公开(公告)号：US12212606B1

公开(公告)日：2025-01-28

申请号：US18391457

申请日：2023-12-20

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine

IPC: H04L9/40 ,  G06F21/33 ,  G06F21/44 ,  G06F21/57 ,  G06F21/64 ,  H04L9/08 ,  H04L9/32

Abstract: Custom policies are definable for use in a system that enforces policies. A user, for example, may author a policy using a policy language and transmit the system through an application programming interface call. The custom policies may specify conditions for computing environment attestations that are provided with requests to the system. When a custom policy applies to a request, the system may determine whether information in the attestation is sufficient for the request to be fulfilled.

公开(公告)号：US11626996B2

公开(公告)日：2023-04-11

申请号：US15865016

申请日：2018-01-08

Applicant: Amazon Technologies, Inc.

Inventor： Matthew John Campagna ,  Gregory Branchek Roth

IPC: H04L9/32 ,  H04L9/14 ,  H04L9/08 ,  H04L9/00

Abstract: A web of trust in a distributed system is established. A root of trust for at least two components in the distributed system validates information for the distributed system. The validated information is then used to create additional information for the distributed system. Versions of the information are usable to validate subsequent versions of the information such that validation of a version of the information can be performed by using one or more previous versions to verify that the version is a valid successor of a previously validated previous version.

公开(公告)号：US11621954B2

公开(公告)日：2023-04-04

申请号：US16921172

申请日：2020-07-06

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Graeme David Baer ,  Brian Irl Pratt

IPC: H04L9/40 ,  G06F21/34

Abstract: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.

公开(公告)号：US11470054B2

公开(公告)日：2022-10-11

申请号：US16811932

申请日：2020-03-06

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Matthew James Wren ,  Eric Jason Brandwine ,  Brian Irl Pratt

IPC: H04L9/40 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32 ,  H04L9/16

Abstract: A key rotation that results in a first key version associated with a key being replaced by a second key version associated with the same key, wherein the first key version remains associated with the key for decrypting a previously generated ciphertext but not for future encryption requests. The first key version may be associated with a first cryptographic key material and the second key version may be associated with a second cryptographic key material different from the first cryptographic key material.

公开(公告)号：US11451528B2

公开(公告)日：2022-09-20

申请号：US16452416

申请日：2019-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Gregory Branchek Roth

IPC: H04L9/40 ,  H04L9/32 ,  G09C1/00 ,  G06F21/45

Abstract: Representations of authentication objects are provided for selection via an interface. An authentication object may be generated to include information obtained from one or more sensors of a device. A selected authentication object may contain information sufficient for authentication with a corresponding system. The interface may provide multiple representations of authentication objects that are usable with different service providers. The interface, executed by a first device, may be configured to authenticate a second device.

公开(公告)号：US11258611B2

公开(公告)日：2022-02-22

申请号：US16246331

申请日：2019-01-11

Applicant: Amazon Technologies, Inc.

Inventor： Benjamin Elias Seidenberg ,  Gregory Branchek Roth ,  Benjamin Tillman Farley

IPC: H04L9/32 ,  H04L9/08

Abstract: Electronically signed data is persistently stored in data storage. After the passage of time, the data may be accessed and presented to a trusted entity for verification of the data. The trusted entity may have access to secret information used to sign the data. The trusted entity may use the secret information to verify an electronic signature of the data. One or more actions may be taken based at least in part on a response provided by the verification system.

公开(公告)号：US10977377B2

公开(公告)日：2021-04-13

申请号：US16147033

申请日：2018-09-28

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Anders Samuelsson ,  Bradley Jeffery Behm

IPC: G06F21/60 ,  H04L29/06 ,  G06Q20/14 ,  G07F17/12

Abstract: Customers of a service provider are able to provision compartments of the accounts. The both the accounts and the compartments, in some embodiments, may have associated computing resources and identities. One or more identities of the account may be authorized to perform administrative operations in the compartment. Identities of the compartment may lack the ability to perform any administrative actions outside of the compartment but inside of the account.

公开(公告)号：US10936729B2

公开(公告)日：2021-03-02

申请号：US15889053

申请日：2018-02-05

Applicant: Amazon Technologies, Inc.

Inventor： Sandeep Kumar ,  Gregory Branchek Roth ,  Gregory Alan Rubin ,  Mark Christopher Seigle ,  Kamran Tirdad

IPC: G06F21/00 ,  G06F21/60 ,  G06F11/10 ,  G06F11/14 ,  G06F12/14 ,  G06F21/62 ,  H04L9/14 ,  H04L9/08

Abstract: A data storage service redundantly stores data and keys used to encrypt the data. Data objects are encrypted with first cryptographic keys. The first cryptographic keys are encrypted by second cryptographic keys. The first cryptographic keys and second cryptographic keys are redundantly stored in a data storage system to enable access of the data objects, such as to respond to requests to retrieve the data objects. The second cryptographic keys may be encrypted by third keys and redundantly stored in the event access to a second cryptographic key is lost.

公开(公告)号：US10911457B2

公开(公告)日：2021-02-02

申请号：US16297421

申请日：2019-03-08

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Matthew James Wren

IPC: H04L29/06

Abstract: Policy changes are propagated to access control devices of a distributed system. The policy changes are given immediate effect without having to wait for the changes to propagate through the system. A token comprises the policy change and can be provided in connection with access requests. Before an access control device has received a propagated policy change, the access control device can evaluate a token provided in connection with a request to determine, consistent with the policy change, whether to fulfill the request.

公开(公告)号：US20200336479A1

公开(公告)日：2020-10-22

申请号：US16921172

申请日：2020-07-06

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Graeme David Baer ,  Brian Irl Pratt

IPC: H04L29/06 ,  G06F21/34

Abstract: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.