Device coordination

US 9,300,639 B1
Filed: 06/13/2013
Issued: 03/29/2016
Est. Priority Date: 06/13/2013
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a plurality of security modules, each security module of the plurality of security modules includes at least one hardware processor and is configured to;

operate in accordance with a state that corresponds to a cryptographic key;

perform cryptographic operations with the cryptographic key; and

require a valid electronic signature from a security module coordinator before updating the state of the plurality of security modules; and

the security module coordinator, the security module coordinator not having access to the cryptographic key and being configured to;

receive a token generated by a security module of the plurality of security modules, the token encoding, using the cryptographic key, a proposed state for the plurality of security modules and a proposed version identifier for the proposed state;

determine, based at least in part on the proposed version identifier and a current version identifier of a current state of the plurality of security modules, whether to synchronize the plurality of security modules to the proposed state; and

generate, based at least in part on the received token, an electronic signature for the token; and

when said determining results in a determination to synchronize the plurality of security modules to the proposed state, provide the token and the generated electronic signature to each of at least a subset of the plurality of security modules with instructions to synchronize to the proposed state.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed computing environment utilizes a cryptography service. The cryptography service manages keys securely on behalf of one or more entities. The service may utilize multiple security modules. A coordinator may coordinate the security modules to ensure that the security modules operate with consistent operational parameters. A security module may propose a set of parameters for acceptance by the coordinator. If accepted, the coordinator may update the security modules in accordance with the proposal.

Citations

26 Claims

1. A system, comprising:
- a plurality of security modules, each security module of the plurality of security modules includes at least one hardware processor and is configured to;
  
  operate in accordance with a state that corresponds to a cryptographic key;
  
  perform cryptographic operations with the cryptographic key; and
  
  require a valid electronic signature from a security module coordinator before updating the state of the plurality of security modules; and
  
  the security module coordinator, the security module coordinator not having access to the cryptographic key and being configured to;
  
  receive a token generated by a security module of the plurality of security modules, the token encoding, using the cryptographic key, a proposed state for the plurality of security modules and a proposed version identifier for the proposed state;
  
  determine, based at least in part on the proposed version identifier and a current version identifier of a current state of the plurality of security modules, whether to synchronize the plurality of security modules to the proposed state; and
  
  generate, based at least in part on the received token, an electronic signature for the token; and
  
  when said determining results in a determination to synchronize the plurality of security modules to the proposed state, provide the token and the generated electronic signature to each of at least a subset of the plurality of security modules with instructions to synchronize to the proposed state.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein:
    - the cryptographic key is from a set of one or more cryptographic keys stored by each of the security modules from the plurality of security modules; and
      
      the token encodes a change to the set of one or more cryptographic keys.
  - 3. The system of claim 1, wherein:
    - determining whether to synchronize the plurality of security modules to the proposed state includes determining whether the proposed version identifier is more recent than the current version identifier; and
      
      determining to synchronize the plurality of security modules to the proposed state requires determining that the proposed version identifier is more recent than the current version identifier.
  - 4. The system of claim 1, wherein each security module from the plurality of security modules is configured to enforce a set of quorum rules before fulfilling a request to provide a requested token.
  - 5. The system of claim 1, wherein:
    - the token includes information of the proposed domain state encrypted under another cryptographic key; and
      
      for each security module of the plurality of security modules;
      
      the security module has access, lacked by the remaining security modules of the plurality of security modules, to a private cryptographic key of a public-private key pair; and
      
      the token includes the other cryptographic key encrypted under a public cryptographic key of the public-private key pair.
  - 6. The system of claim 1, wherein:
    - when said determining results in a determination to not synchronize the plurality of security modules to the proposed state, refraining from generating an electronic signature based at least in part on the token; and
      
      each security module of the plurality of security modules requires a valid electronic signature before fulfilling an instruction to synchronize to a new state.

7. A computer-implemented method for device coordination, comprising:
- under the control of one or more computer systems configured with executable instructions,receiving a proposal generated by a device of a plurality of devices, each of the plurality of devices having a first set of operational parameters including a cryptographic key, the proposal encoding, using the cryptographic key, a second set of operational parameters for the plurality of devices, the device configured to require a valid instruction from an authorized external source before updating to operate in accordance with the proposal;
  
  determining whether the proposal conflicts with one or more previously received proposals; and
  
  when said determining results in a determination that the proposal is unconflicting with one or more previously received proposals, causing each device of the plurality of devices to replace the first set of operational parameters with the second set of operational parameters.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The computer-implemented method of claim 7, wherein causing each device of the plurality of devices to operate in accordance with the second set of operational parameters includes issuing an update instruction to the device with an electronic signature verifiable by the device.
  - 9. The computer-implemented method of claim 7, wherein:
    - the devices are security modules; and
      
      the second set of operational parameters includes a set of cryptographic keys usable by the security modules for performing cryptographic operations.
  - 10. The computer-implemented method of claim 7, wherein:
    - the proposal has an identifier for the second set of operational parameters; and
      
      determining whether the proposal conflicts with one or more previously received proposals is based at least in part on the identifier relative to one or more other identifiers for the one or more previously received proposals.
  - 11. The computer-implemented method of claim 7, wherein the proposal is a token that encrypts at least one member of the second set of operational parameters.
  - 12. The computer-implemented method of claim 7, wherein the proposal is received in a request transmitted from another device that is outside of the plurality of devices.
  - 13. The computer-implemented method of claim 7, wherein the proposal includes, for each device of the plurality of devices, an encrypted replica encoding at least one operational parameter from the second set of operational parameters, each replica encrypted under a different cryptographic key.

