&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11924336.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,924,336 B1</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Cryptographic artifact generation using virtualized security modules</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Atul Khare,  Sammamish, WA (US);  Deepak Gupta,  Portland, OR (US);  Petre Eftime,  Bucharest (RO); and  Madalin Razvan Nastase,  Bucharest (RO)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Amazon Technologies, Inc.,  Seattle, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Amazon Technologies, Inc.,  Seattle, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jun.  25, 2021, as Appl. No. 17/359,240.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/08</b></i> (2006.01); <i><b>G06F 9/455</b></i> (2018.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 9/0861</b></i> (2013.01)&#xa0;[<i><b>G06F 9/45558</b></i> (2013.01); <i>G06F 2009/45587</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11924336-20240305-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A system, comprising:<div class="claim_text">one or more computing devices;</div>
                <div class="claim_text">wherein the one or more computing devices include instructions that upon execution on or across the one or more computing devices cause the one or more computing devices to:<div class="claim_text">transmit, prior to a launch of a compute instance at a first virtualization server of a virtualized computing service: (a) an entropy source value from a first isolated control plane component of the virtualized computing service to one or more virtualization management components of the first virtualization server and (b) a nonce and a first counter value from a second isolated control plane component of the virtualized computing service to the one or more virtualization management components of the first virtualization server, wherein the entropy source value is not accessible to the second isolated control plane component, and wherein the nonce and the first counter value are not accessible to the first isolated control plane component;</div>
                  <div class="claim_text">store an updated counter value at a storage device associated with the first virtualization server after performing one or more cryptographic operations at the first virtualization server, wherein the updated counter value is obtained from the first counter value, wherein the one or more cryptographic operations include generation of a particular cryptographic key utilized at the compute instance, wherein the particular cryptographic key is generated by a first virtualized Trusted Platform Module (VTPM) assigned to the compute instance and initialized at the first virtualization server, and wherein the first VTPM is initialized using at least the entropy source value, the nonce and the first counter value; and</div>
                  <div class="claim_text">perform, at a second virtualization server selected as a migration destination for the compute instance, one or more additional cryptographic operations after the compute instance is migrated to the second virtualization server, wherein the one or more additional cryptographic operations include generation of another cryptographic key used at the compute instance, wherein the other cryptographic key is generated by a second VTPM assigned to the compute instance and initialized at the second virtualization server, and wherein the second VTPM is initialized using at least the entropy source value, the nonce and the updated counter value.</div>
                </div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>