-
公开(公告)号:US10397343B1
公开(公告)日:2019-08-27
申请号:US14543826
申请日:2014-11-17
Applicant: Amazon Technologies, Inc.
Abstract: Methods, systems, and computer-readable media for implementing distributed trace storage in a service-oriented system are disclosed. A plurality of trace events are generated for a plurality of service interactions between individual ones of a plurality of services. The services are implemented by a plurality of hosts. Individual ones of the trace events comprise respective trace identifiers. The trace events are stored at individual ones of the hosts at which the respective trace events were generated. In response to a request from a trace analysis system, a portion of the trace events are retrieved and sent from individual ones of the hosts to the trace analysis system.
-
公开(公告)号:US10333937B2
公开(公告)日:2019-06-25
申请号:US15612067
申请日:2017-06-02
Applicant: Amazon Technologies, Inc.
Abstract: A resource owner or administrator submits a request to a permissions management service to create a permissions grant which may include a listing of actions a user may perform on a resource. Accordingly, the permissions management service may create the permissions grant and use a private cryptographic key to digitally sign the created permissions grant. The permissions management service may transmit this digitally signed permissions grant, as well as a digital certificate comprising a public cryptographic key for validating the permissions grant, to a target resource. The target resource may use the public cryptographic key to validate the digital signature of the permissions grant and determine whether a user is authorized to perform one or more actions based at least in part on a request from the user to perform these one or more actions on the resource.
-
公开(公告)号:US10069806B2
公开(公告)日:2018-09-04
申请号:US15688255
申请日:2017-08-28
Applicant: Amazon Technologies, Inc.
Inventor: Daniel Wade Hitchcock , Darren Ernest Canavor , Tushaar Sethi
Abstract: Aspects related to the secure transfer and use of secret material are described. In one embodiment, an encrypted secret key and encrypted revocation data are imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret key or revocation data of a customer, as the secret key and revocation data are decrypted and stored within the trusted execution environment but not accessed in an unencrypted form. In turn, the provider can receive various instructions to perform cryptographic operations on behalf of the customer. Based on the outcome of a revocation check using the revocation data, the instructions can be performed by the trusted execution environment.
-
公开(公告)号:US09998444B2
公开(公告)日:2018-06-12
申请号:US15455169
申请日:2017-03-10
Applicant: Amazon Technologies, Inc.
Inventor: Jesper Mikael Johansson , Darren Ernest Canavor , Daniel Wade Hitchcock , Bharath Kumar Bhimanaik , Jon Arron McClintock
CPC classification number: H04L63/08 , G06F21/10 , G06F21/602 , H04L9/08 , H04L9/14 , H04L29/06639 , H04L29/06646 , H04L63/0407 , H04L63/0414 , H04L63/0421 , H04L63/0428 , H04L67/306 , H04L2209/38
Abstract: Disclosed are various embodiments for correlating a first use case-specific entity identifier with a second use case-specific entity identifier. A chained entity identifier corresponds to the first use case-specific entity identifier. The chained entity identifier can include the second use case-specific entity identifier cryptographically wrapped by a use case-specific key. The second use case-specific entity identifier can be received from the chained entity identifier. The second use case-specific entity identifier can be correlated to the first use case-specific entity identifier.
-
公开(公告)号:US20170272441A1
公开(公告)日:2017-09-21
申请号:US15612067
申请日:2017-06-02
Applicant: Amazon Technologies, Inc.
IPC: H04L29/06
CPC classification number: H04L63/10 , G06F21/10 , G06F21/33 , G06F21/34 , G06F21/604 , G06F21/6218 , H04L9/3234 , H04L9/3247 , H04L9/3263 , H04L63/102 , H04L63/12 , H04L63/123 , H04L63/126
Abstract: A resource owner or administrator submits a request to a permissions management service to create a permissions grant which may include a listing of actions a user may perform on a resource. Accordingly, the permissions management service may create the permissions grant and use a private cryptographic key to digitally sign the created permissions grant. The permissions management service may transmit this digitally signed permissions grant, as well as a digital certificate comprising a public cryptographic key for validating the permissions grant, to a target resource. The target resource may use the public cryptographic key to validate the digital signature of the permissions grant and determine whether a user is authorized to perform one or more actions based at least in part on a request from the user to perform these one or more actions on the resource.
-
Patent Agency Ranking
公开(公告)号:US20170032111A1
公开(公告)日:2017-02-02
申请号:US14809762
申请日:2015-07-27
Applicant: Amazon Technologies, Inc.
