Negotiating a session with a cryptographic domain

US 9,832,171 B1
Filed: 06/13/2013
Issued: 11/28/2017
Est. Priority Date: 06/13/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

under control of one or more computer systems configured with executable instructions,at a first security module device of a plurality of security module devices;

receiving, from an operator device, a first request for a session key;

in response to the first request, producing an encrypted one or more session keys using a domain key to encrypt one or more session keys with information usable to identify the operator device, the encrypted one or more session keys not decryptable by the operator device, the domain key common to all of the plurality of security module devices, the domain key not common to the operator device;

providing the one or more session keys using an encrypted channel such that the operator device can obtain the one or more session keys in plaintext; and

providing the encrypted one or more session keys to the operator device; and

at a second security module device of the plurality of security module devices;

receiving, from the operator device, a second request to perform a cryptographic operation, the second request including an encrypted session key from the encrypted one or more session keys and a digital signature generated based at least in part on a session key of the one or more session keys;

using the domain key to decrypt the encrypted session key to produce a decrypted session key and decrypted information usable to identify the operator device;

verifying an identity of the operator device using the decrypted information usable to identify the operator device;

verifying the digital signature using the decrypted session key; and

as a result of verifying the operator device and verifying the digital signature;

performing the cryptographic operation;

using the decrypted session key, encrypt a result of performing the cryptographic operation to produce an encrypted result;

electronically shredding the decrypted session key; and

providing the encrypted result to the operator device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of devices are each operable to provide information that is usable for to prove authorization with any of the other devices. The devices may have common access to a cryptographic key. A device may use the cryptographic key to encrypt a session key and provide both the session key and the encrypted session key. Requests to any of the devices can include the encrypted session key and a digital signature generated using the session key. In this manner, a device that receives the request can decrypt the session key and use the decrypted session key to verify the digital signature.

Citations

23 Claims

1. A computer-implemented method, comprising:
- under control of one or more computer systems configured with executable instructions,at a first security module device of a plurality of security module devices;
  
  receiving, from an operator device, a first request for a session key;
  
  in response to the first request, producing an encrypted one or more session keys using a domain key to encrypt one or more session keys with information usable to identify the operator device, the encrypted one or more session keys not decryptable by the operator device, the domain key common to all of the plurality of security module devices, the domain key not common to the operator device;
  
  providing the one or more session keys using an encrypted channel such that the operator device can obtain the one or more session keys in plaintext; and
  
  providing the encrypted one or more session keys to the operator device; and
  
  at a second security module device of the plurality of security module devices;
  
  receiving, from the operator device, a second request to perform a cryptographic operation, the second request including an encrypted session key from the encrypted one or more session keys and a digital signature generated based at least in part on a session key of the one or more session keys;
  
  using the domain key to decrypt the encrypted session key to produce a decrypted session key and decrypted information usable to identify the operator device;
  
  verifying an identity of the operator device using the decrypted information usable to identify the operator device;
  
  verifying the digital signature using the decrypted session key; and
  
  as a result of verifying the operator device and verifying the digital signature;
  
  performing the cryptographic operation;
  
  using the decrypted session key, encrypt a result of performing the cryptographic operation to produce an encrypted result;
  
  electronically shredding the decrypted session key; and
  
  providing the encrypted result to the operator device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein:
    - the second request includes a cryptographic key encrypted under the domain key; and
      
      performing the cryptographic operation includes decrypting the cryptographic key using the domain key to produce a decrypted cryptographic key and using the decrypted cryptographic key to perform the cryptographic operation associated with the second request.
  - 3. The computer-implemented method of claim 1, wherein:
    - the one or more session keys are encrypted with an expiration for the one or more session keys; and
      
      verifying the digital signature includes confirming, based at least in part on the expiration, that the decrypted session key is unexpired.
  - 4. The computer-implemented method of claim 1, wherein:
    - the second request is encrypted under the session key; and
      
      the method further comprises using the session key to decrypt the second request.
  - 5. The computer-implemented method of claim 1, wherein:
    - decrypting the encrypted session key uses a symmetric-key cryptographic algorithm; and
      
      providing the session key includes using an asymmetric-key cryptographic algorithm to transfer the session key to the operator device.
  - 6. The computer-implemented method of claim 1, wherein:
    - the second request is received as a result of receipt of a customer request of a customer of a computing resource service provider that hosts the plurality of security modules.

7. A computer-implemented method, comprising:
- under control of one or more computer systems configured with executable instructions,at a first device, receiving a request to perform a cryptographic operation, the request including;
  
  a first key encrypted based at least in part on a second key that is common to all of a plurality of devices that includes the first device;
  
  information generated based at least in part on the first key in plaintext form; and
  
  authentication information generated based at least in part on the first key; and
  
  at the first device, in response to the request to perform the cryptographic operation;
  
  using the second key to decrypt the encrypted first key to produce a decrypted first key;
  
  using the decrypted first key to verify the authentication information;
  
  determining, based at least in part on the decrypted first key, the information, and the authentication information, whether to perform the cryptographic operation;
  
  performing the cryptographic operation if the determining results in a determination to perform the cryptographic operation; and
  
