METHOD, STORAGE MEDIUM AND PARAMETER-BASED KEY DERIVATION COMPUTATION SYSTEM

专利摘要:
key derivation based on parameters. systems and methods for keys that generate authentication from secret credentials shared between authentication parties and authenticators. key generation may involve utilizing specialized information which, as a result of being used to generate the keys, generates the generated keys usable for a smaller scope of uses than the secret credential. further, key generation can involve multiple invocations of a function where each at least a subset of function invocations results in a key that has a smaller scope of permissible use than a key produced from several previous invocations of the function. occupation. the generated keys can be used as signature keys to sign the messages. one or more actions can be taken depending on whether a message and/or the mode in which the message was submitted complies with key usage restrictions.
公开号:BR112014007665B1
申请号:R112014007665-0
申请日:2012-09-28
公开日:2021-07-13
发明作者:Gregory B. Roth；Bradley Jeffery Behm；Eric D. Crahen；Cristian M. Ilac；Nathan R. Fitch；Eric Jason Brandwine；Kevin Ross O'neill
申请人:Amazon Technologies, Inc；
IPC主号:

专利说明:

CROSS REFERENCE TO RELATED ORDERS
[001] This application claims priority from US patent application 13/248,962, filed September 29, 2011, entitled "PARAMETER BASED KEY DERIVATION" (Attorney File No. 90204-813889 (029400PC)); 13/248,953, filed September 29, 2011, entitled "TECHNIQUES FOR CLIENT CONSTRUCTED SESSIONS" (Attorney File No. 90204-818478(032300US)) and 13/248,973, filed September 29, 2011, entitled "KEY DERIVATION TECHNIQUES" (Attorney File No. 90204-813890 (029500US)), the entire disclosures are incorporated herein by reference. FUNDAMENTALS
[002] Computing environments take many forms. As an example, organizations often use networks of computing devices to provide a robust set of services to their users. Networks often span multiple geographic boundaries and often connect with other networks. An organization, for example, can support its operations using both internal networks of computing resources and computing resources managed by others. Organization computers, for example, can communicate with computers in other organizations to access and/or provide data while using another organization's services. In many cases, organizations set up and operate remote networks using hardware managed by other organizations, thereby reducing infrastructure costs and achieving other advantages.
[003] Although diverse computing environments have proven to be useful for a wide variety of applications, such environments present many challenges. For example, configuring computer resources in support of one organizational objective can adversely affect another organizational objective. For example, effectively managing the security of computing resources can often come at the expense of efficient access to data and services. Balancing security and efficiency goals can be quite challenging, often requiring significant effort and resources. BRIEF DESCRIPTION OF THE DRAWINGS
[004] Figure 1 shows an illustrative example of a computing environment that can be used to implement various aspects of the present disclosure, in accordance with at least one embodiment;
[005] Figure 2 shows an illustrative example of an environment that includes a provider of computing resources that generates multiple fault zones according to at least one modality;
[006] Figure 3 shows an illustrative example of an environment within a fault zone of Figure 2, according to at least one embodiment;
[007] Figure 4 shows an illustrative example of a configuration of computing resources that can be used to support an environment like the environment shown in Figure 3, according to at least one modality;
[008] Figure 5 is a diagram that illustrates an example of how several elements that participate in a computing environment can be allocated different scopes according to at least one modality;
[009] Figure 6 is a diagram illustrating an example of how information can be communicated between participants in a message signature verification process according to at least one modality;
[010] Figure 7 is a flowchart that shows an illustrative example of a process for signing messages, according to a modality;
[011] Figure 8 is a flowchart that shows an illustrative example of a signature verification process, according to at least one modality;
[012] Figure 9 is a diagram illustrating an exemplary form of key distribution, according to at least one embodiment;
[013] Figure 10 is a diagram illustrating an exemplary form of key distribution in a way that provides different scopes of authority according to at least one modality;
[014] Figure 11 is a flowchart showing an illustrative example of a key derivation process according to at least one modality;
[015] Figure 12 is a diagram illustrating several multiple constraint key derivations, according to at least one embodiment;
[016] Figure 13 is an illustrative example of a function to derive a signature, according to at least one modality;
[017] Figure 14 is an illustrative example of how multiple key taps can be performed and used according to at least one modality;
[018] Figure 15 is a diagram illustrating an example of how keys can be derived, according to at least one embodiment;
[019] Figure 16 is a diagram illustrating another example of the way in which keys can be derived, according to at least one modality;
[020] Figure 17 is a diagram illustrating another example of how keys can be derived, according to at least one embodiment;
[021] Figure 18 is a flowchart that shows an illustrative example of a process to initiate a session, according to at least one modality;
[022] Figure 19 is a flowchart that shows an illustrative example of a process to generate a session key, according to at least one modality.
[023] Figure 20 is a flowchart showing an illustrative example of a process for obtaining access to one or more computing resources during a session according to at least one modality;
[024] Figure 21 is a flowchart that shows an illustrative example of a process for determining whether to grant the requested access to one or more computing resources, according to at least one modality;
[025] Figure 22 is a flowchart that shows an illustrative example of a delegation of authority process according to at least one modality;
[026] Figure 23 is a diagram representing an illustrative example of various delegations of authority according to at least one modality; and
[027] Figure 24 is a diagram that represents an illustrative example of a way in which keys can be derived using keys from various authorities. DETAILED DESCRIPTION
[028] In the description that follows, the various modalities will be described. For explanation purposes, specific settings and details are presented in order to provide a complete understanding of the modalities. However, it will also be evident to a person skilled in the art that the modalities can be practiced without the specific details. Furthermore, well-known features can be omitted or simplified so as not to obscure the modality to be described.
[029] The techniques described and suggested here include systems and methods to generate key, according to various modalities. Keys can be used for a variety of purposes, such as authentication and participating in message signing schemes. In one embodiment, a computing resource provider provides computing services to customers based at least in part on electronic orders received from user devices of the services. The Services may be any suitable service that may be offered, including, but not limited to, access to data, access to computing resources to perform operations, access to data storage services, and the like.
[030] To ensure that services are securely provided, various embodiments of the present disclosure use techniques to authenticate requests (also known as "messages") to ensure that requests are legitimate. In one embodiment, requests are authenticated using a Message Authentication Code Hash (HMAC) algorithm or other appropriate algorithm, as discussed in more detail below.
[031] In one modality, both the authenticating party (for example, the user of services or party acting on behalf of the user) and the authenticator (for example, service provider or person acting on behalf of the provider) share a secret credential , which can be referred to as a key. An authenticator can store secret credentials shared for multiple users. As part of a transaction, the authenticating party can sign requests using the shared secret credential thus forming a signature. Signature can be provided to the authenticator with requests. The authenticator can use its own copy of the shared secret credential to generate a signature for incoming requests and, by comparison, if the generated signature matches the received signature (for example, by being identical to the received signature), determine whether the requests were signed using the shared secret credential. If it is determined that the requests have been signed using the shared secret credential, the requests can be considered authentic and, therefore, it can be determined that the requests must be fulfilled.
[032] Since the above interaction is symmetric (that is, they both use common information in performing their functions), the shared secret credentials that an authenticator maintains can be used both to authenticate the authenticating parties and to act on their behalf . As a result, a high degree of security is desirable to protect these credentials. Maintaining high degrees of security can have negative performance and availability consequences. For example, maintaining a high degree of security might include maintaining a centralized key storage system. Such centralized systems, however, can cause a scaling bottleneck as the addition of users and/or services places a greater burden on the centralized system. If a centralized system fails, it can be difficult or impossible to authenticate requests. Thus, centralization offers advantages for security and disadvantages for scaling and availability of services.
[033] In one embodiment, the negative impacts of such systems (and other systems) are reduced by using a signature protocol that derives from shared secret credential artifacts that can be used to prove that an authentication party has a secret credential shared and is therefore likely authorized to gain specified access in requests signed with the artifacts. In one embodiment, such artifacts are obtained by configuring authenticating computing systems to accept as a signature a value that is based at least in part on a derivation of a shared credential, rather than the shared credential itself. The derivation of the shared credential can be such that, as described more fully below, the method does not allow for a concrete determination of the shared credential.
[034] For example, in one modality, the authentication parties are able to sign with signatures with HMAC (M, HMAC(X, credential)), where M is a message, and HMAC(X, credential) is a derivative artifact of a shared secret credential. The value of X can be some value that is known to both the authentication part and the authenticator, and it can be publicly available. For example, X can be a current date, encoded in a predetermined way to ensure that HMAC(X, credential) is consistently calculated by the authentication party and the authenticator. As another example, X can be an identifier of a service with which the artifact is usable. As one more example, X can encode various semantic meanings and be provided in such a way that both the authentication part and the authenticator consistently compute the artifact. Semantic meaning can be a limitation on the use of the key, including meaning that indicates that there are no other forms of derivation that the key should be used for. Combining previous examples from this paragraph, X can be coded as “20110825/DDS” where the string to the left of the slash represents a date and the string to the right of the slash represents the name of a service with which an artifact calculated with X is usable . Generally, X can be any value or a set of consistently encoded values for both the authentication part and the authenticator. It should be noted that functions other than proper HMAC functions can be used, as discussed below.
[035] Returning to the example using HMACs, in one modality, the values for X are chosen to provide additional advantages. As noted, X can (but not necessarily) correspond to one or more semantic meanings. Semantic meanings such as timestamps, service names, regional names, and the like are used, in one embodiment, to provide a system where artifacts created according to techniques of the present disclosure provide corresponding restrictions on the use of X-derived keys. , although compromise of generated keys may allow authentication by unwanted parties, restrictions used to encode keys allow adverse effects to be minimized when keys are compromised. As an example, time constraints used to obtain keys provide an efficient way for a system to verify that a submitted signature was signed with a key that was valid at the time of signature submission. As a concrete example, if the current date is used to derive a key and an authenticating system only accepts signatures presented on the current date, the authenticating system will determine that signatures generated using keys derived with different dates are invalid. Likewise, a key derived with an identifier for a particular service would be invalid for use with another service. Other examples are provided below.
[036] As noted, several techniques of the present disclosure allow various parameters to be used to derive keys. In one modality, keys are derived from multiple parameters through the use of a multiple HMAC function. For example, a key can be calculated as follows: KS= HMAC (... HMAC(HMAC(HMAC(K, P1), P2), P3)...., PN), where K is a shared secret credential and Pi are parameters. The key, KS, can be used to generate a signature, such as: S = HMAC (KS, M), where M is a message, which can be canonical. In this way, the key is derived in a layered manner, allowing partial key derivations to be passed to various components of a distribution system. For example, KP1=HMAC(K, P1) can be calculated and passed to one or more components of a distribution system. Components receiving KP1 can calculate KP2 = HMAC (KP1, P2), where P2 can be the same for each component or different for some or all of the components. The KP2 values calculated by the various components can pass the calculations on to other components of the distribution systems, which can calculate KP3= HMAC (KP2, P3). Each component can cache the results it calculates and possible results computed and calculated by other components. In this way, more security can be provided around a data store that stores shared secret keys because derived key calculations can be performed by other components of the distribution system.
[037] Techniques of this disclosure also foresee the beginning of the sessions. For example, as discussed, a shared secret credential and one or more parameters can be used to derive a key. In this way, the parameters for a session can be used to generate a credential that can be used during the session. The credential can be used by the user who requested it or, in some modalities, by a user to whom the credential has been given and to whom access to one or more computing resources has been delegated. In such cases, because a said access delegate uses a key derived from a shared secret credential, but not the shared secret credential itself, a higher level of security is maintained and there is no need to run the shared secret credential to avoid future use by the delegate. As discussed in more detail below, delegates can also become delegates using techniques from the present disclosure, many of which are described in more detail below.
[038] Figure 1 illustrates aspects of an example 100 environment for implementing aspects of the present disclosure, in accordance with various embodiments. As will be appreciated, although a web-based environment is used for explanation purposes, different environments can be used, as appropriate, to implement various modalities. The environment includes an electronic client device 102, which may include any suitable device operable to send and receive requests, messages or information over an appropriate network 104 and transmit the information back to a user of the device. Examples of such client devices include personal computers, cell phones, handheld messaging devices, handheld computers, set-top boxes, personal data assistants, electronic book readers, and the like. The network can include any suitable network, including an intranet, the Internet, a cellular network, a local area network, or any other type of network or a combination of these. The components used for such a system may depend at least in part on the type of network and/or environment selected. Protocols and components for communicating over such a network are well known and will not be discussed in detail here. Communication over the network can be enabled through wired or wireless connections, and combinations of these. In this example, the network includes the Internet, as the environment includes a web server 106 to receive requests and serve content in response to this, although for other networks an alternative device serving a similar purpose could be used as would be apparent to an expert in the art.
