公开(公告)号：US09344427B1

公开(公告)日：2016-05-17

申请号：US14538187

申请日：2014-11-11

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Chirag Pravin Pandya

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L63/0428 ,  H04L63/0884

Abstract: Techniques and constructs to facilitate multiple authentications of passwords are described. For instance, the disclosure describes systems and processes that authenticate a password and return an encrypted password that may be subsequently decrypted for additional authentications.

Abstract translation: 描述了促进密码多重验证的技术和结构。 例如，本公开描述了认证密码并返回加密密码的系统和过程，该密码可随后被解密以用于附加认证。

公开(公告)号：US20150134827A1

公开(公告)日：2015-05-14

申请号：US14098454

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Thomas Christopher Rizzo ,  Gaurang Pankaj Mehta ,  Guruprakash Bangalore Rao ,  Sameer Palande ,  Krithi Rai

IPC: H04L29/12

Abstract: Techniques for connecting computer system entities to remotely extended local computer system resources are described herein. A computer system entity that requests access to a local computer system resource has that request fulfilled by a managed directory service which receives the request and connects the computer system entity to the local computer system resource. While connected, the managed directory service extends the local computer system resource to a corresponding extended remote computer system resource, receives commands to perform operations on the local or extended remote computer system resources and, if the computer system entity is authorized to perform the operations on the appropriate computer system resource, the managed directory service performs the operations on the appropriate computer system resource.

Abstract translation: 本文描述了将计算机系统实体连接到远程扩展的本地计算机系统资源的技术。 请求访问本地计算机系统资源的计算机系统实体具有由接收请求并将计算机系统实体连接到本地计算机系统资源的受管目录服务实现的请求。 在连接时，托管目录服务将本地计算机系统资源扩展到相应的扩展远程计算机系统资源，接收对本地或扩展远程计算机系统资源执行操作的命令，以及如果计算机系统实体被授权执行操作 适当的计算机系统资源，托管目录服务在适当的计算机系统资源上执行操作。

公开(公告)号：US10908937B2

公开(公告)日：2021-02-02

申请号：US14098323

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Gaurang Pankaj Mehta ,  Thomas Christopher Rizzo ,  Guruprakash Bangalore Rao

IPC: G06F9/455 ,  H04L29/06 ,  H04L12/24

Abstract: A customer utilizes an interface provided by a virtual computer system service to provision a virtual machine instance and join this instance to a directory. The interface may have previously obtained the domain name and the Internet Protocol addresses for one or more directories available to the customer for joining the virtual machine instance. The virtual computer system service may communicate with a managed directory service to obtain a set of temporary credentials that may be used to transmit a request to the directory to allow joining of the virtual machine instance. Upon provisioning of the instance, an agent operating within the instance may be configured to obtain the domain name and Internet Protocol addresses for the directory to establish a connection with the directory. The agent may also be configured to obtain the set of temporary credentials to transmit a request to the directory for joining of the instance.

公开(公告)号：US10530742B2

公开(公告)日：2020-01-07

申请号：US14098445

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Guruprakash Bangalore Rao ,  Gaurang Pankaj Mehta ,  Thomas Christopher Rizzo ,  Sameer Palande ,  Krithi Rai

IPC: H04L29/12 ,  G06F9/455 ,  H04L29/06 ,  G06F21/60 ,  H04L29/08 ,  H04L12/24

Abstract: Techniques for connecting computer system entities to remote computer system resources are described herein. A computer system entity that requests access to a remote computer system resource has that request fulfilled by a managed directory service which receives the request and connects the computer system entity to the remote computer system resource. While connected, the managed directory service receives commands to perform operations on the remote computer system resource and, if the computer system entity is authorized to perform the operations on the remote computer system resource, the managed directory service performs the operation on the remote computer system resource.

