-
公开(公告)号:US20230239289A1
公开(公告)日:2023-07-27
申请号:US18194891
申请日:2023-04-03
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Graeme David Baer , Brian Irl Pratt
CPC classification number: H04L63/0838 , G06F21/34
Abstract: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.
-
公开(公告)号:US11368300B2
公开(公告)日:2022-06-21
申请号:US16812085
申请日:2020-03-06
Applicant: Amazon Technologies, Inc.
Abstract: A request to perform a cryptographic operation is received, the request including a first identifier assigned to a key group, the key group comprising a plurality of second identifiers, with the plurality of second identifiers corresponding to a plurality of cryptographic keys. A second identifier is determined, according to a distribution scheme, from the plurality of second identifiers, and the cryptographic operation is performed using a cryptographic key of the plurality of cryptographic keys that corresponds to the second identifier that was determined.
-
公开(公告)号:US11361063B2
公开(公告)日:2022-06-14
申请号:US16406758
申请日:2019-05-08
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Daniel Stephen Popick , Derek Avery Lyon , John Michael Morkel , Graeme David Baer , Ajith Harshana Ranabahu , Khaled Salah Sedky
IPC: G06F21/33 , H04L43/55 , H04L9/40 , G06F21/62 , G06F21/60 , G06F16/93 , G06F21/52 , G06F21/31 , G06F3/06 , G06F21/12 , G06F21/57
Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.
-
公开(公告)号:US20220058274A1
公开(公告)日:2022-02-24
申请号:US17227021
申请日:2021-04-09
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Anders Samuelsson , Bradley Jeffery Behm
Abstract: Customers of a service provider are able to provision compartments of the accounts. The both the accounts and the compartments, in some embodiments, may have associated computing resources and identities. One or more identities of the account may be authorized to perform administrative operations in the compartment. Identities of the compartment may lack the ability to perform any administrative actions outside of the compartment but inside of the account.
-
公开(公告)号:US11042869B1
公开(公告)日:2021-06-22
申请号:US14503324
申请日:2014-09-30
Applicant: Amazon Technologies, Inc.
Inventor: Matthew Ryan Jezorek , Scott Kenneth Bishop , Brenda Renee' Campbell , Darren Ernest Canavor , Scott Donald Gregory , Jesper Mikael Johansson , David James Kane-Parry , Eric Michael Laird , Brian Young Lee , Ido Mittelman , Gregory Branchek Roth , James Arthur Wilson
Abstract: A payment object service receives a request from a giver to associate a payment amount to an object. The request includes one or more images of the object and recipient information, which the payment object service uses to determine whether the association between these images and the information is unique. If the association is unique, the payment object service updates a database to associate the payment amount to the object and enable redemption of the payment amount. When the payment object service receives a request to redeem at least a portion of the payment amount, the payment object service may use one or more images and recipient information obtained from the request to verify that the images and information together correspond to the object. Once the redemption is complete, the payment object service may update the database to specify the current remaining payment amount.
-
Patent Agency Ranking
公开(公告)号:US10924482B1
公开(公告)日:2021-02-16
申请号:US14576141
申请日:2014-12-18
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine , Graeme David Baer
Abstract: A computing resource service provides flexible configuration of authorization rules. A set of authorization rules which define whether fulfillment of requests. The set of authorization rules are applied to a request of a first type which is mapped to a request of a second type. The request of the second type is used for fulfillment of the request of the first type when the authorization rules so allow.
-
公开(公告)号:US10924286B2
公开(公告)日:2021-02-16
申请号:US15942039
申请日:2018-03-30
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Alan Rubin , Gregory Branchek Roth
Abstract: Cryptographic keys can include logging properties that enable those keys to be used only if the properties can be enforced by the cryptographic system requested to perform one or more actions using the keys. The logging property can specify how to log use of a respective key. A key can also include a mutability property for specifying whether the logging property can be changed, and if so under what circumstances or in which way(s). The ability to specify and automatically enforce logging can be important for environments where audit logs are essential. These can include, for example, public certificate authorities that must provide accurate and complete audit trails. In cases where the data is not to be provided outside a determined secure environment, the key can be generated with a property indicating not to log any of the usage.
-
公开(公告)号:US10855690B2
公开(公告)日:2020-12-01
申请号:US15987308
申请日:2018-05-23
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Gregory Alan Rubin
Abstract: A secret is stored in a computing device. The device generates a value determined based at least in part on a substantially random process. As a result of the value satisfying a condition, the device causes the secret to be unusable to perform cryptographic operations such that the device is unable to cause the secret to be restored. The secret may be programmatically unexportable from the device.
-
公开(公告)号:US10834117B2
公开(公告)日:2020-11-10
申请号:US15451204
申请日:2017-03-06
Applicant: Amazon Technologies, Inc.
Inventor: Andrew Paul Mikulski , Gregory Branchek Roth , Matthew John Campagna
Abstract: A system records use of values used in cryptographic algorithms where the values are subject to uniqueness constraints. As new values are received, the system checks whether violations of a unique constraint has occurred. If a violation occurs, the system performs actions to mitigate potential compromise caused by exploitation of a vulnerability caused by violation of the uniqueness constraint.
-
公开(公告)号:US10771255B1
公开(公告)日:2020-09-08
申请号:US14225264
申请日:2014-03-25
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine
Abstract: Data storage operation commands are digitally signed to enhance data security in a distributed system. A data storage client and a data storage node may share access to a cryptographic key. The data storage client uses the cryptographic key to digitally sign commands transmitted to the data storage node. The data storage node uses its copy of the cryptographic key to verify a digital signature of a command before fulfilling the command. The command may include a log of database transactions to process.
-
-
-
-
-
-
-
-
-
Search Results
385
records
(took 0.022 seconds)