[039] The illustrative environment includes at least an application server 108 and a data store 110. It should be understood that there may be multiple application servers, tiers, or other elements, processes, or components, which may be connected or configured otherwise, they can interact to perform tasks such as getting data from an appropriate data store. As used herein, the term "data storage" refers to any device or combination of devices capable of storing, accessing and retrieving data, which may include any combination and number of data servers, databases, storage devices data, and data storage media, in any standard, distributed or clustered environment. The application server can include any suitable hardware and software to integrate with the data store, as needed, to run aspects of one or more applications to the client device, handling a majority of data access and business logic for a application. The application server provides access control services in cooperation with data storage, and is capable of generating content such as text, graphics, audio and/or video to be transferred to the user, which can be served to the user by the web server in the form of HTML, XML, or other structured language appropriate in this example. The handling of all requests and responses, as well as the delivery of content between the client device 102 and the application server 108, can be handled by the web server. It should be understood that web and application servers are not required and are just component examples, since the structured code discussed here can run on any appropriate device or host machine as discussed in this document.
[040] Data storage 110 may include several separate data tables, databases, or other data storage mechanisms and means for storing data relating to a particular aspect. For example, the illustrated data storage includes mechanisms for storing production data 112 and user information 116, which can be used to serve content to the production side. Data storage is also shown to include a mechanism for storing record data 114 which can be used for generating reports, analysis, or other such purposes. It should be understood that there may be several other aspects that may require that they be stored in data storage, such as for the main image information and accessing information to the right, which may be stored in any of the aforementioned mechanisms, as appropriate. , or in additional mechanisms in the data store 110. The data store 110 is operable, through the logic that is associated thereto, to receive instructions from the application server 108 and obtain, update or otherwise process the data in response to the same. In one example, a user might submit a search request for a certain type of item. In this case, the datastore can access user information to verify the user's identity, and can access detailed information in the catalog to get information about items of that type. The information can then be returned to the user, as in a list of results on a web page that the user is able to view through a browser on the user's device 102. Information for a particular item of interest can be viewed in a dedicated page or browser window.
[041] Each server typically includes an operating system that provides executable program instructions for the general administration and operation of that server, and typically includes a computer-readable storage medium (eg, a hard drive, random access memory, memory only for reading, etc.) storing instructions that, when executed by a server processor, allow the server to perform its intended functions. Suitable implementations for the operating system and general functionality of the servers are known or commercially available, and are easily implemented by persons of ordinary skill in the art, particularly in light of the present disclosure.
[042] The environment in a modality is a distributed computing environment, using several computer systems and components that are interconnected through communication links, using one or more computer networks or direct links. However, it will be appreciated by those skilled in the art that said a system could work equally well in a system that has fewer or more components that are illustrated in Figure 1. Thus, the description of system 100 in Figure 1 should be considered to be of a general nature. illustrative rather than limiting the scope of the disclosure.
[043] Figure 2 shows an illustrative example of an environment 200 that includes a provider of computing resources 202 that controls multiple fault zones 204, according to at least one modality. A computing resource provider, in one embodiment, is an organization that operates computer hardware on behalf of one or more customers 206. The computing resource provider can provide computing resources in a variety of ways. For example, in one embodiment, computing resource provider 202 generates hardware that is configured for use by clients 206. Computing resource provider 202 provides an interface that allows clients 206 to configure computing resources through programming using the hardware. For example, the computing resource provider may maintain hardware servers that run virtual computing systems that are programmatically controlled by the customer. As another example, compute resource provider 202 can manage multiple data stores to provide remote data storage solutions such as high endurance data storage and block-level data storage.
[044] A fault zone, in a modality, is a set of computing resources that are separated by one or more fault thresholds so that each fault zone is fault tolerant of another fault zone. As an example, each fault zone 204 can be a separate data center. So, if one data center goes down, perhaps due to a power outage or other disruptive event, other data centers can continue to function. Fault zones can each be located in different geographic locations and some or all fault zones can be separated by geopolitical boundaries. For example, two or more of the fault zones could be in different countries. It should be noted that, for the purpose of illustration, the present disclosure provides numerous examples where fault zones are data centers. However, fault zones can be defined in a number of other ways. For example, separate rooms in the same data center can be considered separate fault zones according to various modalities. As another example, computing resources at the same site, but supported by different backup power generators and/or supported by different network resources, can be considered different zones of failure. As yet another example, data centers can be grouped so that each set of data centers can be considered a zone of failure. Furthermore, there can be many reasons why a fault zone can fail, including reasons related to power grid operation, public grid operation, political power claims, and other reasons.
[045] In one embodiment, clients 206 communicate with the provider of computing resources 202 over a network 208, such as the Internet. Clients 206 can have resources configured in one or more of the fault zones 204 and can communicate with the resources by sending electronic messages, such as messages invoking a resource provider's web service application programming interface (API) in order to configure and operate the resources. Customers can utilize resources in multiple failure zones in order to mitigate the effects of potential failures that affect customer resources. A customer using the resources of the computing resource provider 202 to operate a publicly accessible website may, for example, keep the web and other servers in separate fault zones, so that if servers in a fault zone fail , the public can still access the site by accessing servers in another fault zone.
[046] Figure 3 shows an illustrative example of an environment 300 within a fault zone 302, which may be a fault zone of a computing resource provider, as illustrated in Figure 2. The fault zone 302, in one modality includes computing resources that are used to provide various services on behalf of customers. For example, as illustrated in Figure 3, the fault zone 302 includes the computing resources that are used to provide a durable data storage service that can more cheaply and redundantly store relatively large amounts of data on behalf of of customers. This service can be used when large amounts of storage and/or data storage security is required, but when input/output performance is not a high priority. The fault zone 302 may also include a block data storage service 306, which provides for the use of block level storage devices, physical and/or virtual devices, for customers. Customers can, for example, connect block-level storage devices to computer systems also used by customers. Also illustrated is a virtual computer system service 308 that can provide computing services to clients. In one embodiment, virtual computer system service 308 provides computing services by implementing virtual computer systems for customers on physical servers maintained by the computing resource provider, although variations are possible, such as where computer systems are allocated to customers for customer use. In a modality related to virtual computer systems, customers can programmatically manage virtual computer systems according to their needs. For example, as illustrated in Figure 3, customers can configure virtual computing systems from the virtual computer system service 308 to serve customers of the virtual computing service provider's customers. Virtual computer systems can, for example, be configured to operate a publicly accessible website. Both the virtual computing resource provider's customers and the customers' customers may, in various embodiments, access various services operated in the fault zone 302 by communicating with the services through a network 310, which may be the network 208 described above in connection with Figure 2.
[047] It should be noted that the various modalities illustrated in Figure 3, as with all illustrative modalities shown in the Figures and described herein, are illustrative in nature and that variations are considered to be within the scope of this disclosure. For example, services other than those illustrated may be provided in fault zone 302 in addition to or instead of the services illustrated. As illustrated by the ellipses in Figure 3, for example, additional services can be operated in the fault zone 302. In addition, some devices can use other services. For example, various services (such as a block-level data storage service 306 and a virtual computer system service 308) can be used together to provide other services, such as a relational database service, a data service. electronic mail, and, in general, any type of computing service that may be provided using resources from a computing resource provider.
[048] As illustrated in Figure 3, each of the computing resource provider services may include a separate verifier 312. The verifier may be a computing device, collection of computing devices, application module, or other resource that verifies several attestations made by customers and possibly by other computer systems. In one embodiment, each of the verifiers 312 checks message signatures that are produced in accordance with the various embodiments described herein and then provided by clients in connection with requests for access to computing resources, as described in more detail below. Keys and other relevant information can be propagated to verifiers from a central key authority to allow verifiers to verify the information. It should be noted that each service having a verifier is an illustrative example of a particular modality, but that other arrangements are within the scope of the present disclosure. For example, a single verifier can support multiple services, including all services, and can even support multiple fault zones.
[049] Figure 4 shows an illustrative example of a configuration of computing resources that can be used to support an environment like the environment shown in Figure 3, according to at least one modality. Figure 4 especially shows a specific example, where the fault zone in Figure 3 is a data center. Thus, returning to Figure 4, a data center 402 can include multiple racks 404-406. Data center 402 is an example of one or more data centers that can be used in various embodiments of the present disclosure, such as data centers shown in Figure 4. The ellipse between server rack 404 and server rack 406 indicates that the 402 data center can include any appropriate number of server racks, although for clarity only two are shown in Figure 4. Each 404-406 server rack can participate in the maintenance of services such as power and data communications for multiple server computers 408-414 and 416-422. Again, the ellipses indicate that the 404-406 server racks can include any suitable number of server computers. For example, server computers 408-422 may include one or more virtual computer system servers (VCS) and/or one or more storage servers. Each 408-422 server can correspond to an implementation of the resource dedication unit.
[050] In Figure 4, each 404-406 server rack is depicted as including a 424-426 rack switch. Rack switches 424 and 426 can handle digital data switching packages and their respective sets of server computers 408-414 and 416-422. Switch racks 424-426 can be communicatively connected to a switching matrix data center 428 and then to a set of edge routers 430 that connect data center 402 to one or more other computer networks, including the Internet. The switching matrix can include any suitable set of network components including multiple interconnected switches 432-438 (only four are shown in Figure 4) for clarity of one or more switch types arranged in one or more switching layers as well. such as routers, gateways, bridges, hubs, repeaters, firewalls, computers, and suitable combinations thereof. In at least one embodiment, rack switches 424-426 and edge routers 430 are considered to be part of switching matrix 428. Rack switches 424426, edge routers 430, and switching matrix components 428 are examples of network equipment 224 in Figure 2.
[051] As noted above, various modalities of the present disclosure allow for the various levels of authority to be granted for different reasons. Figure 5 is a diagram illustrating an exemplary way in which the various elements participating in a computing environment can be allocated different scopes of authority according to at least one modality. In Figure 5, a computing resource provider 502 is illustrated. In one embodiment, the provider of computing resources 502 has authority over its resources and, as illustrated in Figure 5, is able to share that authority among the various participants in the use of the resources. It should be noted that, for the purpose of illustration consistent with other illustrations and descriptions thereof, Figure 5 shows a computing resource provider 502 having authority over a domain. However, the realization of the present disclosure is also applicable to other domains of authority masters. For example, a master of authority can be a government or a governmental organization, a sub-organization of another organization, or, in general, any entity with authority over some domain.
[052] Returning to the illustrative example in Figure 5, the provider of computing resources 502 manages its authority, allowing different subentities to have authority over different subdomains. For example, as shown in the Figure, each of a number of compute resource provider fault zones 504 provides a corresponding subdomain of the compute resource provider domain 502. Thus, each Fault Zone can have authority over its own resources, but not the resources of another Fault Zone (although, in some cases, authority over some subdomains may be shared). Thus, according to a modality, a fault zone may provide users access to computing resources in the fault zone, but not access to computing resources in another fault zone.
[053] As mentioned above, each fault zone can include one or more services 506. Therefore, as illustrated in Figure 5, each service can be responsible for a subdomain of the domain of the corresponding fault zone 504. in one modality, it can provide access to resources accessible by the service, but not to other services. Each service may serve one or more clients 508 and therefore each client may be responsible for an authority subdomain of a corresponding service 506. Thus, in one embodiment, a client may provide access to its own resources involved with a corresponding service. , but not another customer's service. As an illustrative concrete example, if the service is a virtual computing resource service, a customer can provide access (such as public access) to its own virtual computer systems, but not, without permission, to the customer's virtual computer systems. other customers.
[054] As noted, the particular allocation of authority as illustrated in Figure 5 is for the purpose of illustration and numerous variations are considered to be within the scope of the present disclosure. As noted, the modalities of the present disclosure are applicable to domains of authority outside domains managed by providers of computing resources and subdomains may be determined according to particular needs and circumstances. In addition, Figure 5 shows the customers of a virtual resource provider containing the smallest subdomains of authority. However, the techniques of the present disclosure can allow customer domains to be divided into one or more subdomains.
[055] Several modalities of this description refer to message signing. Figure 6 is a diagram 600 illustrating an exemplary mode in which information can be communicated between participants in a message signature verification process in accordance with at least one embodiment. In one embodiment, an important key 602 provides a key to both the message applicant 604 and a signature verifier 606. The key source may be a computer system configured to provide keys to at least one message subject 604 and the verifier signature 606. The key source may also generate keys using various techniques, including the various modalities described herein, or may obtain keys generated from another source. Message requester 604 may be a computer system configured to send a message and a signature to signature verifier 606 or other component that functions in connection with signature verifier 606. Message requester's computer system 604 may be a computer system of a customer of a provider of computing resources, for example. Signature verifier 606 may be a computer system configured to receive messages and signatures and analyze the signature to verify that the message is authentic, as discussed below. Briefly, signature verifier 606 can analyze a received signature and message to determine if the signature was generated using the correct key K. It should be noted that while Figure 6 shows a source key 602 separate from the message requester 604 and verifier of signature 606, the message subject or signature verifier may also be a key source. For example, customers of a computing resource provider can provide their own keys. Client keys can then be provided to the signature verifier for signature verification. In addition, message requestor 604 and signature verifier 606 may receive each key other than key source 602. For example, message sender 604 may receive a signature verifier key 606 may receive a key from which it is derived, using the various embodiments of the present disclosure, from the key received by the requestor of the message 604.
