公开(公告)号：US20190089542A1

公开(公告)日：2019-03-21

申请号：US16195628

申请日：2018-11-19

Applicant: Amazon Technologies, Inc.

Inventor： David R. Richardson ,  Mustafa I. Abrar ,  Don Johnson ,  John Cormie ,  Bradley Eugene Marshall ,  Mark Joseph Cavage

IPC: H04L9/32 ,  H04L29/06 ,  H04L29/08

Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.

公开(公告)号：US10135620B2

公开(公告)日：2018-11-20

申请号：US15597841

申请日：2017-05-17

Applicant: Amazon Technologies, Inc.

Inventor： David R. Richardson ,  Mustafa I. Abrar ,  Don Johnson ,  John Cormie ,  Bradley Eugene Marshall ,  Mark Joseph Cavage

IPC: H04L9/32 ,  H04L29/06 ,  H04L29/08

Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.

公开(公告)号：US10067781B2

公开(公告)日：2018-09-04

申请号：US14887088

申请日：2015-10-19

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Don Johnson ,  Marvin M. Theimer

IPC: H04L29/00 ,  G06F9/455 ,  G06F21/00 ,  G06F21/62

Abstract: Generally described, aspects of the present disclosure relate to for managing the configuration and security policies of hosted virtual machine networks. Hosted virtual machine networks are configured in a manner such that a virtual machine manager component can establish service manifests that correspond to information required by the virtual machine network from a user/customer. The virtual machine manager component can also publish in the service manifests contractual information, such as security risk assessments, that are deemed to have been provided and accepted by the user/customer in instantiating virtual machine networks. If the processed service manifest information remains valid, a substrate network process requests or independently instantiate services or components in accordance with the configuration information and security risk information included in the processed service manifest.

公开(公告)号：US09979694B2

公开(公告)日：2018-05-22

申请号：US14936314

申请日：2015-11-09

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Don Johnson ,  Marvin M. Theimer

IPC: G06F9/455 ,  G06F15/16 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L61/2503 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L61/6068 ,  H04L67/18 ,  H04L67/28 ,  H04L67/2814 ,  H04L67/2823

Abstract: Systems and method are provided for using proxy addresses to manage communications sent between virtual machine networks hosted by a substrate network. In some embodiments, the substrate network may identify a communication addressed from an instantiated component of a first hosted virtual network to a first proxy component of the first hosted virtual network. The substrate network may cause the communication to be received by a second instantiated component of a second host virtual network. Specifically, the substrate network may alter a destination address of the communication from a proxy address of the first proxy component to a network address of the second instantiated component. The substrate network may also alter a source address of the communication from a network address of the first instantiated component to a proxy address of a second proxy component.

公开(公告)号：US20170353394A1

公开(公告)日：2017-12-07

申请号：US15583547

申请日：2017-05-01

Applicant: Amazon Technologies, Inc.

Inventor： Eric J. Brandwine ,  Marvin M. Theimer ,  Don Johnson ,  Swaminathan Sivasubramanian

IPC: H04L12/911 ,  H04L29/08

CPC classification number: H04L47/70 ,  G06F9/5077 ,  G06F21/53 ,  G06F2221/2149 ,  H04L67/10

Abstract: With the advent of virtualization technologies, networks and routing for those networks can now be simulated using commodity hardware. For example, virtualization technologies can be adapted to allow a single physical computing machine to be shared among multiple virtual networks by providing one or more virtual machines simulated in software by the single physical computing machine, with each virtual machine acting as a distinct logical computing system. In addition, as routing can be accomplished through software, additional network setup flexibility can be provided to the virtual network in comparison with hardware-based routing. In some implementations, virtual network setup can be abstracted through the use of resource placement templates, allowing users to create virtual networks compliant with a customer's networking policies without necessarily having knowledge of what those policies are.

公开(公告)号：US20150235191A1

公开(公告)日：2015-08-20

申请号：US14701377

申请日：2015-04-30

Applicant: Amazon Technologies, Inc.

Inventor： Peter Sirota ,  Don Johnson ,  Gaurav D. Ghare ,  Tushar Jain ,  Alan S. Geller

IPC: G06Q20/14 ,  G06Q30/04

CPC classification number: G06Q20/145 ,  A61K48/00 ,  G06Q10/06 ,  G06Q20/102 ,  G06Q30/02 ,  G06Q30/04

Abstract: Techniques are described for facilitating use of invocable services by applications in a configurable manner. In at least some situations, the invocable services are Web services or other network-accessible services that are made available by providers of the services for use by others in exchange for fees defined by the service providers. The described techniques facilitate use of such invocable services by applications in a manner configured by the application providers and the service providers, including to track use of third-party invocable services by applications on behalf of end users and to allocate fees that are charged end users between the applications and the services as configured by the providers of the applications and services. In some situations, the configured pricing terms for a service specify fees for end users that differ in one or more ways from the defined fees charged by the provider of that service.

