公开(公告)号：US09686078B1

公开(公告)日：2017-06-20

申请号：US14635923

申请日：2015-03-02

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Pradeep Vincent ,  Matthew T. Corddry ,  James R. Hamilton

IPC: H04L29/06 ,  H04L9/32 ,  G06F9/445 ,  H04L29/08 ,  H04L9/30

CPC classification number: H04L9/3236 ,  G06F8/65 ,  G06F21/00 ,  H04L9/30 ,  H04L63/145 ,  H04L67/34

Abstract: The state of firmware for devices on a provisioned host machine can be validated independent of the host CPU(s) or other components exposed to the user. A port that is not fully exposed or accessible to the user can be used to perform a validation process on firmware without accessing a CPU of the host device. The firmware can be scanned and a hashing or similar algorithm can be used to determine validation information, such as hash values, for the firmware, which can be compared to validation information stored in a secure location. If the current and stored validation information do not match, one or more remedial actions can be taken to address the firmware being in an unknown or unintended state.

公开(公告)号：US08806576B1

公开(公告)日：2014-08-12

申请号：US13744283

申请日：2013-01-17

Applicant: Amazon Technologies, Inc.

Inventor： Matthew T. Corddry ,  Michael Eavid Marr ,  James R. Hamilton ,  Peter N. De Santis

IPC: G06F7/04 ,  G06F17/30 ,  G06F15/16 ,  H04L29/06

CPC classification number: H04L63/10 ,  G06F9/4401 ,  H04L67/125 ,  H04L67/22

Abstract: In an environment such as a cloud computing environment where various guests can be provisioned on a host machine or other hardware device, it can be desirable to prevent those users from rebooting or otherwise restarting the machine or other resources using unauthorized information or images that can be obtained from across the network. A cloud manager can cause one or more network switches or other routing or communication processing components to deny communication access between user-accessible ports on a machine or device and the provisioning systems, or other specific network resources, such that the user cannot cause the host machine to pull information from those resources upon a restart or reboot of the machine. Further, various actions can be taken upon a reboot or attempted reboot, such as to isolate the host machine or even power off the specific machine.

Abstract translation: 在诸如云计算环境的环境中，可以在主机或其他硬件设备上配置各种客户端，可能希望防止这些用户重新启动或以其他方式重新启动机器或其他资源，使用未经授权的信息或图像可以 从网络获得。 云管理器可以使一个或多个网络交换机或其他路由或通信处理组件拒绝机器或设备上的用户可访问端口与供应系统或其他特定网络资源之间的通信接入，使得用户不能使主机 机器在重新启动或重新启动机器时从这些资源中提取信息。 此外，可以在重新启动或尝试重新启动时执行各种操作，例如隔离主机或甚至断开特定机器的电源。

公开(公告)号：US20160342429A1

公开(公告)日：2016-11-24

申请号：US15229043

申请日：2016-08-04

Applicant: Amazon Technologies, Inc.

Inventor： Jesper M. Johansson ,  Matthew T. Corddry ,  Tom F. Hansen ,  Luke F. Kearney

IPC: G06F9/44 ,  H04L9/32 ,  H04L29/06

CPC classification number: G06F9/4416 ,  G06F9/4406 ,  G06F21/33 ,  H04L9/3268 ,  H04L29/06 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0876 ,  H04L63/10 ,  H04L2209/64

Abstract: Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.

Abstract translation: 本应用程序介绍了具有合理级别安全性的网络上主机的自动配置。 在安全框架中利用主机上的证书管理服务（CMS），一个或多个可信代理和公钥基础设施来建立主机标识。 一旦建立了主机身份，可以交换签名的加密证书，并可能进行安全通信。

公开(公告)号：US20160019050A1

公开(公告)日：2016-01-21

申请号：US14866643

申请日：2015-09-25

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Matthew T. Corddry ,  James R. Hamilton

IPC: G06F9/445 ,  G06F21/62 ,  H04L29/06

CPC classification number: G06F8/65 ,  G06F21/572 ,  G06F21/629 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/20

Abstract: When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. For example, a clock or a timer mechanism can be used by a network interface card to define a mutability period. During the mutability period, firmware update to a peripheral device can be allowed. Once the mutability period has expired, firmware update to a peripheral device will no longer be allowed.

Abstract translation: 当向用户提供对至少一部分设备硬件的本地访问时，可以通过控制用于更新该信息的机制来阻止用户修改固件和其他配置信息。 例如，网络接口卡可以使用时钟或定时器机制来定义可变性周期。 在可变性期间，可以允许对外围设备的固件更新。 一旦可变性时间段到期，将不再允许对外围设备的固件更新。

公开(公告)号：US20150199519A1

公开(公告)日：2015-07-16

申请号：US14671933

申请日：2015-03-27

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Pradeep Vincent ,  Matthew T. Corddry ,  James R. Hamilton

IPC: G06F21/57 ,  H04L29/08 ,  G06F9/445

CPC classification number: G06F21/572 ,  G06F8/65 ,  G06F11/3003 ,  G06F11/3051 ,  G06F21/57 ,  G06F21/575 ,  G06F21/577 ,  G06F2201/865 ,  G06F2201/88 ,  G06F2221/033 ,  H04L67/10

Abstract: Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.

Abstract translation: 可以使用安全计数器监视硬件设备的更新确认信息或固件的尝试，该计数器被配置为对每次更新或更新尝试单调地调整安全计数器的当前值。 每次确认固件的有效性时，可以确定计数器的值，并将该值存储到安全位置。 在随后的时间，例如在引导过程期间，可以确定计数器的实际值并将其与预期值进行比较。 如果值不匹配，使得固件可能处于意外状态，则可以采取措施，例如防止访问或隔离硬件，直到固件可以被验证或更新为预期的时间 州。

公开(公告)号：US08996744B1

公开(公告)日：2015-03-31

申请号：US14094642

申请日：2013-12-02

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Pradeep Vincent ,  Matthew T. Corddry ,  James R. Hamilton

IPC: G06F3/00 ,  G06F13/28 ,  G06F11/30 ,  G06F9/44 ,  G06F21/57

CPC classification number: G06F21/572 ,  G06F8/65 ,  G06F11/3003 ,  G06F11/3051 ,  G06F21/57 ,  G06F21/575 ,  G06F21/577 ,  G06F2201/865 ,  G06F2201/88 ,  G06F2221/033 ,  H04L67/10

Abstract: Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.

Abstract translation: 可以使用安全计数器监视硬件设备的更新确认信息或固件的尝试，该计数器被配置为对每次更新或更新尝试单调地调整安全计数器的当前值。 每次确认固件的有效性时，可以确定计数器的值，并将该值存储到安全位置。 在随后的时间，例如在引导过程期间，可以确定计数器的实际值并将其与预期值进行比较。 如果值不匹配，使得固件可能处于意外状态，则可以采取措施，例如防止访问或隔离硬件，直到固件可以被验证或更新为预期的时间 州。