-
公开(公告)号:US09584325B1
公开(公告)日:2017-02-28
申请号:US14561093
申请日:2014-12-04
Applicant: Amazon Technologies, Inc.
Inventor: Eric Jason Brandwine , Robert Eric Fitzgerald
CPC classification number: H04L9/3234 , H04L9/08 , H04L63/0272 , H04L63/0853
Abstract: Systems and methods for scalably provisioning cryptographic devices in a distributed computing environment are described. In some embodiments, a cryptographic interface controller capable of generating a plurality of hardware-emulated cryptographic devices in response to requests is implemented. In some embodiments, a cryptographic interface controller may present hardware-emulated cryptographic devices to computing entities, such as standalone computer systems or virtual computing systems, as standard cryptographic devices, such as through a Universal Serial Bus interface.
Abstract translation: 描述了在分布式计算环境中可扩展地提供加密设备的系统和方法。 在一些实施例中,实现能够响应于请求而生成多个硬件仿真密码装置的加密接口控制器。 在一些实施例中,密码接口控制器可以将计算实体(诸如独立的计算机系统或虚拟计算系统)呈现硬件仿真的加密设备作为标准密码设备,例如通过通用串行总线接口。
-
公开(公告)号:US09569232B1
公开(公告)日:2017-02-14
申请号:US13770145
申请日:2013-02-19
Applicant: Amazon Technologies, Inc.
Inventor: Eric Jason Brandwine , Aaron Douglas Dokey , Ajith Jayamohan , Ian Roger Searle
CPC classification number: G06F9/455 , G06F9/45533 , G06F9/45558 , G06F12/14 , G06F2009/45591 , G06F2009/45595 , H04L29/06877 , H04L43/026 , H04L43/04 , H04L43/16 , H04L47/2441 , H04L63/0227 , H04L63/14 , H04L63/1408 , H04L63/1425 , H04L63/1458
Abstract: Approaches are described for collecting and/or utilizing network traffic information, such as network flow data, within a virtualized computing environment. The network traffic information can be collected on one or more host computing devices that host virtual machines. The collected network traffic information can include virtualized computing environment specific information, such as a user account identifier (ID), virtual machine identifier (ID), session termination information and the like. The collected network traffic information can also be presented to the user of the virtualized computing environment.
Abstract translation: 描述了用于在虚拟化计算环境内收集和/或利用网络流量信息(诸如网络流数据)的方法。 可以在托管虚拟机的一个或多个主机计算设备上收集网络流量信息。 收集的网络流量信息可以包括诸如用户帐户标识符(ID),虚拟机标识符(ID),会话终止信息等的虚拟化计算环境特定信息。 收集的网络流量信息也可以呈现给虚拟化计算环境的用户。
-
公开(公告)号:US09514324B1
公开(公告)日:2016-12-06
申请号:US14311027
申请日:2014-06-20
Applicant: Amazon Technologies, Inc.
Inventor: Nachiketh Rao Potlapally , Jonathan Matthew Miller , Eric Jason Brandwine , Stephen Edward Schmidt , Donald Lee Bailey, Jr.
CPC classification number: G06F21/6218 , G06F2221/2111 , H04L63/06 , H04L63/10
Abstract: A computer-implemented method includes restricting access to customer data to certain geographic regions authorized by the customer. The restriction can be managed by associating policy information with the customer data that identifies the geographic regions authorized by the customer. Resources attempting to access the customer data can evaluate the policy information associated with the customer data with respect to the geographic location in which the resource is located to determine whether the resource is permitted to access the customer data. The restriction can also be managed by encrypting the customer data with a cryptographic key that corresponds to the customer and/or the authorized geographic regions.
Abstract translation: 计算机实现的方法包括将客户数据的访问限制到客户授权的某些地理区域。 可以通过将策略信息与识别客户授权的地理区域的客户数据相关联来管理该限制。 尝试访问客户数据的资源可以针对资源所在的地理位置评估与客户数据相关联的策略信息,以确定资源是否被允许访问客户数据。 也可以通过使用与客户和/或授权的地理区域对应的加密密钥加密客户数据来管理该限制。
-
公开(公告)号:US09467398B2
公开(公告)日:2016-10-11
申请号:US14807752
申请日:2015-07-23
Applicant: Amazon Technologies, Inc.
