公开(公告)号：US09769021B2

公开(公告)日：2017-09-19

申请号：US14977392

申请日：2015-12-21

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Eric Jason Brandwine ,  Andrew J. Doane

IPC: H04L12/28 ,  H04L12/24 ,  H04L12/727 ,  H04L12/721 ,  H04L12/707 ,  H04L12/701 ,  H04L12/26

CPC classification number: H04L41/0826 ,  H04L43/50 ,  H04L45/00 ,  H04L45/121 ,  H04L45/14 ,  H04L45/22

Abstract: Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing cost information to update the configuration of the managed computer network, and/or includes determining actual cost information corresponding to use of an underlying substrate network and providing routing cost information to the client that reflects the determined actual cost information, so as to enable the client to modify the configuration of the managed computer network accordingly.

公开(公告)号：US20170262300A1

公开(公告)日：2017-09-14

申请号：US15430957

申请日：2017-02-13

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Aaron Douglas Dokey ,  Ajith Jayamohan ,  Ian Roger Searle

IPC: G06F9/455 ,  G06F12/14 ,  H04L12/26 ,  H04L29/06 ,  H04L12/851

CPC classification number: G06F9/455 ,  G06F9/45533 ,  G06F9/45558 ,  G06F12/14 ,  G06F2009/45591 ,  G06F2009/45595 ,  H04L29/06877 ,  H04L43/026 ,  H04L43/028 ,  H04L43/04 ,  H04L43/045 ,  H04L43/16 ,  H04L47/2441 ,  H04L63/0227 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1458

Abstract: Approaches are described for collecting and/or utilizing network traffic information, such as network flow data, within a virtualized computing environment. The network traffic information can be collected on one or more host computing devices that host virtual machines. The collected network traffic information can include virtualized computing environment specific information, such as a user account identifier (ID), virtual machine identifier (ID), session termination information and the like. The collected network traffic information can also be presented to the user of the virtualized computing environment.

公开(公告)号：US09756018B2

公开(公告)日：2017-09-05

申请号：US15179700

申请日：2016-06-10

Applicant: Amazon Technologies, Inc.

Inventor： Andrew J. Doane ,  Eric Jason Brandwine

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L63/0272 ,  H04L61/2069 ,  H04L63/10 ,  H04L67/18 ,  H04L67/34 ,  H04L67/36

Abstract: Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various ways. For example, a user may programmatically invoke an API provided by the configurable network service to obtain assistance in establishing remote access from a remote location to a provided computer network of the configurable network service, such as to establish a VPN connection from the remote location to the provided computer network using hardware and/or software supplied to the remote location in response to the API invocation.

公开(公告)号：US09722871B2

公开(公告)日：2017-08-01

申请号：US14715412

申请日：2015-05-18

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Eric Jason Brandwine ,  Andrew J. Doane

IPC: H04L12/24 ,  H04L12/751 ,  H04L12/715 ,  H04L12/713

CPC classification number: H04L41/0816 ,  H04L41/12 ,  H04L45/02 ,  H04L45/04 ,  H04L45/586

Abstract: Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.

公开(公告)号：US09686349B2

公开(公告)日：2017-06-20

申请号：US14721878

申请日：2015-05-26

Applicant: Amazon Technologies, Inc.

Inventor： Daniel T. Cohn ,  Eric Jason Brandwine ,  Andrew J. Doane

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06 ,  H04L29/12 ,  H04L12/24

CPC classification number: H04L41/0816 ,  H04L41/08 ,  H04L41/0806 ,  H04L61/103 ,  H04L61/2007 ,  H04L61/251 ,  H04L61/6004 ,  H04L61/6059 ,  H04L63/0272 ,  H04L67/10 ,  H04L67/16

Abstract: Techniques are described for managing communications between multiple computing nodes, such as for computing nodes that are part of managed virtual computer networks provided on behalf of users or other entities. In some situations, one or more of the computing nodes of a managed virtual computer network is configured to perform actions to extend capabilities of the managed virtual computer network to other computing nodes that are not part of the managed virtual computer network, such as by forwarding communications between computing nodes of the managed virtual computer network and the other external computing nodes so as to enable the other external computing nodes to participate in the managed virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

公开(公告)号：US09652617B1

公开(公告)日：2017-05-16

申请号：US13926211

申请日：2013-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Ethan Zane Evans ,  David Allen Markley ,  Eric Jason Brandwine

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F21/57 ,  G06F21/56

CPC classification number: G06F21/57 ,  G06F21/53 ,  G06F21/56 ,  G06F21/562 ,  G06F21/566 ,  G06F21/6245

Abstract: In various embodiments, static, dynamic, and behavioral analyses may be performed on an application. A set of code fragments employed by the application may be determined. A set of device resources employed by the application may be determined. An application fingerprint is generated for the application and potentially malicious component and/or behaviors are identified. The application fingerprint encodes identifiers for the set of code fragments and identifiers for the set of device resources.

