公开(公告)号：US09489510B1

公开(公告)日：2016-11-08

申请号：US14495207

申请日：2014-09-24

Applicant: Amazon Technologies, Inc.

Inventor： Jonathan N. Scott ,  Andrew Richard Butchart ,  Gaurang Pankaj Mehta

IPC: G06F21/45 ,  G06F9/455 ,  H04L9/08

CPC classification number: G06F21/45 ,  G06F9/45533 ,  G06F9/45558 ,  G06F2009/45587 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3226

Abstract: Systems and methods for detecting the generation of authentication credentials for virtual machine instances are described. In various embodiments, an intermediary system may detect or determine, for a virtual machine instance, one or more states associated with a credential (e.g., a password) generation process and/or a get password request from a requesting user. Based on detected or determined virtual machine states, the intermediary system may provide useful and/or timely status indicators or notifications to the requesting user. In various embodiments multiple states may be determined sequentially or in parallel in order to provide more detailed information regarding whether and why a credential is or is not available, contributing to an improved user experience. For example, timely indication that a password may not be available may be useful to the requesting user who can take immediate steps to remedy the situation, such as by contacting customer service.

Abstract translation: 描述了用于检测虚拟机实例的认证凭证生成的系统和方法。 在各种实施例中，中间系统可以针对虚拟机实例检测或确定与来自请求用户的凭证（例如密码）生成过程和/或获取密码请求相关联的一个或多个状态。 基于检测到或确定的虚拟机状态，中间系统可以向请求用户提供有用的和/或及时的状态指示符或通知。 在各种实施例中，可以顺序地或并行地确定多个状态，以便提供关于证书是否以及为什么不可用的更详细的信息，有助于改进的用户体验。 例如，及时指示密码可能不可用对于可以立即采取措施来纠正这种情况的请求用户可能是有用的，例如通过联系客户服务。

公开(公告)号：US20160088066A1

公开(公告)日：2016-03-24

申请号：US14494157

申请日：2014-09-23

Applicant: Amazon Technologies, Inc.

Inventor： Nathan Bartholomew Thomas ,  Eugene Michael Farrell ,  Erik Jonathon Tellvik ,  Gaurang Pankaj Mehta ,  Deepak Suryanarayanan

IPC: H04L29/08 ,  G06F9/455 ,  H04L12/26

CPC classification number: H04L67/148 ,  G06F9/452 ,  G06F9/4856 ,  H04L43/08 ,  H04L43/16 ,  H04L67/10 ,  H04L67/1095 ,  H04L67/18

Abstract: It may be determined that a cloud desktop should be migrated from a current region. A destination region to which the cloud desktop will be migrated can be identified. A data volume of the cloud desktop may be copied from the current region to the destination region. The data volume at the current region and the data volume at the destination region may be maintained in sync during the copying. Upon completion of the copying, a current user session associated with the cloud desktop at the current region may be frozen, a current memory and processor state of the current user session may be copied to the destination region, and a second cloud desktop instance at the destination region may be started using the copied data volume and current memory and processor state. The current user session may be connected to the second cloud desktop instance.

Abstract translation: 可能会确定云桌面应该从当前区域迁移。 可以识别云桌面将迁移到的目的地区域。 可以将云桌面的数据卷从当前区域复制到目的地区域。 在复制期间，当前区域的数据量和目的地区域的数据量可以保持同步。 在完成复制时，与当前区域的云桌面相关联的当前用户会话可能被冻结，当前用户会话的当前存储器和处理器状态可以被复制到目的地区域，并且第二云桌面实例在 可以使用复制的数据量和当前存储器和处理器状态来启动目的地区域。 当前用户会话可能连接到第二个云桌面实例。

公开(公告)号：US11695744B2

公开(公告)日：2023-07-04

申请号：US16987877

申请日：2020-08-07

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Chirag Pravin Pandya

IPC: H04L9/40 ,  H04L67/10 ,  H04L67/1021 ,  G06F21/31 ,  H04L61/45 ,  H04L61/4523 ,  H04L61/4552 ,  H04L67/51 ,  H04L67/52 ,  H04L67/1001 ,  H04L61/4511

CPC classification number: H04L63/08 ,  G06F21/31 ,  H04L61/45 ,  H04L61/4523 ,  H04L61/4552 ,  H04L63/083 ,  H04L63/0815 ,  H04L63/107 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/1021 ,  H04L67/51 ,  H04L67/52 ,  H04L61/4511

Abstract: A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint.

公开(公告)号：US10547599B1

公开(公告)日：2020-01-28

申请号：US14626843

申请日：2015-02-19

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Sameer Palande ,  Lawrence Hun-Gi Aung ,  Raghavendra Reddy Madakkagari ,  Shuo Wang ,  Salman Aftab Paracha ,  Chirag Pravin Pandya

IPC: H04L29/06

Abstract: A user transmits a request to an authentication service to access a managed directory. The request may include a first set of credentials usable by a managed directory service to authenticate the user. As a result of the first set of credentials being valid, the authentication service may prompt the user to provide a multi-factor authentication code, which may be used by an authentication server to further authenticate the user and enable the user to access the managed directory. The authentication service subsequently provides the multi-factor authentication code to the authentication server for validation. If the multi-factor authentication code is valid, the authentication service may enable the user to access the managed directory through an encrypted communications session.

