US Patent No. 10,169,591


Patent No. 10,169,591
Issue Date January 01, 2019
Title Chained Security Systems
Inventorship Matthew John Campagna, Bainbridge Island, WA (US)
Gregory Alan Rubin, Seattle, WA (US)
Eric Jason Brandwine, Haymarket, VA (US)
Matthew Shawn Wilson, Bainbridge Island, WA (US)
Cristian M. Ilac, Sammamish, WA (US)
Assignee Amazon Technologies, Inc., Seattle, WA (US)

Claim of US Patent No. 10,169,591

1. A computer-implemented method, comprising:receiving an attestation request from a customer system to a main subsystem of a computing device, the computing device operating a customer virtual machine associated with the customer system;
sending a request to a limited subsystem provided using trusted hardware physically connected to the computing device, the limited subsystem configured to perform administrative tasks for the customer virtual machine;
receiving, at the limited subsystem, a first certificate from a certificate authority;
generating, at the limited subsystem, first credentials using the first certificate, a first measurement, and a second certificate for authenticating the main subsystem;
receiving, at the main subsystem, the second certificate from the limited subsystem;
generating, at the main subsystem, second credentials using the second certificate, and a second measurement including state information for the customer virtual machine; and
sending an attestation response to the customer system, the attestation response including the first measurement with the first credentials and the second measurement with the second credentials.