Inventor: Kevin Christopher Miller , Eric Jason Brandwine , Andrew J. Doane
IPC: G06F15/16 , H04L12/947 , H04L12/933 , H04L12/931 , H04L12/24 , H04L12/751 , H04L29/06 , H04L29/08
CPC classification number: H04L49/252 , H04L29/06 , H04L29/08072 , H04L41/0803 , H04L41/12 , H04L45/02 , H04L49/15 , H04L49/70 , H04L65/1069
Abstract: Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage data communications between computing nodes of the inter-connected managed computer networks in accordance with client-specified configuration information.
-
公开(公告)号:US20160283723A1
公开(公告)日:2016-09-29
申请号:US15173523
申请日:2016-06-03
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Matthew James Wren , Eric Jason Brandwine , Brian Irl Pratt
CPC classification number: G06F21/602 , H04L9/0897 , H04L63/1416 , H04L2209/76
Abstract: A security module securely manages keys. The security module is usable to implement a cryptography service that includes a request processing component. The request processing component responds to requests by causing the security module to perform cryptographic operations that the request processing component cannot perform due to a lack of access to appropriate keys. The security module may be a member of a group of security modules that securely manage keys. Techniques for passing secret information from one security module to the other prevent unauthorized access to secret information.
Abstract translation: 一个安全模块可以安全地管理密钥。 安全模块可用于实现包括请求处理组件的加密服务。 请求处理组件通过使安全模块执行密码操作来响应请求,请求处理组件由于缺乏对适当的密钥的访问而无法执行。 安全模块可以是安全管理密钥的一组安全模块的成员。 将秘密信息从一个安全模块传递到另一个安全模块的技术防止未经授权的访问秘密信息。
-
Patent Agency Ranking
公开(公告)号:US09444763B1
公开(公告)日:2016-09-13
申请号:US14519043
申请日:2014-10-20
Applicant: Amazon Technologies, Inc.
Inventor: Marvin M. Theimer , Eric Jason Brandwine
IPC: G06F15/16 , H04L12/911 , H04L29/08
CPC classification number: H04L47/781 , G06F9/5061 , H04L67/32
Abstract: Techniques for provisioning computing resources utilize colorings of collections of resources. The collections may be networks of resources hosted by a computing resource provider that are operated under the direction of one or more customers of the resource provider. Colors may be applied to the collections of resources, such as by a customer of the resource provider. The same customer or another customer may request that resources be provisioned according to at least one relationship with one or more collections of resources having one or more colors. Resources may then be provisioned according to the request.
Abstract translation: 用于配置计算资源的技术利用资源集合的着色。 集合可以是由资源提供者的一个或多个客户的指导下运行的由计算资源提供者托管的资源的网络。 颜色可以应用于资源集合,例如资源提供者的客户。 相同的客户或其他客户可以根据与具有一种或多种颜色的资源的一个或多个集合的至少一个关系来请求提供资源。 然后可以根据请求配置资源。
-
公开(公告)号:US09442752B1
公开(公告)日:2016-09-13
申请号:US14476520
申请日:2014-09-03
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Aaron Douglas Dokey , Eric Jason Brandwine , Nathan Bartholomew Thomas
CPC classification number: G06F9/45558 , G06F21/53 , G06F2009/45587
Abstract: A method and system for running an additional execution environment associated with a primary execution environment, receiving a request from the primary execution environment to create the additional execution environment, and, in response to the request, creating the additional execution environment such that entities other than the primary execution environment have insufficient privileges to access the additional execution environment.
Abstract translation: 用于运行与主执行环境相关联的附加执行环境的方法和系统,从主执行环境接收请求以创建附加执行环境,以及响应于所述请求,创建附加执行环境,使得除 主执行环境具有访问附加执行环境的权限不足。
-
公开(公告)号:US09397909B2
公开(公告)日:2016-07-19
申请号:US14582710
申请日:2014-12-24
Applicant: Amazon Technologies, Inc.
