公开(公告)号：US10979430B1

公开(公告)日：2021-04-13

申请号：US15598251

申请日：2017-05-17

Applicant: Amazon Technologies, Inc.

Inventor： Daniel Wade Hitchcock ,  Bharath Kumar Bhimanaik

IPC: H04L29/06

Abstract: A computer-facilitated service receives a request from a user to access resources provided by the computer-facilitated service. In response to the request, the computer-facilitated service selects an authentication method that can be performed by a remote authentication provider. The computer-facilitated service causes the remote authentication provider to perform the authentication method. In response to an authentication decision provided by the remote authentication provider, the computer-facilitated service determines whether the user has been authenticated by the remote authentication provider. If so, the computer-facilitated service fulfills the request from the user to access the resources.

公开(公告)号：US10911224B1

公开(公告)日：2021-02-02

申请号：US15927915

申请日：2018-03-21

Applicant: Amazon Technologies, Inc.

Inventor： Priti Marappan ,  Darren Ernest Canavor ,  Daniel Wade Hitchcock ,  Bharath Kumar Bhimanaik ,  Andrew Jay Roths

IPC: H04L9/08 ,  H04W12/04 ,  E05B17/22

Abstract: A method of implementing a network-enabled secure door lock, comprising determining, at a first component of the lock, a nonce; wirelessly transmitting the nonce to a second component of the door lock, the first component and second component selectively mechanically engagable with one another to prevent relative movement between the first component and second component to prevent opening of a door; receiving, at the first component, a first message; using a cryptographic key associated with the second component and the nonce to validate the first message; and as a result of determining that the message is valid, transmitting a second message indicating that the first component and second component have become mechanically engaged with one another.

公开(公告)号：US10510352B2

公开(公告)日：2019-12-17

申请号：US16129081

申请日：2018-09-12

Applicant: Amazon Technologies, Inc.

Inventor： Bharath Kumar Bhimanaik ,  Daniel Wade Hitchcock

IPC: G10L17/00 ,  G10L19/018 ,  G10L17/02 ,  G10L17/06 ,  G10L25/51 ,  G10L15/08

Abstract: Disclosed are various embodiments for detecting replay attacks in voice-based authentication systems. In one embodiment, audio is captured via an audio input device. It is then verified that the audio includes a voice authentication factor spoken by a user. The audio is then compared with stored audio spoken by the user. If it is determined that an exact copy of the voice authentication factor is in the stored audio, one or more actions may be performed.

公开(公告)号：US10333946B1

公开(公告)日：2019-06-25

申请号：US15189493

申请日：2016-06-22

Applicant: Amazon Technologies, Inc.

Inventor： Daniel Wade Hitchcock ,  Bharath Kumar Bhimanaik ,  Robert Ellis Lee

IPC: H04L29/06

Abstract: Disclosed are various embodiments for distributing and verifying ephemeral security credentials of variable entropy across channels of communication of variable levels of security assurance. In one embodiment, a security credential is generated for a user account. A subset of a set of communication channels associated with the user account is determined based at least in part on respective measures of entropy and/or security assurance corresponding to individual ones of the set of communication channels. The security credential is divided into multiple portions. A corresponding portion of the portions is sent across individual channels of subset of channels. A client computing device is authenticated for access to the user account based at least in part on receiving the portions of the security credential.

公开(公告)号：US09923927B1

公开(公告)日：2018-03-20

申请号：US14869344

申请日：2015-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Yogesh Vilas Golwalkar ,  Bharath Kumar Bhimanaik ,  Darin Keith McAdams ,  Tushaar Sethi

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/0846 ,  H04L63/105 ,  H04L63/108

Abstract: Methods and systems are provided to enable access control based on credential properties. Besides authenticating a credential, an authentication service can provide additional credential-related information with respect to a credential such as last updated time. An entity receiving such additional credential-related information can implement access control policies based on the credential-related information. For instance, a user's access rights may be gradually restricted after an initial expiration time and towards a final expiration time. In an example, such access control may be implemented by a client application or client website of the authentication service. Alternatively or additionally, such access control may be implemented by an authorization service used by the client application or client website.

