公开(公告)号：US09756012B1

公开(公告)日：2017-09-05

申请号：US14305848

申请日：2014-06-16

Applicant: Amazon Technologies, Inc.

Inventor： Chirag Pravin Pandya ,  Connor John Yorks ,  Krithi Rai ,  Lawrence Hun-Gi Aung

IPC: G06F15/177 ,  H04L29/12

CPC classification number: H04L61/3025 ,  H04L61/1511

Abstract: A computing resource service receives a request from a customer to assign a domain name to a computing resource. The computing resource service may submit a query to a domain name system service to determine whether the domain name has been reserved for the customer. The domain name system service may provide an encrypted alias record corresponding to the requested domain name and specifying one or more identifiers of customers for whom the domain name has been reserved. The computing resource service may decrypt the alias record and determine whether the customer corresponds to one of the one or more identifiers within the alias record. If the customer does correspond to one of the one or more identifiers within the alias record, the computing resource service may assign the domain name to the computing resource.

公开(公告)号：US20170149780A1

公开(公告)日：2017-05-25

申请号：US15424691

申请日：2017-02-03

Applicant: Amazon Technologies, Inc.

Inventor： Erik Jonathon Tellvik ,  Gaurang Pankaj Mehta ,  Ajit Nagendra Padukone ,  Chirag Pravin Pandya ,  Colin Harrison Brace ,  Deepak Suryanarayanan ,  Guruprakash Bangalore Rao ,  Krithi Rai ,  Malcolm Russell Ah Kun ,  Sameer Palande ,  Shon Kiran Shah ,  Vivek Lakshmanan

IPC: H04L29/06

CPC classification number: H04L63/0807 ,  H04L63/083

Abstract: A virtual computing environment service may receive a request from a customer to provision a virtual computing environment and join the virtual computing environment to a managed directory. The virtual computing environment service may provision the virtual computing environment and uses a set of administrator credentials from the customer and a set of credentials corresponding to the environment to access the managed directory and request joining of the environment to the managed directory. In response, the managed directory may create a computer account corresponding to the environment and which enables the environment to be used to access the managed directory. The virtual computing environment service may then enable the customer to specify one or more users that may utilize the virtual computing environment to access the managed directory.

公开(公告)号：US09641522B1

公开(公告)日：2017-05-02

申请号：US14538003

申请日：2014-11-11

Applicant: Amazon Technologies, Inc.

Inventor： Lawrence Hun-Gi Aung ,  Gaurang Pankaj Mehta ,  Krithi Rai ,  Chirag Pravin Pandya ,  Shuo Wang

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  H04L63/0428 ,  H04L63/0807 ,  H04L63/10 ,  H04L63/102

Abstract: A centralized policy management may allow for one set of credentials to various applications and services offered by a computing resource service provider or other third-party servers. Systems, methods, and computer readable medium can be configured to receive a request to access a first computing system service provided by the computing resource service provider, generate an encrypted data bundle including at least a user identifier and a data type, and transmit the encrypted data bundle to a recipient, wherein the encrypted data bundle is configured to be returned to the one or more computing devices to facilitate access to the first computing system service provided by the computing resource service provider.

公开(公告)号：US11695744B2

公开(公告)日：2023-07-04

申请号：US16987877

申请日：2020-08-07

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Chirag Pravin Pandya

IPC: H04L9/40 ,  H04L67/10 ,  H04L67/1021 ,  G06F21/31 ,  H04L61/45 ,  H04L61/4523 ,  H04L61/4552 ,  H04L67/51 ,  H04L67/52 ,  H04L67/1001 ,  H04L61/4511

CPC classification number: H04L63/08 ,  G06F21/31 ,  H04L61/45 ,  H04L61/4523 ,  H04L61/4552 ,  H04L63/083 ,  H04L63/0815 ,  H04L63/107 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/1021 ,  H04L67/51 ,  H04L67/52 ,  H04L61/4511

Abstract: A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint.

