-
公开(公告)号:US09853979B1
公开(公告)日:2017-12-26
申请号:US13794549
申请日:2013-03-11
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Matthew James Wren
CPC classification number: H04L63/10 , H04L63/0428 , H04L63/08 , H04L63/108 , H04L63/20
Abstract: Policy changes are propagated to access control devices of a distributed system. The policy changes are given immediate effect without having to wait for the changes to propagate through the system. A token encodes the policy change and can be provided in connection with access requests. Before an access control device has received a propagated policy change, the access control device can evaluate a token provided in connection with a request to determine, consistent with the policy change, whether to fulfill the request.
-
公开(公告)号:US20170324782A1
公开(公告)日:2017-11-09
申请号:US15638227
申请日:2017-06-29
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Matthew James Wren , Brian Irl Pratt
CPC classification number: H04L63/205 , G06F21/60 , G06F21/602 , H04L9/3247 , H04L63/126 , H04L63/18 , H04L63/20 , H04L2463/062
Abstract: A first service submits a request to a second service on behalf of a customer of a service provider. The request may have been triggered by a request of the customer to the first service. To process the request, the second service evaluates one or more policies to determine whether fulfillment of the request is allowed by policy associated with the customer. The one or more policies may state one or more conditions on one or more services that played a role in submission of the request. If determined that the policy allows fulfillment of the request, the second service fulfills the request.
-
公开(公告)号:US20170195119A1
公开(公告)日:2017-07-06
申请号:US15462604
申请日:2017-03-17
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Matthew James Wren , Eric Jason Brandwine , Brian Irl Pratt
CPC classification number: H04L63/0428 , H04L9/0822 , H04L9/0825 , H04L9/083 , H04L9/0891 , H04L9/0894 , H04L9/14 , H04L9/16 , H04L9/3213 , H04L9/3234 , H04L9/3247 , H04L63/0435 , H04L63/0807
Abstract: A plurality of devices, having common access to a first key under which a set of data objects used by the plurality of devices are encrypted, is caused to replace the first key with a second key by at least causing a device of the plurality of devices to encrypt a subset of the set of data objects that are not selected for electronic shredding, allow access to a data object of the subset regardless of whether the data object is encrypted using the first key or the second key. At a time after the data object becomes accessible by using the second key, each of the plurality of devices is verified have common access to the second key, and the plurality of devices is caused to lose access to the first key.
-
公开(公告)号:US09300639B1
公开(公告)日:2016-03-29
申请号:US13916915
申请日:2013-06-13
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Matthew James Wren , Eric Jason Brandwine , Brian Irl Pratt
CPC classification number: H04L63/0428 , H04L9/08 , H04L9/0822 , H04L9/0825 , H04L9/3213 , H04L63/062 , H04L63/0807 , H04L63/102 , H04L63/205 , H04L2209/603 , H04L2209/68
Abstract: A distributed computing environment utilizes a cryptography service. The cryptography service manages keys securely on behalf of one or more entities. The service may utilize multiple security modules. A coordinator may coordinate the security modules to ensure that the security modules operate with consistent operational parameters. A security module may propose a set of parameters for acceptance by the coordinator. If accepted, the coordinator may update the security modules in accordance with the proposal.
Abstract translation: 分布式计算环境利用加密服务。 密码服务代表一个或多个实体安全地管理密钥。 该服务可以利用多个安全模块。 协调员可以协调安全模块,以确保安全模块以一致的操作参数运行。 安全模块可以提出一组参数以供协调者接受。 如果接受,协调员可以根据提案更新安全模块。
-
公开(公告)号:US09286491B2
公开(公告)日:2016-03-15
申请号:US13932824
申请日:2013-07-01
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine , Matthew James Wren
CPC classification number: G06F21/602 , G06F21/6218 , G06F21/6254
Abstract: A service proxy services as an application programming interface proxy to a service, which may involve data storage. When a request to store data is received by the service proxy, the service proxy encrypts the data and stores the data in encrypted form at the service. Similarly, when a request to retrieve data is received by the service proxy, the service proxy obtains encrypted data from the service and decrypts the data. The data may be encrypted using a key that is kept inaccessible to the service.
Abstract translation: 服务代理服务作为服务的应用程序编程接口代理,可能涉及数据存储。 当服务代理接收到存储数据的请求时,服务代理对数据进行加密并以加密形式将数据存储在服务中。 类似地,当服务代理接收到检索数据的请求时,服务代理从服务获取加密的数据并解密数据。 可以使用服务不可访问的密钥来加密数据。
-
Patent Agency Ranking
公开(公告)号:US20150304310A1
公开(公告)日:2015-10-22
申请号:US14754321
申请日:2015-06-29
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Matthew James Wren , Eric Jason Brandwine
CPC classification number: H04L63/0823 , H04L9/0822 , H04L9/0891 , H04L9/0894 , H04L63/06 , H04L63/061 , H04L2463/062
Abstract: Customers accessing resources and/or data in a multi-tenant environment can obtain assurance that a provider of that environment will honor only requests associated with the customer. A multi-tenant cryptographic service can be used to manage cryptographic key material and/or other security resources in the multi-tenant environment. The cryptographic service can provide a mechanism in which the service can receive requests to use the cryptographic key material to access encrypted customer data, export key material out of the cryptographic service, destroy key material managed by the cryptographic service, among others. Such an approach can enable a customer to manage key material without exposing the key material outside a secure environment.
