公开(公告)号：US20170230289A1

公开(公告)日：2017-08-10

申请号：US15294566

申请日：2016-10-14

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： ERIC JASON BRANDWINE ,  SWAMINATHAN SIVASUBRAMANIAN ,  BRADLEY E. MARSHALL ,  TATE ANDREW CERTAIN

IPC: H04L12/743 ,  H04L12/741 ,  H04L12/751 ,  H04L12/753

CPC classification number: H04L45/7453 ,  H04L12/44 ,  H04L45/02 ,  H04L45/025 ,  H04L45/42 ,  H04L45/48 ,  H04L45/54 ,  H04L45/745

Abstract: A distributed system for collecting and processing packet routing information is provided. A service provider, such as a content delivery network service provider, can maintain multiple Points of Presence (“POPs”). Routing computing devices associated with each POP can forward information about the packet routing information to a packet routing management component. The packet routing component can process the information provided by the various POPs. The packet routing component can then update, or otherwise modify, packet routing information used by one or more of the POPs. Accordingly, the packet routing management component can then selectively distribute the updated or modified packet routing information, including the distribution to all POPs, the targeted distribution to specific POPs and the creation of centrally accessible routing information.

公开(公告)号：US20150244716A1

公开(公告)日：2015-08-27

申请号：US14188630

申请日：2014-02-24

Applicant: Amazon Technologies, Inc.

Inventor： NACHIKETH RAO POTLAPALLY ,  ANDREW JEFFREY DOANE ,  ERIC JASON BRANDWINE ,  ROBERT ERIC FITZGERALD

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  G06F21/57 ,  G06F21/6209 ,  H04L9/3234 ,  H04L63/06 ,  H04L63/064 ,  H04L63/0884 ,  H04L63/12

Abstract: Methods and apparatus for securing client-specified credentials at cryptographically-attested resources are described. An indication is obtained that resources deployed for execution of a compute instance of a multi-tenant computing service at an instance host of a provider network meet a client's security criteria. An encrypted representation of credentials to be used at the compute instance to implement operations on behalf of a client is received at the instance host. The credentials are extracted from the encrypted representation using a private key unique to the instance host, used for the operations, and then removed from the instance host without being saved in persistent memory.

Abstract translation: 描述了在密码证实的资源中保护客户端指定的凭证的方法和装置。 获得指示，用于执行供应商网络的实例主机处的多租户计算服务的计算实例的部署满足客户端的安全标准。 在实例主机处接收在计算实例上用于代表客户端执行操作的凭证的加密表示。 使用专用于实例主机的私有密钥从加密表示中提取凭据，然后从实例主机中删除，而不会保存在持久内存中。

公开(公告)号：US20150120917A1

公开(公告)日：2015-04-30

申请号：US14582710

申请日：2014-12-24

Applicant: Amazon Technologies, Inc.

Inventor： JACOB ADAM GABRIELSON ,  ERIC JASON BRANDWINE

IPC: H04L12/26 ,  H04L12/911

CPC classification number: H04L43/08 ,  H04L12/4641 ,  H04L12/6418 ,  H04L47/70

Abstract: Methods and apparatus for providing scalable private services in service provider networking environments. A service provider that provides a large, public, multi-tenant implementation of a web service to multiple customers via a public API endpoint may allow a customer to request the establishment of a private implementation of the service. In response, a service private instance may be automatically and/or manually established for the customer that provides a private API endpoint to the service and that is at least in part implemented on single-tenant hardware that is not shared with other customers. The service private instance may initially be implemented as a relatively small scale and possibly limited implementation of the service when compared to the service public instance. As the needs of the customer grow, the service private instance may be automatically and/or manually scaled up from the initial implementation.

Abstract translation: 用于在服务提供商网络环境中提供可扩展私人服务的方法和装置。 通过公共API端点向多个客户提供大型，公共，多租户的Web服务实现的服务提供商可以允许客户请求建立该服务的私有实现。 作为响应，可以为为服务提供私有API端点的客户自动和/或手动建立服务私人实例，并且至少部分地在不与其他客户共享的单租户硬件上实现。 与服务公共实例相比，服务私有实例最初可以被实现为相对小的规模和可能有限的服务实现。 随着客户需求的增长，服务私有实例可以从初始实现中自动和/或手动放大。

公开(公告)号：US20150067830A1

公开(公告)日：2015-03-05

申请号：US14012520

申请日：2013-08-28

Applicant: Amazon Technologies, Inc.

Inventor： JESPER MIKAEL JOHANSSON ,  ERIC JASON BRANDWINE

IPC: H04L29/06

CPC classification number: G06F21/566 ,  G06F21/53 ,  G06F21/554 ,  G06F21/568 ,  G06Q30/0601 ,  H04L63/12 ,  H04L63/14 ,  H04L63/1408 ,  H04W12/10 ,  H04W12/12

Abstract: Disclosed are various embodiments for performing security verifications for dynamic applications. An instance of an application is executed. During runtime, it is determined whether the application is accessing dynamically loaded code from a network site. In one embodiment, the access may be detected via the use of a particular application programming interface (API). In another embodiment, the access may be detected via the loading of downloaded data into an executable portion of memory. A security evaluation is performed on the dynamically loaded code, and an action is initiated responsive to the security evaluation.

Abstract translation: 公开了用于对动态应用进行安全验证的各种实施例。 执行应用程序的一个实例。 在运行时，确定应用程序是否从网站访问动态加载的代码。 在一个实施例中，可以通过使用特定应用编程接口（API）来检测访问。 在另一个实施例中，可以通过将下载的数据加载到存储器的可执行部分中来检测访问。 对动态加载的代码执行安全性评估，并且响应于安全评估启动一个操作。