公开(公告)号：US09319392B1

公开(公告)日：2016-04-19

申请号：US14040373

申请日：2013-09-27

Applicant: Amazon Technologies, Inc.

Inventor： James Leon Irving, Jr. ,  Andrew Paul Mikulski ,  Gregory Branchek Roth ,  William Frederick Kruse

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L63/108 ,  H04L63/12

Abstract: A credential management system is described that provides a way to disable and/or rotate credentials, such as when a credential is suspected to have been compromised, while minimizing potential impact to various systems that may depend on such credentials. The credentials may be disabled temporarily at first and the availability of various resources is monitored for changes. If no significant drop of availability in the resources has occurred, the credential may be disabled for a longer period of time. In this manner, the credentials may be disabled and re-enabled for increasingly longer time intervals until it is determined with sufficient confidence/certainty that disabling the credential will not adversely impact critical systems, at which point the credential can be rotated and/or permanently disabled. This process also enables the system to determine which systems are affected by a credential in cases where such information is not known.

Abstract translation: 描述了一种凭证管理系统，其提供了一种方法来禁用和/或转动凭证，例如当证书被怀疑已经被泄露时，同时最小化可能依赖于这些证书的各种系统的潜在影响。 首先可以临时禁用凭据，并监控各种资源的可用性以进行更改。 如果资源中的可用性没有明显下降，则该凭证可能会被禁用较长时间。 以这种方式，凭证可以被禁用并被重新启用，以便越来越长的时间间隔，直到以足够的置信/确定性确定，禁用证书将不会对关键系统产生不利影响，此时凭证可以被旋转和/或永久地 残疾人士 该过程还使系统能够确定在不知道这些信息的情况下哪些系统受到凭证的影响。

公开(公告)号：US09049232B2

公开(公告)日：2015-06-02

申请号：US13781298

申请日：2013-02-28

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Donald Lee Bailey, Jr. ,  Andrew Paul Mikulski ,  Robert Eric Fitzgerald

IPC: G06F17/00 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L63/164 ,  H04L9/0869 ,  H04L63/04 ,  H04L63/16

Abstract: Methods and apparatus for a configurable-quality random data service are disclosed. A method includes implementing programmatic interfaces enabling a determination of respective characteristics of random data to be delivered to one or more clients of a random data service of a provider network. The method includes implementing security protocols for transmission of random data to the clients, including a protocol for transmission of random data to trusted clients at devices within the provider network. The method further includes obtaining, on behalf of a particular client and in accordance with the determined characteristics, random data from one or more servers of the provider network, and initiating a transmission of the random data directed to a destination associated with the particular client.

Abstract translation: 公开了可配置质量随机数据服务的方法和装置。 一种方法包括实现程序化接口，使得能够将随机数据的相应特性确定为递送给提供者网络的随机数据服务的一个或多个客户端。 该方法包括实现用于向客户端发送随机数据的安全协议，包括用于在提供商网络内的设备处将随机数据传输到可信客户端的协议。 该方法还包括代表特定客户端并根据确定的特征获得来自提供商网络的一个或多个服务器的随机数据，以及发起指向与特定客户端相关联的目的地的随机数据的传输。