-
公开(公告)号:US10164997B2
公开(公告)日:2018-12-25
申请号:US15422253
申请日:2017-02-01
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr , Christopher Dunn , Alexis Floyd , David James Kane-Parry , Volker Helmut Mosthaf , Christopher Gordon Williams
Abstract: A first computer is selected for testing. Information sent from a second computer system to the first computer is intercepted. The information is modified to be noncompliant with a communication protocol, thereby producing noncompliant information. A determination is made whether the first computer device has failed to provide a particular response to receipt of the noncompliant information, and an operation is performed based at least in part on the determination.
-
公开(公告)号:US10176318B1
公开(公告)日:2019-01-08
申请号:US15795812
申请日:2017-10-27
Applicant: Amazon Technologies, Inc.
Abstract: Techniques for maintaining and updating authentication information for a plurality of accounts may be provided. In an example a first set of authentication information for the plurality of accounts may be maintained. A second set of authentication information that has been marked as potentially compromised may be received. A third set of authentication information may be generated based on the overlap between the first set of authentication information and the second set of authentication information. The first set of authentication information may be updated based at least in part on one or more security authentication protocols and the third set of authentication information.
-
公开(公告)号:US09571465B1
公开(公告)日:2017-02-14
申请号:US14490445
申请日:2014-09-18
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr , Christopher Dunn , Alexis Floyd , David James Kane-Parry , Volker Helmut Mosthaf , Christopher Gordon Williams
CPC classification number: H04L63/1433 , G06Q10/083 , G06Q20/405 , H04L9/3268 , H04L12/4625 , H04L63/0428 , H04L63/08 , H04L63/101 , H04L63/1441 , H04L63/1483 , H04L67/10 , H04L2209/26 , H04L2209/56
Abstract: Data security is enhanced by injecting insecurity into communications between two computer systems to test one of the computer systems. The insecurity is injected by modifying the communications between the two computer systems by modifying or adding messages. A response from one of the computer systems is monitored to determine whether the computer system reacts to the modification in a secure manner or if mitigating actions need to be performed.
Abstract translation: 通过在两台计算机系统之间的通信中注入不安全性来测试其中一台计算机系统来增强数据安全性。 通过修改或添加消息来修改两台计算机系统之间的通信来注入不安全性。 监视来自其中一个计算机系统的响应,以确定计算机系统是否以安全的方式对修改做出反应,或者是否需要执行缓解措施。
-
公开(公告)号:US10185982B1
公开(公告)日:2019-01-22
申请号:US14667196
申请日:2015-03-24
Applicant: Amazon Technologies, Inc.
Inventor: David James Kane-Parry
Abstract: The present disclosure provides computer-implemented systems and processes for determining and analyzing a user review status for a first item purchased or otherwise selected by a user; automatically and periodically monitoring review statutes for various alternative items, which may include competing, substitute, or replacement items relative to the first item; and generating an item recommendation based at least in part on a determination of which alternative items may be more positively rated than the first item. When a determination is made that an alternative item may be earning more positive feedback than the first item of interest, the system notifies the user that a possibly better item is available. Candidate alternative items may be identified based on the user's browsing history, groups of related items, or other sources. Candidate items may be weighted based on various attributes of the reviews, including average rating, number of ratings, number of reviews, and type.
-
公开(公告)号:US09870464B1
公开(公告)日:2018-01-16
申请号:US15351801
申请日:2016-11-15
Applicant: Amazon Technologies, Inc.
CPC classification number: G06F21/46 , H04L63/083 , H04L63/1441 , H04L2463/102
Abstract: Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor.
-
Patent Agency Ranking
公开(公告)号:US09465942B1
公开(公告)日:2016-10-11
申请号:US14459037
申请日:2014-08-13
Applicant: AMAZON TECHNOLOGIES, INC.
Inventor: David James Kane-Parry , Thibault Candebat , Nima Sharifi Mehr
CPC classification number: G06F21/57 , G06F21/125 , G06F21/577 , G06F21/75 , G06F2221/033
Abstract: Techniques are described for identifying security credentials or other sensitive information by creating a dictionary of data elements included in documents such as source code files, object code files, or other types of files. The data elements may be identified for inclusion in the dictionary based on parsing the documents for delimiter characters, and based on the context of the data elements within the documents. The data elements may also be identified through an entropy-based analysis to detect portions of the documents exhibiting a high degree of entropy compared to a baseline entropy for the documents. The dictionary may be used in a dictionary attack against various systems to determine whether any of the data elements included in the dictionary enable access the systems. The data elements that enable access may be designated as sensitive information hard-coded into the documents.
