Resource locators with keys

US 9,819,654 B2
Filed: 01/11/2016
Issued: 11/14/2017
Est. Priority Date: 09/25/2013
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

one or more processors; and

memory including instructions that, as a result of execution by the one or more processors, cause the system to;

receive a request associated with a first entity, the request including a pre-generated portion that includes authorization information generated by a second entity and a cryptographic key, wherein the authorization information includes an electronic signature generated based at least in part on a signing key associated with the second entity;

on a condition that the authorization information is determined to indicate authorization by the second entity to fulfill the request, fulfill the request at least in part by performing one or more operations using the cryptographic key by at least using a plaintext version of the cryptographic key as input into a cryptographic algorithm, wherein the authorization information indicating authorization by the second entity requires the electronic signature to be valid; and

provide a result of the performed one or more operations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.

220 Citations

22 Claims

1. A system, comprising:
- one or more processors; and
  
  memory including instructions that, as a result of execution by the one or more processors, cause the system to;
  
  receive a request associated with a first entity, the request including a pre-generated portion that includes authorization information generated by a second entity and a cryptographic key, wherein the authorization information includes an electronic signature generated based at least in part on a signing key associated with the second entity;
  
  on a condition that the authorization information is determined to indicate authorization by the second entity to fulfill the request, fulfill the request at least in part by performing one or more operations using the cryptographic key by at least using a plaintext version of the cryptographic key as input into a cryptographic algorithm, wherein the authorization information indicating authorization by the second entity requires the electronic signature to be valid; and
  
  provide a result of the performed one or more operations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the pre-generated portion is formatted as a uniform resource locator.
  - 3. The system of claim 1, wherein:
    - the one or more operations include accessing data stored by the second entity in encrypted form and decrypting the data using the cryptographic key; and
      
      providing the result includes transmitting the decrypted data to the first entity.
  - 4. The system of claim 1, wherein:
    - the request further comprises data additional to the pre-generated portion; and
      
      performing the one or more operations using the cryptographic key comprises performing one or more cryptographic operations on the data additional to the pre-generated portion.
  - 5. The system of claim 1, wherein the authorization information includes an electronic signature generated using secret information inaccessible to the first entity.
  - 6. The system of claim 1, wherein:
    - the authorization information specifies one or more conditions on a context for submission of the request; and
      
      performing one or more operations using the cryptographic key is further performed on a condition that the request is received in compliance with the one or more conditions.
  - 7. The system of claim 6, wherein the one or more conditions define a duration of time during which the request is fulfillable.
  - 8. The system of claim 1, wherein:
    - the system further comprises the first entity and a customer system different from the first entity; and
      
      the customer system provides a representation of the request for use in submitting the request thereby enabling the request to be received from the first entity.
  - 9. The system of claim 1, wherein the cryptographic key includes one of a plaintext symmetric key, a plaintext public key of a public-private key pair, or an encrypted symmetric key.

10. A computer-implemented method, comprising:
- receiving a request to perform one or more operations using a cryptographic key lacked by the one or more computer systems prior to receipt of the request, the request associated with a first entity and including a pre-generated portion that includes authorization information generated by a second entity and a cryptographic key, wherein the authorization information includes an electronic signature generated based at least in part on a signing key associated with the second entity;
  
  on a condition that the authorization information is determined to indicate authorization by the second entity to fulfill the request, fulfill the request at least in part by performing one or more operations using the cryptographic key by at least using a plaintext version of the cryptographic key as an input into a cryptographic algorithm, wherein the authorization information indicating authorization by the second entity requires the electronic signature to be valid; and
  
  providing the result of the one or more operations in accordance with the request.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computer-implemented method of claim 10, wherein:
    - the one or more operations include accessing data stored by the second entity in encrypted form and decrypting the data using the cryptographic key; and
      
      providing the result includes transmitting the decrypted data to the first entity.
  - 12. The computer-implemented method of claim 10, wherein:
    - the request further comprises data additional to the pre-generated portion; and
      
      performing the one or more operations using the cryptographic key comprises performing one or more cryptographic operations on the data additional to the pre-generated portion.
  - 13. The computer-implemented method of claim 10, wherein:
    - the authorization information specifies one or more conditions on a context for submission of the request; and
      
      performing one or more operations using the cryptographic key is further performed on a condition that the request is received in compliance with the one or more conditions.
  - 14. The computer-implemented method of claim 10, wherein the signing key and the cryptographic key are different.

15. A non-transitory computer-readable storage medium having stored thereon instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to:
- generate information that encodes a request and a cryptographic key;
  
  generate authorization information verifiable by a service provider capable of fulfilling the request, wherein the authorization information including an electronic signature generated based at least in part on a signing key and wherein the authorization information indicating authorization to fulfill the request requires the electronic signature to be valid; and
  
  make available the information and the authorization information to enable the information and authorization information to be provided to the service provider to cause the service provider to use the cryptographic key to fulfill the request by at least using a plaintext version of the cryptographic key as input into a cryptographic algorithm.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein making available the information and the authorization information includes generating a uniform resource locator that includes the information and the authorization information.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein making available the information and the authorization information includes providing a webpage configured with a selectable element that, when selected, causes transmission of the request to the service provider that includes the information and authorization information.
  - 18. The non-transitory computer-readable storage medium of claim 17, wherein providing the webpage includes providing the webpage to a third party different from the service provider.
  - 19. The non-transitory computer-readable storage medium of claim 15, wherein:
    - the information further encodes an identifier of a resource hosted by the service provider; and
      
      the request specifies one or more operations to be performed in connection with the resource.
  - 20. The non-transitory computer-readable storage medium of claim 15, wherein the information encodes the cryptographic key in plaintext form.
  - 21. The non-transitory computer-readable storage medium of claim 15, wherein the information encodes one or more conditions on submission of the request for the request to be fulfillable by the service provider.
  - 22. The non-transitory computer-readable storage medium of claim 15, wherein the information encodes a manner of how the request is to be fulfilled, where the manner is from a plurality of manners by which the request is fulfillable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory Branchek, Brandwine, Eric Jason
Primary Examiner(s)
Reza, Mohammad W

Application Number

US14/992,599
Publication Number

US 20160127330A1
Time in Patent Office

673 Days
Field of Search

713168
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 63/123   received data contents, e.g...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

Resource locators with keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

220 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Resource locators with keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

220 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links