公开(公告)号：US10440007B1

公开(公告)日：2019-10-08

申请号：US14869864

申请日：2015-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Harsha Ramalingam ,  Zachary Damen Wolfe ,  Darren Ernest Canavor ,  Brian Dang ,  Max Funderburk ,  Jesper Mikael Johansson ,  Bharath Kumar Bhimanaik ,  Jon Arron McClintock ,  Jason Christopher Rudmann

IPC: H04L29/06 ,  G06F21/45 ,  G06F3/0484 ,  G06F16/84

Abstract: User input into a user interface is symbolically represented to increase security. User input received into a user interface and a mapping is applied to the user input. A result of the mapping is provided. The user interface may be updated to include the result of the mapping and/or may be provided to another device, such as over a short range communication channel. A person who views or otherwise has access to the user interface does not obtain the user input, but the result of the mapping indicates whether the user input was provided correctly.

公开(公告)号：US10122697B2

公开(公告)日：2018-11-06

申请号：US15475841

申请日：2017-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Yogesh Vilas Golwalkar ,  Anuj Joshi ,  Bharath Kumar Bhimanaik ,  Lorne Millwood ,  Carl Lucian Poston, IV

IPC: H04L29/06 ,  G06F21/44 ,  H04L9/32 ,  G06Q30/06

Abstract: Disclosed are various embodiments for providing a native authentication experience with failover. A network service authenticates a first application executed in a computing device in a first instance using one or more authentication factors received via a platform-specific application programming interface that is native to the computing device. After a change to how authentication is performed by the network service, the network service authenticates the first application in a second instance via code-based linking with a second application that is authenticated.

公开(公告)号：US09998444B2

公开(公告)日：2018-06-12

申请号：US15455169

申请日：2017-03-10

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Darren Ernest Canavor ,  Daniel Wade Hitchcock ,  Bharath Kumar Bhimanaik ,  Jon Arron McClintock

IPC: G06F7/04 ,  G06F17/30 ,  H04N7/16 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/08 ,  G06F21/10 ,  G06F21/602 ,  H04L9/08 ,  H04L9/14 ,  H04L29/06639 ,  H04L29/06646 ,  H04L63/0407 ,  H04L63/0414 ,  H04L63/0421 ,  H04L63/0428 ,  H04L67/306 ,  H04L2209/38

Abstract: Disclosed are various embodiments for correlating a first use case-specific entity identifier with a second use case-specific entity identifier. A chained entity identifier corresponds to the first use case-specific entity identifier. The chained entity identifier can include the second use case-specific entity identifier cryptographically wrapped by a use case-specific key. The second use case-specific entity identifier can be received from the chained entity identifier. The second use case-specific entity identifier can be correlated to the first use case-specific entity identifier.

公开(公告)号：US09973495B2

公开(公告)日：2018-05-15

申请号：US15423980

申请日：2017-02-03

Applicant: Amazon Technologies, Inc.

Inventor： Harsha Ramalingam ,  Jesper Mikael Johansson ,  Bharath Kumar Bhimanaik

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L63/0815 ,  H04L63/102

Abstract: Disclosed are various embodiments relating to bootstrapping user authentication. A first security credential is received for a user account from a user. A first application is then authenticated with another computing device using the first security credential. After authenticating the first application, a bootstrap request is then sent to the other computing device for a second security credential to authenticate a second application without using the first security credential. The bootstrap request specifies a bootstrap session identifier. The second security credential is then received from the other computing device.

公开(公告)号：US09614828B1

公开(公告)日：2017-04-04

申请号：US14589534

申请日：2015-01-05

Applicant: Amazon Technologies, Inc.

Inventor： Yogesh Vilas Golwalkar ,  Anuj Joshi ,  Bharath Kumar Bhimanaik ,  Lorne Millwood ,  Carl Lucian Poston, IV

IPC: H04L29/06 ,  G06F21/44 ,  H04L9/32

CPC classification number: H04L63/08 ,  G06F21/44 ,  G06F2221/2117 ,  G06Q30/0609 ,  H04L9/321 ,  H04L9/3234 ,  H04L63/10 ,  H04L63/205

Abstract: Disclosed are various embodiments for providing a native authentication experience with failover. If a particular authentication approach is supported by a network service, an application authenticates with the network service according to the authentication approach using an authentication factor received via a platform-specific interface. If the particular authentication approach is not supported, code-based linking may be employed to authenticate via another application that is authenticated with the network service.

公开(公告)号：US20170032111A1

公开(公告)日：2017-02-02

申请号：US14809762

申请日：2015-07-27

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Darren Ernest Canavor ,  Daniel Wade Hitchcock ,  Bharath Kumar Bhimanaik

IPC: G06F21/31 ,  H04L29/06

CPC classification number: G06F21/31 ,  G06F21/33 ,  G06F21/44 ,  H04L63/0838 ,  H04L63/0884 ,  H04L2463/082

Abstract: Disclosed are various embodiments for providing multi-factor authentication credentials. For example, a first application may send an authentication request to a first authentication service, where the request specifies a first authentication factor. A second application may generate a user interface upon a display, where the user interface facilitates entry of a user approval. In response to receiving the user approval, the second application may send a second authentication factor to a second authentication service that acts as a proxy for the first authentication service. In some embodiments, an application may be configured to automatically transfer a one-time password or other authentication factor to a recipient in response to receiving a user approval.

