Loading...
Please wait, while we are loading the content...
Virtual Cryptographic Module with Load Balancer and Cryptographic Module Fleet
| Content Provider | The Lens |
|---|---|
| Abstract | A virtual cryptographic module is used to perform cryptographic operations. The virtual cryptographic module may include a fleet of cryptographic modules and a load balancer that determines when a cryptographic module should be added to or removed from the fleet. The fleet size may be adjusted based on detecting a set of conditions that includes the utilization level of the fleet. One or more cryptographic modules of the fleet may be used to fulfill requests to perform cryptographic operations. A cryptographic module may be a hardware security module (“HSM”). |
| Related Links | https://www.lens.org/lens/patent/010-500-265-185-674/frontpage |
| Language | English |
| Publisher Date | 2019-10-15 |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Patent |
| Jurisdiction | United States of America |
| Date Applied | 2016-11-14 |
| Agent | Davis Wright Tremaine Llp |
| Applicant | Amazon Tech Inc |
| Application No. | 201615351229 |
| Claim | A system, comprising: a fleet of hardware security modules comprising a plurality of physical hardware security modules; and a virtual load balancer comprising a hardware security module interface that: monitors utilization of the fleet of hardware security modules to generate utilization information about the fleet of hardware security modules; determines, based at least in part on the utilization information, that at least one condition to scale the fleet of hardware security modules is satisfied; selects, from a pool of hardware security modules outside of the fleet of hardware security modules, a first hardware security module; provides, to a second hardware security module that is in the fleet of hardware security modules, a network address of the first hardware security module; obtains an indication that a cryptographically protected communications session was established between the first hardware security module and the second hardware security module and as a result generates a determination that the first hardware security module has joined the fleet; updates a fleet directory to include the network address of the first hardware security module, as a result of obtaining the indication; receives, to the hardware security module interface, a request to perform a cryptographic operation; and routes the request to the first hardware security module. The system of claim 1 , wherein: the fleet directory also stores utilization levels for the plurality of physical hardware security modules; and the virtual load balancer further selects a hardware security module of the fleet of hardware security modules to route the request based at least in part on the utilization levels. The system of claim 1 , wherein determining to scale further includes conditions for scaling the fleet of hardware security modules that comprise a condition that utilization of the fleet of hardware security modules exceeds a predetermined threshold. The system of claim 1 , wherein the pool of hardware security modules is available to one or more other fleets of hardware security modules. The system of claim 1 , wherein the at least one condition to scale the fleet of hardware security modules indicates that the fleet of hardware security modules is to be scaled down. A computer-implemented method, comprising: determining that at least one condition for scaling up a fleet of cryptographic modules is satisfied, the fleet of cryptographic modules comprising at least one physical cryptographic module and backing a virtual cryptographic module comprising a cryptographic module interface; providing, to a first cryptographic module in the fleet of cryptographic modules, information that causes the first cryptographic module to communicate with a second cryptographic module outside of the fleet of cryptographic modules; verifying that the second cryptographic module has joined the fleet of cryptographic modules by at least obtaining an indication that configuration data of the fleet of cryptographic modules was successfully transmitted through a cryptographically protected session established between the first cryptographic module and the second cryptographic module; updating, as a result of obtaining the indication, a fleet directory to indicate that the second cryptographic module has been added to the fleet of cryptographic modules; and causing a request to perform a cryptographic operation received to the cryptographic module interface to be fulfilled using the second cryptographic module. The method of claim 6 , further comprising: determining that at least one second condition for scaling down the fleet of cryptographic modules is satisfied; selecting a third cryptographic module in the fleet of cryptographic modules to remove from the fleet of cryptographic modules; updating a fleet directory of the virtual cryptographic module to reflect that the third cryptographic module has been selected for removal; and de-initializing the third cryptographic module by at least erasing one or more cryptographic keys. The method of claim 7 , further comprising: providing a network address of the third cryptographic module to a fourth cryptographic module of the fleet of cryptographic modules with an indication that the third cryptographic module is