-
公开(公告)号:US20150199519A1
公开(公告)日:2015-07-16
申请号:US14671933
申请日:2015-03-27
Applicant: Amazon Technologies, Inc.
Inventor: Michael David Marr , Pradeep Vincent , Matthew T. Corddry , James R. Hamilton
CPC classification number: G06F21/572 , G06F8/65 , G06F11/3003 , G06F11/3051 , G06F21/57 , G06F21/575 , G06F21/577 , G06F2201/865 , G06F2201/88 , G06F2221/033 , H04L67/10
Abstract: Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.
Abstract translation: 可以使用安全计数器监视硬件设备的更新确认信息或固件的尝试,该计数器被配置为对每次更新或更新尝试单调地调整安全计数器的当前值。 每次确认固件的有效性时,可以确定计数器的值,并将该值存储到安全位置。 在随后的时间,例如在引导过程期间,可以确定计数器的实际值并将其与预期值进行比较。 如果值不匹配,使得固件可能处于意外状态,则可以采取措施,例如防止访问或隔离硬件,直到固件可以被验证或更新为预期的时间 州。
-
公开(公告)号:US20150160948A1
公开(公告)日:2015-06-11
申请号:US14537786
申请日:2014-11-10
Applicant: Amazon Technologies, Inc.
Inventor: Michael David Marr , Matthew R. Corddry , James R. Hamilton
CPC classification number: G06F9/4416 , G06F8/65 , G06F21/572 , H04L41/082 , H04L63/126 , H04L67/34
Abstract: When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. In some embodiments, an asymmetric keying approach can be used to encrypt or sign the firmware. In other cases access can be controlled by enabling firmware updates only through a channel or port that is not exposed to the customer, or by mapping only those portions of the hardware that are to be accessible to the user. In other embodiments, the user can be prevented from modifying firmware by only provisioning the user on a machine after an initial mutability period wherein firmware can be modified, such that the user never has access to a device when firmware can be updated. Combinations and variations of the above also can be used.
Abstract translation: 当向用户提供对至少一部分设备硬件的本地访问时,可以通过控制用于更新该信息的机制来阻止用户修改固件和其他配置信息。 在一些实施例中,可以使用非对称密钥方法来加密或签名固件。 在其他情况下,只能通过不暴露给客户的通道或端口启用固件更新,或仅映射用户可访问的硬件部分来控制访问。 在其他实施例中,可以通过在可修改固件的初始可变性周期之后仅在机器上提供用户来防止用户修改固件,使得当固件可以被更新时,用户永远不能访问设备。 上述的组合和变化也可以使用。
-
公开(公告)号:US08996744B1
公开(公告)日:2015-03-31
申请号:US14094642
申请日:2013-12-02
Applicant: Amazon Technologies, Inc.
Inventor: Michael David Marr , Pradeep Vincent , Matthew T. Corddry , James R. Hamilton
CPC classification number: G06F21/572 , G06F8/65 , G06F11/3003 , G06F11/3051 , G06F21/57 , G06F21/575 , G06F21/577 , G06F2201/865 , G06F2201/88 , G06F2221/033 , H04L67/10
Abstract: Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.
Abstract translation: 可以使用安全计数器监视硬件设备的更新确认信息或固件的尝试,该计数器被配置为对每次更新或更新尝试单调地调整安全计数器的当前值。 每次确认固件的有效性时,可以确定计数器的值,并将该值存储到安全位置。 在随后的时间,例如在引导过程期间,可以确定计数器的实际值并将其与预期值进行比较。 如果值不匹配,使得固件可能处于意外状态,则可以采取措施,例如防止访问或隔离硬件,直到固件可以被验证或更新为预期的时间 州。
-
公开(公告)号:US20140310510A1
公开(公告)日:2014-10-16
申请号:US13863296
申请日:2013-04-15
Applicant: Amazon Technologies, Inc.
Inventor: Nachiketh Rao Potlapally , Rachit Chawla , Jeremy Ryan Volkman , Michael David Marr
CPC classification number: G06F9/4401 , G06F9/4406 , G06F11/1417 , G06F11/1446 , G06F21/575
Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.
Abstract translation: 描述了使主计算设备能够存储用于在主计算设备上的安全存储(诸如可信平台模块(TPM))中恢复主计算设备的状态的凭证和其他安全信息的方法。 在主机计算设备发生故障(例如断电,网络故障等)时,主机计算设备可以从安全存储中获得必要的凭证,并使用这些凭据来启动各种服务,恢复状态 的主机,并执行各种其他功能。 此外,安全存储(例如,TPM)可以将主机计算设备的引导固件测量和远程认证提供给网络上的其他设备,例如当恢复的主机需要与网络上的其他设备进行通信时。
-
公开(公告)号:US20140310509A1
公开(公告)日:2014-10-16
申请号:US13862923
申请日:2013-04-15
Applicant: Amazon Technologies, Inc
Inventor: Nachiketh Rao Potlapally , Rachit Chawla , Jeremy Ryan Volkman , Michael David Marr
IPC: G06F11/14
CPC classification number: G06F11/1417 , G06F21/57
Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.
