公开(公告)号：US20140229729A1

公开(公告)日：2014-08-14

申请号：US13764963

申请日：2013-02-12

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Matthew James Wren ,  Eric Jason Brandwine ,  Brian Irl Pratt

IPC: H04L29/06

CPC classification number: H04L63/0471 ,  G06F21/602 ,  G06F21/6218 ,  G06F2221/2101 ,  H04L9/0894 ,  H04L9/3242 ,  H04L9/3247 ,  H04L63/045 ,  H04L63/08 ,  H04L67/1097 ,  H04L2209/76

Abstract: A distributed computing environment utilizes a cryptography service. The cryptography service manages keys securely on behalf of one or more entities. The cryptography service is configured to receive and respond to requests to perform cryptographic operations, such as encryption and decryption. The requests may originate from entities using the distributed computing environment and/or subsystems of the distributed computing environment.

Abstract translation: 分布式计算环境利用加密服务。 密码服务代表一个或多个实体安全地管理密钥。 密码服务被配置为接收和响应执行密码操作（例如加密和解密）的请求。 请求可以来自使用分布式计算环境和/或分布式计算环境的子系统的实体。

公开(公告)号：US20140208414A1

公开(公告)日：2014-07-24

申请号：US13747224

申请日：2013-01-22

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Peter Nicholas DeSantis ,  Léon Thrane

IPC: G06F21/62

CPC classification number: G06F21/6218 ,  G06F2221/2149

Abstract: Approaches are described for security and access control for computing resources. Various embodiments utilize metadata, e.g., tags that can be applied to one or more computing resources (e.g., virtual machines, host computing devices, applications, databases, etc.) to control access to these and/or other computing resources. In various embodiments, the tags and access control policies described herein can be utilized in a multitenant shared resource environment.

Abstract translation: 描述了用于计算资源的安全和访问控制的方法。 各种实施例利用元数据，例如可以应用于一个或多个计算资源（例如，虚拟机，主机计算设备，应用程序，数据库等）的标签来控制对这些和​​/或其他计算资源的访问。 在各种实施例中，本文描述的标签和访问控制策略可以在多租户共享资源环境中使用。

公开(公告)号：US08667499B2

公开(公告)日：2014-03-04

申请号：US13946943

申请日：2013-07-19

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  James Alfred Gordon Greenfield ,  Diwakar Gupta

IPC: G06F9/46

CPC classification number: H04L43/04 ,  G06F9/505

Abstract: Systems and methods are described for managing requests for computing capacity from a provider of computing resources. The computing resources may include program execution capabilities, data storage or management capabilities, network bandwidth, etc. In some implementations, user requests are probabilistically denied or granted while some computing resources are still available. By denying some requests or granting only some, the rate of computing resource usage can be reduced, thus preserving some capacity for a longer period of time. In one embodiment, the capacity can be provided to clients based on client priority, provided to clients with reserved resources, provided to clients probabilistically, sold on a spot market, or allocated in some other fashion.

Abstract translation: 描述了用于管理来自计算资源提供商的计算能力请求的系统和方法。 计算资源可以包括程序执行能力，数据存储或管理能力，网络带宽等。在一些实现中，在某些计算资源仍然可用的情况下，概率地拒绝或授予用户请求。 通过拒绝一些请求或仅授予一些请求，可以减少计算资源使用率，从而在较长时间内保留一些容量。 在一个实施例中，可以基于客户端优先级向客户端提供容量，提供给具有预留资源的客户端，概率地提供给客户，在现货市场上出售或以某种其他方式分配。

公开(公告)号：US12238165B2

公开(公告)日：2025-02-25

申请号：US18403626

申请日：2024-01-03

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Kevin Christopher Miller ,  Andrew J. Doane

IPC: H04L67/1029 ,  G06F9/455 ,  G06F11/14 ,  G06F11/20 ,  H04L61/2503 ,  H04L61/5007 ,  H04L67/1097 ,  H04L101/668

Abstract: Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable.

公开(公告)号：US12086250B1

公开(公告)日：2024-09-10

申请号：US17548261

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine

IPC: G06F21/00 ,  G06F13/20 ,  G06F21/56

CPC classification number: G06F21/566 ,  G06F13/20 ,  G06F2213/40 ,  G06F2221/034

Abstract: Techniques are described for monitoring and analyzing input/output (I/O) messages for patterns indicative of ransomware attacks affecting computer systems of a cloud provider, and for performing various remediation actions to mitigate data loss once a potential ransomware attack is detected. The monitoring of I/O activity for such patterns is performed at least in part by I/O proxy devices coupled to computer systems of a cloud provider network, where an I/O proxy device is interposed in the I/O path between guest operating systems running on a computer system and storage devices to which I/O messages are destined. An I/O proxy device can analyze I/O messages for patterns indicative of potential ransomware attacks by monitoring for anomalous I/O patterns which may, e.g., be indicative of a malicious process attempting to encrypt or otherwise render in accessible a significant portion of one or more storage volumes as part of a ransomware attack.

