Abstract: Cryptographic keys can include logging properties that enable those keys to be used only if the properties can be enforced by the cryptographic system requested to perform one or more actions using the keys. The logging property can specify how to log use of a respective key. A key can also include a mutability property for specifying whether the logging property can be changed, and if so under what circumstances or in which way(s). The ability to specify and automatically enforce logging can be important for environments where audit logs are essential. These can include, for example, public certificate authorities that must provide accurate and complete audit trails. In cases where the data is not to be provided outside a determined secure environment, the key can be generated with a property indicating not to log any of the usage.

Abstract: A secret is stored in a computing device. The device generates a value determined based at least in part on a substantially random process. As a result of the value satisfying a condition, the device causes the secret to be unusable to perform cryptographic operations such that the device is unable to cause the secret to be restored. The secret may be programmatically unexportable from the device.

Abstract: A computer system receives a request to remove an entry from a probabilistic data structure. In response to the request, the computer system queries the probabilistic data structure to determine a current iteration value for the entry within the probabilistic data structure. The current iteration value indicates a state of the entry such that a first state corresponds to the entry being a member of a set and a second state corresponds to the absence of the entry from the set. As a result of the current iteration value denoting that the entry is a member of the set, the computer system increments the current iteration value to generate a new iteration value that corresponds to the absence of the entry from the set. The computer system uses the new iteration value and the entry to generate a new output value that is then added to the probabilistic data structure.

Abstract: A signature authority generates a master seed value that is used to generate a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values from the seed tree which are distributed to one or more subordinates, each of which generates a set of one-time-use cryptographic keys from the provided seed. Each subordinate generates a hash tree from its set of one-time-use cryptographic keys, and returns the root of its hash tree to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree, and the root of the hash tree acts as a public key for the signature authority.

Abstract: A client establishes a network session with a server. The network session is used to establish an encrypted communications session. The client establishes another network session with another server, such as after terminating the first network session. The client resumes the encrypted communications session over the network session with the other server. The other server is configured to receive encrypted communications from the client and forward them to the appropriate server.

Abstract: Cryptographic keys can include logging properties that enable those keys to be used only if the properties can be enforced by the cryptographic system requested to perform one or more actions using the keys. The logging property can specify how to log use of a respective key. A key can also include a mutability property for specifying whether the logging property can be changed, and if so under what circumstances or in which way(s). The ability to specify and automatically enforce logging can be important for environments where audit logs are essential. These can include, for example, public certificate authorities that must provide accurate and complete audit trails. In cases where the data is not to be provided outside a determined secure environment, the key can be generated with a property indicating not to log any of the usage.

Abstract: A proof-of-work system where a first party (e.g., a client computer system) may request access to a computing resource. A second party (e.g., a service provider) may determine a challenge that may be provided to the first party. A valid solution to the challenge may be generated and provided for the request to be fulfilled. The challenge may include a message and a seed, such that the seed may be used at least in part to cryptographically derive information that may be used to generate a solution to the challenge. A hash tree may be generated as of generating the solution.

Abstract: A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.

Abstract: A signature authority generates revocable one-time-use keys that are able to generate digital signatures. The signature authority generates a set of one-time-use keys, where each one-time-use key has a secret key and a public key derived from a hash of the secret key. The signature authority generates one or more revocation values that, when published, proves that the signature authority has the authority to revoke corresponding cryptographic keys. The signature authority hashes the public keys and the revocation values and arranges the hashes in a hash tree where the root of the hash tree acts as a public key of the signature authority. In some implementations, the one-time-use cryptographic keys are generated from a tree of seed values, and a particular revocation value is linked to a particular seed value, allowing for the revocation of a block of one-time-use cryptographic keys associated with the particular seed.