Abstract translation: 描述了使主计算设备能够存储用于在主计算设备上的安全存储(诸如可信平台模块(TPM))中恢复主计算设备的状态的凭证和其他安全信息的方法。 在主机计算设备发生故障(例如断电,网络故障等)时,主机计算设备可以从安全存储中获得必要的凭证,并使用这些凭据来启动各种服务,恢复状态 的主机,并执行各种其他功能。 此外,安全存储(例如,TPM)可以将主机计算设备的引导固件测量和远程认证提供给网络上的其他设备,例如当恢复的主机需要与网络上的其他设备进行通信时。
-
Patent Agency Ranking
公开(公告)号:US20230171148A1
公开(公告)日:2023-06-01
申请号:US18161819
申请日:2023-01-30
Applicant: Amazon Technologies, Inc.
Inventor: Richendra Khanna , Edward L. Wallace , Jagwinder Singh Brar , Michael David Marr , Samuel J. McKelvie , Peter N. DeSantis , Ian P. Nowland , Matthew D. Klein , Justin Mason , Jacob Gabrielson
IPC: H04L41/0668 , H04L41/0631 , H04L43/0852 , H04L41/12 , H04L43/103 , H04L43/0829 , H04L45/00
CPC classification number: H04L41/0668 , H04L41/0645 , H04L43/0858 , H04L41/12 , H04L43/103 , H04L43/0835 , H04L41/065 , H04L45/22
Abstract: Generally described, systems and methods are provided for monitoring and detecting causes of failures of network paths. The system collects performance information from a plurality of nodes and links in a network, aggregates the collected performance information across paths in the network, processes the aggregated performance information for detecting failures on the paths, analyzes each of the detected failures to determine at least one root cause, and initiates a remedial workflow for the at least one root cause determined. In some aspects, processing the aggregated information may include performing a statistical regression analysis or otherwise solving a set of equations for the performance indications on each of a plurality of paths. In another aspect, the system may also include an interface which makes available for display one or more of the network topology, the collected and aggregated performance information, and indications of the detected failures in the topology.
-
公开(公告)号:US20210349744A1
公开(公告)日:2021-11-11
申请号:US17303948
申请日:2021-06-10
Applicant: Amazon Technologies, Inc.
Inventor: Matthew D. Klein , Michael David Marr , Samuel J. McKelvie
IPC: G06F9/455
Abstract: The transmission of data on computer networks according to one or more policies is disclosed. A policy may specify, among other things, various parameters which are to be followed when transmitting initiating network traffic. Multiple network interfaces may be installed on a server to enable transmission of data from the single server according a number of discrete configuration settings implicated by the various policies. The multiple network interfaces may correspond to separate physical components, with each component configured independently to implement a feature of a policy. The multiple network interfaces may also correspond to a single physical component that exposes multiple network interfaces, both to the network and to the server on which it is installed.
-
公开(公告)号:US10409699B1
公开(公告)日:2019-09-10
申请号:US15236686
申请日:2016-08-15
Applicant: Amazon Technologies, Inc.
Inventor: Anirudh Balachandra Aithal , Michael David Marr
IPC: G06F15/177 , G06F11/263 , G06F11/22
Abstract: Systems and methods are described for testing computing resources. In one embodiment, a search space of computing settings is analyzed in accordance with weighted data that maps computing performance parameters with the computing settings. A subset of the computing settings is selected to generate a test population to optimize at least one computing performance parameter. One or more computing devices in a computing environment are configured in accordance with the test population, and the test conditions are iteratively updated based on test results in accordance with the test population and a fitness function.
-
公开(公告)号:US10241804B2
公开(公告)日:2019-03-26
申请号:US15483227
申请日:2017-04-10
Applicant: Amazon Technologies, Inc.
Inventor: Nachiketh Rao Potlapally , Rachit Chawla , Jeremy Ryan Volkman , Michael David Marr
IPC: G06F11/14 , G06F9/4401 , G06F21/57
Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.
-
公开(公告)号:US10153937B1
公开(公告)日:2018-12-11
申请号:US13693851
申请日:2012-12-04
Applicant: Amazon Technologies, Inc.
Inventor: Michael David Marr , David Edward Bryan , Max Jesse Wishman
Abstract: Systems and methods for handling resources in a computer system differently in certain situations, such as catastrophic events, based upon an assigned layer of the resource in the system. The layer can be based, for example, on criticality of the resource to the system. Services or devices can be assigned a criticality level representing a layer. The different layers can be treated differently in the case of an event, such as fire, a power outage, an overheating situation and so forth. In response to receiving information about such an event, the different layers can be handled in accordance with their criticality.
-
-
-
-
-
-
-
-
-
Search Results
125
records
(took 0.033 seconds)
