知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

385 records (took 0.033 seconds)

    Access control using impersonization
    131.
    发明授权
    Access control using impersonization 有权
    访问控制使用模拟

    公开(公告)号:US09420007B1

    公开(公告)日:2016-08-16

    申请号:US14096783

    申请日:2013-12-04

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Matthew James Wren Brian Irl Pratt

    IPC: G06F21/00 H04L29/06 H04L9/32 G06F21/60

    CPC classification number: H04L63/205 G06F21/60 G06F21/602 H04L9/3247 H04L63/126 H04L63/18 H04L63/20 H04L2463/062

    Abstract: A first service submits a request to a second service on behalf of a customer of a service provider. The request may have been triggered by a request of the customer to the first service. To process the request, the second service evaluates one or more policies to determine whether fulfillment of the request is allowed by policy associated with the customer. The one or more policies may state one or more conditions on one or more services that played a role in submission of the request. If determined that the policy allows fulfillment of the request, the second service fulfills the request.

    Abstract translation: 第一个服务代表服务提供商的客户向第二个服务提交请求。 该请求可能是由客户对第一个服务的请求触发的。 为了处理请求,第二服务评估一个或多个策略以确定是否通过与客户相关联的策略来允许请求的履行。 一个或多个策略可以在提交请求时发挥作用的一个或多个服务上陈述一个或多个条件。 如果确定策略允许满足请求,则第二服务满足请求。

    Server defenses against use of tainted cache
    132.
    发明授权
    Server defenses against use of tainted cache 有权
    服务器防止使用受污染的缓存

    公开(公告)号:US09398066B1

    公开(公告)日:2016-07-19

    申请号:US13787553

    申请日:2013-03-06

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Nicholas Howard Brown

    IPC: H04L29/08 H04L29/06

    CPC classification number: H04L63/10 H04L63/20 H04L67/02 H04L67/2852

    Abstract: Systems, methods, and computer readable media are described for validating objects stored in a web cache. In one embodiment, a computing device caches objects received while accessing networked content over a network. The computing device generates a description of conditions associated with the caching of the objects. When the computing device accesses networked content via a second network, the computing device or a remote server connected thereto utilizes the description to determine whether an object in the cache is trusted or untrusted. The server manages a policy that defines rules for making the determination. The policy can be generated based on descriptions received from a plurality of devices.

    Abstract translation: 描述了用于验证存储在web缓存中的对象的系统,方法和计算机可读介质。 在一个实施例中,计算设备缓存通过网络访问联网内容时所接收的对象。 计算设备生成与对象的缓存相关联的条件的描述。 当计算设备经由第二网络访问网络内容时,计算设备或与之相连的远程服务器利用该描述来确定高速缓存中的对象是否被信任或不受信任。 服务器管理定义用于进行确定的规则的策略。 该策略可以基于从多个设备接收的描述来生成。

    ADAPTIVE CLIENT-AWARE SESSION SECURITY
    133.
    发明申请
    ADAPTIVE CLIENT-AWARE SESSION SECURITY 审中-公开
    自适应客户端会议安全性

    公开(公告)号:US20160173518A1

    公开(公告)日:2016-06-16

    申请号:US15048823

    申请日:2016-02-19

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Nicholas Alexander Allen

    IPC: H04L29/06 H04L29/12

    CPC classification number: H04L63/1416 G06F21/45 G06F21/62 G06F2221/2101 G06F2221/2111 H04L61/2007 H04L63/08 H04L63/105 H04L63/1441

    Abstract: Source information for requests submitted to a system are classified to enable differential handling of requests over a session whose source information changes over the session. For source information (e.g., an IP address) classified as fixed, stronger authentication may be required to fulfill requests when the source information changes during the session. Similarly, for source information classified as dynamic, source information may be allowed to change without requiring the stronger authentication.

    Abstract translation: 提交给系统的请求的源信息被分类,以便能够通过会话的源信息更改的会话对请求进行差异处理。 对于分类为固定的源信息(例如,IP地址),当源信息在会话期间改变时,可能需要更强的认证来满足请求。 类似地,对于分类为动态的源信息,可以允许源信息改变而不需要更强的认证。

    TOKEN BASED ONE-TIME PASSWORD SECURITY
    135.
    发明申请
    TOKEN BASED ONE-TIME PASSWORD SECURITY 审中-公开
    基于TOKEN的一次性密码安全

    公开(公告)号:US20160112412A1

    公开(公告)日:2016-04-21

    申请号:US14976398

    申请日:2015-12-21

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Graeme David Baer Brian Irl Pratt

    IPC: H04L29/06

    CPC classification number: H04L63/0838 G06F21/34

    Abstract: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.