Abstract translation: 描述了通过创建诸如源代码文件,目标代码文件或其他类型的文件的文档中包括的数据元素的字典来识别安全凭证或其他敏感信息的技术。 可以基于解析用于定界符字符的文档,并且基于文档内的数据元素的上下文来识别数据元素以包括在字典中。 也可以通过基于熵的分析来识别数据元素,以便与文档的基线熵相比较,以检测表现出高度熵的文档的部分。 字典可以用于针对各种系统的字典攻击,以确定包括在字典中的任何数据元素是否能够访问系统。 可以将访问的数据元素指定为硬编码到文档中的敏感信息。
-
公开(公告)号:US11042869B1
公开(公告)日:2021-06-22
申请号:US14503324
申请日:2014-09-30
Applicant: Amazon Technologies, Inc.
Inventor: Matthew Ryan Jezorek , Scott Kenneth Bishop , Brenda Renee' Campbell , Darren Ernest Canavor , Scott Donald Gregory , Jesper Mikael Johansson , David James Kane-Parry , Eric Michael Laird , Brian Young Lee , Ido Mittelman , Gregory Branchek Roth , James Arthur Wilson
Abstract: A payment object service receives a request from a giver to associate a payment amount to an object. The request includes one or more images of the object and recipient information, which the payment object service uses to determine whether the association between these images and the information is unique. If the association is unique, the payment object service updates a database to associate the payment amount to the object and enable redemption of the payment amount. When the payment object service receives a request to redeem at least a portion of the payment amount, the payment object service may use one or more images and recipient information obtained from the request to verify that the images and information together correspond to the object. Once the redemption is complete, the payment object service may update the database to specify the current remaining payment amount.
-
公开(公告)号:US10574686B2
公开(公告)日:2020-02-25
申请号:US16230901
申请日:2018-12-21
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr , Christopher Dunn , Alexis Floyd , David James Kane-Parry , Volker Helmut Mosthaf , Christopher Gordon Williams
Abstract: A first computer is selected for testing. Information sent from a second computer system to the first computer is intercepted. The information is modified to be noncompliant with a communication protocol, thereby producing noncompliant information. A determination is made whether the first computer device has failed to provide a particular response to receipt of the noncompliant information, and an operation is performed based at least in part on the determination.
-
公开(公告)号:US09824207B1
公开(公告)日:2017-11-21
申请号:US14571254
申请日:2014-12-15
Applicant: Amazon Technologies, Inc.
CPC classification number: G06F21/46
Abstract: Techniques for maintaining and updating authentication information for a plurality of accounts may be provided. In an example a first set of authentication information for the plurality of accounts may be maintained. A second set of authentication information that has been marked as potentially compromised may be received. A third set of authentication information may be generated based on the overlap between the first set of authentication information and the second set of authentication information. The first set of authentication information may be updated based at least in part on one or more security authentication protocols and the third set of authentication information.
-
公开(公告)号:US20170149817A1
公开(公告)日:2017-05-25
申请号:US15422253
申请日:2017-02-01
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr , Christopher Dunn , Alexis Floyd , David James Kane-Parry , Volker Helmut Mosthaf , Christopher Gordon Williams
CPC classification number: H04L63/1433 , G06Q10/083 , G06Q20/405 , H04L9/3268 , H04L12/4625 , H04L63/0428 , H04L63/08 , H04L63/101 , H04L63/1441 , H04L63/1483 , H04L67/10 , H04L2209/26 , H04L2209/56
Abstract: A first computer is selected for testing. Information sent from a second computer system to the first computer is intercepted. The information is modified to be noncompliant with a communication protocol, thereby producing noncompliant information. A determination is made whether the first computer device has failed to provide a particular response to receipt of the noncompliant information, and an operation is performed based at least in part on the determination.
-
-
-
-
-
-
-
-
-
Search Results
17
records
(took 0.022 seconds)