Abstract: A key distribution service operated by a signature authority distributes one-time-use cryptographic keys to one or more delegates that generate digital signatures on behalf of the signature authority. The key distribution service uses a root seed value to generate subordinate seeds. The subordinate seeds are used to generate a set of cryptographic keys. Hashes are generated for each key, and the hashes are arranged into a Merkle tree with a root hash controlled by the signature authority. In response to a request from a delegate, the signature authority provides a subordinate seed to the delegate. The delegate uses the subordinate seed to generate one or more cryptographic keys. The cryptographic keys are used to generate digital signatures which are verifiable up to the root hash of the Merkle tree. Additional subordinate seeds may be distributed to entities by the signature authority when appropriate.

Abstract: A signature authority generates a master seed value that is used as the root of a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values which are distributed to one or more key generators, each of which generates a set of one-time-use cryptographic keys. Each key generator generates a hash tree from its set of one-time-use cryptographic keys, and the root of its hash tree is returned to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree. The root of the comprehensive hash tree acts as a public key for the signature authority.

Abstract: Data is durably backed up for a limited amount of time. The data may be encrypted under a key and the key may be encrypted under a backup key. The backup key has a limited lifetime at the end of which the backup key is destroyed. After the backup key is destroyed, recoverability of the data depends on whether the key was deleted. In some examples, the data is a set of cryptographic keys.

Abstract: A data storage service redundantly stores data and keys used to encrypt the data. Data objects are encrypted with first cryptographic keys. The first cryptographic keys are encrypted by second cryptographic keys. The first cryptographic keys and second cryptographic keys are redundantly stored in a data storage system to enable access of the data objects, such as to respond to requests to retrieve the data objects. The second cryptographic keys may be encrypted by third keys and redundantly stored in the event access to a second cryptographic key is lost.

Abstract: Cryptographic keys can include logging properties that enable those keys to be used only if the properties can be enforced by the cryptographic system requested to perform one or more actions using the keys. The logging property can specify how to log use of a respective key. A key can also include a mutability property for specifying whether the logging property can be changed, and if so under what circumstances or in which way(s). The ability to specify and automatically enforce logging can be important for environments where audit logs are essential. These can include, for example, public certificate authorities that must provide accurate and complete audit trails. In cases where the data is not to be provided outside a determined secure environment, the key can be generated with a property indicating not to log any of the usage.

Abstract: A data storage management process is directed to aspects of managing encrypted data via data storage volumes in conjunction with a service provider computer network that hosts virtual machine instances. A volume can be created and configured for managing encrypted data with an encrypted version of a volume key. The volume can be attached to a virtual machine instance such that the virtual machine instance accesses the volume in a transparent fashion based on the volume key. Encrypted data specific to the volume can be copied across multiple regions of data storage each associated with distinct encrypted versions of a volume key corresponding to the volume.

Abstract: A hardware secret is securely maintained in a computing device. The device operates in accordance with a usage limit corresponding to a limited number of operations using the hardware secret that the device is able to perform. Once the device reaches a usage limit, the device becomes temporarily or permanently unable to perform additional operations using the hardware secret.

Abstract: A distributed passcode verification system includes devices that each have a secret and that are each able to perform a limited number of verifications using their secrets. Passcode verifiers receive passcode information from a passcode information manager. The passcode information provides information usable, with a secret, to verify passcodes provided to a verifier.

Abstract: A client negotiates multiple cryptographic keys with a server. One of the cryptographic keys is used to encrypt communications that the server can decrypt. Another of the cryptographic keys is used to encrypt communications that, while sent to the server, are not decryptable to the server. The server is configured to forward communications that it is unable to decrypt to another computer system having an ability to decrypt the communications.

Abstract: A client establishes a network session with a server. The network session is used to establish an encrypted communications session. The client establishes another network session with another server, such as after terminating the first network session. The client resumes the encrypted communications session over the network session with the other server. The other server is configured to receive encrypted communications from the client and forward them to the appropriate server.

Abstract: System load, such as load caused by a denial of service attack, is managed by requiring those requesting access to the system to provide proof of work. A system receives, from a requestor, a request for access to the system. Before the request can be processed, the system provides a challenge to the requestor. The requestor obtains a solution to the challenge and provides proof of having obtained the solution. The system verifies the correctness of the solution and, if the correct solution is verified, the system services the request.