公开(公告)号：US20180316501A1

公开(公告)日：2018-11-01

申请号：US16029358

申请日：2018-07-06

Applicant: Amazon Technologies, Inc.

Inventor： Jonathan Kozolchyk ,  Darren E. Canavor ,  Jeffrey J. Fielding ,  Vaibhav Mallya ,  Darin Keith McAdams

IPC: H04L9/32 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L9/3213 ,  H04L9/3239 ,  H04L29/06 ,  H04L63/0428 ,  H04L63/102 ,  H04L67/1097

Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.

公开(公告)号：US20150234695A1

公开(公告)日：2015-08-20

申请号：US14701866

申请日：2015-05-01

Applicant: Amazon Technologies, Inc.

Inventor： David A. Cuthbert ,  Sergei V. Shinkarev ,  Jeffrey J. Fielding ,  Ting-You Wang

IPC: G06F11/07

CPC classification number: G06F11/0751 ,  G06F11/0709 ,  G06F11/3006 ,  H04L43/04 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0817 ,  H04L43/10 ,  H04L43/14

Abstract: Disclosed are various embodiments for network monitoring. A processor circuit having a processor and a memory is employed. A listing of components of a network is stored in the memory, the listing including a plurality of endpoints and a plurality of nodes. One of the endpoints includes a processor circuit. A monitoring application is stored in the memory and executable by the processor circuit. The monitoring application is configured to maintain in the memory an indication of an operational status of each of the nodes derived from a plurality of status requests transmitted between respective pairs of the endpoints.

Abstract translation: 公开了用于网络监控的各种实施例。 采用具有处理器和存储器的处理器电路。 网络的组件的列表被存储在存储器中，该列表包括多个端点和多个节点。 端点之一包括处理器电路。 监视应用程序存储在存储器中并由处理器电路执行。 监视应用被配置为在存储器中维护从在各个端点对之间传输的多个状态请求导出的每个节点的操作状态的指示。

公开(公告)号：US11212291B2

公开(公告)日：2021-12-28

申请号：US16453929

申请日：2019-06-26

Applicant: Amazon Technologies, Inc.

Inventor： Jonathan Kozolchyk ,  Darin Keith McAdams ,  Jeffrey J. Fielding ,  Vaibhav Mallya ,  Darren E. Canavor

IPC: H04L29/06

Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.

公开(公告)号：US20170331629A1

公开(公告)日：2017-11-16

申请号：US15668644

申请日：2017-08-03

Applicant: Amazon Technologies, Inc.

Inventor： Jonathan Kozolchyk ,  Darren E. Canavor ,  Jeffrey J. Fielding ,  Vaibhav Mallya ,  Darin Keith McAdams

IPC: H04L9/32 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L9/3213 ,  H04L9/3239 ,  H04L29/06 ,  H04L63/0428 ,  H04L63/102 ,  H04L67/1097

Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.

公开(公告)号：US09430308B2

公开(公告)日：2016-08-30

申请号：US14701866

申请日：2015-05-01

Applicant: Amazon Technologies, Inc.

Inventor： David A. Cuthbert ,  Sergei V. Shinkarev ,  Jeffrey J. Fielding ,  Ting-You Wang

IPC: G06F15/173 ,  G06F11/07 ,  H04L12/26

CPC classification number: G06F11/0751 ,  G06F11/0709 ,  G06F11/3006 ,  H04L43/04 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0817 ,  H04L43/10 ,  H04L43/14

Abstract: Disclosed are various embodiments for network monitoring. A processor circuit having a processor and a memory is employed. A listing of components of a network is stored in the memory, the listing including a plurality of endpoints and a plurality of nodes. One of the endpoints includes a processor circuit. A monitoring application is stored in the memory and executable by the processor circuit. The monitoring application is configured to maintain in the memory an indication of an operational status of each of the nodes derived from a plurality of status requests transmitted between respective pairs of the endpoints.

Abstract translation: 公开了用于网络监控的各种实施例。 采用具有处理器和存储器的处理器电路。 网络的组件的列表被存储在存储器中，该列表包括多个端点和多个节点。 端点之一包括处理器电路。 监视应用程序存储在存储器中并由处理器电路执行。 监视应用被配置为在存储器中维护从在各个端点对之间传输的多个状态请求导出的每个节点的操作状态的指示。

公开(公告)号：US09032073B1

公开(公告)日：2015-05-12

申请号：US14146935

申请日：2014-01-03

Applicant: Amazon Technologies, Inc.

Inventor： David A. Cuthbert ,  Sergei V. Shinkarev ,  Jeffrey J. Fielding ,  Ting-You Wang

IPC: G06F15/173 ,  G06F11/30 ,  H04L12/26

CPC classification number: G06F11/0751 ,  G06F11/0709 ,  G06F11/3006 ,  H04L43/04 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0817 ,  H04L43/10 ,  H04L43/14

Abstract: Disclosed are various embodiments for network monitoring. A processor circuit having a processor and a memory is employed. A listing of components of a network is stored in the memory, the listing including a plurality of endpoints and a plurality of nodes. One of the endpoints includes the processor circuit. A monitoring application is stored in the memory and executable by the processor. The monitoring application is configured to maintain in the memory an indication of an operational status of each of the nodes derived from a plurality of status requests transmitted between respective pairs of the endpoints.

Abstract translation: 公开了用于网络监控的各种实施例。 采用具有处理器和存储器的处理器电路。 网络的组件的列表被存储在存储器中，该列表包括多个端点和多个节点。 端点之一包括处理器电路。 监视应用程序存储在存储器中并由处理器执行。 监视应用被配置为在存储器中维护从在各个端点对之间传输的多个状态请求导出的每个节点的操作状态的指示。