[056] As illustrated in Figure 6, the signature verifier 606 receives messages and corresponding signatures from the requester of message 604. Messages may be, for example, electronic requests for access to a computing service 608. Messages may, for example, , code API calls to a web service. If signature and message analysis indicates that the messages are authentic, then the signature verifier notifies the service (or an access control component of the service) that the requester of the message can have the requested access. For example, the subscription verifier can pass the incoming message to the service to enable the service to fulfill the request. Thus, the service can be a computer system that can function to satisfy requests, such as the various services described above. It should be noted that while various descriptions of various components in Figure 6 and other components describe the components as eventually implemented as computer systems configured to perform certain actions, the components can also comprise various computing devices such as networks. of computing devices, which are configured together to perform the actions.
[057] Figure 7 is a flowchart that shows an illustrative example of a process 700 for signing messages, according to a modality. Some or all of Process 700 (or any other processes described herein, or variants and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions and may be implemented as code (for example, executable instructions, one or more computer programs, or one or more applications) executing collectively on one or more processors, by hardware, or combinations thereof. The code may be stored on a computer-readable storage medium, for example, in the form of a computer program comprising a plurality of instructions executable by one or more processors. Computer readable storage medium may be non-transient.
[058] In one embodiment, process 700 includes obtaining 701 a key K. The key can be obtained in any suitable way. For example, the key can be generated by a computer system running process 700. The key can be received electronically by a computer system running process 700. Generally, obtaining the key can be performed in any suitable way. The key can be any key appropriate for the particular signature algorithm being used. For example, if a hash-based message authentication code (HMAC) scheme is being used with a secure hash algorithm (SHA)-256 cryptographic hash function, the key might be a sequence of bytes, such as a string of 64 or fewer bytes. Different cryptographic hash functions such as SHA-224, SHA-384 and SHA-512 can also be used.
[059] In an embodiment, the process also includes canonicalization of a message M to form a canonicalized message Mc. Canonicalizing a message can include arranging information in the message in a format that allows a verifier to verify that the message's signature is valid. Generally, many information communication protocols transform the bits that comprise a message, leaving the message semantically identical. As a result, two semantically identical messages can comprise different groups of bits and therefore can result in different signatures. Thus, canonicalization allows for a simple way to ensure that a signature can be verified. It should be noted, however, that some embodiments of the present description do not require message canonicalization. For example, if multiple protocols being used do not result in semantically identical messages comprising different sets of bits, canonicalization may not be necessary and may be omitted. Generally, canonicalization can be omitted, in any case where signature verification is able to proceed successfully without handling a signed message.
[060] In one modality, the signature is generated by HMAC computation (K, Mc), where HMAC() is an HMAC function, as described above. HMAC functions have a number of properties that make them particularly useful for various embodiments of the present disclosure. For example, HMAC functions can be efficiently calculated by a computer system, thereby leaving computational resources available for other tasks. Furthermore, the HMAC functions are preimage resistant (not inverse). For example, given a signature S=HMAC(K, M) with a key K and a message M, essentially no information is obtained about the key K. For example, from S, it would be computationally impossible or at least impractical determine K from S. The HMAC functions are also second preimage resistant. In other words, given S=HMAC(K, M) and M, it is impossible or at least computationally unfeasible to determine a message M’ different from M such that S=HMAC(K, M’). Furthermore, the HMAC functions are forgery-resistant. For example, given an oracle for S=HMAC(K, M), querying the times N of the oracle (N a positive integer) allows the production of at least most N message signature pairs. In other words, given a set of signature-pairs of messages, it is impossible or computationally impractical to determine the key or to determine a function that will produce a correct signature for a message not6 in the set.
[061] Although HMAC functions are particularly useful for many modalities, other functions can be used. For example, any function with the above properties of HMAC functions can be used. In addition, other functions that do not necessarily have all (or any) of the above properties can be used, as in cases where security is not a primary concern and/or where security is a concern but is maintained through other mechanisms . It should be noted that several illustrations of various specific modalities show inputs to HMAC functions, but that variations are possible. For example, the entries for an HMAC function (or other functions) might be different. As described above, for example, an entry is a key. However, this entry can be derived from a key or otherwise based at least in part on a key. As an illustrative example, the entry may comprise a key with information, such as a signature scheme identifier (perhaps a version identifier), which is added to the key as a suffix, prefix, or other. As another example, the input may be information that is obtained using a mapping from the key to the information, which may be another key. Likewise an input such as a message can be derived from a message. As another example variation considered to be within the scope of the present disclosure, the signature may not be the result of an HMAC function, but one or more values that are derived from the output of an HMAC function (or other suitable function). In some embodiments, the key and message can be transmitted in the function in reverse order.
[062] Returning to the description of Figure 7, since the signature is generated by computation HMAC(K,Mc), the signature and message M are provided 708 to a receiver, which may be a computing device that verifies the signatures or another computing device involved in a signature verification process, such as a computing device providing an interface for communicating messages and signatures. As with all modalities explicitly described here, variations are considered to be within the scope of the present disclosure. For example, canonicalized message Mc may be provided to the recipient, instead of or in addition to message M. In addition, providing message M and the signature to the recipient may also include providing other information, such as a key identifier that may be used to identify, in a datastore that associates keys with key identifiers. In addition, other information, such as policy encoding parameters, as discussed below, can be provided with message M and signature.
[063] Figure 8 is a flowchart that shows an illustrative example of a process 800 for signature verification, according to at least one modality. Process 800 shown in Figure 8 may be performed by a verifier, as described in Figure 2. Furthermore, process 800 may be performed in response to receiving a signature and a message, as in response to another computer system having performed process 700 of Figure 7. In one embodiment, process 800 includes obtaining 802 a key K, as described above. Getting a K key can also include other actions in various modalities. For example, if process 800 is used by a computer system that verifies signatures generated from multiple keys (such as from multiple clients of a computing resource provider), obtaining key K may include selecting the key from multiple keys in a data store. The data store can associate multiple keys with those that have signatures for verification. For example, each customer of a computing resource provider may have a key identifier (or multiple key identifiers) that is used to reference a data store and identify an appropriate key. The key identifier can be submitted in connection with the presentation of the message and its signature, or it can be otherwise determined, such as upon presentation of login credentials. A recipient of a key identifier (for example, a message verifier) can reference a data store to determine whether a key corresponding to the key identifier is in the data store, and if not, then it can generate the key itself, for example using the techniques described here, to derive the key directly or indirectly from a shared secret credential. To enable this, the recipient may have access to a key derivation path which, in one embodiment, is the information that encodes the information needed to derive the key from information the recipient already has (eg, a derived key of a shared secret credential). This information may be provided to the recipient of a message presenter with a signature or otherwise may be made available to the recipient. For example, the recipient can be programmed to automatically generate keys using their assigned region and a code for the current date. Generally, any method to obtain the key that was used to generate the signature (or another key, which can be used to verify the signature, in some ways) can be used. The receiver can also enforce the policy on admissible and inadmissible key derivation paths with respect to the order at hand or some other property known to the receiver.
[064] In one embodiment, a signature S and message M are received 804. The signature S and message M can be received electronically from a presenter, such as a computing device that performed process 700 of Figure 7. The M message it is then canonicalized 806 to determine Mc, according to a modality. Canonicalization of message M, in various modalities, ensures that signature S can be verified. Thus, in one embodiment, the 800 process includes generating 808 a signature S’ by calculating HMAC(K, Mc). In one modality, S’ is equal to HMAC(K, Mc), although S’ can be derived from HMAC(K,Mc), in several modalities. For purposes of illustration, the remainder of process 800 will be described with the assumption that S’=HMAC(K, Mc), but that numerous variations are within the scope of the present disclosure.
[065] Thus, in one embodiment, a determination is made 810 whether S' is equal to the received signature S. In other words, a determination is made whether the received signature is sufficient, for example, because this is a signature that was generated using the K key. Thus, in one modality, if it is determined 810 that S' and S are not equal, then the signature is 812 unverified. However, if S’ is equal to S, then the signature is 814 verified. Depending on whether the signature is verified, appropriate measures can be taken. For example, if the message was a request for access to a computing resource, the requested access might be denied (at least temporarily). Likewise, if the message was a request for access to the computing resource and the signature was verified, the requested access can be granted. It should be noted, however, that the appropriate action to be taken may vary widely in various modalities, depending on the reasons for signatures being received and verified.
[066] As noted above, various embodiments of the present disclosure apply to various environments. In many environments, it is useful to have centralized management of various aspects of maintaining security. Figure 9, for example, is a diagram illustrating an exemplary mode 900 of key distribution, in accordance with at least one embodiment. In Figure 9, a central key authority maintains one or more data stores (collectively referred to as a “data store”) that contain various keys used by an organization. The keys can correspond, for example, to the organization's computing device users. Each user of a set of users can, for example, be assigned one or more keys. In one modality, at least some keys correspond to customers (and/or the customers' users) of the organization. For example, in one modality, the organization is a provider of computing resources and each customer of the provider of computing resources corresponds to one or more keys that allow users of the customers to access computing resources held by the provider of computing resources. . Other adaptations of process 800 of Figure 8 in accordance with the variations described above with Figure 7 are also within the scope of the present disclosure.
[067] As illustrated in Figure 9, key authority 902 propagates keys to a plurality of key zones 904. A key zone can be a domain of the organization in which a received key is valid. For example, referring to Figure 2, each key zone 904 may correspond to a fault zone, such as a data center. Key zones can be, but are not necessarily, geographically defined. For example, each of the key zones can correspond to a country, region or other defined geographic region. Key zones can also be defined in other ways. For example, each of the key zones might correspond to a service provided by a provider of computing resources, to a customer of an organization, and so on. Although not illustrated as such, key zones can have subzones. For example, a key zone might correspond to a country. Within the country there may be several regions, each corresponding to sub-zones of the key zone. Keys can be propagated to subzones in such modalities.
[068] As illustrated in Figure 9, key zones 904 can propagate keys to one or more verifiers 906 for the key zone. For example, if a key zone corresponds to a data center, a computing device in the data center can propagate keys to verifiers for each of a plurality of services supported by computing resources in the data center. In this way, verifiers can be used to verify the signatures presented in connection with various requests. This alleviates the computing resources of the key authority itself from verifying signatures and further reduces latency and bandwidth requirements, especially in cases where key authority 902 is geographically distant from the services on which requests are made.
[069] Key propagation can be done in several ways. In one modality, keys are distributed over secure channels to multiple beneficiaries. In some embodiments, the key entity propagates the same keys to each key zone. Also, some keys may be usable in multiple key zones. Key authority 902 can propagate usable keys in multiple key zones to these multiple key zones while refraining from propagating those keys to key zones where the keys cannot be used. Thus, in the example of a computing resource provider, key authority 902 can propagate a key to a client only to those key zones where the client is able to use the key, such as data centers used to maintain computing resources of the customer.
[070] Several embodiments of the present disclosure also provide key propagation in ways that provide numerous advantages. Figure 10 is a diagram 1000 illustrating an exemplary form of key distribution in a way that provides different scopes of authority according to at least one embodiment. As in Figure 10, diagram 1000 includes a key authority 1002 with a key K, which propagates keys, directly or indirectly, with various key zones 1004 and verifiers 1006, as per the description above in relation to Figure 9. Although For purposes of illustration, diagram 1000 is depicted in connection with a single key K, and keys derived from K, the modalities described here, apply when the key authority performs these numerous key actions.
[071] As illustrated in Figure 10, the key K is used as a basis for the other keys derived from K. For example, from K, a key K1 is derived and propagated to a first key zone (Key Zone1). As such, key K1 (or keys derived from key K1) is usable in the first key zone, but not in other major zones that do not have K1 (or a key derived from key K1). Likewise, each of a number of other corresponding key zones are given different keys derived from key K. It should be noted that while Figure 10 shows keys derived from key K being propagated from key authority 1002 to corresponding main zones, variations are possible. For example, key K can be propagated to key zones and each key zone that receives key K can use key K to derive one or more corresponding keys. For example, key zone 1004 named “Key Zone1” can receive key K and derive K1. Generally, the various tasks involved in key derivation and propagation can be performed differently than illustrated in the various modalities.
[072] As shown in the illustrative example in Figure 10, keys received by main zones 1004 are used to derive keys that are further propagated. For example, referring to key zone 1004 called “Zone Key2”, a key K2 that is derived from key K is used to derive additional keys K2’ and K2’’. Keys K2’ and K2’’ are propagated to corresponding verifiers 1006 for use by verifiers 1006 in signature verification. Thus, a verifier that receives K2’ that, in one modality, is able to verify a signature generated using K2’, whereas a verifier that did not receive K2’ would not be able to verify the signature. By propagating the keys in the manner illustrated in Figures 9 and 10 (or their variations) advantages are achieved. For example, by propagating keys to multiple verifiers in multiple locations, rather than one or more centralized verifiers, lower latency is achieved. Also, referring to Figure 10, by propagating derived keys to other devices that in turn derive additional keys, it is possible to spread calculations over multiple devices over several locations, thus allowing for faster key derivation and increasing fault tolerance. .