公开(公告)号：US09864852B2

公开(公告)日：2018-01-09

申请号：US14809762

申请日：2015-07-27

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Darren Ernest Canavor ,  Daniel Wade Hitchcock ,  Bharath Kumar Bhimanaik

IPC: G06F21/31 ,  H04L29/06

CPC classification number: G06F21/31 ,  G06F21/33 ,  G06F21/44 ,  H04L63/0838 ,  H04L63/0884 ,  H04L2463/082

Abstract: Disclosed are various embodiments for providing multi-factor authentication credentials. For example, a first application may send an authentication request to a first authentication service, where the request specifies a first authentication factor. A second application may generate a user interface upon a display, where the user interface facilitates entry of a user approval. In response to receiving the user approval, the second application may send a second authentication factor to a second authentication service that acts as a proxy for the first authentication service. In some embodiments, an application may be configured to automatically transfer a one-time password or other authentication factor to a recipient in response to receiving a user approval.

公开(公告)号：US09727737B1

公开(公告)日：2017-08-08

申请号：US14810275

申请日：2015-07-27

Applicant: Amazon Technologies, Inc.

Inventor： Daniel Wade Hitchcock ,  Darren Ernest Canavor ,  Jesper Mikael Johansson ,  Bharath Kumar Bhimanaik ,  Andrew Jay Roths

IPC: G06F21/00 ,  G06F21/57 ,  G06F3/0484

CPC classification number: G06F21/577 ,  G06F3/04842 ,  G06F3/04883 ,  G06F2221/033

Abstract: Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the devices. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. Additional security information regarding the trustworthiness of the computer program may be displayed on the primary display device of the computing device. The display of the security information is triggered by a user of the computing device submitting a request through a secure mechanism, where the request is unobservable and inaccessible to programs executing on the computing device. Additional secure mechanisms, such as a unique user interface for displaying the security information, can be utilized to ensure the authenticity of the displayed security information.

公开(公告)号：US20170187702A1

公开(公告)日：2017-06-29

申请号：US15455169

申请日：2017-03-10

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Darren Ernest Canavor ,  Daniel Wade Hitchcock ,  Bharath Kumar Bhimanaik ,  Jon Arron McClintock

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/08 ,  G06F21/10 ,  G06F21/602 ,  H04L9/08 ,  H04L9/14 ,  H04L29/06639 ,  H04L29/06646 ,  H04L63/0407 ,  H04L63/0414 ,  H04L63/0421 ,  H04L63/0428 ,  H04L67/306 ,  H04L2209/38

Abstract: Disclosed are various embodiments for correlating a first use case-specific entity identifier with a second use case-specific entity identifier. A chained entity identifier corresponds to the first use case-specific entity identifier. The chained entity identifier can include the second use case-specific entity identifier cryptographically wrapped by a use case-specific key. The second use case-specific entity identifier can be received from the chained entity identifier. The second use case-specific entity identifier can be correlated to the first use case-specific entity identifier.

公开(公告)号：US10785201B2

公开(公告)日：2020-09-22

申请号：US15962309

申请日：2018-04-25

Applicant: Amazon Technologies, Inc.

Inventor： Bharath Kumar Bhimanaik

IPC: H04L29/06 ,  G06F21/33 ,  G06F21/41

Abstract: Disclosed are various embodiments for synchronizing authentication sessions between applications. A token exchange service receives a first authentication token from a client computing device. The first authentication token corresponds to a registration of an application of the client computing device for a user account. The first authentication token is validated. A second authentication token is generated, corresponding to a browser-based session for the user account. The second authentication token is sent to the client computing device.

公开(公告)号：US20190013033A1

公开(公告)日：2019-01-10

申请号：US16129081

申请日：2018-09-12

Applicant: Amazon Technologies, Inc.

Inventor： Bharath Kumar Bhimanaik ,  Daniel Wade Hitchcock

IPC: G10L19/018 ,  G10L17/06 ,  G10L17/02

Abstract: Disclosed are various embodiments for detecting replay attacks in voice-based authentication systems. In one embodiment, audio is captured via an audio input device. It is then verified that the audio includes a voice authentication factor spoken by a user. The audio is then compared with stored audio spoken by the user. If it is determined that an exact copy of the voice authentication factor is in the stored audio, one or more actions may be performed.