公开(公告)号：US10511566B2

公开(公告)日：2019-12-17

申请号：US14098454

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Thomas Christopher Rizzo ,  Gaurang Pankaj Mehta ,  Guruprakash Bangalore Rao ,  Sameer Palande ,  Krithi Rai

IPC: H04L29/12 ,  G06F9/455 ,  H04L29/06 ,  G06F21/60 ,  H04L29/08 ,  H04L12/24

Abstract: Techniques for connecting computer system entities to remotely extended local computer system resources are described herein. A computer system entity that requests access to a local computer system resource has that request fulfilled by a managed directory service which receives the request and connects the computer system entity to the local computer system resource. While connected, the managed directory service extends the local computer system resource to a corresponding extended remote computer system resource, receives commands to perform operations on the local or extended remote computer system resources and, if the computer system entity is authorized to perform the operations on the appropriate computer system resource, the managed directory service performs the operations on the appropriate computer system resource.

公开(公告)号：US10375013B2

公开(公告)日：2019-08-06

申请号：US14098450

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Krithi Rai ,  Guruprakash Bangalore Rao ,  Thomas Christopher Rizzo ,  Colin Harrison Brace ,  Gaurang Pankaj Mehta ,  Sameer Palande ,  Deepak Suryanarayanan

IPC: H04L29/12 ,  G06F9/455 ,  H04L29/06 ,  G06F21/60 ,  H04L29/08 ,  H04L12/24

Abstract: Techniques for connecting computer system entities to local computer system resources are described herein. A computer system entity that requests access to a local computer system resource has that request fulfilled by a managed directory service, which receives the request and connects the computer system entity to the local computer system resource. While connected, the managed directory service receives commands to perform operations on the local computer system resource and, if the computer system entity is authorized to perform the operations on the local computer system resource, the managed directory service performs the operations on the local computer system resource.

公开(公告)号：US10019568B2

公开(公告)日：2018-07-10

申请号：US15345241

申请日：2016-11-07

Applicant: Amazon Technologies, Inc.

Inventor： Jonathan N. Scott ,  Andrew Richard Butchart ,  Gaurang Pankaj Mehta

IPC: G06F21/45 ,  H04L9/32 ,  H04L9/30 ,  G06F9/455 ,  H04L9/08 ,  H04L9/14

CPC classification number: G06F21/45 ,  G06F9/45533 ,  G06F9/45558 ,  G06F2009/45587 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3226

Abstract: Systems and methods for detecting the generation of authentication credentials for virtual machine instances are described. In various embodiments, an intermediary system may detect or determine, for a virtual machine instance, one or more states associated with a credential (e.g., a password) generation process and/or a get password request from a requesting user. Based on detected or determined virtual machine states, the intermediary system may provide useful and/or timely status indicators or notifications to the requesting user. In various embodiments multiple states may be determined sequentially or in parallel in order to provide more detailed information regarding whether and why a credential is or is not available, contributing to an improved user experience. For example, timely indication that a password may not be available may be useful to the requesting user who can take immediate steps to remedy the situation, such as by contacting customer service.

公开(公告)号：US20170250980A1

公开(公告)日：2017-08-31

申请号：US15456158

申请日：2017-03-10

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Guruprakash Bangalore Rao ,  Shuo Wang ,  Sameer Palande ,  Krithi Rai ,  Chirag Pravin Pandya

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/0853 ,  G06F17/30386 ,  G06F21/6218 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/102 ,  H04L63/105

Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.

公开(公告)号：US20170083698A1

公开(公告)日：2017-03-23

申请号：US15345241

申请日：2016-11-07

Applicant: Amazon Technologies, Inc.

Inventor： Jonathan N. Scott ,  Andrew Richard Butchart ,  Gaurang Pankaj Mehta

IPC: G06F21/45 ,  H04L9/32 ,  H04L9/30 ,  H04L9/08 ,  H04L9/14

CPC classification number: G06F21/45 ,  G06F9/45533 ,  G06F9/45558 ,  G06F2009/45587 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3226

Abstract: Systems and methods for detecting the generation of authentication credentials for virtual machine instances are described. In various embodiments, an intermediary system may detect or determine, for a virtual machine instance, one or more states associated with a credential (e.g., a password) generation process and/or a get password request from a requesting user. Based on detected or determined virtual machine states, the intermediary system may provide useful and/or timely status indicators or notifications to the requesting user. In various embodiments multiple states may be determined sequentially or in parallel in order to provide more detailed information regarding whether and why a credential is or is not available, contributing to an improved user experience. For example, timely indication that a password may not be available may be useful to the requesting user who can take immediate steps to remedy the situation, such as by contacting customer service.

公开(公告)号：US09596233B1

公开(公告)日：2017-03-14

申请号：US15060236

申请日：2016-03-03

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Guruprakash Bangalore Rao ,  Shuo Wang ,  Sameer Palande ,  Krithi Rai ,  Chirag Pravin Pandya

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  G06F17/30386 ,  G06F21/6218 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/102 ,  H04L63/105

Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.

Abstract translation: 用户，组和设备管理和认证系统允许管理员通过一组API来管理与一个或多个目录的域不相关联的设备的一个或多个目录。 该系统还允许不能直接访问目录用户列表的应用程序和服务来访问一个或多个目录。 用户，组和设备管理和认证系统可以是与中央管理的目录服务一起工作以提供这样的功能的附加系统。 例如，系统可以生成与特定目录相关联的访问令牌，该目录可由管理员访问的服务使用以调用由系统提供的API。 API调用可能会转换为特定于目录的API调用，该调用可用于在特定目录中执行操作。