14. A device, comprising:
- one or more processors; and
  
  memory including instructions that, when executed by the one or more processors, cause the device to;
  
  generate a proposal encoding, using a cryptographic key, a proposed set of operational parameters for a plurality of devices that includes the device, the proposed set of operational parameters differing from a current set of operational parameters in accordance with which the device operates, the current set of operational parameters including the cryptographic key;
  
  provide the generated proposal; and
  
  operate in accordance with the proposed set of operational parameters as a result of receiving an instruction to operate in accordance with the proposed set of operational parameters from a coordinator device authorized to transmit the instruction, the coordinator device not having access to the cryptographic key.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The device of claim 14, wherein:
    - the current set of operational parameters includes a set of quorum rules;
      
      the instructions further cause the device to;
      
      receive a request to provide the proposal;
      
      determine whether the request was generated in compliance with the set of quorum rules; and
      
      require that the request be generated in compliance with the set of quorum rules before generating the proposal.
  - 16. The device of claim 14, wherein providing the generated proposal includes transmitting the generated proposal to another device different from the coordinator device.
  - 17. The device of claim 14, wherein the proposal includes, for each device of the plurality of devices, an encrypted replica encoding at least one operational parameter from the proposed set of operational parameters, each replica encrypted under a different public key corresponding to a private key accessible by a corresponding device of the plurality of devices.
  - 18. The device of claim 14, wherein:
    - the proposed set of operational parameters includes a set of cryptographic keys; and
      
      the device is a security module of a plurality of security modules configured to perform cryptographic operations using the set of cryptographic keys.
  - 19. The device of claim 14, wherein the proposed set of operational parameters includes information identifying one or more operators to be authorized to cause the devices to perform operations.
  - 20. The device of claim 14, wherein:
    - the instructions, when executed by the one or more processors, further cause the device to determine whether the coordinator device is authorized by a current set of operational parameters installed to the device, to provide the instruction; and
      
      operating in accordance with the proposed set of operational parameters is dependent on determining that the coordinator device is authorized by the current set of operational parameters to provide the instruction.

21. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a computer system, cause the computer system to participate in synchronization a plurality of devices that includes the computer system by at least:
- receiving a request to change a current set of operational parameters including a current cryptographic key installed to the plurality of devices;
  
  providing, to a coordinator system not having access to the current cryptographic key, a response to the request that includes a proposed set of operational parameters for the plurality of devices;
  
  receiving the proposed set of operational parameters from the coordinator system; and
  
  as a result of receiving the proposed set of operational parameters from the coordinator system, updating the current set of operational parameters to the proposed set of operational parameters.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The non-transitory computer-readable storage medium of claim 21, wherein:
    - receiving the proposed set of operational parameters from the coordinator system includes receiving a request to update from the coordinator system;
      
      the instructions further cause the computer system to verify an electronic signature provided with the request to update to verify the authenticity of the request to update; and
      
      updating to operate in accordance with the proposed set of operational parameters requires the electronic signature to be verified.
  - 23. The non-transitory computer-readable storage medium of claim 21, whereinthe proposed set of operational parameters includes a new cryptographic key to replace the current cryptographic key and to be added to a set of keys common to each of the plurality of devices.
  - 24. The non-transitory computer-readable storage medium of claim 21, whereinupdating to operate in accordance with the proposed set of operational parameters includes losing access to the cryptographic key.
  - 25. The non-transitory computer-readable storage medium of claim 21, wherein the proposed set of operational parameters includes at least one operational parameter encrypted so as to be inaccessible to the coordinator system, but accessible to each of the plurality of devices.
  - 26. The non-transitory computer-readable storage medium of claim 21, wherein the instructions further cause the computer system to:
    - verify that the request to change the current set of operational parameters was generated in accordance with a set of quorum rules of the current set of operational parameters; and
      
      require that the request be generated in accordance with the set of quorum rules before providing the proposed set of operational parameters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory Branchek, Wren, Matthew James, Brandwine, Eric Jason, Pratt, Brian Irl
Primary Examiner(s)
Lemma, Samson
Assistant Examiner(s)
An, Wayne

Application Number

US13/916,915
Time in Patent Office

1,020 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 2209/68   Special signature format, e...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/102   Entity profiles

H04L 63/205   involving negotiation or de...

H04L 9/08   Key distribution or managem...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3213   using tickets or tokens, e....

Device coordination

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Device coordination

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links