公开(公告)号：US12081451B2

公开(公告)日：2024-09-03

申请号：US15583547

申请日：2017-05-01

Applicant: Amazon Technologies, Inc.

Inventor： Eric J. Brandwine ,  Marvin M. Theimer ,  Don Johnson ,  Swaminathan Sivasubramanian

IPC: H04L47/70 ,  G06F9/50 ,  G06F21/53 ,  H04L67/10

CPC classification number: H04L47/70 ,  G06F9/5077 ,  G06F21/53 ,  H04L67/10 ,  G06F2221/2149

Abstract: With the advent of virtualization technologies, networks and routing for those networks can now be simulated using commodity hardware. For example, virtualization technologies can be adapted to allow a single physical computing machine to be shared among multiple virtual networks by providing one or more virtual machines simulated in software by the single physical computing machine, with each virtual machine acting as a distinct logical computing system. In addition, as routing can be accomplished through software, additional network setup flexibility can be provided to the virtual network in comparison with hardware-based routing. In some implementations, virtual network setup can be abstracted through the use of resource placement templates, allowing users to create virtual networks compliant with a customer's networking policies without necessarily having knowledge of what those policies are.

公开(公告)号：US20200065870A1

公开(公告)日：2020-02-27

申请号：US16532267

申请日：2019-08-05

Applicant: Amazon Technologies, Inc.

Inventor： Jonathan A. Jenkins ,  Benjamin W. Mercier ,  Marvin M. Theimer ,  Eric J. Brandwine ,  Joseph E. Fitzgerald

IPC: G06Q30/06

Abstract: Techniques are described for facilitating use of software components by software applications in a configurable manner. In some situations, the software components are fee-based components that are made available by providers of the components for use by others in exchange for fees defined by the components providers, and in at least some situations, the software components may have various associated restrictions or other non-price conditions related to their use. The described techniques facilitate use of such software components by software applications in a configured manner. Furthermore, in at least some situation, the execution of such software applications is managed by an application deployment system that controls and tracks the execution of the software application on one or more computing nodes, including to manage the execution of any software components that are part of the software application.

公开(公告)号：US10467042B1

公开(公告)日：2019-11-05

申请号：US16261401

申请日：2019-01-29

Applicant: Amazon Technologies, Inc.

Inventor： Benjamin W. Mercier ,  Joseph E. Fitzgerald ,  Eric J. Brandwine ,  Marvin M. Theimer

IPC: G06F9/46 ,  G06F9/455 ,  G06F8/60 ,  H04L29/08

Abstract: The deployment of content and computing resources for implementing a distributed software application can be optimized based upon customer location. The volume and geographic origin of incoming requests for a distributed software application are determined. Based upon the volume and geographic origin of the incoming requests, content and/or one or more instances of the distributed software application may be deployed to a geographic region generating a significant volume of requests for the distributed software application. Content and/or instances of a distributed software application might also be speculatively deployed to a geographic region in an attempt to optimize the performance, cost, or other attribute of a distributed software application.

公开(公告)号：US20160173485A1

公开(公告)日：2016-06-16

申请号：US15052789

申请日：2016-02-24

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Popoveniuc ,  Cristian Marius Ilac ,  Gregory Branchek Roth ,  Eric J. Brandwine

IPC: H04L29/06

CPC classification number: H04L63/083 ,  G06F21/316 ,  G06F21/552 ,  H04L63/08 ,  H04L63/102 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20

Abstract: A first identity claim and a first attempt to prove password possession are received. As a result of determining that the first attempt to prove password possession is a match to a password in a set of passwords, but that the first identity claim is a mismatch to an identity that corresponds to the password, an authentication process that includes incrementing a counter associated with the password is performed. A second identity claim and a second attempt to prove password possession is received. As a result of determining that the second attempt to prove password possession is a match to the password, an authentication process that includes incrementing the counter associated with the password only if the second identity claim is a mismatch to the first identity claim is performed.

Abstract translation: 收到第一个身份声明和首次尝试证明密码占有。 作为确定证明密码占有的第一次尝试与一组密码中的密码匹配的结果，但是第一身份声明与对应于该密码的身份不匹配，认证过程包括增加一个 执行与密码相关联的计数器。 接收到第二个身份声明和第二次证明密码占有的尝试。 作为确定证明密码占有的第二尝试与密码匹配的结果，执行认证处理，其仅在第二身份声明与第一身份声明不匹配时才包括增加与密码相关联的计数器。

公开(公告)号：US09064121B2

公开(公告)日：2015-06-23

申请号：US14057359

申请日：2013-10-18

Applicant: Amazon Technologies, Inc.

