-
公开(公告)号:US09628274B1
公开(公告)日:2017-04-18
申请号:US14542288
申请日:2014-11-14
Applicant: Amazon Technologies, Inc.
Inventor: Jason Jenks , Tushaar Sethi , Brandon B. Low , Jason Cetina , Jesper Mikael Johansson , Waylon Brunette , Hanson Char , Spencer Proffit
CPC classification number: H04L9/0877 , G06Q20/3226 , G06Q20/3823 , G06Q20/385 , G06Q20/409 , H04L9/0866 , H04L9/0894 , H04L29/06 , H04L63/06 , H04L2209/127 , H04L2463/062
Abstract: A method of using a hardware security module and an adjunct application programming interface to harden tokenization security and encryption key rotation is disclosed. In various embodiments, the method comprises receiving encrypted data at a processor of a computer system, decrypting the encrypted data to cleartext in the processor, and issuing a unique token associated with the data.
-
公开(公告)号:US10728272B1
公开(公告)日:2020-07-28
申请号:US14573980
申请日:2014-12-17
Applicant: Amazon Technologies, Inc.
IPC: G06F11/00 , H04L29/06 , G06F21/62 , G06F16/901
Abstract: A method and apparatus for risk scoring in a graph are disclosed. In the method and apparatus, a graph includes a first node that is connected with a node of a plurality of nodes using a communication link of a plurality of communication links. A plurality of link risk measures are then determined, whereby a link risk measure of the plurality of link risk measures pertains to the communication link of the plurality of communication links. Furthermore, a risk measure associated with the first node is determined based at least in part on the plurality of link risk measures. The risk measure is monitored to determine if one or more conditions placed on the risk measure are met and one or more actions are taken as a result of the one or more conditions being met.
-
13.发明申请公开(公告)号:US20200067959A1
公开(公告)日:2020-02-27
申请号:US16670411
申请日:2019-10-31
Applicant: Amazon Technologies, Inc.
Inventor: Maarten Van Horenbeeck , Christopher Michael Anderson , Katharine Nicole Harrison , Matthew Ryan Jezorek , Jon Arron McClintock , Tushaar Sethi
IPC: H04L29/06 , H04L12/721 , G06N20/00
Abstract: Techniques described and suggested herein include various systems and methods for determining risk levels associated with transiting data, and routing portions of the data in accordance with the determined risk levels. For example, a risk analyzer may apply risk classifiers to transiting data to determine overall risk levels of some or all of the transiting data. A traffic router may route transiting data according to determined risk profiles for the data. A sandbox may be implemented to compare, for a given input, expected and observed outputs for a subset of transiting data, so as to determine risk profiles associated with at least the subset.
-
公开(公告)号:US10467423B1
公开(公告)日:2019-11-05
申请号:US14225958
申请日:2014-03-26
Applicant: Amazon Technologies, Inc.
Inventor: Jon Arron McClintock , Tushaar Sethi , Maarten Van Horenbeeck
Abstract: Method and apparatus for identifying a flow of data from a first data store to a second data store are disclosed. In the method and apparatus, a service may send the data from the first data store to the second data store, whereby the service may be associated with an access control policy that specifies whether the service is permitted to send or receive the data. The access control policy may be used as a basis for the evaluation of executable instructions of the service, and evaluation of the executable instructions may be used to identify the first data store or the second data store.
-
公开(公告)号:US20180091375A1
公开(公告)日:2018-03-29
申请号:US15829725
申请日:2017-12-01
Applicant: Amazon Technologies, Inc.
IPC: H04L12/24 , H04L12/733
CPC classification number: H04L41/12 , H04L45/122
Abstract: A method and apparatus for path detection are disclosed. In the method and apparatus, a data path may link two path-end nodes in a network. Event data for the network may be received and may be used to determine, for each node resident on the path, proximity measures to each path-end node. The proximity measure of network nodes may be evaluated to determine whether a path exists between the two path-end nodes.
-
Patent Agency Ranking
公开(公告)号:US20170132064A1
公开(公告)日:2017-05-11
申请号:US15414491
申请日:2017-01-24
Applicant: Amazon Technologies, Inc.
Inventor: Jon Arron McClintock , Tushaar Sethi , George Nikolaos Stathakopoulos
CPC classification number: G06F11/0757 , G06F11/00 , G06F11/0706 , G06F11/0721 , G06F11/0754 , G06F11/0775 , G06F11/3003 , G06F11/3051 , G06F11/3068 , G06F11/34 , G06F11/3419 , H04L67/303
Abstract: A monitoring service receives, from a variety of hardware components of a set of computer systems, binary signals indicative of operation of these components. The monitoring service determines, based at least in part on these signals, a set of beat frequencies for pairings of hardware components of the set of computer systems. The monitoring service uses this set of beat frequencies, as well as information included in a profile for the set of computer systems, to determine whether there is any indication of anomalous behavior in operation of the set of computer systems. If so, the monitoring service generates one or more alerts indicating the anomalous behavior.
