATED KEY MANAGEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

FEDERATED KEY MANAGEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others