公开(公告)号：US20170195457A1

公开(公告)日：2017-07-06

申请号：US14984957

申请日：2015-12-30

Applicant: Amazon Technologies, Inc.

Inventor： Edward Bradford Smith, II ,  Graeme David Baer ,  Manivannan Sundaram

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/327 ,  H04L63/06 ,  H04L63/061 ,  H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L63/123 ,  H04L63/166

Abstract: The present document describes systems and methods that authorize client resources such as computers, servers, computing appliances, and virtual machines to access online services provided by an online service provider. To authorize a client resource, a client submits a registration request on behalf of the client resource to an authorization service provided by the service provider. The authorization service returns an activation code to the client. The activation code may expire after an amount of time, or upon first use. The client provides the activation code to an agent running on the client resource. The agent establishes communication with the authorization service, and upon providing the activation code to the authorization service, receives an authorization token that can be used by the client resource to access online services in accordance with security roles or permissions specified with the registration request.

公开(公告)号：US09444800B1

公开(公告)日：2016-09-13

申请号：US13682248

申请日：2012-11-20

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Graeme David Baer ,  Eric Jason Brandwine

IPC: H04L29/00 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/205 ,  G06F21/6218 ,  H04L63/0218 ,  H04L63/0272 ,  H04L63/08 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/10 ,  H04L63/123 ,  H04L63/1458 ,  H04L63/168 ,  H04L67/10 ,  H04L67/1002

Abstract: Customers can utilize resources of a multi-tenant environment to provide one or more services available to various users. In order to simplify the process for these customers, the multi-tenant environment can include an infrastructure wherein a portion of the resources provide an authentication and/or authorization service that can be leveraged by the customer services. These resources can logically sit in front of the resources used to provide the customer services, such that a user request must pass through the authorization and authentication service before being directed to the customer service. Such resources can provide other functionality as well, such as load balancing and metering.

Abstract translation: 客户可以利用多租户环境的资源来提供一个或多个可用于各种用户的服务。 为了简化这些客户的过程，多租户环境可以包括基础设施，其中一部分资源提供可由客户服务利用的认证和/或授权服务。 这些资源可以逻辑地坐在用于提供客户服务的资源之前，使得用户请求必须在被指示到客户服务之前通过授权和认证服务。 这样的资源也可以提供其他功能，例如负载平衡和计量。

公开(公告)号：US20160112412A1

公开(公告)日：2016-04-21

申请号：US14976398

申请日：2015-12-21

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Graeme David Baer ,  Brian Irl Pratt

IPC: H04L29/06

CPC classification number: H04L63/0838 ,  G06F21/34

Abstract: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.

Abstract translation: 描述了基于一次密码（OTP）的安全方案，其中提供商预先生成将在预定间隔内有效的许多验证码（例如，OTP码）。 然后，提供商对验证码进行编码（例如，通过用时间值对每个代码进行散列），并将验证码存储到数据结构中。 可以将数据结构提供给可以使用一组预先生成的OTP代码来验证从具有个人安全令牌的用户接收的请求的验证系统。

公开(公告)号：US20230239289A1

公开(公告)日：2023-07-27

申请号：US18194891

申请日：2023-04-03

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Graeme David Baer ,  Brian Irl Pratt

IPC: H04L9/40 ,  G06F21/34

CPC classification number: H04L63/0838 ,  G06F21/34

Abstract: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.

公开(公告)号：US11361063B2

公开(公告)日：2022-06-14

申请号：US16406758

申请日：2019-05-08

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Daniel Stephen Popick ,  Derek Avery Lyon ,  John Michael Morkel ,  Graeme David Baer ,  Ajith Harshana Ranabahu ,  Khaled Salah Sedky

IPC: G06F21/33 ,  H04L43/55 ,  H04L9/40 ,  G06F21/62 ,  G06F21/60 ,  G06F16/93 ,  G06F21/52 ,  G06F21/31 ,  G06F3/06 ,  G06F21/12 ,  G06F21/57

Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.

公开(公告)号：US10924482B1

公开(公告)日：2021-02-16

申请号：US14576141

申请日：2014-12-18

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine ,  Graeme David Baer

IPC: H04L29/06 ,  G06F21/62

Abstract: A computing resource service provides flexible configuration of authorization rules. A set of authorization rules which define whether fulfillment of requests. The set of authorization rules are applied to a request of a first type which is mapped to a request of a second type. The request of the second type is used for fulfillment of the request of the first type when the authorization rules so allow.

公开(公告)号：US10574699B1

公开(公告)日：2020-02-25

申请号：US14954787

申请日：2015-11-30

Applicant: Amazon Technologies, Inc.

Inventor： Graeme David Baer ,  Bradford Taylor Lyman ,  Weixun Wang ,  Dmitry Frenkel ,  Gregory Branchek Roth

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/62

Abstract: A load balancing service receives a request from a customer to configure a load balancer for distributing incoming requests to one or more computing resources of the customer. The load balancing service uses configuration information specified in the request to configure the load balancer such that the load balancer, in response to an incoming request, can determine whether the incoming request satisfies a set of request processing rules usable to determine whether the request is to be transmitted to any computing resource of the one or more computing resources. The load balancer transmits the incoming request to a computing resource of the customer as a result of the rules being satisfied.

公开(公告)号：US10320624B1

公开(公告)日：2019-06-11

申请号：US14042277

申请日：2013-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Daniel Stephen Popick ,  Derek Avery Lyon ,  John Michael Morkel ,  Graeme David Baer ,  Ajith Harshana Ranabahu ,  Khaled Salah Sedky

IPC: G06F15/173 ,  H04L12/24 ,  H04L29/06 ,  G06F21/62 ,  G06F21/52

Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.

公开(公告)号：US10225152B1

公开(公告)日：2019-03-05

申请号：US14042233

申请日：2013-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Daniel Stephen Popick ,  Derek Avery Lyon ,  John Michael Morkel ,  Graeme David Baer ,  Ajith Harshana Ranabahu ,  Khaled Salah Sedky

IPC: G06F15/173 ,  H04L12/24 ,  H04L29/06 ,  G06F21/62

Abstract: A method and apparatus for the evaluation and remediation of an access control policy is disclosed. In the method and apparatus, an intermediary service may make access request, on behalf of a customer, to one or more computing resources and the access control policy is evaluation to determine whether the request is authorized. Further, remediation options for the access control policy are offered for the request to be authorized.

公开(公告)号：US20190044979A1

公开(公告)日：2019-02-07

申请号：US15888722

申请日：2018-02-05

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Graeme David Baer ,  Eric Jason Brandwine

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/62

CPC classification number: H04L63/205 ,  G06F21/6218 ,  H04L63/0218 ,  H04L63/0272 ,  H04L63/08 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/10 ,  H04L63/123 ,  H04L63/1458 ,  H04L63/168 ,  H04L67/10 ,  H04L67/1002

Abstract: Customers can utilize resources of a multi-tenant environment to provide one or more services available to various users. In order to simplify the process for these customers, the multi-tenant environment can include an infrastructure wherein a portion of the resources provide an authentication and/or authorization service that can be leveraged by the customer services. These resources can logically sit in front of the resources used to provide the customer services, such that a user request must pass through the authorization and authentication service before being directed to the customer service. Such resources can provide other functionality as well, such as load balancing and metering.