Abstract translation: 公开了用于提供多因素认证证书的各种实施例。 例如，第一应用可以向第一认证服务发送认证请求，其中请求指定第一认证因素。 第二应用可以在显示器上生成用户界面，其中用户界面便于用户批准的输入。 响应于接收到用户许可，第二应用可以向作为第一认证服务的代理的第二认证服务发送第二认证因素。 在一些实施例中，应用可以被配置为响应于接收到用户批准而将一次性密码或其他认证因子自动传送到接收者。

公开(公告)号：US09251375B1

公开(公告)日：2016-02-02

申请号：US14019120

申请日：2013-09-05

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Darren Ernest Canavor ,  Daniel Wade Hitchcock ,  Jesper Mikael Johansson ,  Bharath Kumar Bhimanaik

IPC: G06F11/30 ,  G06F21/64

CPC classification number: G06F21/64 ,  G06F21/6218

Abstract: Use case-specific entity identifiers are disclosed. Entity data associated with an actual entity identifier of an entity is generated. A use case-specific entity identifier is generated based at least in part on encrypting the actual entity identifier using reversible encryption. The entity data, in association with the use case-specific entity identifier, is sent to another service.

Abstract translation: 披露用例特定的实体标识符。 生成与实体的实际实体标识符相关联的实体数据。 至少部分地基于使用可逆加密对实际实体标识符进行加密来生成用例专用实体标识符。 与用例专用实体标识符相关联的实体数据被发送到另一个服务。

公开(公告)号：US09112854B1

公开(公告)日：2015-08-18

申请号：US14023663

申请日：2013-09-11

Applicant: Amazon Technologies, Inc.

Inventor： Bharath Kumar Bhimanaik

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L63/126

Abstract: Disclosed are various embodiments for facilitating secure communication between applications on an untrusted computing platform. It is verified that a first application installed in a computing device has permission to communicate with a second application also installed in the computing device based at least in part on a secure key associated with the first application. The verification may include determining that the secure key has been signed by a predetermined certificate and determining that the secure key includes a platform-specific, tamper-proof identifier of the first application. Alternatively, the verification may include determining that the first application is signed by a predetermined certificate. Communication between the first and second applications is facilitated when the first application has permission to communicate with the second application.

Abstract translation: 公开了用于促进不可信计算平台上的应用之间的安全通信的各种实施例。 证实安装在计算设备中的第一应用程序至少部分地基于与第一应用相关联的安全密钥，具有与也安装在计算设备中的第二应用通信的许可。 验证可以包括确定安全密钥已经由预定证书签名并且确定安全密钥包括第一应用的特定于平台的防篡改标识符。 或者，验证可以包括确定第一应用由预定证书签名。 当第一应用具有与第二应用通信的许可时，便于第一和第二应用之间的通信。

公开(公告)号：US09106642B1

公开(公告)日：2015-08-11

申请号：US14023840

申请日：2013-09-11

Applicant: Amazon Technologies, Inc.

Inventor： Bharath Kumar Bhimanaik

IPC: H04L29/06 ,  G06F21/41 ,  G06F21/33

CPC classification number: H04L63/08 ,  G06F21/335 ,  G06F21/41 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/102

Abstract: Disclosed are various embodiments for synchronizing authentication sessions between applications. In one embodiment, a first authentication token is received from a first application in response to determining that the first application is authenticated with a service provider. A second authentication token is requested from a token exchange service associated with the service provider. The second authentication token is requested using the first authentication token. The second application is configured to use the second authentication token in order to access a resource of the service provider.

Abstract translation: 公开了用于在应用之间同步认证会话的各种实施例。 在一个实施例中，响应于确定第一应用被服务提供商认证，从第一应用接收第一认证令牌。 从与服务提供商相关联的令牌交换服务请求第二认证令牌。 使用第一认证令牌请求第二认证令牌。 第二应用被配置为使用第二认证令牌来访问服务提供商的资源。

公开(公告)号：US11838281B1

公开(公告)日：2023-12-05

申请号：US17934039

申请日：2022-09-21

Applicant: Amazon Technologies, Inc.

Inventor： Yogesh Vilas Golwalkar ,  Bharath Kumar Bhimanaik

IPC: H04L9/32 ,  H04L9/40

CPC classification number: H04L63/068 ,  H04L63/08 ,  H04L63/10

Abstract: Disclosed are various embodiments for an authentication service. A unique identifier is associated with a device access token for a client to be authenticated. An authentication identifier is sent to an authenticated client. The client to be authenticated communicates the authentication identifier and unique identifier to the authentication service to complete authentication.