公开(公告)号：US09503451B1

公开(公告)日：2016-11-22

申请号：US14571264

申请日：2014-12-15

Applicant: Amazon Technologies, Inc.

Inventor： David James Kane-Parry ,  Darren Ernest Canavor ,  Jesper Mikael Johansson

IPC: G06F15/16 ,  H04L29/06

CPC classification number: G06F21/46 ,  H04L63/083 ,  H04L63/1441 ,  H04L2463/102

Abstract: Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor.

Abstract translation: 可以提供用于维护用于多个帐户的可能受损的认证信息的技术。 单个认证信息可以与一个或多个标签相关联，该标签指示还提供和维护其他潜在受损认证信息的请求者的访问权限。 可能基于一个或多个标签来响应于来自请求者的针对可能受到损害的认证信息的请求来确定潜在受损认证信息的子集。 在一个实施例中，潜在受损的认证信息的子集可以被提供给请求者。

公开(公告)号：US10708256B1

公开(公告)日：2020-07-07

申请号：US14882120

申请日：2015-10-13

Applicant: Amazon Technologies, Inc.

Inventor： David James Kane-Parry ,  David Alan Blunt

IPC: H04L29/06

Abstract: A certificate manager allows a particular entity such as an individual computer system, computer application, or network service, to define a customized set of rules that are used to identify digital certificates that are trusted by the particular entity. When a digital certificate is presented to the entity, the certificate manager determines whether the digital certificate is trustworthy by examining the characteristics of the certificate such as the expiration of the certificate, the characteristics of the certificate authorities that signed the digital certificate, or the signing algorithms used to generate the digital signatures on the certificate. The certificate manager may be combined with trusted root CA stores, pinned certificate stores, and other certificate management systems to define a customized set of potentially trusted certificates based on the characteristics of the particular entity.

公开(公告)号：US10423775B1

公开(公告)日：2019-09-24

申请号：US14297385

申请日：2014-06-05

Applicant: Amazon Technologies, Inc.

Inventor： David James Kane-Parry ,  Phivos Costas Aristides ,  Darren Ernest Canavor ,  Scott Donald Gregory ,  Matthew Ryan Jezorek ,  Jesper Mikael Johansson ,  Brian Young Lee

IPC: G06F21/46

Abstract: Entities of an organization may have difficulties generating and remembering strong passwords. A password management service may generate passwords with high entropy and aid entities in remembering generated passwords. The password management service may generate a list of passwords based on a seed value provided by the entities. The entities may then select a password from the list of passwords to be used at the entities' password. Furthermore, the entities may be allowed to save the list of passwords to aid the entities in remembering their selected password from the list of passwords.

公开(公告)号：US20190124110A1

公开(公告)日：2019-04-25

申请号：US16230901

申请日：2018-12-21

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Christopher Dunn ,  Alexis Floyd ,  David James Kane-Parry ,  Volker Helmut Mosthaf ,  Christopher Gordon Williams

IPC: H04L29/06 ,  H04L29/08 ,  G06Q10/08 ,  G06Q20/40 ,  H04L9/32 ,  H04L12/46

CPC classification number: H04L63/1433 ,  G06Q10/083 ,  G06Q20/405 ,  H04L9/3268 ,  H04L12/4625 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/101 ,  H04L63/1441 ,  H04L63/1483 ,  H04L67/10 ,  H04L2209/26 ,  H04L2209/56

Abstract: A first computer is selected for testing. Information sent from a second computer system to the first computer is intercepted. The information is modified to be noncompliant with a communication protocol, thereby producing noncompliant information. A determination is made whether the first computer device has failed to provide a particular response to receipt of the noncompliant information, and an operation is performed based at least in part on the determination.

公开(公告)号：US10223524B1

公开(公告)日：2019-03-05

申请号：US15833410

申请日：2017-12-06

Applicant: Amazon Technologies, Inc.

Inventor： David James Kane-Parry ,  Darren Ernest Canavor ,  Jesper Mikael Johansson

IPC: G06F21/46 ,  H04L29/06

Abstract: Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor.

公开(公告)号：US09838384B1

公开(公告)日：2017-12-05

申请号：US14571247

申请日：2014-12-15

Applicant: Amazon Technologies, Inc.

Inventor： David James Kane-Parry ,  Darren Ernest Canavor ,  Jesper Mikael Johansson

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/31 ,  G06Q30/06

CPC classification number: H04L63/083 ,  G06F21/316 ,  G06Q30/0601

Abstract: Techniques for marking or flagging an account as potentially being compromised may be provided. Information about the popularity of passwords associated with a plurality of accounts may be maintained. In an example, an account may be marked as potentially being compromised based at least in part on the information about the popularity of passwords and a password included in a request to change the password associated with the account. A notification indicating that an account has been marked as potentially compromised may be generated.

公开(公告)号：US09336381B1

公开(公告)日：2016-05-10

申请号：US13858448

申请日：2013-04-08

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： David James Kane-Parry ,  Thibault Candebat

IPC: G06F21/00 ,  G06F21/50

CPC classification number: G06F21/50 ,  G06F21/577 ,  G06F2221/033

Abstract: Techniques are described for identifying security credentials or other sensitive information based on an entropy-based analysis of information included in documents such as source code files, object code files, or other types of files. A baseline information entropy may be determined for one or more documents, indicating a baseline level of randomness for information in the document(s). One or more of the documents may be analyzed to identify the presence of high entropy portions that have an information entropy above a threshold value. The threshold value may be based on the baseline information entropy, or based on other criteria such as a programming language of the document(s). Because security credentials may have a higher level of information entropy than the surrounding code, any high entropy portions of the document(s) may be identified as potential security risks.

Abstract translation: 描述了基于对诸如源代码文件，目标代码文件或其他类型的文件的文档中包括的信息的基于熵的分析来识别安全凭证或其他敏感信息的技术。 可以为一个或多个文档确定基线信息熵，指示文档中的信息的基准随机性水平。 可以分析一个或多个文档以识别具有高于阈值的信息熵的高熵部分的存在。 阈值可以基于基线信息熵，或者基于诸如文档的编程语言的其他标准。 由于安全凭证可能具有比周围代码更高级别的信息熵，所以文档的任何高熵部分可被识别为潜在的安全风险。