公开(公告)号：US11356457B2

公开(公告)日：2022-06-07

申请号：US16892197

申请日：2020-06-03

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine ,  Nathan R. Fitch ,  Cristian M. Ilac ,  Eric D. Crahen

IPC: H04L9/32 ,  H04L9/40 ,  G06F21/33 ,  H04L9/08 ,  H04L9/00

Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.

公开(公告)号：US20220029993A1

公开(公告)日：2022-01-27

申请号：US17173584

申请日：2021-02-11

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine ,  Graeme David Baer

IPC: H04L29/06

Abstract: A computing resource service provides flexible configuration of authorization rules. A set of authorization rules which define whether fulfillment of requests. The set of authorization rules are applied to a request of a first type which is mapped to a request of a second type. The request of the second type is used for fulfillment of the request of the first type when the authorization rules so allow.

公开(公告)号：US20210173948A1

公开(公告)日：2021-06-10

申请号：US17177496

申请日：2021-02-17

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  H04L29/06 ,  H04L9/32

Abstract: An encoding of a cryptographic key is obtained in a form of an encrypted key. Request is provided to a service provider including a fulfillment involving performing a cryptographic operation on data. Upon fulfillment of the request, a response is then received which indicates the fulfillment of the request.

公开(公告)号：US10785261B2

公开(公告)日：2020-09-22

申请号：US15917471

申请日：2018-03-09

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Darren Ernest Canavor ,  Jon Arron McClintock ,  Gregory Branchek Roth ,  Gregory Alan Rubin ,  Nima Sharifi Mehr

IPC: H04L29/06

Abstract: A client establishes a network session with a server. The network session is used to establish an encrypted communications session. The client establishes another network session with another server, such as after terminating the first network session. The client resumes the encrypted communications session over the network session with the other server. The other server is configured to receive encrypted communications from the client and forward them to the appropriate server.

公开(公告)号：US20200266976A1

公开(公告)日：2020-08-20

申请号：US16869423

申请日：2020-05-07

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Matthew James Wren ,  Eric Jason Brandwine ,  Brian Irl Pratt

IPC: H04L9/08 ,  H04L9/30 ,  H04L9/14 ,  H04L9/06 ,  H04L9/32

Abstract: A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system.

公开(公告)号：US10735186B2

公开(公告)日：2020-08-04

申请号：US16204391

申请日：2018-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth

IPC: H04L9/08 ,  H04L9/06

Abstract: Encryption of data across an environment, such as a shared resource environment, can be updated using keys generated using one or more revocable stream cipher algorithms. Data stored in the environment can be encrypted under a first key, or other such secret. When it is desired to update the encryption, a second key can be generated under which the data is to be re-encrypted. Instead of distributing the second key, a revocable stream cipher generator can generate an intermediate key based on the first and second keys, that when processed with the first key will produce the second key. Such an approach enables data to be re-encrypted under the second key without distributing the second key. Further, the unencrypted data will not be exposed in the process. In some embodiments, the re-encryption can be performed on an as-needed basis in order to reduce processing requirements.

公开(公告)号：US10721238B2

公开(公告)日：2020-07-21

申请号：US15924038

申请日：2018-03-16

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine ,  Nathan R. Fitch ,  Cristian M. Ilac ,  Eric D. Crahen

IPC: H04L9/08 ,  H04L29/06 ,  G06F21/33 ,  H04L9/32

Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.

公开(公告)号：US10579422B2

公开(公告)日：2020-03-03

申请号：US15285376

申请日：2016-10-04

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Bradley Jeffery Behm

IPC: G06F9/46 ,  G06F9/48 ,  G06F9/50

Abstract: A method and apparatus for managing backlogged tasks are disclosed. In the method and apparatus, upon receiving a task pertaining to a requestor group, a number of outstanding tasks associated with the requestor group is determined and the task is submitted for processing if the number of outstanding tasks is within an allowable range. If the number of outstanding tasks is outside of the allowable range, take one or more actions may be taken, which may include rejecting the request.

公开(公告)号：US10523707B2

公开(公告)日：2019-12-31

申请号：US15925470

申请日：2018-03-19

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Darren Ernest Canavor ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  Gregory Branchek Roth

IPC: H04L9/32 ,  H04L29/06

Abstract: A plurality of cipher suites is negotiated as part of a handshake process to establish a cryptographically protected communications session. The handshake process is completed to establish the cryptographically protected communications session. A message is communicated over the established cryptographically protected communications session using at least two cipher suites of the plurality of cipher suites.

公开(公告)号：US10511633B2

公开(公告)日：2019-12-17

申请号：US15619979

申请日：2017-06-12

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine

IPC: H04L29/06 ,  H04L9/08 ,  G06F21/64 ,  H04L9/32

Abstract: Custom policies are definable for use in a system that enforces policies. A user, for example, may author a policy using a policy language and transmit the system through an application programming interface call. The custom policies may specify conditions for computing environment attestations that are provided with requests to the system. When a custom policy applies to a request, the system may determine whether information in the attestation is sufficient for the request to be fulfilled.