公开(公告)号：US09251375B1

公开(公告)日：2016-02-02

申请号：US14019120

申请日：2013-09-05

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Darren Ernest Canavor ,  Daniel Wade Hitchcock ,  Jesper Mikael Johansson ,  Bharath Kumar Bhimanaik

IPC: G06F11/30 ,  G06F21/64

CPC classification number: G06F21/64 ,  G06F21/6218

Abstract: Use case-specific entity identifiers are disclosed. Entity data associated with an actual entity identifier of an entity is generated. A use case-specific entity identifier is generated based at least in part on encrypting the actual entity identifier using reversible encryption. The entity data, in association with the use case-specific entity identifier, is sent to another service.

Abstract translation: 披露用例特定的实体标识符。 生成与实体的实际实体标识符相关联的实体数据。 至少部分地基于使用可逆加密对实际实体标识符进行加密来生成用例专用实体标识符。 与用例专用实体标识符相关联的实体数据被发送到另一个服务。

公开(公告)号：US09225704B1

公开(公告)日：2015-12-29

申请号：US13917138

申请日：2013-06-13

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Darren Ernest Canavor ,  Jon Arron McClintock

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/20

Abstract: Disclosed are various embodiments for management of third-party accounts for users in an organization. It is determined whether a user in an organization is to be provided with managed access to a third-party network site. An account may be managed for the user with the third-party network site in response when the user is to be provided with managed access to the third-party network site. A security credential is stored for the managed account. A client computing device associated with the user is configured to authenticate with the third-party network site using the security credential. The user may be restricted from accessing the security credential.

Abstract translation: 公开了用于管理组织中的用户的第三方帐户的各种实施例。 确定组织中的用户是否被提供给第三方网络的托管访问。 当用户被提供给第三方网络的托管访问时，可以为第三方网站的用户管理帐户。 存储管理帐户的安全凭证。 与用户相关联的客户端计算设备被配置为使用安全凭证与第三方网站进行认证。 用户可能被限制访问安全凭证。

公开(公告)号：US09152808B1

公开(公告)日：2015-10-06

申请号：US13849772

申请日：2013-03-25

Applicant: Amazon Technologies, Inc.

Inventor： Harsha Ramalingam ,  Jesper Mikael Johansson ,  James Connelly Petts ,  Dominique Imjya Brezinski

IPC: G06F7/04 ,  G06F21/62 ,  H04L29/06

CPC classification number: G06F21/62 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/1491 ,  H04L63/30

Abstract: Disclosed are various embodiments for obtaining policy data specifying decoy data eligible to be inserted within a response to an access of a data store. The decoy data is detected in the response among a plurality of non-decoy data based at least upon the policy data. An action associated with the decoy data is initiated in response to the access of the data store meeting a configurable threshold.

Abstract translation: 公开了用于获得策略数据的各种实施例，该策略数据指定在对数据存储的访问的响应中有资格插入的诱饵数据。 至少基于策略数据，在多个非诱饵数据之间的响应中检测诱饵数据。 响应于满足可配置阈值的数据存储的访问，启动与诱饵数据相关联的动作。

公开(公告)号：US11228599B2

公开(公告)日：2022-01-18

申请号：US16684502

申请日：2019-11-14

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Max Harwell Funderburk ,  Mian Zainulabadin Khurrum ,  Kripa Shankar Karukurichi Subramanian

IPC: H04L29/06 ,  G06F21/31 ,  H04L29/08

Abstract: Methods and systems are provided for restoring access for user accounts when suspicious activity is detected. The methods and systems identify any potential suspicious activity or potential misuse associated with a user account. The user account has account privileges associated with a network service. The methods and systems sends a notification to a network application to indicate that account privileges associated with the user account are limited. In response to the notification, a series of tasks to restore access to the user account may be performed.

公开(公告)号：US11042869B1

公开(公告)日：2021-06-22

申请号：US14503324

申请日：2014-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Matthew Ryan Jezorek ,  Scott Kenneth Bishop ,  Brenda Renee' Campbell ,  Darren Ernest Canavor ,  Scott Donald Gregory ,  Jesper Mikael Johansson ,  David James Kane-Parry ,  Eric Michael Laird ,  Brian Young Lee ,  Ido Mittelman ,  Gregory Branchek Roth ,  James Arthur Wilson

IPC: G06Q20/34 ,  G06Q20/40

Abstract: A payment object service receives a request from a giver to associate a payment amount to an object. The request includes one or more images of the object and recipient information, which the payment object service uses to determine whether the association between these images and the information is unique. If the association is unique, the payment object service updates a database to associate the payment amount to the object and enable redemption of the payment amount. When the payment object service receives a request to redeem at least a portion of the payment amount, the payment object service may use one or more images and recipient information obtained from the request to verify that the images and information together correspond to the object. Once the redemption is complete, the payment object service may update the database to specify the current remaining payment amount.

