公开(公告)号：US09819673B1

公开(公告)日：2017-11-14

申请号：US14748312

申请日：2015-06-24

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Jon Arron McClintock

IPC: H04L29/06 ,  H04L12/911 ,  H04W12/06 ,  H04W12/08

CPC classification number: H04L63/0838 ,  H04L47/70 ,  H04L63/045 ,  H04L63/102 ,  H04L63/18 ,  H04W12/06 ,  H04W12/08

Abstract: Methods and systems are provided for managing access to a client account related (CAR) resource. When a privilege-constrained (PC) application requests access to an individual client account, a single use authorization (SUA) code is created that is associated with the individual client account. The SUA code is routed to, and returned from, the privilege-constrained (PC) application to authenticate the PC application. The PC application, once authenticated, receives a permitted action token that identifies a limited set of privileges that the PC application is authorized to perform in connection with the CAR resource. The PC application provides the permitted action token to an access service. The access service limits access, by the PC application, to the CAR resource based on the permitted action token.

公开(公告)号：US09792424B1

公开(公告)日：2017-10-17

申请号：US14490497

申请日：2014-09-18

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Darren Ernest Canavor ,  George Nikolaos Stathakopoulos

IPC: G06F21/40 ,  G10H1/00 ,  H04L29/06 ,  G06F21/64

CPC classification number: G06F21/40 ,  G06F21/64 ,  G10H1/00 ,  G10H2210/031 ,  G10H2250/215 ,  H04L29/06755 ,  H04L2209/38

Abstract: A service receives a request from a user of a group of users to perform one or more operations requiring group authentication in order for the operations to be performed. In response, the service provides a first user of the group with a musical seed and an ordering of the group of users. Each user of the group applies a transformation algorithm to the seed to create an authentication claim. The service receives this claim and determines, based at least in part on the ordering of the group of users, an ordered set of transformations, which are used to create a reference audio signal. If the received claim matches the reference audio signal, the service enables performance of the requested one or more operations.

公开(公告)号：US20170289156A1

公开(公告)日：2017-10-05

申请号：US15620593

申请日：2017-06-12

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Darren Ernest Canavor ,  George Nikolaos Stathakopoulos

IPC: H04L29/06 ,  G06Q20/40

CPC classification number: H04L63/0876 ,  G06Q20/40 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/0884 ,  H04L63/126

Abstract: A method and apparatus for device authentication are provided. In the method and apparatus, authentication data for a first device is received. The first device is then authenticated based at least in part on demonstrated access to authentication data prior to broadcast of the authentication data. One or more actions may be taken in response to the authentication of the first device based at least in part on the demonstrated access to the authentication data.

公开(公告)号：US20170199868A1

公开(公告)日：2017-07-13

申请号：US15470846

申请日：2017-03-27

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Darren Ernest Canavor ,  Jesper Mikael Johansson

IPC: G06F17/27 ,  G06F3/0481 ,  G06F17/30 ,  G06F17/28

CPC classification number: G06F17/2765 ,  G06F3/0481 ,  G06F17/2276 ,  G06F17/271 ,  G06F17/2735 ,  G06F17/2755 ,  G06F17/28 ,  G06F17/2881 ,  G06F17/30386

Abstract: A mechanism is provided for representing information, such as binary sequence, in a manner that is easier to read and less likely to generate errors when interacted with by human. A dictionary is seeded with two or more set of words, the words being selected from distinct categories. Symbols may be created by combining words from the distinct categories. A mapping of symbols to corresponding values may then be generated. The generated mapping may be used to translate bit values to symbols and symbols to bit values.

公开(公告)号：US20170132064A1

公开(公告)日：2017-05-11

申请号：US15414491

申请日：2017-01-24

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Tushaar Sethi ,  George Nikolaos Stathakopoulos

IPC: G06F11/07 ,  G06F11/30 ,  G06F11/34 ,  H04L29/08

CPC classification number: G06F11/0757 ,  G06F11/00 ,  G06F11/0706 ,  G06F11/0721 ,  G06F11/0754 ,  G06F11/0775 ,  G06F11/3003 ,  G06F11/3051 ,  G06F11/3068 ,  G06F11/34 ,  G06F11/3419 ,  H04L67/303

Abstract: A monitoring service receives, from a variety of hardware components of a set of computer systems, binary signals indicative of operation of these components. The monitoring service determines, based at least in part on these signals, a set of beat frequencies for pairings of hardware components of the set of computer systems. The monitoring service uses this set of beat frequencies, as well as information included in a profile for the set of computer systems, to determine whether there is any indication of anomalous behavior in operation of the set of computer systems. If so, the monitoring service generates one or more alerts indicating the anomalous behavior.

公开(公告)号：US09591023B1

公开(公告)日：2017-03-07

申请号：US14537637

申请日：2014-11-10

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  George Nikolaos Stathakopoulos

IPC: H04L29/06 ,  G06F21/60

CPC classification number: H04L63/1491 ,  G06F21/60 ,  G06F21/6245 ,  G06F21/64 ,  H04L63/1416

Abstract: A method and apparatus for deterring exfiltration of data from are provided. In the method and apparatus, it is determined that data is to be inflated. A request for access to data is received and data responsive to the request is retrieved. Spurious data is also generated and provided together with the responsive data in response to the request.