公开(公告)号：US10547599B1

公开(公告)日：2020-01-28

申请号：US14626843

申请日：2015-02-19

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Sameer Palande ,  Lawrence Hun-Gi Aung ,  Raghavendra Reddy Madakkagari ,  Shuo Wang ,  Salman Aftab Paracha ,  Chirag Pravin Pandya

IPC: H04L29/06

Abstract: A user transmits a request to an authentication service to access a managed directory. The request may include a first set of credentials usable by a managed directory service to authenticate the user. As a result of the first set of credentials being valid, the authentication service may prompt the user to provide a multi-factor authentication code, which may be used by an authentication server to further authenticate the user and enable the user to access the managed directory. The authentication service subsequently provides the multi-factor authentication code to the authentication server for validation. If the multi-factor authentication code is valid, the authentication service may enable the user to access the managed directory through an encrypted communications session.

公开(公告)号：US20170250980A1

公开(公告)日：2017-08-31

申请号：US15456158

申请日：2017-03-10

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Guruprakash Bangalore Rao ,  Shuo Wang ,  Sameer Palande ,  Krithi Rai ,  Chirag Pravin Pandya

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/0853 ,  G06F17/30386 ,  G06F21/6218 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/102 ,  H04L63/105

Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.

公开(公告)号：US09596233B1

公开(公告)日：2017-03-14

申请号：US15060236

申请日：2016-03-03

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Guruprakash Bangalore Rao ,  Shuo Wang ,  Sameer Palande ,  Krithi Rai ,  Chirag Pravin Pandya

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  G06F17/30386 ,  G06F21/6218 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/102 ,  H04L63/105

Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.

Abstract translation: 用户，组和设备管理和认证系统允许管理员通过一组API来管理与一个或多个目录的域不相关联的设备的一个或多个目录。 该系统还允许不能直接访问目录用户列表的应用程序和服务来访问一个或多个目录。 用户，组和设备管理和认证系统可以是与中央管理的目录服务一起工作以提供这样的功能的附加系统。 例如，系统可以生成与特定目录相关联的访问令牌，该目录可由管理员访问的服务使用以调用由系统提供的API。 API调用可能会转换为特定于目录的API调用，该调用可用于在特定目录中执行操作。

公开(公告)号：US09313193B1

公开(公告)日：2016-04-12

申请号：US14500865

申请日：2014-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Guruprakash Bangalore Rao ,  Shuo Wang ,  Sameer Palande ,  Krithi Rai ,  Chirag Pravin Pandya

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/0853 ,  G06F17/30386 ,  G06F21/6218 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/102 ,  H04L63/105

Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.

Abstract translation: 用户，组和设备管理和认证系统允许管理员通过一组API来管理与一个或多个目录的域不相关联的设备的一个或多个目录。 该系统还允许不能直接访问目录用户列表的应用程序和服务来访问一个或多个目录。 用户，组和设备管理和认证系统可以是与中央管理的目录服务一起工作以提供这样的功能的附加系统。 例如，系统可以生成与特定目录相关联的访问令牌，该目录可由管理员访问的服务使用以调用由系统提供的API。 API调用可能会转换为特定于目录的API调用，该调用可用于在特定目录中执行操作。

公开(公告)号：US20160099924A1

公开(公告)日：2016-04-07

申请号：US14506342

申请日：2014-10-03

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Chirag Pravin Pandya

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/08 ,  G06F21/31 ,  H04L61/15 ,  H04L61/1511 ,  H04L61/1523 ,  H04L61/1552 ,  H04L61/1576 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/107 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/1021 ,  H04L67/16 ,  H04L67/18

Abstract: A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint.

Abstract translation: 全局端点可以与组织名称和位于不同地理区域中的多个目录相关联。 全局端点可以是托管用户访问应用或服务所使用的页面的计算系统。 用户可能能够使用已有的凭证访问应用程序或服务。 例如，用户可以使用由用户附属的实体存储和维护的凭证来访问应用或服务。 存储在不同地理区域中的凭据的用户可能能够通过相同的全局端点访问应用或服务。