[073] Key derivations can be performed in several ways. Figure 11 is a flowchart showing an illustrative example of a key derivation process 1100, in accordance with at least one embodiment. In one embodiment, process 1100 includes obtaining 1002 a key Ki, as described above. The Ki key can be any appropriate key as described above. Also, the Ki key can be, but is not necessarily, derived from another key, such as by the performance of process 1100 or another process. After obtaining the Ki key, a new key is derived from Ki. In the illustrative example in Figure 11, a new key K Ki+1 is computed as (or based at least in part on) HMAC(Ki, Ri+1), where Ri+1 is the information that identifies one or more restrictions on the Ki+i key. Ri+i can be, for example, a sequence of bits that encodes information indicating where the key Ki+1 is usable. For example, Ri+1 can encode a key zone where the key Ki+i can be used. Constraints can be based at least in part on geography, time, user identity, service, and so on. Examples of restrictions are provided in the description below.
[074] Also, as discussed further below, process ii00 can be used multiple times to derive a key. For example, a key generated using process ii00 (or a variation thereof) can be used to generate another key using the same or another constraint. Using the terminology in the figure, Ri+i can be, for example, a sequence of bits that encodes information indicating where the key Ki+i could be used. Ki+i could become the Ki key for the next iteration of the process. For example, if process ii00 was used to generate a key based on a geographic constraint, the generated key can be used to generate a key with a constraint based on date. That said a process can be used multiple times to use multiple constraints to derive a key. As discussed in more detail below, using various constraints to derive a key, one or more verifiers can apply the policy while verifying signatures. As a brief illustrative example, as part of a signature verification process, a verifier can determine an expected signature using a constraint such as an encoding of a current date. If a signature was provided that was generated on a different date, then signature verification would fail, according to a modality. Generally, if the use of a signature does not comply with a restriction used to obtain a key, the signature verification can fail, according to several modalities.
[075] Figure 12 is a diagram 1200 showing an illustrative example of a derivation of a key using various constraints, according to at least one modality. In Figure 12, a key is derived using various constraints. In this example, a key and a constraint date are used to determine a date key (Kdate in the figure). In the figure, the date is encoded as 20110715, corresponding to July 15, 2011, although dates may be encoded differently and generally the information may be encoded differently than illustrated in the figures. The date key date is used with a regional constraint to derive a regional key, Kregion. In this example, the region is encoded with a regional identifier “USA-zone-1”, which can match one of several regions in the United States. The Kregion key is used with a service constraint to derive a service key, KService. In this example, the service is a virtual computer system service, encoded by its acronym VCS. The KService key is used with a request identifier to derive a subscription key, that is, a key used to sign requests for a service. In this example, the request identifier is “vcs_request”, which can correspond to a certain type of request that can be presented to the VCS service. For example, “vcs_request” can correspond to a request to provision, interrupt, or modify a virtual computer system. The subscription key is used to generate a subscription that can be presented with requests. The signature can be generated in any suitable way as described above.
[076] As illustrated in Figure 12, the request can be canonicalized to form a message Mc, which is as input to an HMAC function to generate the signature. Of course, variations, including variations, where canonicalization is not required and where functions other than HMAC functions are used, can be used according to the various modalities. Furthermore, Figure 12 shows a particular example of a signature derivation according to an embodiment. However, more or less restrictions can be used to derive the signature and restrictions can be used in a different order than illustrated. Also, while Figure 12 shows the derivation of a signature, techniques can be applied to derive other objects that cannot be considered signatures in all applications. For example, the techniques illustrated in Figure 12 (and others) can generally be used to derive keys.
[077] Figure 13 is an illustrative example of a function 1300 to derive a signature, according to at least one modality. As illustrated in Figure 13, the signature is calculated as: HMAC(HMAC(HMAC(HMAC(HMAC(K,date),region),service)protocol),Mc). In this example, K is a key, “data” is an encoding of a date, "region" is an encoding of an identifier of a region, "service" is an encoding of an identifier of a service, "protocol" corresponds to a particular message encoding protocol, and Mc is a canonicalized message. Thus, as illustrated in Figure 13, the signature is calculated by computing the same HMAC function multiple times, each time with a different constraint as an input to the HMAC function. The signing key in this example is as follows: HMAC(HMAC(HMAC(K,date),region),service),protocol) which itself is derived by using the HMAC function several times, each time with a different restriction.
[078] In the example in Figure 13, each of the various constraints defines a domain and the intersection of the defined domains and defines the way in which the signature generated with the signature key would be valid. In this specific example, the signature generated with the signature key illustrated in Figure 13 would be valid on the specified date, in the specified region, and for the specified service using the specified protocol. Thus, if a request is signed using the subscription key, but on a date other than that specified by the entry for the subscription key, the subscription to the request can be considered unverified, even if the request was made for the specified service. and in the specified region.
[079] As with other modalities described herein, variations are considered to be within the scope of this disclosure. For example, Figure 13 shows the repeated use of an HMAC function. Various functions can be used to derive a signature and, in some embodiments, HMAC functions are not used in each part of the derivation. Furthermore, as mentioned, different restrictions and different restriction numbers can also be used in various modalities.
[080] Bypass switch can be realized in various ways, according to various modalities. For example, a single computing device can calculate a subscription key according to some modalities. Under other embodiments, several computing devices can collectively calculate a subscription key. As a specific illustrative example, referring to Figure 13, one computer can calculate Kregion = HMAC(HMAC(K, data), region) and another computer can calculate Subscription Key=HMAC(Kregion, Service).
[081] As another example, a separate computer system may perform a different layer in signature key calculation. Referring to the example in the previous paragraph, instead of a single computer computing Kregion, one computer can calculate Kdate = HMAC(K, data) and another computer can calculate Kregion = HMAC(Kdata, region).
[082] Figure 14 is an illustrative example of how multiple key derivation can be performed and used according to at least one modality. In particular, Figure 14 shows an example diagram 1400 illustrating the members of a distributed set of computer systems collectively calculating a signature key (or other key, in various other embodiments). As shown in Figure 14, each member of the set is a computer system of key provider 1402 which generates a key and provides the generated key to another computer system. For example, a key provider called Key Provider1 obtains a key K (from another source, or by generating the key itself), and uses the key and a constraint, called R1 to generate a key K1. Key Provider1 passes key K1 to KeyProvider2, which uses K2 and another constraint, R2, to generate another key K2. KeyProvider2 passes key K2 to KeyProvider3, which uses K3 and another constraint, R3, to generate another key K3. Depending on how many key providers exist in a particular modality, this process can continue until KeyProviderN-1 passes a key KN-1 to KeyProviderN, which uses KN-1 and another constraint, RN, to generate another signing key, KN. The key KN is then passed to a verifier computer system 1404. The key K or any keys derived from K (generally referred to as Ki in the figure) can also be transmitted to a subscriber computer system 1406, such as via a secure key exchange algorithm.
[083] The signatory computer system 1406 may also, in various embodiments, generate KN on its own if, for example, the R1-RN restrictions are made available to the subscriber and/or made publicly available. Furthermore, the subscriber computer system 1406 can perform only part of the process to derive KN by itself, in various embodiments. For example, the subscriber might obtain (perhaps from an appropriate key provider computer system) Ki, for some integer i, which is less than N and constraints Ri+1 through RN. The subscriber can then use Ki and Ri+1 constraints through RN to generate the subscription key, KN. Other variations are also considered to be within the scope of this disclosure.
[084] The signatory computer system 1406 can use the KN key to sign the messages to be verified by the verifier 1404. For example, as illustrated, the signer 1406 calculates the signature S=HMAC(KN, MC), where MC is a canonicalized version of an M message, also sent to the verifier. Since the verifier has KN, the verifier can independently canonicalize message M and calculate HMAC(KN, MC) to determine if the result of the calculation matches the received signature S.
[085] It should be noted that variations of the process illustrated in Figure 14, and other processes described here, while shown to involve the use of multiple HMAC functions, several different functions can be used to derive keys. For example, different types of Message Authentication Code (MAC) functions can be used at different times in deriving a key. For example, the output of one type of MAC function can be used as the basis for input into another type of MAC function. Generally, other types of functions can be used instead of and/or in addition to the HMAC functions in a key derivation process, and in many embodiments it is not necessary to use the same type of function multiple times to derive a key, but different ones. functions can be used each time a function is needed.
[086] Figure 15 is a diagram 1500 illustrating an exemplary way in which keys can be derived using various constraints, according to at least one embodiment. The example shown in Figure 15 refers to customers, such as customers of a provider of computing resources. However, as noted, the techniques described herein, including the techniques described in relation to Figure 15, can be used in a variety of other contexts.
[087] As shown, a client key, Kcust, is part of a set of long term client keys, each of which can be keys used by a client for a period of time, such as until the client updates the key , a new key is assigned, or otherwise changes the key. Keys can also be used indefinitely by one or more customers. The client key, Kcust, is used to derive one or more region keys as, for example, as illustrated above. For example, as illustrated in Figure 15, two region keys can be generated, such as calculating HMAC(Kcust, USA-E-1) and HMAC(Kcust, USA-N-1), where USA-E-1 and USA- N-1 are identifiers of the respective regions. Similarly, region keys can be used to derive date keys whose validity can be restricted by the date used to encode the date keys. Each of the date keys can be used to derive service keys, for example, in a manner described above.
[088] Thus, in several modalities, the service keys can be used with the respective services only in the date and in the regions used to encrypt the keys. New date keys can be generated for each day, while region keys and long term customer keys can be generated less frequently. Various restriction key derivations as illustrated in Figure 15 and elsewhere in the present disclosure provide numerous advantages. For example, when deriving the key in the way described in relation to Figure 15, if a signing key is compromised (eg, maliciously obtained by a third party), the security breach is limited to a certain region, on a certain day, and in connection with a particular service. Other services would remain unchanged. Similar advantages apply in other ways that keys can be derived.
[089] Figure 16, for example, is a diagram 1600 illustrating another exemplary way in which keys can be derived, according to at least one embodiment. Figure 16 illustrates the concepts in a similar way to Figure 16. In Figure 16, however, long-term client keys are used to derive data keys. Date keys are used to derive keys from the region. Region keys are used to derive service keys. Derivation can be carried out according to the various modalities described herein.
[090] Figure 17 is a 1700 diagram illustrating yet another exemplary way in which keys can be derived, according to at least one embodiment. In Figure 17, long-term customer keys are used to derive month keys. The months keys are used to derive regional keys. Regional keys are used to derive date keys. Date keys are used to define service keys. The derivation of the various keys can be done in a manner consistent with the description above.
[091] As discussed, several techniques in the present disclosure allow for a new way to generate sessions. A session can be a period of time for which one or more actions are allowed, where expiration (or other termination) of the session causes the one or more actions to be disallowed. Figure 18 is a flowchart showing an illustrative example of a process 1800 for starting a session, in accordance with at least one modality. Process 1800 can be performed by any suitable computing device or collectively by any appropriate collection of computing devices. For example, process 1800 can be performed by a client device of a client of a computing resource provider. As another example, in another embodiment, referring to Figure 3, one of the services of a fault zone may be a service session and one or more computing devices that participate in providing the service may perform process 1800.
[092] Returning to Figure 18, in one embodiment, process 1800 includes obtaining 1802 a key, K. The key K can be any appropriate key, such as a key derived using other keys, as in a manner described above. For example, key K may have been propagated to a computing device participating in carrying out process 1800. At some point (such as by obtaining key K, as illustrated in the figure), in one modality, a request to start session can be received 1804. The request may be an electronic request, as described above. In addition, the request, in one modality, is signed and verified through the various techniques of this disclosure. Also, the request may be a different request depending on the particular environment used to implement process 1800. For example, if process 1800 is performed by a client device (such as a client device of a client of a computing resource provider ) to generate a session, the login request can be received by a client device module.
[093] In a modality, session parameters are determined 1806. Session parameters can be information that indicates one or more restrictions on the session being generated. Example parameters include, but are not limited to, duration, acceptable user identifiers of a session key to be generated, one or more services with which the session key to be generated is usable, restrictions on the actions that can be performed using the session key, any of the restrictions described above, and others. Parameters can be electronically encoded according to predefined formatting requirements to ensure that calculations involving a session key that is generated are consistent. For example, dates may be required to be encoded in YYYYMMDD format. Other parameters can have their own formatting requirements. Furthermore, the determination of session parameters can be done in a number of ways. For example, parameters can be predefined parameters for a session, such that a session key is usable only for a range of actions allowed for the login requester and for a predefined period of time (eg a period of time 24 hours). As another example, parameters can be provided as part of or in connection with the incoming request. For example, parameters can be generated according to user input from the requester and encoded according to a predefined scheme.
[094] In one modality, once the parameters are determined, the parameters are used to calculate an 1808 session key, KS. Calculating the KS session key can be done in several ways. For example, in one modality, the session key KS can be calculated as (or otherwise based at least in part on)HMAC(K, Session_Parameters) where Session_Parameters is an encoding of the parameters that were determined 1806. Session_Parameters can be coded in a predefined way, which guarantees computational consistency. The session key KS can also be calculated by other means, for example in a manner described below in relation to Figure 19.