Abstract translation: 提供了一种用于阻止从中提取数据的过滤的方法和装置。 在该方法和装置中，确定数据将被充气。 接收到访问数据的请求，并且检索响应于请求的数据。 还产生杂散数据，并响应于请求与响应数据一起提供。

公开(公告)号：US09576147B1

公开(公告)日：2017-02-21

申请号：US14589824

申请日：2015-01-05

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Jon Arron McClintock ,  John Elias Darrow ,  Patrick Nicholas Denton ,  Assim Deodia ,  Ketan Ramesh Deshpande ,  Kadirvel Chockalingam Vanniarajan

IPC: G06F21/62 ,  G06F21/64 ,  H04L29/06 ,  G06F21/10

CPC classification number: G06F21/6218 ,  G06F21/10 ,  G06F21/6227 ,  G06F21/6245 ,  G06F21/64 ,  H04L63/0428 ,  H04L63/10 ,  H04L63/1433

Abstract: Techniques are described for applying data usage policies through data tagging. A metadata tag may be applied to data to indicate a type of the data. In some cases, the tag may be applied to the data when the data is decrypted, and the tag may propagate with the data as the data is passed between processes. A software module may include control logic that is configured to apply data usage policies based on the type tag of data. When the software module attempts an action on the data, such as storing or communicating the data, the control logic may access policy information. Based on the policy information, the control logic may allow the action, prevent the action, or allow the action to proceed on a modified version of the data.

Abstract translation: 描述了通过数据标记应用数据使用策略的技术。 元数据标签可以应用于数据以指示数据的类型。 在某些情况下，当数据被解密时，可以将标签应用于数据，并且当数据在进程之间传递时，标签可能与数据一起传播。 软件模块可以包括被配置为基于数据的类型标签应用数据使用策略的控制逻辑。 当软件模块尝试对数据进行操作时，例如存储或传送数据，控制逻辑可以访问策略信息。 基于策略信息，控制逻辑可以允许动作，防止动作，或者允许动作对数据的修改版本进行。

公开(公告)号：US09558053B1

公开(公告)日：2017-01-31

申请号：US14752445

申请日：2015-06-26

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Tushaar Sethi ,  George Nikolaos Stathakopoulos

IPC: G06F11/30 ,  G06F11/07 ,  G06F11/34

CPC classification number: G06F11/0757 ,  G06F11/00 ,  G06F11/0706 ,  G06F11/0721 ,  G06F11/0754 ,  G06F11/0775 ,  G06F11/3003 ,  G06F11/3051 ,  G06F11/3068 ,  G06F11/34 ,  G06F11/3419 ,  H04L67/303

Abstract: A monitoring service receives, from a variety of hardware components of a set of computer systems, binary signals indicative of operation of these components. The monitoring service determines, based at least in part on these signals, a set of beat frequencies for pairings of hardware components of the set of computer systems. The monitoring service uses this set of beat frequencies, as well as information included in a profile for the set of computer systems, to determine whether there is any indication of anomalous behavior in operation of the set of computer systems. If so, the monitoring service generates one or more alerts indicating the anomalous behavior.

Abstract translation: 监视服务从一组计算机系统的各种硬件组件接收指示这些组件的操作的二进制信号。 该监视服务至少部分地基于这些信号确定用于该组计算机系统的硬件组件的配对的一组拍频。 监视服务使用这组拍频，以及包括在该组计算机系统的简档中的信息，以确定在该组计算机系统的操作中是否存在任何异常行为的指示。 如果是这样，监控服务会产生一个或多个警报，指示异常行为。

公开(公告)号：US09344407B1

公开(公告)日：2016-05-17

申请号：US14019124

申请日：2013-09-05

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Darren Ernest Canavor ,  Daniel Wade Hitchcock ,  Jesper Mikael Johansson ,  Bharath Kumar Bhimanaik

IPC: H04L9/00 ,  H04L29/06

CPC classification number: H04L63/0407 ,  G06F21/6254

Abstract: Disclosed are various embodiments for centrally managed use case-specific entity identifiers. An identifier translation service receives an identifier translation request from a requesting service. The request specifies a first use case-specific entity identifier, which is specific to a first use case. An actual entity identifier is obtained by decrypting the first use case-specific entity identifier. A second use case-specific entity identifier is generated based at least in part on encrypting the actual entity identifier. The second use case-specific entity identifier is sent to the requesting service in response to the identifier translation request.

Abstract translation: 公开了用于集中管理的用例特定实体标识符的各种实施例。 标识符翻译服务从请求服务接收标识符转换请求。 该请求指定了第一个用例特定的实体标识符，该标识符特定于第一个用例。 通过解密第一用例特定实体标识符获得实际实体标识符。 至少部分地基于加密实际实体标识符来生成第二用例专用实体标识符。 响应于标识符转换请求，将第二用例专用实体标识符发送到请求服务。

公开(公告)号：US09310982B1

公开(公告)日：2016-04-12

申请号：US14185793

申请日：2014-02-20

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  George Nikolaos Stathakopoulos

IPC: G06F3/0482 ,  G06F3/0484

CPC classification number: G06F3/011 ,  G06Q30/0241 ,  G06Q50/01

Abstract: Content corresponding to a literary work, movie, audio presentation, or other media is provided to a computing device associated with a user. Immersive content related to the content may be communicated to a computing device and presented to the user at times when the content is not being consumed. The formatting, communicational modes, apparent source, subject matter, or other aspects of the immersive content may correspond to the preferences or other information provided by the user. In this way, user engagement with a story or other media may be stimulated or enhanced when the user is not actively consuming the primary content.

Abstract translation: 与文学作品，电影，音频呈现或其他媒体对应的内容被提供给与用户相关联的计算设备。 与内容相关的沉浸性内容可以传达给计算设备，并且在内容未被消费的时候呈现给用户。 沉浸式内容的格式化，通信模式，明显的来源，主题或其他方面可以对应于用户提供的偏好或其他信息。 以这种方式，当用户不主动消费主要内容时，可以刺激或增强与故事或其他媒体的用户参与。