Patents by Inventor Steven Preston Lightner Norum
Steven Preston Lightner Norum has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11888980Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).Type: GrantFiled: April 19, 2021Date of Patent: January 30, 2024Assignee: Amazon Technologies, Inc.Inventor: Steven Preston Lightner Norum
-
Patent number: 11777914Abstract: A virtual cryptographic module is used to perform cryptographic operations. The virtual cryptographic module may include a fleet of cryptographic modules and a load balancer that determines when a cryptographic module should be added to or removed from the fleet. The fleet size may be adjusted based on detecting a set of conditions that includes the utilization level of the fleet. One or more cryptographic modules of the fleet may be used to fulfill requests to perform cryptographic operations. A cryptographic module may be a hardware security module (“HSM”).Type: GrantFiled: August 31, 2021Date of Patent: October 3, 2023Assignee: Amazon Technologies, Inc.Inventor: Steven Preston Lightner Norum
-
Patent number: 11502854Abstract: A virtual hardware security module (“HSM”) is used to perform cryptographic operations. The virtual HSM may provision and coordinate requests between one or more HSMs within a fleet of HSMs. A set of cryptographic keys and/or digital certificates may be exchanged between a client and the virtual HSM such that the client and the virtual HSM may communicate with each other via a cryptographically protected communication session. The fleet of HSMs of a virtual HSM may be scaled up or scaled down according to various criteria. Cryptographic key material may be propagated between HSMs of the fleet using a fleet transfer key. Digital certificates may be used to demonstrate that one or more cryptographic keys were generated by a service provider and/or manufacturer.Type: GrantFiled: October 28, 2019Date of Patent: November 15, 2022Assignee: Amazon Technologies, Inc.Inventor: Steven Preston Lightner Norum
-
Publication number: 20210409205Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).Type: ApplicationFiled: April 19, 2021Publication date: December 30, 2021Inventor: Steven Preston Lightner Norum
-
Patent number: 11140140Abstract: A virtual cryptographic module is used to perform cryptographic operations. The virtual cryptographic module may include a fleet of cryptographic modules and a load balancer that determines when a cryptographic module should be added to or removed from the fleet. The fleet size may be adjusted based on detecting a set of conditions that includes the utilization level of the fleet. One or more cryptographic modules of the fleet may be used to fulfill requests to perform cryptographic operations. A cryptographic module may be a hardware security module (“HSM”).Type: GrantFiled: October 14, 2019Date of Patent: October 5, 2021Assignee: Amazon Technologies, Inc.Inventor: Steven Preston Lightner Norum
-
Patent number: 11025420Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).Type: GrantFiled: May 2, 2019Date of Patent: June 1, 2021Assignee: Amazon Technologies, Inc.Inventor: Steven Preston Lightner Norum
-
Publication number: 20200059373Abstract: A virtual hardware security module (“HSM”) is used to perform cryptographic operations. The virtual HSM may provision and coordinate requests between one or more HSMs within a fleet of HSMs. A set of cryptographic keys and/or digital certificates may be exchanged between a client and the virtual HSM such that the client and the virtual HSM may communicate with each other via a cryptographically protected communication session. The fleet of HSMs of a virtual HSM may be scaled up or scaled down according to various criteria. Cryptographic key material may be propagated between HSMs of the fleet using a fleet transfer key. Digital certificates may be used to demonstrate that one or more cryptographic keys were generated by a service provider and/or manufacturer.Type: ApplicationFiled: October 28, 2019Publication date: February 20, 2020Inventor: Steven Preston Lightner Norum
-
Publication number: 20200045028Abstract: A virtual cryptographic module is used to perform cryptographic operations. The virtual cryptographic module may include a fleet of cryptographic modules and a load balancer that determines when a cryptographic module should be added to or removed from the fleet. The fleet size may be adjusted based on detecting a set of conditions that includes the utilization level of the fleet. One or more cryptographic modules of the fleet may be used to fulfill requests to perform cryptographic operations. A cryptographic module may be a hardware security module (“HSM”).Type: ApplicationFiled: October 14, 2019Publication date: February 6, 2020Inventor: Steven Preston Lightner Norum