Inventor: Jesper Mikael Johansson , Darren Ernest Canavor , Daniel Wade Hitchcock , Bharath Kumar Bhimanaik
CPC classification number: G06F21/31 , G06F21/33 , G06F21/44 , H04L63/0838 , H04L63/0884 , H04L2463/082
Abstract: Disclosed are various embodiments for providing multi-factor authentication credentials. For example, a first application may send an authentication request to a first authentication service, where the request specifies a first authentication factor. A second application may generate a user interface upon a display, where the user interface facilitates entry of a user approval. In response to receiving the user approval, the second application may send a second authentication factor to a second authentication service that acts as a proxy for the first authentication service. In some embodiments, an application may be configured to automatically transfer a one-time password or other authentication factor to a recipient in response to receiving a user approval.
Abstract translation: 公开了用于提供多因素认证证书的各种实施例。 例如,第一应用可以向第一认证服务发送认证请求,其中请求指定第一认证因素。 第二应用可以在显示器上生成用户界面,其中用户界面便于用户批准的输入。 响应于接收到用户许可,第二应用可以向作为第一认证服务的代理的第二认证服务发送第二认证因素。 在一些实施例中,应用可以被配置为响应于接收到用户批准而将一次性密码或其他认证因子自动传送到接收者。
-
公开(公告)号:US09251375B1
公开(公告)日:2016-02-02
申请号:US14019120
申请日:2013-09-05
Applicant: Amazon Technologies, Inc.
Inventor: Jon Arron McClintock , Darren Ernest Canavor , Daniel Wade Hitchcock , Jesper Mikael Johansson , Bharath Kumar Bhimanaik
CPC classification number: G06F21/64 , G06F21/6218
Abstract: Use case-specific entity identifiers are disclosed. Entity data associated with an actual entity identifier of an entity is generated. A use case-specific entity identifier is generated based at least in part on encrypting the actual entity identifier using reversible encryption. The entity data, in association with the use case-specific entity identifier, is sent to another service.
Abstract translation: 披露用例特定的实体标识符。 生成与实体的实际实体标识符相关联的实体数据。 至少部分地基于使用可逆加密对实际实体标识符进行加密来生成用例专用实体标识符。 与用例专用实体标识符相关联的实体数据被发送到另一个服务。
-
公开(公告)号:US10686834B1
公开(公告)日:2020-06-16
申请号:US15440385
申请日:2017-02-23
Applicant: Amazon Technologies, Inc.
Inventor: Daniel Wade Hitchcock , Max Harwell Funderburk , Mathew Persons Jack
Abstract: Disclosed are various embodiments for detecting malicious activity through the use of inert input parameters to a web service or web page. A service request is received from a client computing device via a service endpoint. A modification is detected to an expected parameter in the service request. The expected parameter is configured to be inert in effect with respect to the service when the expected parameter has not been modified. One or more actions are initiated in response to the modification.
-
公开(公告)号:US10541993B2
公开(公告)日:2020-01-21
申请号:US15962339
申请日:2018-04-25
Applicant: Amazon Technologies, Inc.
Inventor: Jesper Mikael Johansson , Darren Ernest Canavor , Daniel Wade Hitchcock , Chandra Sekhar Venkata Bhanu Vijyapurpu
Abstract: Disclosed are various embodiments that perform confidence-based authentication of a user. An identification of a user account is obtained from a user, and a minimum confidence threshold is determined. Multiple authentication challenges are presented to the user. Responses are obtained from the user to one or more of the challenges, with each response having a corresponding authentication point value. A confidence score is generated for the user, where the confidence score is increased by the respective authentication point values of the correct responses. The user is authenticated as being associated with the user account in response to determining that the confidence score meets the minimum confidence threshold.
-
公开(公告)号:US10475018B1
公开(公告)日:2019-11-12
申请号:US14093143
申请日:2013-11-29
Applicant: Amazon Technologies, Inc.
Inventor: Daniel Wade Hitchcock , Brad Lee Campbell
Abstract: Disclosed are various embodiments for updating account data with multiple account providers. Account management logic determines that personal information associated with a user has been updated. Multiple accounts of the user that may use the personal information are determined. The accounts are with multiple account providers. Corresponding account update requests for the accounts are sent to the account providers. The account update requests specify the personal information that has been updated.
-
-
-
-
-
-
-
-
-
Search Results
48
records
(took 0.024 seconds)