being removed from the fleet of cryptographic modules. The method of claim 7 , wherein the de-initializing of the third cryptographic module includes reformatting a subdivision of a disk that includes the one or more cryptographic keys being erased within the third cryptographic module. The method of claim 6 , further comprising causing a second request to perform a second cryptographic operation received to the cryptographic module interface to be fulfilled using the first cryptographic module. The method of claim 6 , wherein determining the at least one condition for scaling up the fleet of cryptographic modules includes querying one or more cryptographic modules of the fleet of cryptographic modules to determine a utilization level for cryptographic modules of the one or more cryptographic modules of the fleet of cryptographic modules. The method of claim 6 , wherein causing the request to be fulfilled using the second cryptographic module includes determining a utilization level of the second cryptographic module. The method of claim 6 , wherein the at least one physical cryptographic module of the fleet of cryptographic modules is shared with at least one other fleet of cryptographic modules. A non-transitory computer-readable storage medium comprising executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least: detect satisfaction of a condition for scaling a fleet of cryptographic modules, two or more cryptographic modules of the fleet of cryptographic modules sharing copies of shared cryptographic information and performing cryptographic operations based at least in part on the shared cryptographic information; cause a first cryptographic module in the fleet of cryptographic modules to provide a copy of the shared cryptographic information to a second cryptographic module that is outside of the fleet of cryptographic modules; obtain an indication that an add operation was completed successfully and the copy of the shared cryptographic information is encrypted; update, as a result of obtaining the indication, a fleet directory to indicate that the second cryptographic module has been added to the fleet of cryptographic modules; and cause a first request transmitted by a requestor to a cryptographic module interface associated with the fleet of cryptographic modules to be fulfilled using the second cryptographic module. The non-transitory computer-readable storage medium of claim 14 , wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to: receive instructions to initialize a virtual hardware security module from a client, the instructions including a digital certificate comprising a cryptographic key; select a third cryptographic module that is outside of the fleet of cryptographic modules; and provide instructions to the third cryptographic module to perform an initialization routine using at least the digital certificate. The non-transitory computer-readable storage medium of claim 14 , wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to: cause a second request transmitted to the cryptographic module interface to be fulfilled by the first cryptographic module, wherein both the first request and the second request are over a Transport Layer Security session. The non-transitory computer-readable storage medium of claim 14 , wherein enabling the first cryptographic module to provide cryptographic information to the second cryptographic module includes providing a network address of the second cryptographic module. The non-transitory computer-readable storage medium of claim 14 , wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to: monitor utilization levels and latencies to the requestor for one or more cryptographic modules of the fleet of cryptographic modules; and as part of detecting the condition for scaling the fleet of cryptographic modules is satisfied: calculate a score of the utilization levels of the one or more cryptographic modules, wherein a first cryptographic module of the one or more cryptographic modules performs at a lower latency than a second cryptographic module of the one or more cryptographic modules is more heavily weighted; and determine whether the score exceeds a threshold. The non-transitory computer-readable storage medium of claim 18 , wherein the threshold is adjusted based at least in part on traffic patterns. The non-transitory computer-readable storage medium of claim 14 , wherein the first cryptographic module in the fleet of cryptographic modules is a member of a second fleet of cryptographic modules. |
| CPC Classification | TRANSMISSION OF DIGITAL INFORMATION; e.g. TELEGRAPHIC COMMUNICATION ELECTRIC DIGITAL DATA PROCESSING |
| Examiner | James R Turchen |
| Extended Family | 073-420-527-481-912 163-777-957-307-724 017-596-916-629-245 010-500-265-185-674 |
| Patent ID | 10447668 |
| Inventor/Author | Norum Steven Preston Lightner |
| IPC | H04L29/06 G06F21/60 H04L9/08 H04L9/32 |
| Status | Active |
| Owner | Amazon Technologies Inc |
| Simple Family | 010-500-265-185-674 163-777-957-307-724 017-596-916-629-245 073-420-527-481-912 |
| CPC (with Group) | H04L9/0897 G06F21/602 H04L9/0822 H04L9/12 H04L9/3242 H04L9/3247 H04L9/3268 H04L63/0485 H04L63/062 H04L63/0823 H04L63/0853 H04L2209/127 H04L2463/062 H04L9/3234 H04L63/0471 H04L63/06 |
| Issuing Authority | United States Patent and Trademark Office (USPTO) |
| Kind | Patent/Patent 1st level of publication/Inventor's certificate |
