公开(公告)号：US20180046469A1

公开(公告)日：2018-02-15

申请号：US15722777

申请日：2017-10-02

Applicant: Amazon Technologies, Inc.

Inventor： Jesper M. Johansson ,  Matthew T. Corddry ,  Tom F. Hansen ,  Luke F. Kearney

IPC: G06F9/44 ,  G06F21/33 ,  H04L9/32 ,  H04L29/06

CPC classification number: G06F9/4416 ,  G06F9/4406 ,  G06F21/33 ,  H04L9/3268 ,  H04L29/06 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0876 ,  H04L63/10 ,  H04L2209/64

Abstract: Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.

公开(公告)号：US09934022B2

公开(公告)日：2018-04-03

申请号：US14866643

申请日：2015-09-25

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Matthew T. Corddry ,  James R. Hamilton

IPC: G06F21/00 ,  H04L29/06 ,  G06F9/445 ,  G06F21/57 ,  G06F21/62

CPC classification number: G06F8/65 ,  G06F21/572 ,  G06F21/629 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/20

Abstract: When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. For example, a clock or a timer mechanism can be used by a network interface card to define a mutability period. During the mutability period, firmware update to a peripheral device can be allowed. Once the mutability period has expired, firmware update to a peripheral device will no longer be allowed.

公开(公告)号：US09778939B2

公开(公告)日：2017-10-03

申请号：US15229043

申请日：2016-08-04

Applicant: Amazon Technologies, Inc.

Inventor： Jesper M. Johansson ,  Matthew T. Corddry ,  Tom F. Hansen ,  Luke F. Kearney

IPC: H04L9/00 ,  G06F9/44 ,  H04L29/06 ,  G06F21/33 ,  H04L9/32

CPC classification number: G06F9/4416 ,  G06F9/4406 ,  G06F21/33 ,  H04L9/3268 ,  H04L29/06 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0876 ,  H04L63/10 ,  H04L2209/64

Abstract: Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.

公开(公告)号：US20140351893A1

公开(公告)日：2014-11-27

申请号：US14457950

申请日：2014-08-12

Applicant: Amazon Technologies, Inc.

Inventor： Matthew T. Corddry ,  Michael David Marr ,  James R. Hamilton ,  Peter N. De Santis

IPC: H04L29/06

CPC classification number: H04L63/10 ,  G06F9/4401 ,  H04L67/125 ,  H04L67/22

Abstract: In an environment such as a cloud computing environment where various guests can be provisioned on a host machine or other hardware device, it can be desirable to prevent those users from rebooting or otherwise restarting the machine or other resources using unauthorized information or images that can be obtained from across the network. A cloud manager can cause one or more network switches or other routing or communication processing components to deny communication access between user-accessible ports on a machine or device and the provisioning systems, or other specific network resources, such that the user cannot cause the host machine to pull information from those resources upon a restart or reboot of the machine. Further, various actions can be taken upon a reboot or attempted reboot, such as to isolate the host machine or even power off the specific machine.

Abstract translation: 在诸如云计算环境的环境中，可以在主机或其他硬件设备上配置各种客户端，可能希望防止这些用户重新启动或以其他方式重新启动机器或其他资源，使用未经授权的信息或图像可以 从网络获得。 云管理器可以使一个或多个网络交换机或其他路由或通信处理组件拒绝机器或设备上的用户可访问端口与供应系统或其他特定网络资源之间的通信接入，使得用户不能使主机 机器在重新启动或重新启动机器时从这些资源中提取信息。 此外，可以在重新启动或尝试重新启动时执行各种操作，例如隔离主机或甚至断开特定机器的电源。

公开(公告)号：US10678555B2

公开(公告)日：2020-06-09

申请号：US15722777

申请日：2017-10-02

Applicant: Amazon Technologies, Inc.

Inventor： Jesper M. Johansson ,  Matthew T. Corddry ,  Tom F. Hansen ,  Luke F. Kearney

IPC: H04L29/06 ,  G06F9/4401 ,  G06F21/33 ,  H04L9/32

Abstract: Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.

公开(公告)号：US20180067951A1

公开(公告)日：2018-03-08

申请号：US15804889

申请日：2017-11-06

Applicant: Amazon Technologies, Inc.

