Distributed system web of trust provisioning
First Claim
Patent Images
1. A computer-implemented method, comprising:
- obtaining an initial version of a domain trust and a digital signature of the initial version of the domain trust, the initial version specifying a set of operators and a set of quorum rules, the quorum rules specifying one or more conditions for subsets of the set of operators being authorized to create a new domain trust, the digital signature having been generated by a root of trust;
determining, based at least in part on the digital signature and a cryptographic key associated with the root of trust, whether the digital signature was generated by the root of trust;
receiving a command to create a second version of the domain trust, the second version of the domain trust specifying a second set of operators, a second set of quorum rules, and a set of security modules;
determining whether the command was authorized by a subset of the set of operators that satisfies the set of quorum rules specified by the initial version of the domain trust;
as a result of determining that the digital signature was generated by the root of trust and that the new domain trust was authorized by the subset of the set of operators that satisfies the set of quorum rules, using a second cryptographic key to generate a digital signature of the second version of the domain trust, the second cryptographic key being such that the digital signature is usable by a first security module in the set of security modules to cryptographically verify that the second version of the domain trust was authorized by a security module root of trust; and
providing the second version of the domain trust and the digital signature of the second version of the domain trust to enable performance of cryptographic operations in accordance with the second version of the domain trust by a second security module specified in the second version of the domain trust.
1 Assignment
0 Petitions
Accused Products
Abstract
A web of trust in a distributed system is established. A root of trust for at least two components in the distributed system validates information for the distributed system. The validated information is then used to create additional information for the distributed system. Versions of the information are usable to validate subsequent versions of the information such that validation of a version of the information can be performed by using one or more previous versions to verify that the version is a valid successor of a previously validated previous version.
184 Citations
24 Claims
-
1. A computer-implemented method, comprising:
-
obtaining an initial version of a domain trust and a digital signature of the initial version of the domain trust, the initial version specifying a set of operators and a set of quorum rules, the quorum rules specifying one or more conditions for subsets of the set of operators being authorized to create a new domain trust, the digital signature having been generated by a root of trust; determining, based at least in part on the digital signature and a cryptographic key associated with the root of trust, whether the digital signature was generated by the root of trust; receiving a command to create a second version of the domain trust, the second version of the domain trust specifying a second set of operators, a second set of quorum rules, and a set of security modules; determining whether the command was authorized by a subset of the set of operators that satisfies the set of quorum rules specified by the initial version of the domain trust; as a result of determining that the digital signature was generated by the root of trust and that the new domain trust was authorized by the subset of the set of operators that satisfies the set of quorum rules, using a second cryptographic key to generate a digital signature of the second version of the domain trust, the second cryptographic key being such that the digital signature is usable by a first security module in the set of security modules to cryptographically verify that the second version of the domain trust was authorized by a security module root of trust; and providing the second version of the domain trust and the digital signature of the second version of the domain trust to enable performance of cryptographic operations in accordance with the second version of the domain trust by a second security module specified in the second version of the domain trust. - View Dependent Claims (2, 3)
-
-
4. A system, comprising one or more processors and memory including instructions that, when executed by the one or more processors, cause the system to:
implement a first computer system, the first computer system configured to; obtain an initial version of a domain trust, the initial version of the domain trust being cryptographically verifiable as authorized by a root of trust and specifying a first set of conditions for executing a command to create another version of the domain of trust, authorization by a quorum of operators satisfying one or more of the first set of conditions for executing the command, and the quorum of operators comprising a plurality of operators; cryptographically verify that the initial version of the domain trust was authorized by the root of trust; verify that the first set of conditions for executing the command are satisfied; and as a result of the first set of conditions for executing the command being satisfied, create a second version of the domain trust, the second version of the domain trust specifying a second set of conditions for participation in a distributed system. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
16. One or more non-transitory computer-readable storage media having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
-
receive an attestation of at least executable code utilized by a security module, the attestation chaining to a root of trust; cryptographically verify, based at least in part on a cryptographic key associated with the root of trust, that the attestation indicates a valid state of the security module; as a result of cryptographically verifying that the attestation indicates the valid state of the security module, obtain authorization from a quorum of operators to create a domain, the quorum defined by a set of conditions specified in an initial version of a domain trust stored by the security module; and cause the security module to use the initial version of the domain trust to determine whether to perform an operation. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
Specification