公开(公告)号：US10521984B1

公开(公告)日：2019-12-31

申请号：US14675654

申请日：2015-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Eric Allan MacIntosh ,  Gregory Branchek Roth

IPC: G07C9/00 ,  H04L29/06

Abstract: Techniques described and suggested in the present document include access-card systems and methods that are resistant to attack. In certain implementations, a card reader transmits a challenge message to an access card. When the access card receives the challenge message, the access card validates the challenge message, and then generates a response message based at least in part on the information contained in the challenge message. A security server validates the response message, and when the security server determines that the response is secure, valid, and from an authorized access card, the security server grants access to a physical space. In some implementations, the challenge and response messages are digitally signed using a cryptographic key. Additional implementations include various tests that, when performed on the challenge and/or response messages detect and defeat many attempts to compromise the access-card system.

公开(公告)号：US10462116B1

公开(公告)日：2019-10-29

申请号：US14855298

申请日：2015-09-15

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Darren Ernest Canavor ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  Muhammad Wasiq

IPC: H04L29/06

Abstract: The present document describes systems and methods that detect unauthorized transmission of data from internal networks to remote service providers, even when the transmission occurs over an encrypted connection. An exfiltration monitor is configured to monitor encrypted communications between clients within an internal network and a remote service provider. In various implementations, the exfiltration monitor associates the encrypted connections with account information, and applies exfiltration policies to the connections based at least in part on the associated account information. In additional implementations, the exfiltration monitor is provided with cryptographic keys that facilitate packet inspection of the encrypted connections. In many situations, the exfiltration monitor can use this information to discern between authorized use of a remote service, and unauthorized data exfiltration to the remote service.

公开(公告)号：US10356069B2

公开(公告)日：2019-07-16

申请号：US15042071

申请日：2016-02-11

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Gregory Branchek Roth

IPC: G09C1/00 ,  H04L9/32 ,  H04L29/06

Abstract: Representations of authentication objects are provided for selection via an interface. An authentication object may be generated to include information obtained from one or more sensors of a device. A selected authentication object may contain information sufficient for authentication with a corresponding system. The interface may provide multiple representations of authentication objects that are usable with different service providers. The interface, executed by a first device, may be configured to authenticate a second device.

公开(公告)号：US10348797B1

公开(公告)日：2019-07-09

申请号：US14970400

申请日：2015-12-15

Applicant: Amazon Technologies, Inc.

Inventor： Joshua Marc Burgin ,  Kurt Kufeld ,  Peter Sven Vosshall ,  Arun Sundaram ,  Jesper Mikael Johansson ,  Peter Frank Hill

IPC: H04L29/06 ,  H04L29/08 ,  G06F16/957 ,  G06F16/958

Abstract: Systems, methods, and computer-readable media related to configuration of multiple browser applications to control the functionality of the browser application as at least some content is accessed are provided. The configuration of a server-based browser application and a client-based browser application can be controlled programmatically such that browser configuration can be validated and controlled by at least some content providers. Additionally, the configuration and subsequent processing of content provided by an authenticating content provider can be implemented in a manner to limit content access functionality.

公开(公告)号：US10180936B2

公开(公告)日：2019-01-15

申请号：US15470846

申请日：2017-03-27

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Darren Ernest Canavor ,  Jesper Mikael Johansson

IPC: G06F17/27 ,  G06F17/22 ,  G06F17/28 ,  G06F3/0481 ,  G06F17/30

Abstract: A mechanism is provided for representing information, such as binary sequence, in a manner that is easier to read and less likely to generate errors when interacted with by human. A dictionary is seeded with two or more set of words, the words being selected from distinct categories. Symbols may be created by combining words from the distinct categories. A mapping of symbols to corresponding values may then be generated. The generated mapping may be used to translate bit values to symbols and symbols to bit values.