知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

22 records (took 0.021 seconds)

    CONNECTION CONTROL FOR VIRTUALIZED ENVIRONMENTS
    13.
    发明申请
    CONNECTION CONTROL FOR VIRTUALIZED ENVIRONMENTS 审中-公开

    公开(公告)号:US20190199726A1

    公开(公告)日:2019-06-27

    申请号:US16289267

    申请日:2019-02-28

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Andrew Paul Mikulski

    IPC: H04L29/06

    CPC classification number: H04L63/10 H04L63/1433 H04L63/20

    Abstract: The launching of new software code, virtual machines, and other such instances can undergo one or more scans before being fully available in an electronic environment. One or more policies may apply to such a launch, which can cause the launch to first be performed under a first network configuration, wherein the instance may not be granted access to resources other than scanning infrastructure. After one or more scans are performed, the results can be compared against the policies and, if the results pass, the instance can be caused to operate in a second network configuration, whether launching a new instance in a production environment, altering the configuration of the network, or other such tasks. The policies can be set by a provider of the relevant resources, an administrator of one or more affected resources, an administrator of the instance, or another appropriate party.

    Credential management
    16.
    发明授权
    Credential management 有权
    凭证管理

    公开(公告)号:US09544292B2

    公开(公告)日:2017-01-10

    申请号:US14963760

    申请日:2015-12-09

    Applicant: Amazon Technologies, Inc.

    Inventor: James Leon Irving, Jr. Andrew Paul Mikulski Gregory Branchek Roth William Frederick Kruse

    IPC: H04L29/00 H04L29/06

    CPC classification number: H04L63/08 H04L63/10 H04L63/102 H04L63/108 H04L63/12

    Abstract: A credential management system is described that provides a way to disable and/or rotate credentials, such as when a credential is suspected to have been compromised, while minimizing potential impact to various systems that may depend on such credentials. The credentials may be disabled temporarily at first and the availability of various resources is monitored for changes. If no significant drop of availability in the resources has occurred, the credential may be disabled for a longer period of time. In this manner, the credentials may be disabled and re-enabled for increasingly longer time intervals until it is determined with sufficient confidence/certainty that disabling the credential will not adversely impact critical systems, at which point the credential can be rotated and/or permanently disabled. This process also enables the system to determine which systems are affected by a credential in cases where such information is not known.

    Abstract translation: 描述了一种凭证管理系统,其提供了一种方法来禁用和/或转动凭证,例如当证书被怀疑已经被泄露时,同时最小化可能依赖于这些证书的各种系统的潜在影响。 首先可以临时禁用凭据,并监控各种资源的可用性以进行更改。 如果资源中的可用性没有明显下降,则该凭证可能会被禁用较长时间。 以这种方式,凭证可以被禁用并被重新启用,以便越来越长的时间间隔,直到以足够的置信/确定性确定,禁用证书将不会对关键系统产生不利影响,在该时刻可以转移和/或永久地证明证书 残疾人士 该过程还使系统能够确定在不知道这些信息的情况下哪些系统受到凭证的影响。

    CONTRIBUTION SIGNATURES FOR TAGGING
    18.
    发明申请
    CONTRIBUTION SIGNATURES FOR TAGGING 有权

    公开(公告)号:US20210211304A1

    公开(公告)日:2021-07-08

    申请号:US17212915

    申请日:2021-03-25

    Applicant: Amazon Technologies, Inc.

    Inventor: William Frederick Hingle Kruse Conor Patrick Cahill Jeffrey Cicero Canton Dmitry Frenkel Harshad Vasant Kulkarni Colin Watson Andrew Paul Mikulski

    IPC: H04L9/32 G06F12/14 H04L29/06

    Abstract: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).

    Connection control for virtualized environments
    19.
    发明授权
    Connection control for virtualized environments 有权

    公开(公告)号:US10542005B2

    公开(公告)日:2020-01-21

    申请号:US16289267

    申请日:2019-02-28

    Applicant: Amazon Technologies, Inc.

    Inventor: Gregory Branchek Roth Andrew Paul Mikulski

    IPC: H04L29/06

    Abstract: The launching of new software code, virtual machines, and other such instances can undergo one or more scans before being fully available in an electronic environment. One or more policies may apply to such a launch, which can cause the launch to first be performed under a first network configuration, wherein the instance may not be granted access to resources other than scanning infrastructure. After one or more scans are performed, the results can be compared against the policies and, if the results pass, the instance can be caused to operate in a second network configuration, whether launching a new instance in a production environment, altering the configuration of the network, or other such tasks. The policies can be set by a provider of the relevant resources, an administrator of one or more affected resources, an administrator of the instance, or another appropriate party.

Patent Agency Ranking