-
公开(公告)号:US10027678B1
公开(公告)日:2018-07-17
申请号:US15084367
申请日:2016-03-29
Applicant: Amazon Technologies, Inc.
Inventor: Eric Jason Brandwine , Adi Habusha
Abstract: Provided are systems and methods for location-aware security configuration of peripheral devices. In various implementations, a location-aware peripheral device comprises an interface and a configuration engine. The interface may communicatively couple the peripheral device to a computing system. The configuration engine may be configured to, upon powering on in the computing system, detect a characteristic of the computing system. In some implementations, the configuration engine may further select a trust level for the computing system. In some implementations, selecting a trust level may include using the detected characteristic to identify a profile stored on the peripheral device. The profile may describe a pre-determined computing system. The configuration engine may further be configured to program the peripheral device with a configuration that is associated with the selected trust level. The configuration may program a feature of the peripheral device.
-
公开(公告)号:US20180181756A1
公开(公告)日:2018-06-28
申请号:US15389771
申请日:2016-12-23
Applicant: Amazon Technologies, Inc.
Inventor: Matthew John Campagna , Gregory Alan Rubin , Eric Jason Brandwine
CPC classification number: G06F21/57 , G06F21/64 , H04L9/0877 , H04L9/088 , H04L9/3247 , H04L63/067 , H04L63/0823 , H04L2209/30
Abstract: A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.
-
公开(公告)号:US09992139B1
公开(公告)日:2018-06-05
申请号:US14040464
申请日:2013-09-27
Applicant: Amazon Technologies, Inc.
Inventor: Timothy John Meyer , Eric Jason Brandwine
CPC classification number: G06Q10/107 , H04L51/12 , H04L51/18
Abstract: A technology to schedule a virtualized computing resource is described. A scheduling request electronic message is received. The scheduling request electronic message has a resource identifier, an action and a trigger condition. The scheduling request is authenticated by verifying a sender of the scheduling request is on an approved list defined for the virtualized computing resource, using an electronic challenge sent to a requestor of the scheduling request electronic message. An action is performed on the virtualized computing resource referenced by the resource identifier when the trigger condition is met.
-
公开(公告)号:US09912593B2
公开(公告)日:2018-03-06
申请号:US15294566
申请日:2016-10-14
Applicant: Amazon Technologies, Inc.
Inventor: Eric Jason Brandwine , Swaminathan Sivasubramanian , Bradley E. Marshall , Tate Andrew Certain
IPC: H04L12/743 , H04L12/753 , H04L12/741 , H04L12/751 , H04L12/44
CPC classification number: H04L45/7453 , H04L12/44 , H04L45/02 , H04L45/025 , H04L45/42 , H04L45/48 , H04L45/54 , H04L45/745
Abstract: A distributed system for collecting and processing packet routing information is provided. A service provider, such as a content delivery network service provider, can maintain multiple Points of Presence (“POPs”). Routing computing devices associated with each POP can forward information about the packet routing information to a packet routing management component. The packet routing component can process the information provided by the various POPs. The packet routing component can then update, or otherwise modify, packet routing information used by one or more of the POPs. Accordingly, the packet routing management component can then selectively distribute the updated or modified packet routing information, including the distribution to all POPs, the targeted distribution to specific POPs and the creation of centrally accessible routing information.
-
公开(公告)号:US20180025168A1
公开(公告)日:2018-01-25
申请号:US15712043
申请日:2017-09-21
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine , Matthew James Wren
Abstract: A service proxy services as an application programming interface proxy to a service, which may involve data storage. When a request to store data is received by the service proxy, the service proxy encrypts the data and stores the data in encrypted form at the service. Similarly, when a request to retrieve data is received by the service proxy, the service proxy obtains encrypted data from the service and decrypts the data. The data may be encrypted using a key that is kept inaccessible to the service.
-
Patent Agency Ranking
公开(公告)号:US09819654B2
公开(公告)日:2017-11-14
申请号:US14992599
申请日:2016-01-11
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine
CPC classification number: H04L63/0428 , H04L9/321 , H04L9/3247 , H04L63/10 , H04L63/102 , H04L63/123 , H04L63/168 , H04L67/02
Abstract: Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.
-
公开(公告)号:US09781012B2
公开(公告)日:2017-10-03
申请号:US14257312
申请日:2014-04-21
Applicant: Amazon Technologies, Inc.
Inventor: Eric Jason Brandwine , Swaminathan Sivasubramanian , Bradley Eugene Marshall , Tate Andrew Certain
CPC classification number: H04L41/5019 , H04L12/1489 , H04L41/5006 , H04L41/5009 , H04L41/5029 , H04L43/04
Abstract: The behavior of multiple users with access to a multi-tenant resource can be monitored and compliance enforced by monitoring state information for each user. The state information can be captured across a level of a network environment, such that any activity across that layer can be monitored and the data aggregated to give a global view of user behavior. If user behavior is determined to fall outside an acceptable range of behavior, any of a number of remedial actions can be taken, which can include notifying the user, billing the user for the inappropriate behavior, or modifying that behavior outside of the control of the user.
-
公开(公告)号:US20170279855A1
公开(公告)日:2017-09-28
申请号:US15619979
申请日:2017-06-12
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine
Abstract: Custom policies are definable for use in a system that enforces policies. A user, for example, may author a policy using a policy language and transmit the system through an application programming interface call. The custom policies may specify conditions for computing environment attestations that are provided with requests to the system. When a custom policy applies to a request, the system may determine whether information in the attestation is sufficient for the request to be fulfilled.
-
公开(公告)号:US09756050B1
公开(公告)日:2017-09-05
申请号:US14669636
申请日:2015-03-26
Applicant: Amazon Technologies, Inc.
Inventor: Eric Jason Brandwine
IPC: H04L29/06 , H04L12/911
CPC classification number: H04L47/70 , H04L63/102
Abstract: Authorization decisions can be made in a resource environment using authorization functions which can be provided by customers, third parties, or other such entities. The functions can be implemented using virtual machine instances with one or more transient compute containers. This compute capacity can be preconfigured with certain software and provided using existing compute capacity assigned to a customer, or capacity invoked from a warming pool, to execute the appropriate authorization function. The authorization function can be a lambda function that takes in context and generates the appropriate security functionality inline. The utilization of ephemeral compute capacity enables the functionality to be provided on demand, without requiring explicit naming or identification, and can enable cause state information to be maintained for a customer.
-
公开(公告)号:US09749181B2
公开(公告)日:2017-08-29
申请号:US14599182
申请日:2015-01-16
Applicant: Amazon Technologies, Inc.
Inventor: Daniel T. Cohn , Eric Jason Brandwine , Andrew J. Doane
CPC classification number: H04L41/0816 , G06F9/45533 , H04L41/50 , H04L61/103 , H04L61/251 , H04L69/167 , H04W4/02 , H04W80/045
Abstract: Techniques are described for managing communications between multiple computing nodes, such as computing nodes that are part of a virtual computer network. In some situations, various types of modifications may be made to one or more computing nodes of an existing virtual computer network, and the described techniques include managing ongoing communications for those computing nodes so as to accommodate the modifications. Such modifications may include, for example, migrating or otherwise moving a particular computing node that is part of a virtual network to a new physical network location, or modifying other aspects of how the computing node participates in the virtual network (e.g., changing one or more virtual network addresses used by the computing node). In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.
-
-
-
-
-
-
-
-
-
Search Results
510
records
(took 0.034 seconds)