[095] Once the KS session key is calculated 1808, in one modality, the KS session key is provided for use. Providing the session key can be done in various ways, in various modalities. For example, the session key can be provided to a requestor module to allow the requestor to sign messages with the session key. The session key can also be provided over a network to another device to allow the other device to sign messages with the session key. For example, the session key can also be provided to a delegate to initiate the session. For example, the requester may have specified a delegate in or in connection with the request to start the session. The session key can be provided electronically according to information provided by the requester (ie, delegate), such as an email or other email address.
[096] As mentioned, Figure 19 shows an illustrative example of a 1900 process that can be used to generate a signature, according to a modality. Process 1900 can be performed by one or more computing devices, such as one or more computing devices that perform process 1800 described above with respect to Figure 18. Process 1900, as illustrated in Figure 19, includes receiving session parameters, as described above. With the session parameters having been obtained, in one modality, an intermediate key, Ki+1 is calculated 1904 as: Ki+1=HMAC(Ki, Pi)where Ki, can be the key K in the description of Figure 18 for the first calculation of Ki+i, and Pi is the 8th parameter of the session parameters. Session parameters can be ordered in a predetermined order to ensure the computational consistency of the keyframe.
[097] In one modality, a determination is made 1906 whether there are additional parameters to be used in session key generation. If there are additional parameters, in a modality, the index i is increased 1908 by one and Ki+i is again calculated 1904. If, however, it is determined that there are no additional parameters, then KS is set 1910 to the value of Ki +1.
[098] Figure 20 is a flowchart that shows an illustrative example of a process 2000 to gain access to one or more computing resources during a session according to at least one modality. It should be noted that while Figure 20 presents a process 2000 for gaining access to one or more computing resources, as with other processes described here, process 2000 can be modified for any situation where signature processes are used. Process 2000 may be performed by a user's computer system requesting access to one or more computing resources, such as a client computer system illustrated in Figure 1 and/or a client computer system described elsewhere herein. . In one embodiment, process 2000 includes obtaining a KS session key. The session key can be obtained in any suitable way, such as in an email. The session key can be obtained from a computer system of a delegate of access to one or more computing resources or another computer system, such as a computer system that operates in liaison with one or more computer systems that have performed a process for generating KS.
[099] In one modality, a request from R is generated 2004. The request R can be a message, as described above. Request R is then canonicalized 2006 in one modality, and a signature is calculated 2008 from the canonicalized message, as by computing the signature as (or otherwise based at least in part on) HMAC(KS, RC ). After signature generation, signature S and request R are provided 2010. For example, as discussed above, signature S and request R can be provided electronically to an interface of a computer system that participates in order management and verification of subscriptions. Signature S and request R, as with signatures and messages in general, may be provided together in a single communication, separate communications, or in conjunction with multiple communications. Other information can also be provided in relation to the signature S and request R. For example, the identification information can be provided to allow a verifier to select a suitable key to generate a signature with which to verify the received signature. The identification can be, for example, an identifier of a key that is to be used to generate a signature for comparison. Other information can also be provided and used, as appropriate in the various modalities.
[0100] Figure 21 is a flowchart showing an illustrative example of a process 2100 to determine whether to grant requested access to one or more computing resources, according to at least one modality. As illustrated in Figure 12, process 2100 includes obtaining 2102 a KS signature key. As with other mentions here of getting a signature key, the signing key can be obtained in a number of ways, such as receiving the signing key from another source, retrieving the signing key from memory, calculating the signature key from available information and the like.
[0101] In one embodiment, the received request R is canonicalized to form RC, as in a manner described above. It should be noted that, as with the other processes described here, variations are possible. For example, a computer system running a variation of process 2100 (or other process) can simply receive the canonicalized message and canonicalization can be performed by another computing device. Returning to the description of Figure 21, a signature S’ is calculated as (or otherwise based at least in part on) HMAC(KS, Rc). The calculated signature key S’ is compared 2110 with the received signature S to determine whether the two signatures are equivalent. If the two signatures are determined and are not equivalent, the 2112 session is determined to be invalidated and appropriate actions, such as denial of the request, can be taken. If the two signatures are found to be equivalent, the session is validated 2114 and appropriate measures, such as granting access to one or more computing resources, can be taken.
[0102] The techniques of the present disclosure, as mentioned, can be used to allow delegation of authority. Figure 22 is a flowchart showing an illustrative example of a process 2200 for delegating authority according to at least one modality. Process 2200 may be performed by a computing device, such as a computing device of a user attempting to delegate access to one or more computing resources, or a computing device of a computing resource provider, or any computing device adequate. As illustrated in the figure, process 2200 includes obtaining 2202 a session key Ksi. The session key obtained Ksi, can be obtained in any suitable way, as a form in which the keys described above are described as being obtained. In addition, the session key can be a key that was generated as part of a process to delegate access to one or more computing resources. For example, the session key may have been generated by running process 2200, or a variation of it.
[0103] In one modality, the session parameters are determined 2204. The session parameters can be determined in any suitable way, as described above in relation to Figure 18. With the session parameters determined 2204, a new session key KS (i+1) can be generated as described above, including as described above in relation to Figure 19. Once generated, the new session key can be provided to a delegate. For example, the session key can be sent in an email to the delegate. The session key can be provided directly or indirectly to the delegate. For example, the session key can be given to the delegate and the delegate can be responsible for providing the session key to one or more delegates. Other information can also be provided to the delegate. For example, session parameters can be provided to the delegate to allow the delegate to provide the session parameters with the signatures, thus allowing a recipient (eg verifier) of the session parameters to generate expected signatures to verify the signatures provided are valid. For example, the recipient can use the parameters to generate a session key from a secret credential or a key derived from it and use the session key to generate a signature to a canonicalized version of a corresponding signed message. Generally, parameters can be made available to the recipient of a subscription in any suitable way to allow the recipient to verify message signatures and the delegate does not necessarily need to have access to the parameters if the recipient has access to the parameters independent of the delegate.
[0104] Figure 23, for example, shows a 2300 diagram that illustrates how privileges can be delegated multiple times. A delegate 2302 may wish to grant one or more access privileges to a delegate 2304. Delegate 2304, however, in this example, may wish to provide one or more privileges to another delegate 2306. Thus, in this example, delegate 2304 may become if a delegate. Likewise, delegate 2306 may want to grant access to another delegate, and the delegate may wish to grant access to another delegate, and so on, until finally one or more privileges are granted to another delegate 2308.
[0105] Thus, in this example, the original delegate 2302 sends a delegation request to a session-based authentication service 2310 which may be a fault zone service, as described above. In response, in one embodiment, the session-based authentication server generates and provides a session key to delegate 2302, as described above with respect to Figure 22. Delegate 2302 then, in an embodiment, provides the key The session key received from session based authentication service 2310 for delegate 2304. Delegate 2304 may provide the session key to another delegate 2306. In this way, delegate 2306 would receive the scope of privileges received by delegate 2304 which would be the same as the scope of privileges given to delegate 2306.
[0106] However, also illustrated in Figure 23, delegate 2304 may present a delegation request to session-based authentication service 2310 and receive a different session key that was generated by session-based authentication service 2310 , in response to the request for delegation. Delegate 2304 may provide this new session key to the next delegate 2306. The next delegate 2306 may provide the session key to another delegate, or as described above, may also present a delegation request to the authentication service based on session 2310, which would then generate a session key and provide the session key to delegate 2306 who submitted the delegation request. As indicated in Figure 23, this can continue and one or more of the delegates can try to use a session key that he or she has received.
[0107] In this particular example, a delegate 2308 provides the session key to a computing resource 2312 in connection with a request. As stated above, the request may include the session key, although the session key may be provided separately from the order. Computing resource 2312 can be any of the computational resources described above or, in general, any computing resource. A policy management service 2314 may include a verifier, as described above, and may, at the request of the computing resource, validate requests. Compute resource 2312 and policy management service 2314 may also be a single component, although illustrated separately in Figure 23. In addition, although Figure 23 shows a single session-based authentication service 2310 being used to generate session keys, various modalities may use different session-based authentication services.
[0108] As mentioned above, numerous variations beyond the illustrative examples provided herein are considered to be within the scope of the present disclosure. Figure 24 shows a diagram 2400 which represents an illustrative example of a way in which keys can be derived using the keys of various entities, according to an embodiment. In Figure 23, the customer key, Kcust, is from a set of customer keys held by a computing resource provider. As with embodiments described above, while Figure 23 discussed an illustrative example in connection with a provider of computing resources, other variations are considered to be within the scope of the present disclosure.
[0109] In Figure 24, a set of authority keys is maintained, where each authority key corresponds to a different domain of authority. Each authority key derived from the Kcust client key can, for example, be propagated into different fault zones, as described above. Fault zones can be, for example, data centers in different political jurisdictions. It should be noted, however, that while Figure 24 shows each split authority key having been derived from a single client key, Kcust, variations are possible. For example, split authority keys can be independently derived. As another example, one or more keys of split authority may be derived from a common key, one or more others may be derived from another common key, and the like.
[0110] In one embodiment, multiple authorities are able to combine authority to allow access to one or more computing resources. For example, as illustrated in Figure 24, subsets of split authority keys can be used to derive other keys. For example, as illustrated in Figure 23, two authority keys, labeled Auth1 and Auth2, are used to derive a merged entity key. To derive the merge authority key, in one embodiment, a value of HMAC(f(Auth1, Auth2), R) is calculated, where R is a constraint, as described above. In this example, f is a function of the split keys of authority, and it can be more than two dimensions. For example, the three split authority keys, Auth1, Auth2, and Auth3 are used, as illustrated in Figure 23, in a function f(Auth1, Auth2, Auth3) to calculate the merged entity key as (or otherwise with based at least in part on) HMAC(f(Auth1, Auth2, Auth3), R).
[0111] Numerous variations of constructing keys from different entities are considered to be within the scope of the present disclosure. For example, an entity may generate (or have generated) a key (Kspec) using various modalities of the present disclosure. Each Kspec entity can match a partial key source, which can be a publicly available encoding (or otherwise available encoding for a signer message and a signature verifier) of constraints used to generate its Kspec. For example, a partial key seed might be (K1/20110810/usa-east-1/DDS, K2/20110810/org_name/jpl/DDS), where each string between slashes is a constraint. Such information encoding can be referred to as a key path. As a more general example, a partial key source might be X1/.../Xn, where each Xi (for i between 1 and n) corresponds to a parameter, such as a parameter described above. The partial main sources of the applicable authorities can be encoded as an n-tuple, referred to as a key source. An n-tuple for the example immediately above might be (spec1, spec2, ..., specn), where each entry is a keypath to a corresponding KSpec. It should be noted that the key source (and/or key path) encodes the exact key usage (total restriction among all authorized keys) that the key holder is authorizing by producing a signature/key. Furthermore, with partial key sources available to both message signers and signature verifiers, arbitrary ordering of the parameters used to generate keys and signatures is possible since, for example, a message signer has information that specifies the order, the parameters were used to generate a key signature and can therefore generate a key signature and message accordingly.
[0112] A value for HMAC(Kspec, keu-seed) can then be obtained or calculated for each of Organs competent bodies, that is, for the authorities by which a key is to be generated. This value can be calculated by a customer obtaining a subscription key to sign messages or it can be calculated by another device and later provided to the customer, in various modalities. Each of these values may be referred to as partial keys, for the purposes of the following discussion. The semantics of each of these partial keys, in a modality, is that they are valid only when combined with the following construction (and certain variations of the construction below) and, when combined, form the intersection of the specializations encoded in the key sources .
[0113] To generate a signature key to sign a message, a value for Ks=HMAC (partial_key1+ ... + partial_keyn, key-seed) where “+” can refer to some associative operation on partial keys surrounding the symbol in formula. The “+” sign can be, for example, an exclusive OR operation (XOR) on bits comprising the partial keys. The “+” symbol can also refer to some other suitable operation or function.
[0114] To verify a signature used to sign a message, a verifier can obtain each partial key, combine the partial keys as above to form a signature key, sign an incoming message and compare the result with an expected result to verify the signature , as discussed above.