    Abstract translation: 描述了基于一次密码(OTP)的安全方案,其中提供商预先生成将在预定间隔内有效的许多验证码(例如,OTP码)。 然后,提供商对验证码进行编码(例如,通过用时间值对每个代码进行散列),并将验证码存储到数据结构中。 可以将数据结构提供给可以使用一组预先生成的OTP代码来验证从具有个人安全令牌的用户接收的请求的验证系统。

    Probabilistic key rotation
    136.
    发明授权
    Probabilistic key rotation 有权
    概率关键旋转

    公开(公告)号:US09300464B1

    公开(公告)日:2016-03-29

    申请号:US13922946

    申请日:2013-06-20

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth

    IPC: H04L9/08

    CPC classification number: H04L9/0891

    Abstract: Information, such as a cryptographic key, is used repeatedly in the performance of operations, such as certain cryptographic operations. To prevent repeated use of the information from enabling security breaches, the information is rotated (replaced with other information). To avoid the resource costs of maintaining a counter on the number of operations performed, decisions of when to rotate the information are performed based at least in part on the output of stochastic processes.

    Abstract translation: 诸如加密密钥的信息在诸如某些加密操作的操作的执行中被重复使用。 为了防止重复使用信息来实现安全漏洞,将旋转信息(替换为其他信息)。 为了避免对执行的操作数量维持计数器的资源成本,至少部分地基于随机过程的输出执行何时旋转信息的决定。

    Two factor authentication with authentication objects
    137.
    发明授权
    Two factor authentication with authentication objects 有权
    使用身份验证对象的双因素身份验证

    公开(公告)号:US09264419B1

    公开(公告)日:2016-02-16

    申请号:US14316691

    申请日:2014-06-26

    Applicant: Amazon Technologies, Inc.

    Inventor: Jesper Mikael Johansson Gregory Branchek Roth

    IPC: G06F7/04 H04L29/06 H04L9/32

    CPC classification number: H04L63/08 G06F21/45 G09C1/00 H04L9/3215 H04L9/3226 H04L9/3234 H04L9/3278 H04L63/0853 H04L2463/082

    Abstract: Representations of authentication objects are provided for selection via an interface. An authentication object may be generated to include information obtained from one or more sensors of a device. A selected authentication object may contain information sufficient for authentication with a corresponding system. The interface may provide multiple representations of authentication objects that are usable with different service providers. The interface, executed by a first device, may be configured to authenticate a second device.

    Abstract translation: 提供认证对象的表示,用于通过接口进行选择。 可以生成认证对象以包括从设备的一个或多个传感器获得的信息。 所选择的认证对象可以包含足以与对应系统进行认证的信息。 该接口可以提供可与不同服务提供商一起使用的认证对象的多个表示。 由第一设备执行的接口可以被配置为认证第二设备。

    ALLOCATING FINANCIAL RISK AND REWARD IN A MULTI-TENANT ENVIRONMENT
    138.
    发明申请
    ALLOCATING FINANCIAL RISK AND REWARD IN A MULTI-TENANT ENVIRONMENT 审中-公开
    在多重环境中分配财务风险和收益

    公开(公告)号:US20140236864A1

    公开(公告)日:2014-08-21

    申请号:US14262488

    申请日:2014-04-25

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Eric Jason Brandwine

    IPC: G06Q40/06

    CPC classification number: G06Q40/06

    Abstract: Multi-tenant resources can be funded using payment submitted with requests for those resources, such that the resources do not need to be associated with a specific user account. A resource can be allocated and available as long as payment has been provided. If a user wants the resource to be available for additional processing, for example, the user can submit another request with additional funding. The funding can come in the form of donations from any user, or in the form of investments where the investor expects some return on the investment in the form of revenue, visibility, or other such compensation. One or more management components can track funding for various resources, can accept and select bids for period of sponsorship, and can manage various donation models.

    Abstract translation: 可以使用通过对这些资源的请求提交的付款来资助多租户资源,使得资源不需要与特定用户帐户相关联。 只要已经提供付款,就可以分配资源。 如果用户希望该资源可用于额外的处理,例如,用户可以以额外的资金提交另一个请求。 资金来源可以是任何用户的捐款形式,也可以以投资形式投资,投资者希望以收入,可见度或其他此类补偿的形式预期投资回报。 一个或多个管理组件可以跟踪各种资源的资金,可以接受和选择投标期间的赞助,并可以管理各种捐赠模式。

    DELAYED DATA ACCESS
    139.
    发明申请
    DELAYED DATA ACCESS 审中-公开
    延迟数据访问

    公开(公告)号:US20140229739A1

    公开(公告)日:2014-08-14

    申请号:US13765239

    申请日:2013-02-12

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Matthew James Wren Eric Jason Brandwine Brian Irl Pratt

    IPC: G06F21/62

    CPC classification number: G06F21/6218 G06F2221/2137 H04L9/088 H04L63/0442 H04L63/06

    Abstract: A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system. Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches.

    Abstract translation: 系统使用与请求相关联的信息来确定是否以及如何处理请求。 信息可以由请求者使用密钥电子签名,使得处理请求的系统可以验证请求者具有密钥并且信息是真实的。 信息可以包括识别处理请求所需的密钥的持有者的信息,其中密钥的持有者可以是系统或另一个,可能是第三方系统。 可以处理对数据解密的请求,以确保在访问解密数据之前经过一定量的时间,从而提供取消这种请求和/或以其他方式缓解潜在安全漏洞的机会。

Patent Agency Ranking