公开(公告)号：US09374341B2

公开(公告)日：2016-06-21

申请号：US14479124

申请日：2014-09-05

Applicant: Amazon Technologies, Inc.

Inventor： Andrew J. Doane ,  Eric Jason Brandwine

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0272 ,  H04L61/2069 ,  H04L63/10 ,  H04L67/18 ,  H04L67/34 ,  H04L67/36

Abstract: Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various ways. For example, a user may programmatically invoke an API provided by the configurable network service to obtain assistance in establishing remote access from a remote location to a provided computer network of the configurable network service, such as to establish a VPN connection from the remote location to the provided computer network using hardware and/or software supplied to the remote location in response to the API invocation.

Abstract translation: 描述了用于向用户提供对计算机网络的访问的技术，例如使得用户能够与远程可配置网络服务交互以创建和配置由可配置网络服务提供以供用户使用的计算机网络。 通过可配置网络服务为用户提供的计算机网络与用户的一个或多个其他远程计算系统（例如，远程专用网络）之间的安全私人访问可以以各种方式启用。 例如，用户可以以编程方式调用可配置网络服务提供的API，以获得建立从远程位置到所提供的可配置网络服务的计算机网络的远程访问的帮助，例如建立从远程位置到 提供的计算机网络使用响应于API调用提供给远程位置的硬件和/或软件。

公开(公告)号：US20160112387A1

公开(公告)日：2016-04-21

申请号：US14981804

申请日：2015-12-28

Applicant: Amazon Technologies, Inc

Inventor： Todd Lawrence Cignetti ,  Andrew J. Doane ,  Eric Jason Brandwine ,  Robert Eric Fitzgerald

IPC: H04L29/06 ,  G06F9/455 ,  H04L9/32

CPC classification number: H04L63/061 ,  G06F9/45533 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/0876

Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.

Abstract translation: 组织使用服务提供商的计算机硬件资源和服务维护和生成大量敏感信息。 此外，需要能够通过使用密钥加密数据并销毁密钥来安全而快速地删除大量的数据。 为确保远程存储的信息得到保护并能够进行安全删除，组织使用的加密密钥在串行化操作期间应防止持久存储。 如果用于加密数据的密钥在序列化操作期间未被暴露，则可能会删除或破坏数据，从而能够销毁使用密钥加密的数据。

公开(公告)号：US20150249573A1

公开(公告)日：2015-09-03

申请号：US14715412

申请日：2015-05-18

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Eric Jason Brandwine ,  Andrew J. Doane

IPC: H04L12/24

CPC classification number: H04L41/0816 ,  H04L41/12 ,  H04L45/02 ,  H04L45/04 ,  H04L45/586

Abstract: Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.

Abstract translation: 描述了用于提供具有配置的逻辑网络拓扑的管理虚拟计算机网络的技术，其中具有虚拟网络设备，例如通过网络可访问的可配置网络服务，具有为虚拟计算机网络的多个计算节点之间的通信提供的对应网络功能， 虚拟网络设备如果物理存在的话将提供的功能。 在某些情况下，为客户端的受管计算机网络提供的网络功能包括接收定向到虚拟网络设备的路由通信，并使用包括的路由信息​​来更新被管理计算机网络的配置，例如允许至少一些计算节点 管理的计算机网络来动态地发送一个或多个指示的目标网络地址的特定类型的使用和/或基于这样的路由信息​​来动态地信号地使用特定的外部公共网络地址。