[0115] Exemplary modalities of disclosure can be described in view of the following clauses: Clause 1. A computer-implemented method for the provision of services, comprising: under the control of one or more computer systems configured with executable instructions, receiving, from an authentication part, electronic information encoding a message, the signature for the message, and a set of one or more restrictions on keys derived from a secret credential shared with the authentication part, the signature being determinable by applying a hash-based message authentication code function base, the secret credential, and the set of one or more restrictions, but also being indeterminable having only the hash-based message authentication code function, but without having the set of one or more constraints; obtain a key generated at least in part, using at least a subset of the set of one or m further limitations; calculate, by one or more computer systems, a value of a hash-based message authentication code function by at least inputting into the hash-based message authentication code function: first input based by the less partly in the obtained key; and second input based at least in part on the set of one or more limitations, determining, by one or more computer systems and based at least in part on the calculated value, whether the subscription is valid; and provide access to one or more computing resources when it is determined that the subscription is valid. Clause 2. The computer-implemented method of clause 1, wherein: the message comprises a request for access to one or more computing resources; the method further comprises determining whether the set of one or more limitations indicates that the request must be fulfilled , and providing access to one or more computing resources depends on determining which restrictions indicate that the request must be fulfilled. or more constraints is encoded by a document and in which determining whether the set of constraints indicates that the request should be fulfilled includes evaluating the document against a context in which the request was received.Clause 4. The computer-implemented method of the clause 1, wherein: the message comprises a request for access to a computing resource of one or more computing resources; set of one or more constraints includes information specifying the computing resource; and providing access to one or more computing resources includes providing access to computing resources when the computing resource coincides with the specified computing resource. Clause 5. The computer-implemented method of clause 1, wherein: the information encoding the set of one or more constraints corresponds to a period of time for which the message is valid; determining whether the signature is valid is based at least in part on whether the message was presented during the corresponding period of time. Clause 6. The implemented method by computer of clause 1, where: the information encoding for the set of one or more constraints corresponds to a constraint based at least in part on one location, and determining whether the signature is valid is based at least in part if a location of at least one of one or more computer systems corresponds to the corresponding location. Clause 7. A computer-implemented method for providing services, comprising: under the control of one or more computer systems configured with executable instructions, obtaining electronic information encoding (i) a message, (ii) a first signature for the message, and (iii) a set of one or more parameters, the first signature having been generated based at least in part on (i) the message, (ii) a secret credential, and (iii) the set of one or more parameters, the first signature being still determinable having only the message and the secret credential, but without the set of one or more parameters; derive a second credential based at least in part on the secret credential and at least a subset of the set of one or more parameters; generate, based at least in part on the second derived credential, a second signature; determining whether the first signature matches the second signature, and providing access to one or more computing resources when the second signature generated matches the first signature. Clause 8. The computer-implemented method of clause 7, wherein deriving the second credential includes introducing, into a function, the secret credential and at least a subset of the set of one or more parameters. Clause 9. The computer-implemented method of clause 8, in which the function is a symmetric message authentication function. Clause 10. The computer-implemented method of clause 9, in which the symmetric message authentication function is a hash function. Clause 11. The computer-implemented method of clause 9, in which introducing the secret credential and at least a subset of one or more parameters into the function is performed as part of the Hash-Based Message Authentication Code (HMAC).Clause 12. The computer-implemented method of clause 8, in which the generation of the second signature includes introducing the function from both an output of the function and a parameter from the set of one or more parameters. Clause 13. The method implemented by the computer of clause 7, wherein the information encoding the one or more parameters comprises an electronic document encoding the set of one or more parameters. Clause 14. The computer-implemented method of clause 8, wherein: generate the second signature is based at least in part on a key, the set of one or more parameters includes one or more restrictions on the use of the key; and providing access to one or more computing resources is performed in accordance with the one or more restrictions. Clause 15. The computer-implemented method of clause 14, wherein the key is based at least in part on the result of entering the secret credential in a function. Clause 16. A computer-readable, non-transient storage medium having stored therein instructions which, when executed by a computer, cause the computer system to at least: obtain an intermediate key, which is derived from at least one secret credential and one or more key intermediary usage parameters; apply, based at least in part on the intermediate key obtained at least a portion of a signature generation process that results in a signature for a message , the process of generating a signature configured such that the signature is indeterminable, by the process of generating a signature, to a computing device with a message, secret credential, and signature, but without one or more restrictions, and provide the message, signature, and one or more parameters to another computer system that is configured to parse, based at least in part on a or more parameters and the message, the signature to determine whether the signature is valid.Clause 17. The non-transient computer-readable storage medium of clause 16, wherein the one or more parameters encode one or more restrictions on the use of the key which are applied at least in part by said other computer system. Clause 18. The non-transitory computer-readable storage medium of clause 16, wherein the one or more restrictions correspond to at least one of a period of time within the which intermediate key is usable, in a location where the intermediate key is usable, and one or more services to which the intermediate key is usable to gain access. and clause 16, non-transient computer-readable storage, in which the instructions, when executed by the computer system, allow the computer system to generate the signature without the computer system having access to the secret credential. Clause 20. The storage medium non-transient computer-readable of clause 19, wherein, having the set of one or more parameters, the signature is determinable by the process of generating a signature using the shared secret credential, or intermediate key. The computer-readable non-transient storage of clause 19, wherein obtaining the intermediate key includes performing an algorithm, wherein at least one output of a hash function is input, with at least one of the parameters, into the hash function.Clause 22. A computer system, comprising: one or more processors, and memory including instructions that, when executed by one or more processors of a computer system. computer, cause the computer system to at least: receive one or more electronic communications that collectively encode a message, a signature for the message, and one or more parameters, the signature being generated based at least in part on the credential secret and the one or more parameters; analyze, based at least in part of one or more parameters, an intermediate credential derived from at least a portion of one or more parameters and the secret credential, but without the secret credential, the message and a signature to determine whether the signature is valid, take one or more contingent actions on determining that the signature is valid.Clause 23. The computer system of clause 22, where: the memory and one or more processors are part of a first server system at a first geographic location; the computer system comprises a second server system at a second geographic location, the second server system being configured to generate, based at least in part on the secret credential, a different signature; the first server system and the second server system both have no secret credential; analyzing the message and a signature includes introducing a function in which at least a portion of one or more parameters is the intermediary credential, and the first system of server and the second server system of each have no information from which the same signature can be generated, using the function, from the message. Clause 24. The computer system of clause 22, in which: the computer system corresponds to a service; and one or more actions include providing access to the service.Clause 25. The clause 24 computer system, wherein the one or more parameter boundaries use the intermediate credential to use in accessing the service.Clause 26. The clause 24 computer system 22, where: analyzing the message and a signature includes applying a hash function to the intermediate credential; the one or more parameters include various restrictions on the use of the intermediate credential, and where the computer system is configured to apply the restrictions. 27. The computer system of clause 22, wherein: analyzing the message and a signature includes applying a hash function to a key that is derived from the secret credential, and the instructions, when executed by one or more processors in the computer system, do with the computer system, further receiving the key derived from a computer system of key authority. Clause 28. The computer system of clause 27, wherein the Functions that cause the computer system to still receive the derived key from the key authority computer system cause the computer system to receive the derived key from the key authority computer system prior to receipt of the message. 29. The computer system of clause 22, wherein the intermediate credential is determined by a computer system other than the computer system.
[0116] The various modalities can further be implemented in a wide variety of operating environments, which in some cases may include one or more user computers, computing devices, or processing devices that can be used to operate any of a series of apps. User or client devices can include any of a number of general purpose personal computers, such as desktop or laptop computers running a standard operating system, as well as cellular, wireless, and handheld devices that run mobile software and are capable of supporting a number of network and messaging protocols. That said, a system may also include a number of workstations with any of a variety of commercially available operating systems and other known applications for purposes such as database development and management. These devices may also include other electronic devices such as simulated terminals, client applications, gaming systems and other devices capable of communicating over a network.
[0117] Most modalities use at least one network that would be familiar to those skilled in the art to support communications using any of a variety of commercially available protocols, such as TCP/IP, OSI, FTP, UPnP, NFS, CIFS, and AppleTalk. The network can be, for example, a local area network, a wide area network, a virtual private network, the Internet, an intranet, extranet, a public switched telephone network, an infrared network, a wireless network, and , in any combination.
[0118] In embodiments that utilize a web server, the web server can run any of a variety of server or mid-range applications, including HTTP servers, FTP servers, CGI servers, data servers, Java servers, and web servers. business applications. Servers may also be able to run programs or scripts on response requests from user devices, such as by running one or more web applications that can be implemented as one or more scripts or programs written in any programming language, such as Java® , C, C# or C++ or any scripting language such as Perl, Python or TCL, as well as combinations thereof. Servers may also include database servers, including but not limited to those commercially available from Oracle®, Microsoft®, Sybase® and IBM®.
[0119] The environment can include a variety of data storage and other memory and storage media, as discussed above. These can reside in multiple locations, such as on a local storage medium (and/or residing on) one or more remote computers, or from any or all computers on the network. In a particular set of modalities, the information may reside on a storage area network (“SAN”) familiar to those skilled in the art. Likewise, all files necessary to perform the functions assigned to computers, servers or other network devices can be stored locally and/or remotely, as appropriate. Where a system includes computerized devices, each said device may include hardware elements that can be electrically coupled via a bus, the elements including, for example, at least one central processing unit (CPU), at least one input device (for example, a mouse, keyboard, touchscreen, or keyboard), and at least one output device (for example, a video device, printer, or speaker). Such a system may also include one or more storage devices, such as hard drives, optical storage devices, and solid-state storage devices, such as random access memory ("RAM") or read-only memory ("ROM"), as well as removable media devices such as memory cards, flash memory cards, etc.
[0120] Such devices may also include a computer readable storage media reader, a communication device (eg a modem, a network card (wired or wireless), an infrared communication device, etc.) , and working memory, as described above. The computer-readable storage media reader may be connected to, or configured to receive, a computer-readable storage medium, which storage devices represent remote, local, fixed, and/or removable, as well as storage media for temporarily and/or more permanently containing computer readable information storage, transmission and retrieval. The system and various devices also typically include a number of software applications, modules, services or other elements located within at least one working memory device, including an operating system and application programs such as a client application or browser. It should be noted that alternative modalities may have numerous variations from what has been described above. For example, custom hardware can also be used and/or particular elements can be implemented in hardware, software (including portable software such as applets), or both. Furthermore, connection to other computing devices such as network input/output devices can be employed.
[0121] Storage media and computer readable media containing code, or containing portions of code, may include any appropriate communication media known or used in the art, including storage media and communication media such as, but not limited to, media volatile and non-volatile, removable and non-removable implemented in any method or technology for the storage and/or transmission of information, such as computer readable instructions, data structures, program modules or other data, including RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, versatile digital disk (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic storage disk or other magnetic storage devices, or any other media that may be used to store the desired information that can be accessed by the device of a system. Based on the disclosure and teachings provided herein, one skilled in the art will appreciate other ways and/or methods for implementing the various modalities.
[0122] The descriptive report and drawings are thus considered in an illustrative example rather than in a restrictive sense. It will, however, be evident that various modifications and changes can be made to this without departing from the spirit and broad scope of the invention as defined in the claims.
[0123] Other variations are within the spirit of this disclosure. Thus, while the techniques described are susceptible to various modifications and alternative constructions, certain illustrated embodiments thereof are shown in the drawings and have been described in detail above. It should be understood, however, that there is no intention to limit the invention to the specific form or forms disclosed, but rather the intention is to cover all modifications, alternative constructions and equivalents that are within the spirit and scope of the invention, such as defined in the appended claims.
[0124] The use of the terms "a" and "an" and "the" and the like in the context of the description of the described modalities (especially in the context of the following claims) shall be interpreted as including the singular and the plural unless indicated here or clearly contradicted by the context. The terms “comprising”, “having”, “including”, and “containing” shall be interpreted as open terms (ie, meaning “including, but not limited to”), unless otherwise indicated. The term “linked” should be interpreted as partially or totally contained in, linked to, or joined together, even if something intervenes. The mention of ranges of values presented herein is merely intended to serve as an abbreviated method of referring individually to each separate value within the range, unless otherwise indicated herein, and each separate value incorporated into the specification as if it were described individually herein. . All methods described herein may be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The use of any and all examples, or exemplary language (eg, "how") provided herein is only intended to further illuminate the embodiments of the invention and does not constitute a limitation on the scope of the invention unless otherwise claimed. No language in the specification should be understood to indicate any element not claimed as essential to the practice of the invention.
[0125] Preferred embodiments of the present disclosure are described herein, including the best mode known to the inventors for carrying out the invention. Variations from the preferred embodiments may become apparent to those skilled in the art upon reading the foregoing description. The inventors expect that those skilled in the art will employ such variations, as the case may be, and the inventors intend that the invention be practiced other than as specifically described herein. Thus, this invention includes all modifications and equivalents to the subject matter mentioned in the appended claims, as permitted by applicable law. Furthermore, any combination of the above-described elements in all possible variations thereof is encompassed by the invention unless otherwise indicated herein or otherwise clearly contradicted by context.
[0126] All references, including publications, patent applications and patents cited herein are hereby incorporated by reference to the same extent as if each reference were individually and specifically indicated to be incorporated by reference and were set forth in its entirety herein.

