公开(公告)号：US20190238557A1

公开(公告)日：2019-08-01

申请号：US16380741

申请日：2019-04-10

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Gregory Alan Rubin ,  Matthew John Campagna ,  Petr Praus

IPC: H04L29/06 ,  G06F21/64 ,  G06F21/60

CPC classification number: H04L63/123 ,  G06F21/602 ,  G06F21/604 ,  G06F21/64 ,  G06F21/645 ,  H04L63/061

Abstract: A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.

公开(公告)号：US10366358B1

公开(公告)日：2019-07-30

申请号：US14577693

申请日：2014-12-19

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Bradley Jeffery Behm

IPC: G06F9/46 ,  G06Q10/06 ,  G06F9/50 ,  G06Q20/06 ,  G06Q30/08

Abstract: A method and apparatus for providing a backlogged computing work exchange are provided. In the method and apparatus, a computer system receives a request, whereby satisfaction of the request requires enqueuing computing work, The computer system determines a queued computing work quota of a plurality of queued computing work quotas for use in enqueuing the computing work and submits the request for execution, whereby the request is associated with a second client and the queued computing work quota of the plurality of queued computing work quotas is associated with a first client different from the second client.

公开(公告)号：US10339503B1

公开(公告)日：2019-07-02

申请号：US13655338

申请日：2012-10-18

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth

IPC: G06Q10/10

Abstract: Access to calendar data indicating the state of time blocks is varied according to visibility conditions associated with at least some of the time blocks. Parameters for a meeting are used to determine a state in which to indicate a block of time, which may conflict with the meeting. The state may be either an occupied or unoccupied state.

公开(公告)号：US10318336B2

公开(公告)日：2019-06-11

申请号：US15953322

申请日：2018-04-13

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Aaron Douglas Dokey ,  Eric Jason Brandwine ,  Nathan Bartholomew Thomas

IPC: G06F21/50 ,  H04L29/06 ,  G06F9/455 ,  H04L29/08 ,  G06F9/4401 ,  G06F21/53 ,  G06F21/57

Abstract: Systems and methods for providing computer system monitoring as a service of a computing resource service provider, monitoring capacity computer system of a customer of the computing resource service provider, and based on the request, launching a monitoring agent in a protected execution environment in which the monitoring agent is configured to generate an assessment of the computer system and provide the assessment of the computer system.

公开(公告)号：US10263792B2

公开(公告)日：2019-04-16

申请号：US15652161

申请日：2017-07-17

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Graeme David Baer

IPC: G06F21/00 ,  H04L9/32 ,  H04L29/06 ,  G06F21/33 ,  G06F21/31 ,  H04L9/08 ,  G06F9/455 ,  H04L9/14 ,  H04L9/30 ,  H04L29/08

Abstract: An escrow platform is described that can be used to enable access to devices. The escrow platform can be used to sign cryptographic network protocol challenges on behalf of clients so that the secrets used to sign cryptographic network protocol challenges do not have to be exposed to the clients. The escrow platform can store or control access to private keys, and the corresponding public keys can be stored on respective target platforms. A client can attempt to access a target platform and in response the target platform can issue a challenge. The client platform can send the challenge to the escrow platform, which can use the corresponding private key to sign the challenge. The signed challenge can be sent back to the client, which can forward it to the target platform. The target platform can verify the expected private key and grant access.

公开(公告)号：US10211977B1

公开(公告)日：2019-02-19

申请号：US13765283

申请日：2013-02-12

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Matthew James Wren ,  Eric Jason Brandwine ,  Brian Irl Pratt

IPC: H04L29/06 ,  H04L9/08

Abstract: A security module securely manages keys. The security module is usable to implement a cryptography service that includes a request processing component. The request processing component responds to requests by causing the security module to perform cryptographic operations that the request processing component cannot perform due to a lack of access to appropriate keys. The security module may be a member of a group of security modules that securely manage keys. Techniques for passing secret information from one security module to the other prevent unauthorized access to secret information.

公开(公告)号：US10090998B2

公开(公告)日：2018-10-02

申请号：US15179827

申请日：2016-06-10

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Matthew James Wren

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/14 ,  G06F21/62

Abstract: A request to perform one or more operations using a second key that is inaccessible to a customer of a computing resource service provider is received from the customer, with the request including information that enables the computing resource service provider to select the second key from other keys managed on behalf of customers of the computing resource service provider. A first key, and in addition to the first key, an encrypted first key, is provided to the customer. Data encrypted under the first key is received from the customer. The encrypted first key and the data encrypted under the first key is caused to be stored in persistent storage, such that accessing the data, in plaintext form, from the persistent storage requires use of both a third key and the second key that is inaccessible to the customer.

公开(公告)号：US20180275765A1

公开(公告)日：2018-09-27

申请号：US15899531

申请日：2018-02-20

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Quynh Khac Nguyen

IPC: G06F3/01 ,  G06F3/0481 ,  G06F3/0484 ,  G06F3/0346 ,  G06F3/03 ,  G06F3/0488

CPC classification number: G06F3/017 ,  G06F3/011 ,  G06F3/0304 ,  G06F3/0346 ,  G06F3/04812 ,  G06F3/0484 ,  G06F3/04886 ,  G06F21/45 ,  G06F21/604 ,  H04L63/083 ,  H04L63/205 ,  H04L67/1002

Abstract: A configurable load balancer can be utilized in a multi-tenant environment, where the load balancer can incorporate, or utilize, an account management service operable to perform security tasks such as authentication, authorization, and session management. Customers can utilize the load balancer to control access that users have to resources associated with those customers, without having to build and maintain a dedicated user management system. By implementing security functionality at the load balancer level, traffic can be managed before reaching the resources, which can help to reduce traffic and load on the resources, and can also help to prevent attacks and secure sensitive information. Visibility into the traffic through the load balancer also allows for behavior and usage monitoring, which is helpful for tasks such as billing and usage limit enforcement.

公开(公告)号：US10055594B2

公开(公告)日：2018-08-21

申请号：US15069851

申请日：2016-03-14

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine ,  Matthew James Wren

IPC: G06F21/60 ,  G06F21/62

CPC classification number: G06F21/602 ,  G06F21/6218 ,  G06F21/6254

Abstract: A service proxy services as an application programming interface proxy to a service, which may involve data storage. When a request to store data is received by the service proxy, the service proxy encrypts the data and stores the data in encrypted form at the service. Similarly, when a request to retrieve data is received by the service proxy, the service proxy obtains encrypted data from the service and decrypts the data. The data may be encrypted using a key that is kept inaccessible to the service.

公开(公告)号：US20180232517A1

公开(公告)日：2018-08-16

申请号：US15953322

申请日：2018-04-13

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Aaron Douglas Dokey ,  Eric Jason Brandwine ,  Nathan Bartholomew Thomas

IPC: G06F21/50 ,  G06F9/455 ,  H04L29/08 ,  H04L29/06

CPC classification number: G06F21/50 ,  G06F9/4401 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/57 ,  G06F2009/45591 ,  H04L63/10 ,  H04L63/12 ,  H04L67/10

Abstract: Systems and methods for providing computer system monitoring as a service of a computing resource service provider, monitoring capacity computer system of a customer of the computing resource service provider, and based on the request, launching a monitoring agent in a protected execution environment in which the monitoring agent is configured to generate an assessment of the computer system and provide the assessment of the computer system.