Inventor： Eric J. Brandwine ,  Matthew T. Corddry

IPC: G06F17/30

CPC classification number: G06F16/122 ,  G06F16/907 ,  G06F16/951

Abstract: Systems and methods are provided for managing objects. In one implementation, a computer-implemented method is provided. The method includes receiving a query comprising a tag and executing the query. An object identifier is retrieved from a data table, based on the tag. The method further returns a result of the query. The result includes the object identifier that was retrieved from the data table. The method further performing an action related to an object having the retrieved object identifier.

公开(公告)号：US09349010B2

公开(公告)日：2016-05-24

申请号：US14671933

申请日：2015-03-27

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Pradeep Vincent ,  Matthew T. Corddry ,  James R. Hamilton

IPC: G06F3/00 ,  G06F13/28 ,  G06F11/30 ,  G06F9/44 ,  G06F21/57 ,  G06F9/445 ,  H04L29/08

CPC classification number: G06F21/572 ,  G06F8/65 ,  G06F11/3003 ,  G06F11/3051 ,  G06F21/57 ,  G06F21/575 ,  G06F21/577 ,  G06F2201/865 ,  G06F2201/88 ,  G06F2221/033 ,  H04L67/10

Abstract: Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.

Abstract translation: 可以使用安全计数器监视硬件设备的更新确认信息或固件的尝试，该计数器被配置为对每次更新或更新尝试单调地调整安全计数器的当前值。 每次确认固件的有效性时，可以确定计数器的值，并将该值存储到安全位置。 在随后的时间，例如在引导过程期间，可以确定计数器的实际值并将其与预期值进行比较。 如果值不匹配，使得固件可能处于意外状态，则可以采取措施，例如防止访问或隔离硬件，直到固件可以被验证或更新为预期的时间 州。

公开(公告)号：US08650369B1

公开(公告)日：2014-02-11

申请号：US13769464

申请日：2013-02-18

Applicant: Amazon Technologies, Inc.

Inventor： Matthew T. Corddry ,  Benjamin Earle McGough ,  Michael W. Schrempp

IPC: G06F12/00

CPC classification number: G06F12/0246 ,  G06F2212/7211 ,  Y02D10/13

Abstract: A storage unit includes one or more storage devices. In one embodiment, it is determined whether a temperature associated with the storage unit is below a minimum threshold. In another embodiment, it is determined whether a predicted heat load of the storage unit is below a minimum threshold. A predicted heat load for the storage unit is increased by initiating a data operation in the storage devices in response to determining that the temperature, or the predicted heat load, is below the minimum threshold.

Abstract translation: 存储单元包括一个或多个存储设备。 在一个实施例中，确定与存储单元相关联的温度是否低于最小阈值。 在另一实施例中，确定存储单元的预测热负荷是否低于最小阈值。 响应于确定温度或预测的热负荷低于最小阈值，通过启动存储装置中的数据操作来增加用于存储单元的预测的热负荷。

公开(公告)号：US11216414B2

公开(公告)日：2022-01-04

申请号：US15804889

申请日：2017-11-06

Applicant: Amazon Technologies, Inc.

Inventor： Eric J. Brandwine ,  Matthew T. Corddry

IPC: G06F16/11 ,  G06F16/951 ,  G06F16/907 ,  G06F9/455

Abstract: Systems and methods are provided for managing objects. In one implementation, a computer-implemented method is provided. The method includes receiving a query comprising a tag and executing the query. An object identifier is retrieved from a data table, based on the tag. The method further returns a result of the query. The result includes the object identifier that was retrieved from the data table. The method further performing an action related to an object having the retrieved object identifier.

公开(公告)号：US10003597B2

公开(公告)日：2018-06-19

申请号：US14457950

申请日：2014-08-12

Applicant: Amazon Technologies, Inc.

Inventor： Matthew T. Corddry ,  Michael David Marr ,  James R. Hamilton ,  Peter N. DeSantis

IPC: H04L29/06 ,  H04L29/08 ,  G06F9/44

CPC classification number: H04L63/10 ,  G06F9/4401 ,  H04L67/125 ,  H04L67/22

Abstract: In an environment such as a cloud computing environment where various guests can be provisioned on a host machine or other hardware device, it can be desirable to prevent those users from rebooting or otherwise restarting the machine or other resources using unauthorized information or images that can be obtained from across the network. A cloud manager can cause one or more network switches or other routing or communication processing components to deny communication access between user-accessible ports on a machine or device and the provisioning systems, or other specific network resources, such that the user cannot cause the host machine to pull information from those resources upon a restart or reboot of the machine. Further, various actions can be taken upon a reboot or attempted reboot, such as to isolate the host machine or even power off the specific machine.