公开(公告)号：US10581886B1

公开(公告)日：2020-03-03

申请号：US15182424

申请日：2016-06-14

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L29/06

Abstract: An event-analysis system detects anomalies in the operation of a service by processing operational logs, trace files, and event databases produced by the service in accordance with a hierarchical behavioral profile. The event analysis system converts the operational logs, trace files, and event databases into a normalized event stream which is sent to an analysis engine. The analysis engine converts the stream of normalized events to a set of metrics maintained in association with the profile hierarchy. Operational anomalies of the service are detected by analyzing incoming events in the context of metrics maintained in association with applicable leaf-node profiles, root node profiles, and intermediate node profiles.

公开(公告)号：US20200028699A1

公开(公告)日：2020-01-23

申请号：US16586617

申请日：2019-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L9/32 ,  H04L29/06

Abstract: A client establishes a communication session with a service by negotiating a first cipher suite from a plurality of available cipher suites to secure communications over the first communication session. A cipher suite strength measure from the first cipher suite is recorded to a database and when the customer attempts to negotiate a second cipher suite to secure communications over a second communication session, the second cipher suite strength measure is compared to the database of strength measurements to determine whether the second cipher suite is at least as secure as the previously used cipher suites.

公开(公告)号：US10454975B1

公开(公告)日：2019-10-22

申请号：US15186310

申请日：2016-06-17

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L29/00 ,  H04L29/06

Abstract: A computing resource service receives a request from a user to access a first computing resource. In response to the request, the computing resource service obtains policies applicable to the request. If the policies include at least one conditional policy that defines a dependency condition that is based at least part on privileges for accessing a second computing resource, the service determines whether the dependency condition is satisfied. If the dependency condition is satisfied, the service evaluates the obtained policies to determine whether to fulfill the request.

公开(公告)号：US10374800B1

公开(公告)日：2019-08-06

申请号：US14483070

申请日：2014-09-10

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L9/14

Abstract: A cryptography algorithm hopping model is used to enable computer systems communicating with one another to vary the cryptographic algorithms used for the communications. The cryptography algorithm hopping model specifies a plurality of cryptography algorithms and information sufficient to determine a sequence of the plurality of cryptography algorithms and to determine when to switch from a cryptography algorithm in the sequence to a next cryptography algorithm in the sequence.

公开(公告)号：US10346190B1

公开(公告)日：2019-07-09

申请号：US15181313

申请日：2016-06-13

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06F9/455 ,  H04L12/26 ,  H04L12/751

Abstract: Techniques for segmenting an application are described herein. Communication events for an application are received. A segmentation profile for the application, which includes a set of processes, is generated based on patterns in the communication events. The segmentation profile includes two or more disjoint sets of processes of the application. Communications between processes in the two or more disjoint sets of processes are restricted by updating a communication profile for each process in the disjoint sets of processes.

公开(公告)号：US10263995B1

公开(公告)日：2019-04-16

申请号：US14975204

申请日：2015-12-18

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Nima Sharifi Mehr

IPC: H04L29/06

Abstract: A policy management service receives a request to evaluate a provisional policy to determine the impact of implementation of the provisional policy. The policy management service evaluates an active policy against a request to access a computing resource to determine an authorization decision. The policy management service then evaluates the provisional policy against the request to access the computing resource to generate an evaluation of the provisional policy. The policy management service provides the evaluation and the authorization decision in response to the request to evaluate the provisional policy.

公开(公告)号：US10250573B2

公开(公告)日：2019-04-02

申请号：US15712005

申请日：2017-09-21

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: H04L29/06 ,  H04L9/32 ,  H04K1/00 ,  H04L9/00

Abstract: A client application cryptographically protects application data using an application-layer cryptographic key. The application-layer cryptographic key is derived from cryptographic material provided by a cryptographically protected network connection. The client exchanges the cryptographically protected application data with a service application via the cryptographically protected network connection. The client and service applications acquire matching application-layer cryptographic keys by leveraging shared secrets negotiated as part of establishing the cryptographically protected network connection. The shared secrets may include information that is negotiated as part of establishing a TLS session such as a pre-master secret, master secret, or session key. The application-layer cryptographic keys may be derived in part by applying a key derivation function, a one-way function or a cryptographic hash function to the shared secret information.

公开(公告)号：US10205803B1

公开(公告)日：2019-02-12

申请号：US14838108

申请日：2015-08-27

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Nima Sharifi Mehr

IPC: H04L29/06 ,  H04L29/08

Abstract: Described are techniques for determining causes of failed connections, such as a mismatch between a protocol associated with a request and the protocol associated with a port to which the request is provided. The port may be configured to process requests having a particular protocol, while monitoring and recognizing protocols used by other ports. If the request is determined to be associated with a different protocol supported by another port, a notification of the error may be provided to the client associated with the request. Based on characteristics of the request, the client, and the port, a control action may be taken, which may include rejecting the request or processing the request at the received port using a different protocol. Commonalities between failed requests may be analyzed to determine sources of error.

公开(公告)号：US20180351921A1

公开(公告)日：2018-12-06

申请号：US16041660

申请日：2018-07-20

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L29/06 ,  G06F8/60 ,  H04L9/32

CPC classification number: H04L63/0428 ,  G06F21/602 ,  G06F21/6218 ,  H04L9/3247 ,  H04L63/166 ,  H04L63/205 ,  H04L2463/062

Abstract: The present document describes systems and methods that provide an envelope including an encrypted message and a data encryption key reference. A message is encrypted with a data encryption key to produce an encrypted message. The data encryption key is further encrypted using a key encrypting key to produce an encrypted data encryption key. An envelope includes the encrypted message and the data encryption key reference is then provided to a recipient.

公开(公告)号：US10120746B1

公开(公告)日：2018-11-06

申请号：US15182439

申请日：2016-06-14

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06F11/07

Abstract: The flow of events though an event-analysis system is controlled by a number of event throttles which filter events, prioritize events and control the rate at which events are provided to event-processing components of the event-analysis system. Incoming events to the event-analysis system are associated with a profile, and a metrics engine generates metrics based on the incoming events for each profile. The flow of events to the metrics engine is controlled on a per profile basis, so that excessive generation of new metrics and new profiles is limited. If the system from which the events originate is compromised, metrics associated with compromised profiles may be frozen to avoid corrupting existing metrics. Processing of events and anomalies by analysis engines within the event-analysis system may be delayed to allow the accumulation of metrics necessary for accurate analysis.