公开(公告)号：US20170134348A1

公开(公告)日：2017-05-11

申请号：US15410450

申请日：2017-01-19

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Matthew James Wren ,  Eric Jason Brandwine ,  Brian Irl Pratt

IPC: H04L29/06 ,  G06F21/62 ,  H04L29/08 ,  G06F21/60

CPC classification number: H04L63/0471 ,  G06F21/602 ,  G06F21/6218 ,  G06F2221/2101 ,  H04L9/0894 ,  H04L9/3242 ,  H04L9/3247 ,  H04L63/045 ,  H04L63/08 ,  H04L67/1097 ,  H04L2209/76

Abstract: A distributed computing environment utilizes a cryptography service. The cryptography service manages keys securely on behalf of one or more entities. The cryptography service is configured to receive and respond to requests to perform cryptographic operations, such as encryption and decryption. The requests may originate from entities using the distributed computing environment and/or subsystems of the distributed computing environment.

公开(公告)号：US09641434B1

公开(公告)日：2017-05-02

申请号：US14573636

申请日：2014-12-17

Applicant: Amazon Technologies, Inc.

Inventor： Douglas Stewart Laurence ,  Eric Jason Brandwine ,  Andrew Bruce Dickinson ,  James Christopher Sorenson, III

IPC: H04L12/743 ,  H04L12/56

CPC classification number: H04L45/741 ,  H04L45/7453

Abstract: Private network address obfuscation and verification methods and apparatus that may obfuscate private network source addresses embedded in packet header addresses when sending packets from private networks onto or over external, public networks, and that verify incoming packets to the private networks using the obfuscated private network addresses embedded in the incoming packet header destination addresses. Obfuscating the private network addresses embedded in outgoing packets and verifying incoming packets according to the obfuscated content embedded in the destination addresses may help keep the private network addresses of endpoints on the private network hidden in the packet header content on public networks and difficult to detect by entities on the public networks, which may, for example, make malicious activities such as denial of service (DoS) attacks on the private network impractical.

公开(公告)号：US09639705B1

公开(公告)日：2017-05-02

申请号：US14742247

申请日：2015-06-17

Applicant: Amazon Technologies, Inc.

Inventor： Graeme D. Baer ,  Eric Jason Brandwine

IPC: G06F21/00 ,  G06F21/60 ,  G06F21/62 ,  H04L9/08

CPC classification number: G06F21/602 ,  G06F21/6218 ,  H04L9/0894

Abstract: Large volumes of data to be securely imported to, and exported from, a data storage service or other such location in a secure manner without a customer having to manage keys or encryption. A data management component can execute on a client device that can identify data to be stored and obtain the appropriate key for encrypting the data. Once the data is encrypted, the data can be transmitted to the data storage service. When the data is received to the data storage service, an ingestion station reads the encrypted data and causes the encrypted data to be stored to the data storage service. The data remains encrypted from the client device through being stored to the data storage service. When a request for the data is received, access to the key can be obtained and the data decrypted and returned in response to the request.

公开(公告)号：US09525684B1

公开(公告)日：2016-12-20

申请号：US14710431

申请日：2015-05-12

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine

IPC: G06F21/00 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/083 ,  G06F21/44 ,  G06F21/64 ,  H04L67/02 ,  H04L67/10

Abstract: A user who is authenticated to a system or service across a network can receive a token that includes a device fingerprint. The fingerprint can include information that is obtained from the client device through which the user supplied authentication credentials. The client device can be configured to include that token with subsequent requests. When a request is received, the information in the fingerprint can be extracted from the token and compared to information obtained from the device submitting that request. If the information matches within at least an allowable match threshold, for example, the request can be processed. If the information in the fingerprint does not match the current values of the device from which the request was received, the request can be denied or a remedial action performed.