-
Patent number: 10461943Abstract: A virtual hardware security module (“HSM”) is used to perform cryptographic operations. The virtual HSM may provision and coordinate requests between one or more HSMs within a fleet of HSMs. A set of cryptographic keys and/or digital certificates may be exchanged between a client and the virtual HSM such that the client and the virtual HSM may communicate with each other via a cryptographically protected communication session. The fleet of HSMs of a virtual HSM may be scaled up or scaled down according to various criteria. Cryptographic key material may be propagated between HSMs of the fleet using a fleet transfer key. Digital certificates may be used to demonstrate that one or more cryptographic keys were generated by a service provider and/or manufacturer.Type: GrantFiled: November 14, 2016Date of Patent: October 29, 2019Assignee: Amazon Technologies, Inc.Inventor: Steven Preston Lightner Norum
-
Patent number: 10447668Abstract: A virtual cryptographic module is used to perform cryptographic operations. The virtual cryptographic module may include a fleet of cryptographic modules and a load balancer that determines when a cryptographic module should be added to or removed from the fleet. The fleet size may be adjusted based on detecting a set of conditions that includes the utilization level of the fleet. One or more cryptographic modules of the fleet may be used to fulfill requests to perform cryptographic operations. A cryptographic module may be a hardware security module (“HSM”).Type: GrantFiled: November 14, 2016Date of Patent: October 15, 2019Assignee: Amazon Technologies, Inc.Inventor: Steven Preston Lightner Norum
-
Publication number: 20190260582Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).Type: ApplicationFiled: May 2, 2019Publication date: August 22, 2019Inventor: Steven Preston Lightner Norum
-
Patent number: 10305906Abstract: Systems, devices and processes are described for implementing an access heartbeat role on a hardware security module (HSM) that stores secure data on behalf of a secure data owner. Heartbeat and access credentials are established and distributed by the HSM. Access to the secure data is prevented unless the HSM receives valid heartbeats prior to a time expiration along with a valid access request. Generally, heartbeats are signed messages and include heartbeat credentials. Access requests may also be signed messages and include access credentials. The access credentials may be suspended, revoked or the entire HSM may be zeroized (e.g., plaintext keys erased), dependent upon a failure to receive valid heartbeats in a timely fashion. Heartbeats may be required from multiple entities, in some embodiments. Some example configurable features include heartbeat expiration time, the source of the credentials, the access denial options, and how many sources of distinct heartbeats are required.Type: GrantFiled: September 13, 2016Date of Patent: May 28, 2019Assignee: Amazon Technologies, Inc.Inventor: Steven Preston Lightner Norum
-
Patent number: 10291401Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).Type: GrantFiled: September 26, 2016Date of Patent: May 14, 2019Assignee: AMAZON TECHNOLOGIES, INC.Inventor: Steven Preston Lightner Norum
-
Patent number: 9900659Abstract: Techniques for determining age-content type appropriate ratings for a media on behalf of a user may be provided. For example, information about age-content type appropriate ratings for a plurality of media works may be maintained where the information is associated with a particular user. A determination of whether the particular user has consumed a media work in response to receiving an indication that a user is browsing to the media work in a user interface may be provided. A group that the user belongs to may be identified based on other users that have specified age-content type appropriate ratings for the plurality of media works that are within a range of ratings provided by the user for the plurality of media works. Age-content appropriate ratings for the media work may be determined for the particular user based on an algorithm using the information and the ratings specified by the group.Type: GrantFiled: November 7, 2014Date of Patent: February 20, 2018Assignee: Amazon Technologies, Inc.Inventors: Steven Preston Lightner Norum, Dalton James Nikitas