公开(公告)号：US11902364B2

公开(公告)日：2024-02-13

申请号：US18171260

申请日：2023-02-17

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Kevin Christopher Miller ,  Andrew J. Doane

IPC: H04L67/1029 ,  G06F9/455 ,  G06F11/14 ,  H04L61/5007 ,  G06F11/20 ,  H04L61/2503 ,  H04L67/1097 ,  H04L101/668

CPC classification number: H04L67/1029 ,  G06F9/45533 ,  G06F9/45558 ,  G06F11/1484 ,  G06F11/2007 ,  H04L61/2503 ,  H04L61/5007 ,  H04L67/1097 ,  G06F11/2038 ,  G06F11/2048 ,  G06F11/2097 ,  G06F2009/45562 ,  G06F2201/85 ,  H04L2101/668

Abstract: Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable.

公开(公告)号：US11870816B1

公开(公告)日：2024-01-09

申请号：US17953123

申请日：2022-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine

IPC: H04L9/40 ,  H04L9/08 ,  G06F21/64 ,  H04L9/32 ,  G06F21/33 ,  G06F21/44 ,  G06F21/57

CPC classification number: H04L63/20 ,  G06F21/33 ,  G06F21/44 ,  G06F21/57 ,  G06F21/64 ,  H04L9/0825 ,  H04L9/0897 ,  H04L9/3213 ,  H04L9/3263 ,  H04L63/0823 ,  H04L9/32 ,  H04L63/205

Abstract: Custom policies are definable for use in a system that enforces policies. A user, for example, may author a policy using a policy language and transmit the system through an application programming interface call. The custom policies may specify conditions for computing environment attestations that are provided with requests to the system. When a custom policy applies to a request, the system may determine whether information in the attestation is sufficient for the request to be fulfilled.

公开(公告)号：US11842208B2

公开(公告)日：2023-12-12

申请号：US17460718

申请日：2021-08-30

Applicant: Amazon Technologies, Inc.

Inventor： Marvin M. Theimer ,  Peter DeSantis ,  Eric Jason Brandwine

IPC: G06F9/455 ,  H04L41/0806 ,  H04L41/5051 ,  G06F9/50

CPC classification number: G06F9/45533 ,  G06F9/5027 ,  H04L41/0806 ,  H04L41/5051 ,  G06F2209/5011

Abstract: Virtual resources may be provisioned in a manner that is aware of, and respects, underlying implementation resource boundaries. A customer of the virtual resource provider may specify that particular virtual resources are to be implemented with implementation resources that are dedicated to the customer. Dedicating an implementation resource to a particular customer of a virtual resource provider may establish one or more information barriers between the particular customer and other customers of the virtual resource provider. Implementation resources may require transition procedures, including custom transition procedures, to enter and exit dedicated implementation resource pools. Costs corresponding to active and inactive implementation resources in a dedicated pools associated with a particular customer may be accounted for, and presented to, the customer in a variety of ways including explicit, adjusted per customer and adjusted per type of virtual resource and/or implementation resource.

公开(公告)号：US11777911B1

公开(公告)日：2023-10-03

申请号：US17476300

申请日：2021-09-15

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine

IPC: H04L9/40 ,  H04L9/32 ,  H04L67/02

CPC classification number: H04L63/0428 ,  H04L9/321 ,  H04L9/3247 ,  H04L63/10 ,  H04L63/102 ,  H04L63/108 ,  H04L63/123 ,  H04L67/02 ,  H04L63/168

Abstract: Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.

公开(公告)号：US11522896B2

公开(公告)日：2022-12-06

申请号：US14574183

申请日：2014-12-17

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Donald L. Bailey, Jr.

IPC: H04L9/40 ,  G06F9/455 ,  G06F21/30 ,  G06F21/53 ,  G06F21/57

Abstract: Systems, methods, and interfaces for the management of virtual machine instances and other programmatically controlled networks are provided. The hosted virtual networks are configured in a manner such that a virtual machine manager of the virtual network may monitor activity such as user requests, network traffic, and the status and execution of various virtual machine instances to determine possible security assessments. Aspects of the virtual network may be assessed for vulnerabilities at varying levels of granularity and sophistication when a suspicious event or triggering activity is detected. Illustrative embodiments of the systems and methods may be implemented on a virtual network overlaid on one or more intermediate physical networks that are used as a substrate network.