-
公开(公告)号:US09558053B1
公开(公告)日:2017-01-31
申请号:US14752445
申请日:2015-06-26
Applicant: Amazon Technologies, Inc.
Inventor: Jon Arron McClintock , Tushaar Sethi , George Nikolaos Stathakopoulos
CPC classification number: G06F11/0757 , G06F11/00 , G06F11/0706 , G06F11/0721 , G06F11/0754 , G06F11/0775 , G06F11/3003 , G06F11/3051 , G06F11/3068 , G06F11/34 , G06F11/3419 , H04L67/303
Abstract: A monitoring service receives, from a variety of hardware components of a set of computer systems, binary signals indicative of operation of these components. The monitoring service determines, based at least in part on these signals, a set of beat frequencies for pairings of hardware components of the set of computer systems. The monitoring service uses this set of beat frequencies, as well as information included in a profile for the set of computer systems, to determine whether there is any indication of anomalous behavior in operation of the set of computer systems. If so, the monitoring service generates one or more alerts indicating the anomalous behavior.
Abstract translation: 监视服务从一组计算机系统的各种硬件组件接收指示这些组件的操作的二进制信号。 该监视服务至少部分地基于这些信号确定用于该组计算机系统的硬件组件的配对的一组拍频。 监视服务使用这组拍频,以及包括在该组计算机系统的简档中的信息,以确定在该组计算机系统的操作中是否存在任何异常行为的指示。 如果是这样,监控服务会产生一个或多个警报,指示异常行为。
-
公开(公告)号:US09141769B1
公开(公告)日:2015-09-22
申请号:US13763033
申请日:2013-02-08
Applicant: Amazon Technologies, Inc.
Inventor: Daniel W. Hitchcock , Darren Ernest Canavor , Tushaar Sethi
CPC classification number: H04L63/0435 , G06F21/10 , G06F21/62 , H04L9/0825 , H04L9/0877 , H04L9/0891 , H04L9/0897 , H04L9/14 , H04L9/3234 , H04L9/3268 , H04L63/0823
Abstract: Aspects related to the secure transfer and use of secret material are described. In one embodiment, public vendor and provider keys are provided to a customer and encrypted secret material is received in return. The encrypted secret material may include a customer secret material encrypted by the public vendor and provider keys. The encrypted secret material is imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret material of the customer, as the customer secret material is decrypted and stored within the trusted execution environment but is not accessed by the provider in an unencrypted form. In turn, the provider may receive various instructions to perform cryptographic operations on behalf of the customer, and those instructions may be performed by the trusted execution environment.
Abstract translation: 描述与秘密材料的安全转移和使用相关的方面。 在一个实施例中,公共供应商和供应商密钥被提供给客户,并且收到加密的秘密材料。 加密的秘密材料可以包括由公共供应商加密的客户秘密材料和提供商密钥。 加密的秘密资料被导入到受信任的执行环境中,并用专用提供商和供应商密钥进行解密。 以这种方式,密码处理提供者不会暴露给客户的秘密资料,因为客户秘密资料被解密并存储在受信任的执行环境中,但未被提供者以未加密形式访问。 反过来,提供商可以接收代表客户执行密码操作的各种指令,并且这些指令可以由可信执行环境执行。
-
公开(公告)号:US11711390B1
公开(公告)日:2023-07-25
申请号:US17721150
申请日:2022-04-14
Applicant: Amazon Technologies, Inc.
Inventor: Maarten Van Horenbeeck , Christopher Michael Anderson , Katharine Nicole Harrison , Matthew Ryan Jezorek , Jon Arron McClintock , Tushaar Sethi
CPC classification number: H04L63/1425 , G06N20/00 , H04L45/70 , H04L63/1433
Abstract: Techniques described and suggested herein include various systems and methods for determining risk levels associated with transiting data, and routing portions of the data in accordance with the determined risk levels. For example, a risk analyzer may apply risk classifiers to transiting data to determine overall risk levels of some or all of the transiting data. A traffic router may route transiting data according to determined risk profiles for the data. A sandbox may be implemented to compare, for a given input, expected and observed outputs for a subset of transiting data, so as to determine risk profiles associated with at least the subset.
-
公开(公告)号:US10313339B1
公开(公告)日:2019-06-04
申请号:US15376494
申请日:2016-12-12
Applicant: Amazon Technologies, Inc.
Inventor: Conor Power , Jon Arron McClintock , Dean H. Saxe , Tushaar Sethi
Abstract: A delivery verification service receives an electronic message that indicates delivery of an authentication device. In response to receiving the electronic message, the delivery verification service identifies, based at least in part on the electronic message, a set of attributes of a recipient to which the authentication device was delivered. Based at least in part on these attributes of the recipient, the delivery verification service determines whether to activate the authentication device. If the delivery verification service determines that the authentication device can be activated, the delivery verification service causes the authentication device to be enabled.
-
-
-
-
-
-
-
-
-
Search Results
31
records
(took 0.022 seconds)