Inventor: Jacob Adam Gabrielson , Eric Jason Brandwine
IPC: G06F15/173 , H04L12/26 , H04L12/46 , H04L12/64 , H04L12/911
CPC classification number: H04L43/08 , H04L12/4641 , H04L12/6418 , H04L47/70
Abstract: Methods and apparatus for providing scalable private services in service provider networking environments. A service provider that provides a large, public, multi-tenant implementation of a web service to multiple customers via a public API endpoint may allow a customer to request the establishment of a private implementation of the service. In response, a service private instance may be automatically and/or manually established for the customer that provides a private API endpoint to the service and that is at least in part implemented on single-tenant hardware that is not shared with other customers. The service private instance may initially be implemented as a relatively small scale and possibly limited implementation of the service when compared to the service public instance. As the needs of the customer grow, the service private instance may be automatically and/or manually scaled up from the initial implementation.
Abstract translation: 用于在服务提供商网络环境中提供可扩展私人服务的方法和装置。 通过公共API端点向多个客户提供大型,公共,多租户的Web服务实现的服务提供商可以允许客户请求建立该服务的私有实现。 作为响应,可以为为服务提供私有API端点的客户自动和/或手动建立服务私人实例,并且至少部分地在不与其他客户共享的单租户硬件上实现。 与服务公共实例相比,服务私有实例最初可以被实现为相对小的规模和可能有限的服务实现。 随着客户需求的增长,服务私有实例可以从初始实现中自动和/或手动放大。
-
公开(公告)号:US20160205110A1
公开(公告)日:2016-07-14
申请号:US15076264
申请日:2016-03-21
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Eric Jason Brandwine , Graeme D. Baer
IPC: H04L29/06
CPC classification number: H04L63/102 , G06F9/455 , G06F21/31 , G06F21/606 , H04L63/105 , H04L63/20
Abstract: The usage of data in a multi-tenant environment can be controlled by utilizing functionality at the hypervisor level of various resources in the environment. Data can be associated with various tags, security levels, and/or compartments. The ability of resources or entities to access the data can depend at least in part upon whether the resources or entities are also associated with the tags, security levels, and/or compartments. Limitations on the usage of the data can be controlled by one or more policies associated with the tags, security levels, and/or compartments. A control service can monitor traffic to enforce the appropriate rules or policies, and in some cases can prevent encrypted traffic from passing beyond a specified egress point unless the encryption was performed by a trusted resource with the appropriate permissions.
Abstract translation: 可以通过利用环境中各种资源的虚拟机管理程序级别的功能来控制在多租户环境中的数据的使用。 数据可以与各种标签,安全级别和/或隔离专区相关联。 资源或实体访问数据的能力至少部分取决于资源或实体是否也与标签,安全级别和/或隔离专区相关联。 可以通过与标签,安全级别和/或隔间相关联的一个或多个策略来控制数据使用的限制。 控制服务可以监视流量以执行相应的规则或策略,并且在某些情况下可以防止加密流量超出指定的出口点,除非加密是由具有适当权限的受信任资源执行的。
-
公开(公告)号:US09367697B1
公开(公告)日:2016-06-14
申请号:US13765020
申请日:2013-02-12
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Matthew James Wren , Eric Jason Brandwine , Brian Irl Pratt
CPC classification number: G06F21/602 , H04L9/0897 , H04L63/1416 , H04L2209/76
Abstract: A security module securely manages keys. The security module is usable to implement a cryptography service that includes a request processing component. The request processing component responds to requests by causing the security module to perform cryptographic operations that the request processing component cannot perform due to a lack of access to appropriate keys. The security module may be a member of a group of security modules that securely manage keys. Techniques for passing secret information from one security module to the other prevent unauthorized access to secret information.
Abstract translation: 一个安全模块可以安全地管理密钥。 安全模块可用于实现包括请求处理组件的加密服务。 请求处理组件通过使安全模块执行密码操作来响应请求,请求处理组件由于缺乏对适当的密钥的访问而无法执行。 安全模块可以是安全管理密钥的一组安全模块的成员。 将秘密信息从一个安全模块传递到另一个安全模块的技术防止未经授权的访问秘密信息。
-
-
-
-
-
-
-
-
-
Search Results
510
records
(took 0.127 seconds)
