Resource locators with keys

US 9,237,019 B2
Filed: 09/25/2013
Issued: 01/12/2016
Est. Priority Date: 09/25/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

under the control of one or more computer systems configured with executable instructions,receiving, from a requestor, a request to perform one or more operations using a cryptographic key lacked by the one or more computer systems prior to receipt of the request, the request including a uniform resource locator that;

indicates the one or more operations;

includes an electronic signature generated by a first entity based at least in part on a portion of the uniform resource locator and secret information inaccessible to the requestor; and

includes the cryptographic key;

making a determination whether the electronic signature is valid;

on a condition that the determination indicates that the electronic signature is valid, using the cryptographic key from the request to perform the indicated one or more operations on data to generate a result of the one or more operations;

providing the result of the one or more operations in accordance with the request; and

after using the cryptographic key from the request to perform the indicated one or more operations on the data, performing one or more operations to lose access to the cryptographic key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.

211 Citations

25 Claims

1. A computer-implemented method, comprising:
- under the control of one or more computer systems configured with executable instructions,receiving, from a requestor, a request to perform one or more operations using a cryptographic key lacked by the one or more computer systems prior to receipt of the request, the request including a uniform resource locator that;
  
  indicates the one or more operations;
  
  includes an electronic signature generated by a first entity based at least in part on a portion of the uniform resource locator and secret information inaccessible to the requestor; and
  
  includes the cryptographic key;
  
  making a determination whether the electronic signature is valid;
  
  on a condition that the determination indicates that the electronic signature is valid, using the cryptographic key from the request to perform the indicated one or more operations on data to generate a result of the one or more operations;
  
  providing the result of the one or more operations in accordance with the request; and
  
  after using the cryptographic key from the request to perform the indicated one or more operations on the data, performing one or more operations to lose access to the cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, wherein:
    - the uniform resource locator further encodes a path that identifies the data; and
      
      using the cryptographic key to perform the indicated one or more operations includes using the encoded path to access the data.
  - 3. The computer-implemented method of claim 1, wherein at least some of the data is supplied by the requestor in the request.
  - 4. The computer-implemented method of claim 1, wherein:
    - the portion of the uniform resource locator indicates an expiration; and
      
      using the cryptographic key to perform the indicated one or more operations is performed on a further condition that the request is received prior to the expiration.
  - 5. The computer-implemented method of claim 1, wherein:
    - receiving the request is performed by a service provider;
      
      the first entity is a customer of the service provider; and
      
      the requestor is not a customer of the service provider.
  - 6. The computer-implemented method of claim 1, wherein using the cryptographic key to perform the indicated one or more operations is performed further on a condition that the request complies with one or more policies configured by the first entity.
  - 7. The computer-implemented method of claim 1, wherein:
    - the request includes information added to an initial uniform resource locator generated by the first entity to generate the request; and
      
      the using the cryptographic key to perform the indicated one or more operations is based at least in part on the information added to the initial uniform resource locator.
  - 8. The computer-implemented method of claim 1, wherein:
    - the uniform resource locator includes the cryptographic key in encrypted form; and
      
      the method further comprises decrypting the cryptographic key in encrypted form prior to using the cryptographic key to perform the indicated one or more operations.

9. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a computer system, cause the computer system to:
- generate first information that encodes a request and a cryptographic key;
  
  generate an electronic signature of information verifiable by a service provider capable of fulfilling the request, the electronic signature based at least in part on a portion of a uniform resource locator and secret information inaccessible to another computer system; and
  
  make available the first information and the electronic signature to enable the other computer system to provide the first information and electronic signature to the service provider to cause the service provider to use the cryptographic key to fulfill the request by at least;
  
  making a determination whether the electronic signature is valid; and
  
  on a condition that the determination indicates that the electronic signature is valid, using the cryptographic key to perform one or more operations on data to generate a result of the one or more operations; and
  
  after using the cryptographic key to perform the one or more operations on the data, performing one or more additional operations to lose access to the cryptographic key.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer-readable storage medium of claim 9, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to generate the uniform resource locator to include the first information and the electronic signature.
  - 11. The non-transitory computer-readable storage medium of claim 9, wherein making available the first information and the electronic signature include providing a webpage configured with the uniform resource locator such that, selected, causes transmission of the request to the service provider that includes the information and electronic signature.
  - 12. The non-transitory computer-readable storage medium of claim 11, wherein the webpage is provided to the other computer system.
  - 13. The non-transitory computer-readable storage medium of claim 9, wherein:
    - the first information further encodes an identifier of the data hosted by the service provider; and
      
      the request specifies the one or more operations to be performed in connection with the data.
  - 14. The non-transitory computer-readable storage medium of claim 9, wherein the first information encodes the cryptographic key in plaintext form.
  - 15. The non-transitory computer-readable storage medium of claim 9, wherein the first information encodes one or more conditions on submission of the request for the request to be fulfillable by the service provider.
  - 16. The non-transitory computer-readable storage medium of claim 9, wherein the first information encodes a manner of how the request is to be fulfilled, where the manner is from a plurality of manners by which the request is fulfillable.

17. A computer system, comprising:
- one or more processors; and
  
  memory storing instructions that, when executed by the one or more processors, cause the computer system to;
  
  generate first information that encodes a request and a cryptographic key;
  
  generate an electronic signature of information verifiable by a service provider capable of fulfilling the request, the electronic signature based at least in part on a portion of a uniform resource locator and secret information inaccessible to another computer system; and
  
  make available the first information and the electronic signature to enable the other computer system to provide the first information and electronic signature to the service provider to cause the service provider to use the cryptographic key to fulfill the request by at least;
  
  making a determination whether the electronic signature is valid; and
  
  on a condition that the determination indicates that the electronic signature is valid, using the cryptographic key to perform one or more operations on data to generate a result of the one or more operations; and
  
  after using the cryptographic key to perform the one or more operations on the data, performing one or more additional operations to lose access to the cryptographic key.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
- - 18. The computer system of claim 17, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to generate the uniform resource locator to include the first information and the electronic signature.
  - 19. The computer system of claim 17, wherein making available the first information and the electronic signature include providing a webpage configured with the uniform resource locator such that, selected, causes transmission of the request to the service provider that includes the information and electronic signature.
  - 20. The computer system of claim 19, wherein the webpage is provided to the other computer system.
  - 21. The computer system of claim 17, wherein:
    - the first information further encodes an identifier of the data hosted by the service provider; and
      
      the request specifies the one or more operations to be performed in connection with the data.
  - 22. The computer system of claim 17, wherein the first information encodes the cryptographic key in plaintext form.
  - 23. The computer system of claim 17, wherein the first information encodes one or more conditions on submission of the request for the request to be fulfillable by the service provider.
  - 24. The computer system of claim 17, wherein the first information encodes a manner of how the request is to be fulfilled, where the manner is from a plurality of manners by which the request is fulfillable.
  - 25. The computer system of claim 17, wherein the secret information comprises a second cryptographic key different from the cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory Branchek, Brandwine, Eric Jason
Primary Examiner(s)
Reza, Mohammad W

Application Number

US14/037,282
Publication Number

US 20150089233A1
Time in Patent Office

839 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 63/123   received data contents, e.g...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

Resource locators with keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

211 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Resource locators with keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

211 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links