  using the decrypted first key to encrypt a result of performing the cryptographic operation.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-implemented method of claim 7, wherein the first key is received from a device not in the plurality of devices, the device not having access to the second key.
  - 9. The computer-implemented method of claim 7, wherein:
    - the first key is encrypted by a second device, from the plurality of devices, that provided the encrypted first key to a third device; and
      
      the request is from the third device.
  - 10. The computer-implemented method of claim 7, wherein:
    - the request further includes an expiration for the first key; and
      
      the determination is dependent on the first key being unexpired according to the expiration.
  - 11. The computer-implemented method of claim 7, wherein the plurality of devices are security modules.
  - 12. The computer-implemented method of claim 7, wherein:
    - the request includes data and an encrypted cryptographic key encrypted under the second key;
      
      the method further includes decrypting, using the second key, the encrypted cryptographic key to produce a decrypted cryptographic key; and
      
      performing the cryptographic operation is based at least in part on the data and the decrypted cryptographic key.

13. A system, comprising:
- a plurality of devices, each device of the plurality of devices configured with;
  
  one or more processors; and
  
  memory including instructions, the plurality of devices comprising;
  
  a first device of the plurality of devices including instructions that, when executed by one or more processors of the first device, cause the first device to;
  
  receive, from an operator device, a request for a session key;
  
  generate, based at least in part on a first key, information that is usable, by a second device of the plurality of devices, for causing the second device of the plurality of devices to provide a result of performance of one or more requested cryptographic operations, the first key common to each of a set of devices of the plurality of the devices, the set of devices including the first device, the operator device not in the set of devices, the information at least including;
  
  an encrypted session key generated based at least in part on the first key; and
  
  authentication information generated based at least in part on the session key, the authentication information including a digital signature verifying an identity of the operator device;
  
  provide the authentication information and the session key to the operator device, the session key provided using an encrypted channel such that the operator device obtains the session key in plain text form;
  
  a second device of the plurality of devices including instructions that, when executed by one or more processors of the second device, cause the second device to;
  
  receive, from the operator device, a request to perform the one or more requested cryptographic operations, the request including the information;
  
  decrypt the encrypted session key based at least in part on the first key to generate a decrypted session key;
  
  verify the authentication information using the decrypted-session key;
  
  perform the one or more requested cryptographic operations as a result of verifying the authentication information, the one or more requested cryptographic operations performed based at least in part on the decrypted session key;
  
  electronically shred the decrypted session key; and
  
  provide a result of the one or more requested cryptographic operations, the result encrypted using the decrypted session key.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the request to perform the one or more requested cryptographic operations includes data to be encrypted using the decrypted session key.
  - 15. The system of claim 13, wherein accessing any device of the plurality of devices includes causing a selected device from the plurality of devices to perform, in response to a request, a cryptographic operation of the one or more requested cryptographic operations using a cryptographic key, the request specifying the cryptographic key.
  - 16. The system of claim 13, wherein the devices are security modules.
  - 17. The system of claim 13, wherein the information includes an expiration for the information that limits an amount of time for which the information is usable for access to any device of the plurality of devices.
  - 18. The system of claim 13, wherein generating the information is in response to an authenticated request for the information.

19. One or more non-transitory computer-readable storage media having stored thereon instructions that, when executed by one or more processors of a computer system, cause the computer system to:
- obtain, from a first device, information, generated in response to a request from an operator device to perform a cryptographic operation, at least including;
  
  a first version of a first key in plaintext provided over a secure channel;
  
  a second version of the first key generated by at least encrypting the first key with a second key that is common to each device of a plurality of devices that includes the first device; and
  
  authentication information generated based at least in part on the second version of the first key, the authentication information including a digital signature associated with the operator device;
  
  select, from the plurality of devices, a second device for performing the cryptographic operation, each device of the plurality of devices capable of performing the cryptographic operation;
  
  receive a request to perform the cryptographic operation, the request including the second version of the first key and the authentication information;
  
  generate the first version of the first key by at least decrypting the second version of the first key;
  
  prove authorization by at least using the first version of the first key to verify the authentication information including at least the digital signature; and
  
  as a result of proving authorization,cause the second device to perform the cryptographic operation; and
  
  encrypt a result of the cryptographic operation, the result encrypted based at least in part on the first version of the first key.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The one or more non-transitory computer-readable storage media of claim 19, wherein:
    - the cryptographic operation uses a third key provided to the second device, the third key encrypted under the second key; and
      
      the second device uses the second key to decrypt the third key to perform the cryptographic operation.
  - 21. The one or more non-transitory computer-readable storage media of claim 19, wherein the digital signature is generated based at least in part on the first version of the first key.
  - 22. The one or more non-transitory computer-readable storage media of claim 19, wherein the second version of the first key is the first key encrypted under the second key.
  - 23. The one or more non-transitory computer-readable storage media of claim 19, wherein the computer system does not have access to the second key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory Branchek, Wren, Matthew James, Brandwine, Eric Jason, Pratt, Brian Irl
Primary Examiner(s)
Tsang, Henry

Application Number

US13/916,964
Time in Patent Office

1,629 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04L 9/16   the keys or algorithms bein...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

Negotiating a session with a cryptographic domain

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Negotiating a session with a cryptographic domain

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links