	US 11,671,425 B2
	Cross-region requests
Srikanth Mandadi, Redmond, WA (US); Khaled Salah Sedky, Sammamish, WA (US); Slavka Praus, Seattle, WA (US); and Marc R. Barbour, Woodinville, WA (US)
Assigned to Amazon Technologies, Inc., Seattle, WA (US)
Filed by Amazon Technologies, Inc., Seattle, WA (US)
Filed on Jun. 25, 2020, as Appl. No. 16/912,490.
Application 16/912,490 is a continuation of application No. 15/890,978, filed on Feb. 7, 2018, granted, now 10,701,071.
Application 15/890,978 is a continuation of application No. 14/958,887, filed on Dec. 3, 2015, granted, now 9,894,067, issued on Feb. 13, 2018.
Prior Publication US 2020/0329041 A1, Oct. 15, 2020
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 9/32 (2006.01)

CPC H04L 63/0876 (2013.01) [H04L 9/3247 (2013.01); H04L 63/0435 (2013.01); H04L 63/061 (2013.01); H04L 63/0807 (2013.01); H04L 63/20 (2013.01)]

20 Claims

1. A computer-implemented method, comprising:

obtaining, by a second service in a second region, a first request from a computing device to access a computing resource located at the second region, the first request including a first session token encrypted using a first secret key associated with a first region;

sending, by the second service, a second request including the first session token to a first service in the first region for an encrypted second session token;

receiving, by the second service, an encrypted second session token from the first service in response to the second request, the first service having produced the encrypted second session token by re-encrypting the first session token from using the first secret key to using a second secret key, wherein the second secret key is based at least in part on first secret information of the computing device and second secret information of the second region; and

fulfilling, by the second service, the first request by providing the computing device access to the computing resource based at least in part on the encrypted second session token.