Abstract translation: 描述了以可配置的方式促进应用使用可调用服务的技术。 在至少一些情况下，可调用的服务是Web服务或其他网络可访问的服务，这些服务由服务提供者提供，供他人使用以交换由服务提供商定义的费用。 所描述的技术有助于以应用提供商和服务提供商配置的方式由应用程序使用这种可调用服务，包括代表最终用户跟踪应用程序对第​​三方可调用服务的使用以及分配收取终端用户的费用 在由应用程序和服务的提供者配置的应用程序和服务之间。 在某些情况下，服务的配置定价条款指定终端用户的费用，这些费用以一种或多种方式与由该服务提供商收取的定义费用不同。

公开(公告)号：US12081451B2

公开(公告)日：2024-09-03

申请号：US15583547

申请日：2017-05-01

Applicant: Amazon Technologies, Inc.

Inventor： Eric J. Brandwine ,  Marvin M. Theimer ,  Don Johnson ,  Swaminathan Sivasubramanian

IPC: H04L47/70 ,  G06F9/50 ,  G06F21/53 ,  H04L67/10

CPC classification number: H04L47/70 ,  G06F9/5077 ,  G06F21/53 ,  H04L67/10 ,  G06F2221/2149

Abstract: With the advent of virtualization technologies, networks and routing for those networks can now be simulated using commodity hardware. For example, virtualization technologies can be adapted to allow a single physical computing machine to be shared among multiple virtual networks by providing one or more virtual machines simulated in software by the single physical computing machine, with each virtual machine acting as a distinct logical computing system. In addition, as routing can be accomplished through software, additional network setup flexibility can be provided to the virtual network in comparison with hardware-based routing. In some implementations, virtual network setup can be abstracted through the use of resource placement templates, allowing users to create virtual networks compliant with a customer's networking policies without necessarily having knowledge of what those policies are.

公开(公告)号：US10817854B2

公开(公告)日：2020-10-27

申请号：US14300117

申请日：2014-06-09

Applicant: Amazon Technologies, Inc.

Inventor： Peter Sirota ,  James Alfred Gordon Greenfield ,  Don Johnson ,  Attila Narin

IPC: G06F40/00 ,  G06Q20/10 ,  G06Q30/04 ,  G06F9/455 ,  G06Q20/34 ,  G06Q20/14 ,  G06F8/61 ,  G06Q30/06 ,  G06F21/12

Abstract: Techniques are described for facilitating sharing of executable software images between users in a configurable manner. In at least some situations, the executable software images are virtual machine images, and while executing may access and use remote network-accessible services (e.g., Web services). In addition, some or all shared executable software images may be made available in a fee-based manner by creator users, such that execution of such a fee-based software image by a software image execution service on behalf of a user other than the creator user is performed in exchange for fees from the other user as specified by the creator user. The creator user may further receive at least some of the specified fees paid by the other user, such as at least some of a difference between the specified fees and fees charged by the software image execution service for the execution.

公开(公告)号：US20190012196A1

公开(公告)日：2019-01-10

申请号：US16118264

申请日：2018-08-30

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Don Johnson ,  Marvin M. Theimer

IPC: G06F9/455 ,  G06F21/62 ,  G06F21/00

CPC classification number: G06F9/45558 ,  G06F21/00 ,  G06F21/62 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Generally described, aspects of the present disclosure relate to for managing the configuration and security policies of hosted virtual machine networks. Hosted virtual machine networks are configured in a manner such that a virtual machine manager component can establish service manifests that correspond to information required by the virtual machine network from a user/customer. The virtual machine manager component can also publish in the service manifests contractual information, such as security risk assessments, that are deemed to have been provided and accepted by the user/customer in instantiating virtual machine networks. If the processed service manifest information remains valid, a substrate network process requests or independently instantiate services or components in accordance with the configuration information and security risk information included in the processed service manifest.

公开(公告)号：US09985969B1

公开(公告)日：2018-05-29

申请号：US13853926

申请日：2013-03-29

Applicant: Amazon Technologies, Inc.

Inventor： Mark Joseph Cavage ,  John Cormie ,  Nathan R. Fitch ,  Don Johnson ,  Peter Sirota

IPC: H04L29/06 ,  G06F21/62 ,  G06F21/60

CPC classification number: H04L63/10 ,  G06F21/604 ,  G06F21/6218 ,  G06F2221/2141 ,  H04L63/0227 ,  H04L63/102 ,  H04L63/20

Abstract: Techniques are described for managing access to computing-related resources that, for example, may enable multiple distinct parties to independently control access to the resources (e.g., such that a request to access a resource succeeds only if all of multiple associated parties approve that access). For example, an executing software application may, on behalf of an end user, make use of computing-related resources of one or more types that are provided by one or more remote third-party network services (e.g., data storage services provided by an online storage service)—in such a situation, both the developer user who created the software application and the end user may be allowed to independently specify access rights for one or more particular such computing-related resources (e.g., stored data files), such that neither the end user nor the software application developer user may later access those resources without the approval of the other party.