权利要求:
Claims (12)
[0001]
1. Computer-implemented method for determining whether to grant a requested access to one or more computing resources, CHARACTERIZED by the fact that it comprises: under the control of one or more computing systems configured with executable instructions, receiving (2104), from an authenticating party, electronic information encoding a message, a signature for the message, and a set of one or more restrictions on keys derived from a secret credential shared with the authenticating party, the signature being determinable by applying a Hash-based message authentication code function for the message, the secret credential, and the set of one or more constraints, but also being undeterminable having only the hash-based message authentication code function, but not having the set of one or more constraints; obtain (2102) a key generated by at least applying the hash-based message authentication code function the secret credential and at least a subset of the set of one or more constraints; calculate (2108), by the one or more computing systems, a reference signature by at least applying the hash-based message authentication code function to at least the obtained key and the message; and provide (2114) access to one or more computing resources when the calculated reference signature is equivalent to the received signature.
[0002]
2. Computer-implemented method according to claim 1, CHARACTERIZED by the fact that: the message comprises a request for access to one or more computing resources; the method further comprises determining whether the set of one or more constraints indicates that the request must be fulfilled; eproviding access to one or more computing resources is conditioned on determining that the restrictions indicate that the request must be fulfilled.
[0003]
3. Computer-implemented method according to claim 2, CHARACTERIZED by the fact that the information encoding the set of one or more constraints is encoded by a document and in which determining whether the set of constraints indicates that the request must be fulfilled includes evaluating the document against the context in which the request was received.
[0004]
4. Computer-implemented method according to any one of claims 1 to 3, CHARACTERIZED by the fact that: the message comprises a request for access to a computing resource of the one or more computing resources; the information encoding the set of one or more restrictions include information specifying the computing resource; and providing access to one or more computing resources includes providing access to the computing resource when the computing resource matches the specified computing resource.
[0005]
5. Computer-implemented method according to any one of claims 1 to 4, CHARACTERIZED by the fact that: the information encoding the set of one or more restrictions corresponds to a period of time for which the message is valid; and determining whether the signature is valid is based, at least in part, on whether the message was sent during the corresponding period of time.
[0006]
6. Computer-implemented method according to any one of claims 1 to 5, CHARACTERIZED by the fact that: the information encoding the set of one or more restrictions corresponds to a restriction based, at least in part, on a location; and determining whether the signature is valid is based, at least in part, on whether a location in at least one of the one or more computer systems matches the corresponding location.
[0007]
7. The computer-implemented method of claim 1, CHARACTERIZED by the fact that the hash-based message authentication code function is a hash-based message authentication code (HMAC).
[0008]
8. Computer-implemented method according to claim 7, CHARACTERIZED by the fact that computing the reference signature includes input to the function from both an output of the function and a constraint from the set of one or more constraints.
[0009]
9. Computer-readable, non-transient storage medium CHARACTERIZED by having stored in it instructions which, when executed by a computer system, cause the computer system to execute the method as defined in any one of claims 1 to 8.
[0010]
10. Computer system, CHARACTERIZED by comprising: one or more processors; memory including instructions which, when executed by one or more processors of the computer system, cause the computer system to execute the method as defined in any one of claims 1 to 8.
[0011]
11. Computer system according to claim 10, CHARACTERIZED by the fact that: the memory and one or more processors are part of a first server system in a first geographic location; the computing system comprises a second server system at a second geographic location, the second server system being configured to generate, based at least in part on the secret credential, a different signature; the first server system and the second system of server are devoid of secret credential; and the first server system and the second server system are each devoid of information from which the same signature could be generated, using the function, from the message.
[0012]
12. Computer system according to claim 10, CHARACTERIZED by the fact that one or more restrictions limit the use of the key to use in accessing the service.