公开(公告)号：US10355942B1

公开(公告)日：2019-07-16

申请号：US14499879

申请日：2014-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Shon Kiran Shah ,  Sameer Palande

IPC: G06F15/173 ,  H04L12/24 ,  H04L12/26 ,  H04L12/911 ,  G06Q10/00

Abstract: Features are disclosed for facilitating remote management of network directories of organizations by a directory management system. The network directories may change over time, experiencing growth in size and number of current connections, increased latency, reduced performance, and the like. The network directories may also shrink over time, experience fewer connections, etc. Organizations can define scaling policies by which the directory management system can automatically respond to the occurrence of various events, such as changes in the size or usage of the organizations' network directories, by scaling resources associated with the directories. The directory management system can perform various scaling actions on-demand or without requiring additional action by the organizations, thereby reducing the time and effort required by the organizations to monitor their own directories and implement (or request implementation of) changes.

公开(公告)号：US10079896B2

公开(公告)日：2018-09-18

申请号：US15353628

申请日：2016-11-16

Applicant: Amazon Technologies, Inc.

Inventor： Nathan Bartholomew Thomas ,  Eugene Michael Farrell ,  Erik Jonathon Tellvik ,  Gaurang Pankaj Mehta ,  Deepak Suryanarayanan

IPC: G06F15/16 ,  H04L29/08 ,  H04L12/26 ,  G06F9/451 ,  G06F9/48

CPC classification number: H04L67/148 ,  G06F9/452 ,  G06F9/4856 ,  H04L43/08 ,  H04L43/16 ,  H04L67/10 ,  H04L67/1095 ,  H04L67/18

Abstract: It may be determined that a cloud desktop should be migrated from a current region. A destination region to which the cloud desktop will be migrated can be identified. A data volume of the cloud desktop may be copied from the current region to the destination region. The data volume at the current region and the data volume at the destination region may be maintained in sync during the copying. Upon completion of the copying, a current user session associated with the cloud desktop at the current region may be frozen, a current memory and processor state of the current user session may be copied to the destination region, and a second cloud desktop instance at the destination region may be started using the copied data volume and current memory and processor state. The current user session may be connected to the second cloud desktop instance.

公开(公告)号：US20170149780A1

公开(公告)日：2017-05-25

申请号：US15424691

申请日：2017-02-03

Applicant: Amazon Technologies, Inc.

Inventor： Erik Jonathon Tellvik ,  Gaurang Pankaj Mehta ,  Ajit Nagendra Padukone ,  Chirag Pravin Pandya ,  Colin Harrison Brace ,  Deepak Suryanarayanan ,  Guruprakash Bangalore Rao ,  Krithi Rai ,  Malcolm Russell Ah Kun ,  Sameer Palande ,  Shon Kiran Shah ,  Vivek Lakshmanan

IPC: H04L29/06

CPC classification number: H04L63/0807 ,  H04L63/083

Abstract: A virtual computing environment service may receive a request from a customer to provision a virtual computing environment and join the virtual computing environment to a managed directory. The virtual computing environment service may provision the virtual computing environment and uses a set of administrator credentials from the customer and a set of credentials corresponding to the environment to access the managed directory and request joining of the environment to the managed directory. In response, the managed directory may create a computer account corresponding to the environment and which enables the environment to be used to access the managed directory. The virtual computing environment service may then enable the customer to specify one or more users that may utilize the virtual computing environment to access the managed directory.

公开(公告)号：US09641522B1

公开(公告)日：2017-05-02

申请号：US14538003

申请日：2014-11-11

Applicant: Amazon Technologies, Inc.

Inventor： Lawrence Hun-Gi Aung ,  Gaurang Pankaj Mehta ,  Krithi Rai ,  Chirag Pravin Pandya ,  Shuo Wang

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  H04L63/0428 ,  H04L63/0807 ,  H04L63/10 ,  H04L63/102

Abstract: A centralized policy management may allow for one set of credentials to various applications and services offered by a computing resource service provider or other third-party servers. Systems, methods, and computer readable medium can be configured to receive a request to access a first computing system service provided by the computing resource service provider, generate an encrypted data bundle including at least a user identifier and a data type, and transmit the encrypted data bundle to a recipient, wherein the encrypted data bundle is configured to be returned to the one or more computing devices to facilitate access to the first computing system service provided by the computing resource service provider.

