-
公开(公告)号:US10574699B1
公开(公告)日:2020-02-25
申请号:US14954787
申请日:2015-11-30
发明人: Graeme David Baer , Bradford Taylor Lyman , Weixun Wang , Dmitry Frenkel , Gregory Branchek Roth
摘要: A load balancing service receives a request from a customer to configure a load balancer for distributing incoming requests to one or more computing resources of the customer. The load balancing service uses configuration information specified in the request to configure the load balancer such that the load balancer, in response to an incoming request, can determine whether the incoming request satisfies a set of request processing rules usable to determine whether the request is to be transmitted to any computing resource of the one or more computing resources. The load balancer transmits the incoming request to a computing resource of the customer as a result of the rules being satisfied.
-
公开(公告)号:US11695569B2
公开(公告)日:2023-07-04
申请号:US17212915
申请日:2021-03-25
发明人: William Frederick Hingle Kruse , Conor Patrick Cahill , Jeffrey Cicero Canton , Dmitry Frenkel , Harshad Vasant Kulkarni , Colin Watson , Andrew Paul Mikulski
CPC分类号: H04L9/3247 , G06F12/1408 , H04L63/061 , H04L63/126 , G06F2212/402
摘要: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
-
公开(公告)号:US10972288B2
公开(公告)日:2021-04-06
申请号:US16726734
申请日:2019-12-24
发明人: William Frederick Hingle Kruse , Conor Patrick Cahill , Jeffrey Cicero Canton , Dmitry Frenkel , Harshad Vasant Kulkarni , Colin Watson , Andrew Paul Mikulski
摘要: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
-
公开(公告)号:US20230283482A1
公开(公告)日:2023-09-07
申请号:US18196266
申请日:2023-05-11
发明人: William Frederick Hingle Kruse , Conor Patrick Cahill , Jeffrey Cicero Canton , Dmitry Frenkel , Harshad Vasant Kulkarni , Colin Watson , Andrew Paul Mikulski
CPC分类号: H04L9/3247 , G06F12/1408 , H04L63/061 , H04L63/126 , G06F2212/402
摘要: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
-
公开(公告)号:US20210211304A1
公开(公告)日:2021-07-08
申请号:US17212915
申请日:2021-03-25
发明人: William Frederick Hingle Kruse , Conor Patrick Cahill , Jeffrey Cicero Canton , Dmitry Frenkel , Harshad Vasant Kulkarni , Colin Watson , Andrew Paul Mikulski
摘要: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
-
公开(公告)号:US11005853B1
公开(公告)日:2021-05-11
申请号:US15912982
申请日:2018-03-06
发明人: Ankur Agarwal , Praveen Akinapally , Conor Patrick Cahill , Dmitry Frenkel , Rachit Jain , Lennart Christopher Leon Kats , Julian Eric Naydichev
摘要: Transitive restrictions can be applied to requests received on a session. A session token can be issued for an active session, and a transitivity setting specified to indicate the types of requests for which the transitive restriction is to be enforced. This can include enforcing the restriction on requests received from outside a trusted environment, requests within a scope of enforcement, or enforcing the restriction at request authentication. Any request received from an untrusted source that fails to satisfy the transitive restriction will be denied. Requests from inside the trusted environment may not have the transitive restriction enforced, such as where a new token is issued. This enables services within the environment to make calls on behalf of the customer, while ensuring that third parties obtaining the session token cannot successfully initiate such calls.
-
公开(公告)号:US20200153831A1
公开(公告)日:2020-05-14
申请号:US16704985
申请日:2019-12-05
IPC分类号: H04L29/06
摘要: Security credentials issued by an entity, such as an identity broker, can have a limited lifetime. Access to resources or content under those credentials then can only be obtained for a limited period of time, limiting the ability of an unauthorized entity obtaining the credentials to utilize those credentials for access. Along with the credentials, a refresh token can be issued to a requesting client that can enable the limited lifetime of the credentials to be renewed up to a maximum lifetime of the credentials and/or the token. A service providing access can determine that the client has a valid copy of the refresh token when the credentials are about to expire, and if so can cause the lifetime of the credentials to be extended another credential lifetime. This renewal can be done transparent to a user and without again contacting the identity broker.
-
公开(公告)号:US10951618B2
公开(公告)日:2021-03-16
申请号:US16704985
申请日:2019-12-05
IPC分类号: H04L29/06
摘要: Security credentials issued by an entity, such as an identity broker, can have a limited lifetime. Access to resources or content under those credentials then can only be obtained for a limited period of time, limiting the ability of an unauthorized entity obtaining the credentials to utilize those credentials for access. Along with the credentials, a refresh token can be issued to a requesting client that can enable the limited lifetime of the credentials to be renewed up to a maximum lifetime of the credentials and/or the token. A service providing access can determine that the client has a valid copy of the refresh token when the credentials are about to expire, and if so can cause the lifetime of the credentials to be extended another credential lifetime. This renewal can be done transparent to a user and without again contacting the identity broker.
-
公开(公告)号:US12028461B2
公开(公告)日:2024-07-02
申请号:US18196266
申请日:2023-05-11
发明人: William Frederick Hingle Kruse , Conor Patrick Cahill , Jeffrey Cicero Canton , Dmitry Frenkel , Harshad Vasant Kulkarni , Colin Watson , Andrew Paul Mikulski
CPC分类号: H04L9/3247 , G06F12/1408 , H04L63/061 , H04L63/126 , G06F2212/402
摘要: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
-
公开(公告)号:US10567381B1
公开(公告)日:2020-02-18
申请号:US14972676
申请日:2015-12-17
IPC分类号: H04L29/06
摘要: Security credentials issued by an entity, such as an identity broker, can have a limited lifetime. Access to resources or content under those credentials then can only be obtained for a limited period of time, limiting the ability of an unauthorized entity obtaining the credentials to utilize those credentials for access. Along with the credentials, a refresh token can be issued to a requesting client that can enable the limited lifetime of the credentials to be renewed up to a maximum lifetime of the credentials and/or the token. A service providing access can determine that the client has a valid copy of the refresh token when the credentials are about to expire, and if so can cause the lifetime of the credentials to be extended another credential lifetime. This renewal can be done transparent to a user and without again contacting the identity broker.
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.014 秒)
