知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

385 records (took 0.032 seconds)

    CONNECTION CONTROL FOR VIRTUALIZED ENVIRONMENTS
    161.
    发明申请
    CONNECTION CONTROL FOR VIRTUALIZED ENVIRONMENTS 审中-公开

    公开(公告)号:US20190199726A1

    公开(公告)日:2019-06-27

    申请号:US16289267

    申请日:2019-02-28

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Andrew Paul Mikulski

    IPC: H04L29/06

    CPC classification number: H04L63/10 H04L63/1433 H04L63/20

    Abstract: The launching of new software code, virtual machines, and other such instances can undergo one or more scans before being fully available in an electronic environment. One or more policies may apply to such a launch, which can cause the launch to first be performed under a first network configuration, wherein the instance may not be granted access to resources other than scanning infrastructure. After one or more scans are performed, the results can be compared against the policies and, if the results pass, the instance can be caused to operate in a second network configuration, whether launching a new instance in a production environment, altering the configuration of the network, or other such tasks. The policies can be set by a provider of the relevant resources, an administrator of one or more affected resources, an administrator of the instance, or another appropriate party.

    Certificate echoing for session security
    163.
    发明授权
    Certificate echoing for session security 有权

    公开(公告)号:US10298404B1

    公开(公告)日:2019-05-21

    申请号:US14569608

    申请日:2014-12-12

    Applicant: Amazon Technologies, Inc.

    Inventor: Bradley Jeffery Behm Gregory Branchek Roth Gregory Alan Rubin

    IPC: H04L9/32

    Abstract: A client establishes a cryptographically protected communications session with a server. To detect a man-in-the-middle, the client echoes information about a certificate purportedly received from the server. The information echoed by the client is digitally signed so as to be verifiable by the server without any cryptographic key used in the cryptographically protected communications session or its establishment, thereby rendering the echoed information unmodifiable by a man-in-the-middle without invalidating the signature. The server can therefore verify both the echoed information and the digital signature to determine whether it has established a cryptographically protected communications session with the client or with a man-in-the-middle purporting to be the client.

    TRUSTED DATA VERIFICATION
    164.
    发明申请
    TRUSTED DATA VERIFICATION 审中-公开

    公开(公告)号:US20190149339A1

    公开(公告)日:2019-05-16

    申请号:US16246331

    申请日:2019-01-11

    Applicant: Amazon Technologies, Inc.

    Inventor: Benjamin Elias Seidenberg Gregory Branchek Roth Benjamin Tillman Farley

    IPC: H04L9/32 H04L9/08

    Abstract: Electronically signed data is persistently stored in data storage. After the passage of time, the data may be accessed and presented to a trusted entity for verification of the data. The trusted entity may have access to secret information used to sign the data. The trusted entity may use the secret information to verify an electronic signature of the data. One or more actions may be taken based at least in part on a response provided by the verification system.

    Data integrity verification
    165.
    发明授权
    Data integrity verification 有权

    公开(公告)号:US10263997B2

    公开(公告)日:2019-04-16

    申请号:US15217624

    申请日:2016-07-22

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Gregory Alan Rubin Matthew John Campagna Petr Praus

    IPC: G06F21/00 H04L29/06 G06F21/60 G06F21/64

    Abstract: A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.

    REVOCABLE STREAM CIPHERS FOR UPGRADING ENCRYPTION IN A SHARED RESOURCE ENVIRONMENT
    167.
    发明申请
    REVOCABLE STREAM CIPHERS FOR UPGRADING ENCRYPTION IN A SHARED RESOURCE ENVIRONMENT 审中-公开

    公开(公告)号:US20190109708A1

    公开(公告)日:2019-04-11

    申请号:US16204391

    申请日:2018-11-29

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth

    IPC: H04L9/08

    CPC classification number: H04L9/0819 H04L9/065 H04L9/0891

    Abstract: Encryption of data across an environment, such as a shared resource environment, can be updated using keys generated using one or more revocable stream cipher algorithms. Data stored in the environment can be encrypted under a first key, or other such secret. When it is desired to update the encryption, a second key can be generated under which the data is to be re-encrypted. Instead of distributing the second key, a revocable stream cipher generator can generate an intermediate key based on the first and second keys, that when processed with the first key will produce the second key. Such an approach enables data to be re-encrypted under the second key without distributing the second key. Further, the unencrypted data will not be exposed in the process. In some embodiments, the re-encryption can be performed on an as-needed basis in order to reduce processing requirements.

    RESOURCE LOCATORS WITH KEYS
    169.
    发明申请
    RESOURCE LOCATORS WITH KEYS 审中-公开

    公开(公告)号:US20190068560A1

    公开(公告)日:2019-02-28

    申请号:US16171227

    申请日:2018-10-25

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Eric Jason Brandwine

    IPC: H04L29/06 H04L29/08 H04L9/32

    Abstract: Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.

    DURABLE CRYPTOGRAPHIC KEYS
    170.
    发明申请
    DURABLE CRYPTOGRAPHIC KEYS 审中-公开

    公开(公告)号:US20190058587A1

    公开(公告)日:2019-02-21

    申请号:US16167377

    申请日:2018-10-22

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Gregory Alan Rubin

    IPC: H04L9/08 G06F12/14

    Abstract: Cryptographic keys are durably stored for an amount of time. A cryptographic key is encrypted so as to be decryptable using another cryptographic key that has a limited lifetime. The other cryptographic key can be used to decrypt the encrypted cryptographic key to restore the cryptographic key during the lifetime of the other cryptographic key. After the lifetime of the other cryptographic key, if a copy of the cryptographic key is lost (e.g., inadvertently and unrecoverably deleted from memory), the cryptographic key becomes irrecoverable.

Patent Agency Ranking