公开(公告)号：US20170070581A1

公开(公告)日：2017-03-09

申请号：US15353628

申请日：2016-11-16

Applicant: Amazon Technologies, Inc.

Inventor： Nathan Bartholomew Thomas ,  Eugene Michael Farrell ,  Erik Jonathon Tellvik ,  Gaurang Pankaj Mehta ,  Deepak Suryanarayanan

IPC: H04L29/08 ,  H04L12/26

CPC classification number: H04L67/148 ,  G06F9/452 ,  G06F9/4856 ,  H04L43/08 ,  H04L43/16 ,  H04L67/10 ,  H04L67/1095 ,  H04L67/18

Abstract: It may be determined that a cloud desktop should be migrated from a current region. A destination region to which the cloud desktop will be migrated can be identified. A data volume of the cloud desktop may be copied from the current region to the destination region. The data volume at the current region and the data volume at the destination region may be maintained in sync during the copying. Upon completion of the copying, a current user session associated with the cloud desktop at the current region may be frozen, a current memory and processor state of the current user session may be copied to the destination region, and a second cloud desktop instance at the destination region may be started using the copied data volume and current memory and processor state. The current user session may be connected to the second cloud desktop instance.

Abstract translation: 可能会确定云桌面应该从当前区域迁移。 可以识别云桌面将迁移到的目的地区域。 可以将云桌面的数据卷从当前区域复制到目的地区域。 在复制期间，当前区域的数据量和目的地区域的数据量可以保持同步。 在完成复制时，与当前区域的云桌面相关联的当前用户会话可能被冻结，当前用户会话的当前存储器和处理器状态可以被复制到目的地区域，并且第二云桌面实例在 可以使用复制的数据量和当前存储器和处理器状态来启动目的地区域。 当前用户会话可能连接到第二个云桌面实例。

公开(公告)号：US20150135257A1

公开(公告)日：2015-05-14

申请号：US14098341

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Gaurang Pankaj Mehta ,  Venakta N. S. S. Harsha Koonaparaju ,  Thomas Christopher Rizzo ,  Guruprakash Bangalore Rao

IPC: H04L29/06

CPC classification number: H04L63/08 ,  G06F9/45558 ,  G06F21/41 ,  G06F21/6218 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/10 ,  H04L63/102 ,  H04L63/104 ,  H04L63/105 ,  H04L63/20 ,  H04L67/02 ,  H04L67/10 ,  H04L67/306

Abstract: A user may utilize a set of credentials to access, through a managed directory service, one or more services provided by a computing resource service provider. The managed directory service may be configured to identify one or more policies applicable to the user. These policies may define the level of access to the one or more services provided by the computing resource service provider. Based at least in part on these policies, the managed directory service may transmit a request to an identity management system to obtain a set of temporary credentials that may be used to enable the user to access the one or more services. Accordingly, the managed directory service may be configured to enable the user, based at least in part on the policies and the set of temporary credentials, to access an interface, which can be used to access the one or more services.

Abstract translation: 用户可以利用一组凭证来通过托管目录服务访问由计算资源服务提供商提供的一个或多个服务。 托管目录服务可以被配置为识别适用于用户的一个或多个策略。 这些策略可以定义对由计算资源服务提供商提供的一个或多个服务的访问级别。 至少部分地基于这些策略，托管目录服务可以向身份管理系统发送请求以获得可以用于使得用户访问一个或多个服务的一组临时凭证。 因此，托管目录服务可以被配置为至少部分地基于策略和一组临时凭证来使用户能够访问可以用于访问一个或多个服务的接口。