类似技术:

---

公开号 | 公开日 | 专利标题

---

BR112014007665B1|2021-07-13|METHOD, STORAGE MEDIUM AND PARAMETER-BASED KEY DERIVATION COMPUTATION SYSTEM

---

US10721238B2|2020-07-21|Parameter based key derivation

---

US10425223B2|2019-09-24|Multiple authority key derivation

---

US9178701B2|2015-11-03|Parameter based key derivation

---

US9197409B2|2015-11-24|Key derivation techniques

---

US10356062B2|2019-07-16|Data access control utilizing key restriction

---

US9305177B2|2016-04-05|Source identification for unauthorized copies of content

---

BR122015024906B1|2021-10-19|COMPUTER IMPLEMENTED METHOD AND SYSTEM TO DELEGATE ACCESS TO A COMPUTER RESOURCE FROM A DELEGANT TO A FIRST DELEGATE AND COMPUTER-READABLE NON-TRANSENT STORAGE MEANS

同族专利:

---

公开号 | 公开日

---

EP2761487B1|2018-11-07|

---

SG10201608067QA|2016-11-29|

---

JP2019149833A|2019-09-05|

---

JP2017069989A|2017-04-06|

---

EP3493070A1|2019-06-05|

---

CN103842984A|2014-06-04|

---

AU2020200584A1|2020-02-13|

---

JP2014531855A|2014-11-27|

---

EP2761487A1|2014-08-06|

---

CA2847713C|2021-02-09|

---

BR112014007665A2|2017-04-18|

---

AU2012315674B9|2018-08-30|

---

AU2018202251A1|2018-04-26|

---

EP2761487A4|2015-06-24|

---

JP6527179B2|2019-06-05|

---

CN107017984B|2020-09-01|

---

AU2012315674B2|2018-04-19|

---

AU2012315674A1|2014-03-20|

---

IN2014DN03111A|2015-05-15|

---

RU2636105C1|2017-11-20|

---

CN103842984B|2017-05-17|

---

RU2709162C1|2019-12-16|

---

AU2020200584B2|2021-05-06|

---

RU2671052C1|2018-10-29|

---

JP6895478B2|2021-06-30|

---

RU2670778C1|2018-10-25|

---

EP3493070B1|2020-07-29|

---

CA2847713A1|2013-04-04|

---

SG10201903265PA|2019-05-30|

---

RU2670778C9|2018-11-23|

---

RU2019137439A|2021-05-21|

---

SG2014012264A|2014-08-28|

---

AU2018202251B2|2019-10-31|

---

RU2014117153A|2015-11-10|

---

RU2582540C2|2016-04-27|

---

JP6082015B2|2017-02-15|

---

RU2019137439A3|2021-11-16|

---

EP3742300A1|2020-11-25|

---

CN107017984A|2017-08-04|

---

WO2013049689A1|2013-04-04|

---

BR122015024906A2|2019-08-27|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

---

US5956404A|1996-09-30|1999-09-21|Schneier; Bruce|Digital signature with auditing bits|

---

US5917911A|1997-01-23|1999-06-29|Motorola, Inc.|Method and system for hierarchical key access and recovery|

---

US6097817A|1997-12-10|2000-08-01|Omnipoint Corporation|Encryption and decryption in communication system with wireless trunk|

---

US6601172B1|1997-12-31|2003-07-29|Philips Electronics North America Corp.|Transmitting revisions with digital signatures|

---

EP1472816A4|2002-01-30|2010-01-27|Tecsec Inc|Access system utilizing multiple factor identification and authentication|

---

GB2342195A|1998-09-30|2000-04-05|Xerox Corp|Secure token-based document server|

---

US6711679B1|1999-03-31|2004-03-23|International Business Machines Corporation|Public key infrastructure delegation|

---

US6643774B1|1999-04-08|2003-11-04|International Business Machines Corporation|Authentication method to enable servers using public key authentication to obtain user-delegated tickets|

---

US20030041110A1|2000-07-28|2003-02-27|Storymail, Inc.|System, Method and Structure for generating and using a compressed digital certificate|

---

US7308431B2|2000-09-11|2007-12-11|Nokia Corporation|System and method of secure authentication and billing for goods and services using a cellular telecommunication and an authorization infrastructure|

---

US20020194483A1|2001-02-25|2002-12-19|Storymail, Inc.|System and method for authorization of access to a resource|

---

JP4301482B2|2001-06-26|2009-07-22|インターナショナル・ビジネス・マシーンズ・コーポレーション|Server, information processing apparatus, access control system and method thereof|

---

JP2003058657A|2001-08-09|2003-02-28|Matsushita Electric Ind Co Ltd|Server and method for license management|

---

EP2224637B1|2001-08-13|2014-10-08|The Board Of Trustees Of The Leland Stanford Junior University|Systems and methods for identity-based encryption|

---

US7617542B2|2001-12-21|2009-11-10|Nokia Corporation|Location-based content protection|

---

NO318842B1|2002-03-18|2005-05-09|Telenor Asa|Authentication and access control|

---

US6971017B2|2002-04-16|2005-11-29|Xerox Corporation|Ad hoc secure access to documents and services|

---

WO2004051585A2|2002-11-27|2004-06-17|Rsa Security Inc|Identity authentication system and method|

---

EP1515507A1|2003-09-09|2005-03-16|Axalto S.A.|Authentication in data communication|

---

JP2006120089A|2004-10-25|2006-05-11|Ntt Docomo Inc|Data management system and data management method|

---

JP4701733B2|2005-02-04|2011-06-15|パナソニック株式会社|Management server, device, and license management system|

---

WO2006132597A1|2005-06-07|2006-12-14|Matsushita Electric Industrial Co., Ltd.|Systems, methods and computer program products for authorising ad-hoc access|

---

JP4792944B2|2005-11-30|2011-10-12|日本電気株式会社|Permission management system, token verification method, token verification program|

---

JP4823704B2|2006-02-01|2011-11-24|Ｋｄｄｉ株式会社|Authentication system, authentication information delegation method and security device in the same system|

---

JP4766249B2|2006-03-01|2011-09-07|日本電気株式会社|Token transfer method, token transfer system, and authority authentication permission server|

---

US8312523B2|2006-03-31|2012-11-13|Amazon Technologies, Inc.|Enhanced security for electronic communications|

---

US8112794B2|2006-07-17|2012-02-07|Research In Motion Limited|Management of multiple connections to a security token access device|

---

JP2008172728A|2007-01-15|2008-07-24|Megachips System Solutions Inc|Security system|

---

JP5340173B2|2007-01-26|2013-11-13|インターデイジタルテクノロジーコーポレーション|Location information and method and apparatus for ensuring access control using location information|

---

JP4982215B2|2007-03-14|2012-07-25|株式会社トヨタＩｔ開発センター|Encryption communication system, encryption communication method, encryption communication program, in-vehicle terminal, and server|

---

US9106426B2|2008-11-26|2015-08-11|Red Hat, Inc.|Username based authentication and key generation|

---

JP5446650B2|2009-09-17|2014-03-19|沖電気工業株式会社|Communication data novelty confirmation system, transmitting terminal and receiving terminal|KR101837150B1|2016-06-30|2018-03-09|넷비젼텔레콤|Proxy authentication system and method for providing proxy service|

---

US20180019986A1|2016-07-12|2018-01-18|Qualcomm Incorporated|User privacy protected location-based authentication on mobile devices|

---

US10586057B2|2017-11-16|2020-03-10|Intuit Inc.|Processing data queries in a logically sharded data store|

---

US10873450B2|2017-11-16|2020-12-22|Intuit Inc.|Cryptographic key generation for logically sharded data stores|

---

EP3711256B1|2017-11-16|2022-01-05|Intuit Inc.|Cryptographic key generation for logically sharded data stores|

---

EP3599737A1|2018-07-24|2020-01-29|Gemalto Sa|Method to create a primary cryptographic key with owner-defined transformation rules|

---

CN111768304A|2018-08-06|2020-10-13|阿里巴巴集团控股有限公司|Block chain transaction method and device and electronic equipment|

---

US10700850B2|2018-11-27|2020-06-30|Alibaba Group Holding Limited|System and method for information protection|

---

SG11201903419WA|2018-11-27|2019-05-30|Alibaba Group Holding Ltd|System and method for information protection|

---

KR102150814B1|2018-11-27|2020-09-02|알리바바 그룹 홀딩 리미티드|Systems and methods for information protection|

---

EP3745637B1|2018-11-27|2021-06-09|Advanced New Technologies Co., Ltd.|System and method for information protection|

---

RU2719311C1|2018-11-27|2020-04-17|Алибаба Груп Холдинг Лимитед|Information protection system and method|

---

RU2719423C1|2018-11-27|2020-04-17|Алибаба Груп Холдинг Лимитед|Information protection system and method|

---

WO2020239179A1|2019-05-28|2020-12-03|Kamstrup A/S|Distributed access control|

法律状态:
2018-12-11| B06F| Objections, documents and/or translations needed after an examination request according [chapter 6.6 patent gazette]|

---

2019-11-19| B06U| Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette]|

---

2021-05-04| B09A| Decision: intention to grant [chapter 9.1 patent gazette]|

---

2021-07-13| B16A| Patent or certificate of addition of invention granted [chapter 16.1 patent gazette]|Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 28/09/2012, OBSERVADAS AS CONDICOES LEGAIS. |

优先权:

---

申请号 | 申请日 | 专利标题

---

US13/248,953|US9203613B2|2011-09-29|2011-09-29|Techniques for client constructed sessions|

---

US13/248,962|US9178701B2|2011-09-29|2011-09-29|Parameter based key derivation|

---

US13/248.973|2011-09-29|

---

US13/248.962|2011-09-29|

---

US13/248.953|2011-09-29|

---

US13/248,973|US9197409B2|2011-09-29|2011-09-29|Key derivation techniques|

---

PCT/US2012/058083|WO2013049689A1|2011-09-29|2012-09-28|Parameter based key derivation|BR122015024906-6A| BR122015024906B1|2011-09-29|2012-09-28|COMPUTER IMPLEMENTED METHOD AND SYSTEM TO DELEGATE ACCESS TO A COMPUTER RESOURCE FROM A DELEGANT TO A FIRST DELEGATE AND COMPUTER-READABLE NON-TRANSENT STORAGE MEANS|