Abstract translation: 在多租户环境中访问资源和/或数据的客户可以确保该环境的提供商只会履行与客户相关的请求。 可以使用多租户加密服务来管理多租户环境中的加密密钥资料和/或其他安全资源。 加密服务可以提供一种机制,其中服务可以接收使用加密密钥材料的访问加密客户数据的请求,从密码服务导出密钥材料,销毁密码服务管理的密钥材料等。 这种方法可以使客户能够管理关键材料,而不会将密钥材料暴露在安全环境之外。
-
公开(公告)号:US20150019858A1
公开(公告)日:2015-01-15
申请号:US13932872
申请日:2013-07-01
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine , Matthew James Wren
IPC: H04L29/06
CPC classification number: H04L63/20 , H04L63/0471 , H04L63/06
Abstract: Data received through a proxy for a service is analyzed for compliance with one or more data policies, such as one or more data loss prevention policies. When data satisfies the criteria of one or more data policies, the data is manipulated at the proxy prior to transmission of the data to the service. In some examples, the manipulation of the data includes encryption.
Abstract translation: 通过代理服务接收的数据被分析以符合一个或多个数据策略,例如一个或多个数据丢失预防策略。 当数据满足一个或多个数据策略的标准时,在将数据传输到服务之前,在代理处操作数据。 在一些示例中,数据的操纵包括加密。
-
公开(公告)号:US20150006890A1
公开(公告)日:2015-01-01
申请号:US13932824
申请日:2013-07-01
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine , Matthew James Wren
IPC: G06F21/62
CPC classification number: G06F21/602 , G06F21/6218 , G06F21/6254
Abstract: A service proxy services as an application programming interface proxy to a service, which may involve data storage. When a request to store data is received by the service proxy, the service proxy encrypts the data and stores the data in encrypted form at the service. Similarly, when a request to retrieve data is received by the service proxy, the service proxy obtains encrypted data from the service and decrypts the data. The data may be encrypted using a key that is kept inaccessible to the service.
Abstract translation: 服务代理服务作为服务的应用程序编程接口代理,可能涉及数据存储。 当服务代理接收到存储数据的请求时,服务代理对数据进行加密并以加密形式将数据存储在服务中。 类似地,当服务代理接收到检索数据的请求时,服务代理从服务获取加密的数据并解密数据。 可以使用服务不可访问的密钥来加密数据。
-
公开(公告)号:US20140229737A1
公开(公告)日:2014-08-14
申请号:US13765209
申请日:2013-02-12
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Matthew James Wren , Eric Jason Brandwine , Brian Irl Pratt
IPC: H04L9/08
CPC classification number: H04L9/088 , H04L9/0618 , H04L9/0643 , H04L9/0891 , H04L9/14 , H04L9/30 , H04L9/321 , H04L9/3247
Abstract: A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system. Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches.
Abstract translation: 系统使用与请求相关联的信息来确定是否以及如何处理请求。 信息可以由请求者使用密钥电子签名,使得处理请求的系统可以验证请求者具有密钥并且信息是真实的。 信息可以包括识别处理请求所需的密钥的持有者的信息,其中密钥的持有者可以是系统或另一个,可能是第三方系统。 可以处理对数据解密的请求,以确保在访问解密数据之前经过一定量的时间,从而提供取消这种请求和/或以其他方式缓解潜在安全漏洞的机会。
-
公开(公告)号:US20140229729A1
公开(公告)日:2014-08-14
申请号:US13764963
申请日:2013-02-12
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Matthew James Wren , Eric Jason Brandwine , Brian Irl Pratt
IPC: H04L29/06
CPC classification number: H04L63/0471 , G06F21/602 , G06F21/6218 , G06F2221/2101 , H04L9/0894 , H04L9/3242 , H04L9/3247 , H04L63/045 , H04L63/08 , H04L67/1097 , H04L2209/76
Abstract: A distributed computing environment utilizes a cryptography service. The cryptography service manages keys securely on behalf of one or more entities. The cryptography service is configured to receive and respond to requests to perform cryptographic operations, such as encryption and decryption. The requests may originate from entities using the distributed computing environment and/or subsystems of the distributed computing environment.
Abstract translation: 分布式计算环境利用加密服务。 密码服务代表一个或多个实体安全地管理密钥。 密码服务被配置为接收和响应执行密码操作(例如加密和解密)的请求。 请求可以来自使用分布式计算环境和/或分布式计算环境的子系统的实体。
-
-
-
-
-
-
-
-
-
Search Results
70
records
(took 0.038 seconds)
