公开(公告)号：US20190318105A1

公开(公告)日：2019-10-17

申请号：US16450646

申请日：2019-06-24

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine

IPC: G06F21/60

Abstract: Logical data containers of a data storage system are associated with policies that require data transformation of data to be stored in the logical data containers. When a data object is received to be stored in a logical data container, the data object is transformed in accordance with a policy on the logical data container. Transformation of the data object may include encryption. The logical data container may also be associated with a cryptographic key used to perform a required transformation.

公开(公告)号：US20190312858A1

公开(公告)日：2019-10-10

申请号：US16452416

申请日：2019-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Gregory Branchek Roth

IPC: H04L29/06 ,  H04L9/32 ,  G09C1/00

Abstract: Representations of authentication objects are provided for selection via an interface. An authentication object may be generated to include information obtained from one or more sensors of a device. A selected authentication object may contain information sufficient for authentication with a corresponding system. The interface may provide multiple representations of authentication objects that are usable with different service providers. The interface, executed by a first device, may be configured to authenticate a second device.

公开(公告)号：US10326597B1

公开(公告)日：2019-06-18

申请号：US14318457

申请日：2014-06-27

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine

IPC: H04L9/32

Abstract: A system that provides responses to requests obtains a key that is used to digitally sign the request. The key is derived from information that is shared with a requestor to which the response is sent. The requestor derives, using the shared information, derives a key usable to verify the digital signature of the response, thereby enabling the requestor to operate in accordance with whether the digital signature of the response matches the response.

公开(公告)号：US10250603B1

公开(公告)日：2019-04-02

申请号：US14673371

申请日：2015-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Andrew Paul Mikulski

IPC: H04L29/06

Abstract: The launching of new software code, virtual machines, and other such instances can undergo one or more scans before being fully available in an electronic environment. One or more policies may apply to such a launch, which can cause the launch to first be performed under a first network configuration, wherein the instance may not be granted access to resources other than scanning infrastructure. After one or more scans are performed, the results can be compared against the policies and, if the results pass, the instance can be caused to operate in a second network configuration, whether launching a new instance in a production environment, altering the configuration of the network, or other such tasks. The policies can be set by a provider of the relevant resources, an administrator of one or more affected resources, an administrator of the instance, or another appropriate party.

公开(公告)号：US20190034642A1

公开(公告)日：2019-01-31

申请号：US16147033

申请日：2018-09-28

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Anders Samuelsson ,  Bradley Jeffery Behm

IPC: G06F21/60 ,  G06Q20/14 ,  H04L29/06

Abstract: Customers of a service provider are able to provision compartments of the accounts. The both the accounts and the compartments, in some embodiments, may have associated computing resources and identities. One or more identities of the account may be authorized to perform administrative operations in the compartment. Identities of the compartment may lack the ability to perform any administrative actions outside of the compartment but inside of the account.

公开(公告)号：US10181953B1

公开(公告)日：2019-01-15

申请号：US14027843

申请日：2013-09-16

Applicant: Amazon Technologies, Inc.

Inventor： Benjamin Elias Seidenberg ,  Gregory Branchek Roth ,  Benjamin Tillman Farley

IPC: H04L9/08 ,  H04L9/32

Abstract: Electronically signed data is persistently stored in data storage. After the passage of time, the data may be accessed and presented to a trusted entity for verification of the data. The trusted entity may have access to secret information used to sign the data. The trusted entity may use the secret information to verify an electronic signature of the data. One or more actions may be taken based at least in part on a response provided by the verification system.

公开(公告)号：US10142301B1

公开(公告)日：2018-11-27

申请号：US14489161

申请日：2014-09-17

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Darren Ernest Canavor ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  Gregory Branchek Roth ,  Gregory Alan Rubin

IPC: H04L29/06 ,  H04L9/08

Abstract: Multiple communications that encode data are encrypted for transit from one entity to the other. An entity receiving the communications decrypts at least some of the communications to determine how to process the communications. As part of processing the communications, the entity receiving the communications provides at least some of the encrypted communications to a data storage system without reencrypting those communications.

公开(公告)号：US10110382B1

公开(公告)日：2018-10-23

申请号：US14475468

申请日：2014-09-02

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Gregory Alan Rubin

IPC: H04L9/00 ,  H04L9/08 ,  H04L29/00 ,  G06F12/14

Abstract: Cryptographic keys are durably stored for an amount of time. A cryptographic key is encrypted so as to be decryptable using another cryptographic key that has a limited lifetime. The other cryptographic key can be used to decrypt the encrypted cryptographic key to restore the cryptographic key during the lifetime of the other cryptographic key. After the lifetime of the other cryptographic key, if a copy of the cryptographic key is lost (e.g., inadvertently and unrecoverably deleted from memory), the cryptographic key becomes irrecoverable.

公开(公告)号：US10100553B1

公开(公告)日：2018-10-16

申请号：US15199746

申请日：2016-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Alexander Zissis Ginos

IPC: E05B11/06 ,  E05B27/00 ,  E05B47/06 ,  E05B47/00

Abstract: Pin tumbler locks are provided that include features for detecting tampering. Tampering may be detected in a number of different ways. As an example, abnormal movement of one or more of the driver pins in a pin tumbler lock can be an indication of tampering. In addition, one or more sensors can be included at the end of a keyway that detect picking or bumping beyond the length of normal key insertion. A mechanical actuator can be used for detection.

公开(公告)号：US10078687B2

公开(公告)日：2018-09-18

申请号：US14849481

申请日：2015-09-09

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Alan Rubin ,  Gregory Branchek Roth

IPC: G06F17/30

CPC classification number: G06F16/2255

Abstract: A computer system receives a request to remove an entry from a probabilistic data structure. In response to the request, the computer system queries the probabilistic data structure to determine a current iteration value for the entry within the probabilistic data structure. The current iteration value indicates a state of the entry such that a first state corresponds to the entry being a member of a set and a second state corresponds to the absence of the entry from the set. As a result of the current iteration value denoting that the entry is a member of the set, the computer system increments the current iteration value to generate a new iteration value that corresponds to the absence of the entry from the set. The computer system uses the new iteration value and the entry to generate a new output value that is then added to the probabilistic data structure.