Inventor： Bradley E. Marshall ,  Charles D. Phillips ,  Eric J. Brandwine

IPC: G06F21/60 ,  H04L29/06

CPC classification number: G06F21/60 ,  H04L63/0227 ,  H04L63/20

Abstract: Network computing systems may implement data loss prevention (DLP) techniques to reduce or prevent unauthorized use or transmission of confidential information or to implement information controls mandated by statute, regulation, or industry standard. Implementations of network data transmission analysis systems and methods are disclosed that can use contextual information in a DLP policy to monitor data transmitted via the network. The contextual information may include information based on a network user's organizational structure or services or network infrastructure. Some implementations may detect bank card information in network data transmissions. Some of the systems and methods may be implemented on a virtual network overlaid on one or more intermediate physical networks that are used as a substrate network.

Abstract translation: 网络计算系统可以实施数据丢失预防（DLP）技术，以减少或阻止未经授权的使用或传输机密信息或执行法规，法规或行业标准所规定的信息控制。 公开了可以使用DLP策略中的上下文信息来监视经由网络发送的数据的网络数据传输分析系统和方法的实现。 上下文信息可以包括基于网络用户的组织结构或服务或网络基础设施的信息。 一些实现可以在网络数据传输中检测银行卡信息。 一些系统和方法可以在覆盖在用作衬底网络的一个或多个中间物理网络上的虚拟网络上实现。

公开(公告)号：US11216414B2

公开(公告)日：2022-01-04

申请号：US15804889

申请日：2017-11-06

Applicant: Amazon Technologies, Inc.

Inventor： Eric J. Brandwine ,  Matthew T. Corddry

IPC: G06F16/11 ,  G06F16/951 ,  G06F16/907 ,  G06F9/455

Abstract: Systems and methods are provided for managing objects. In one implementation, a computer-implemented method is provided. The method includes receiving a query comprising a tag and executing the query. An object identifier is retrieved from a data table, based on the tag. The method further returns a result of the query. The result includes the object identifier that was retrieved from the data table. The method further performing an action related to an object having the retrieved object identifier.

公开(公告)号：US10931442B1

公开(公告)日：2021-02-23

申请号：US16152885

申请日：2018-10-05

Applicant: Amazon Technologies, Inc.

Inventor： Gregory B. Roth ,  Graeme D. Baer ,  Nathan R. Fitch ,  Eric D. Crahen ,  Eric J. Brandwine

IPC: H04L9/08 ,  H04L9/06

Abstract: Client requests may be directed through a secret holding proxy system such that the secret holding proxy system may insert a secret into a client request before arriving at the destination. The insertion of a secret may include inserting a digital signature, token or other information that includes a secret or information based upon a secret, which may include secret exchange or authentication protocols. The secret holding proxy system may also remove secrets and/or transform incoming messages such that the client may transparently receive the underlying content of the message.

公开(公告)号：US10454922B2

公开(公告)日：2019-10-22

申请号：US15052789

申请日：2016-02-24

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Popoveniuc ,  Cristian Marius Ilac ,  Gregory Branchek Roth ,  Eric J. Brandwine

IPC: H04L29/06 ,  G06F21/31 ,  G06F21/55

Abstract: A first identity claim and a first attempt to prove password possession are received. As a result of determining that the first attempt to prove password possession is a match to a password in a set of passwords, but that the first identity claim is a mismatch to an identity that corresponds to the password, an authentication process that includes incrementing a counter associated with the password is performed. A second identity claim and a second attempt to prove password possession is received. As a result of determining that the second attempt to prove password possession is a match to the password, an authentication process that includes incrementing the counter associated with the password only if the second identity claim is a mismatch to the first identity claim is performed.

公开(公告)号：US10084784B1

公开(公告)日：2018-09-25

申请号：US14558281

申请日：2014-12-02

Applicant: Amazon Technologies, Inc.

Inventor： Eric J. Brandwine ,  Matthew Shawn Wilson

IPC: H04L29/06 ,  G06F9/455

CPC classification number: H04L63/0442 ,  G06F9/45558 ,  G06F2009/45587 ,  H04L63/102 ,  H04L63/20

Abstract: Functionality is disclosed herein for providing a resource monitoring environment that restricts access to computing resource data in a service provider network. The resource monitoring environment processes requests to access computing resource data, and denies requests not signed or authorized by a customer of a service provider network or other entity. Access to the computing resource data includes access to non-obfuscated data and/or access to encrypted computing resource data encrypted by way of a public encryption key held by a customer of the service provider network or other entity instead of a requestor of the computing resource data.

公开(公告)号：US20160132320A1

公开(公告)日：2016-05-12

申请号：US14988500

申请日：2016-01-05

Applicant: Amazon Technologies, Inc.

Inventor： Joseph E. Fitzgerald ,  Marvin M. Theimer ,  Eric J. Brandwine ,  Benjamin W. Mercier

IPC: G06F9/445 ,  H04L29/08

CPC classification number: G06F8/65 ,  G06F9/45533 ,  H04L67/10

Abstract: Update preferences might be utilized to specify that an update to an application should not be applied until the demand for the application falls below a certain threshold. Demand for the application is monitored. The update to the application is applied when the actual demand for the application falls below the specified threshold. The threshold might be set such that updates are deployed during the off-peak periods of demand encountered during a regular demand cycle, such as a diurnal, monthly, or yearly cycle.