Web of trust management in a distributed system
First Claim
Patent Images
1. A computer-implemented method, comprising:
- under the control of one or more computer systems that execute instructions,obtaining a first version of a domain trust, the first version of the domain trust specifying;
a set of security modules authorized to perform cryptographic operations;
a set of operators; and
a set of quorum rules specifying one or more conditions for a plurality of operators in a subset of the set of operators being authorized to update the domain trust;
obtaining a second version of the domain trust, the second version of the domain trust digitally signed by a first security module; and
as a result of the first security module being outside of the set of security modules specified by the first version of the domain trust, updating to the second version of the domain trust on a condition that the second version of the domain trust is cryptographically verified as a valid successor of the first version of the domain trust, the second version of the domain trust being a valid successor to the first version of the domain trust as a result of being in a chain of domain trust versions including the first version of the domain trust, where each domain trust version in the chain of domain trust versions is generated in compliance with the set of quorum rules of an immediately preceding domain trust version.
1 Assignment
0 Petitions
Accused Products
Abstract
A web of trust is used to validate states of a distributed system. The distributed system operates based at least in part on a domain trust. A root of trust issues the domain trust issues a domain trust. Domain trusts are updatable in accordance with rules of previous domain trusts so that a version of a domain trust is verifiable by verifying a chain of previous domain trust versions.
22 Citations
22 Claims
-
1. A computer-implemented method, comprising:
under the control of one or more computer systems that execute instructions, obtaining a first version of a domain trust, the first version of the domain trust specifying; a set of security modules authorized to perform cryptographic operations; a set of operators; and a set of quorum rules specifying one or more conditions for a plurality of operators in a subset of the set of operators being authorized to update the domain trust; obtaining a second version of the domain trust, the second version of the domain trust digitally signed by a first security module; and as a result of the first security module being outside of the set of security modules specified by the first version of the domain trust, updating to the second version of the domain trust on a condition that the second version of the domain trust is cryptographically verified as a valid successor of the first version of the domain trust, the second version of the domain trust being a valid successor to the first version of the domain trust as a result of being in a chain of domain trust versions including the first version of the domain trust, where each domain trust version in the chain of domain trust versions is generated in compliance with the set of quorum rules of an immediately preceding domain trust version. - View Dependent Claims (2, 3, 4)
-
5. A system, comprising one or more processors and, memory comprising executable instructions that;
- when executed by the one or more processors, cause the system to;
obtain a first version of a domain trust, the first version of the domain trust specifying a first set of operators and a first set of quorum rules defining one or more conditions for a plurality of operators in a subset of the first set of operators being authorized to update the first version of the domain trust; obtain a second version of the domain trust, the second version of the domain trust being different from the first version of the domain trust; determine whether the second version of the domain trust is cryptographically verified as a valid successor of the first version of the domain trust; and as a result of determining that the second version of the domain trust is cryptographically verified as a valid successor to the first version of the domain trust, operate in accordance with the second version of the domain trust. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- when executed by the one or more processors, cause the system to;
-
13. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
-
store a first version of information issued by a domain trust, the first version of the information specifying at least a first set of operators and a first set of quorum rules defining one or more conditions on a plurality of operators in a subset of the first set of operators for creation of an updated version of the information from the first version of the information; obtain a second version of the information that specifies a set of computer systems authorized to perform operations, a plurality of operators in a second set of operators, and a second set of quorum rules defining one or more conditions on the second set of operators for creation of an updated version of the information from the second version of the information; and cryptographically validate the second version of the information as a valid successor to the first version of the information on a condition that the second version obtained was authorized by a subset of the first set of operators in accordance with the first set of quorum rules. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification