公开(公告)号：US12003505B2

公开(公告)日：2024-06-04

申请号：US17113858

申请日：2020-12-07

Applicant: Amazon Technologies, Inc.

Inventor： Ramkishore Bhattacharyya ,  Rameez Loladia ,  William Alexander Stevenson ,  Ashutosh Thakur ,  Rodrigo Diaz Martin ,  Andrew John Kiggins ,  Xin Yi Liu

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L63/0861 ,  H04L9/3242 ,  H04L9/3247 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/061 ,  H04L63/0807

Abstract: Systems and methods are disclosed herein for enforcing digital signature on a token useable by a network-addressable device to invoke service calls on services of a service provider. A device platform service of the service provider may receive service calls from the network-addressable device and cause one or more operations to be performed by other services of the service provider in response to receiving a notification that the request is authentic. An authentication service analyses a fingerprint associated with a request submitted by the device and determines whether it is a match to a fingerprint generated from cryptographic authentication information provided by the user in connection with registering the network-addressable device.

公开(公告)号：US10516694B1

公开(公告)日：2019-12-24

申请号：US15084354

申请日：2016-03-29

Applicant: Amazon Technologies, Inc.

Inventor： Piyush Gupta ,  Stephen Andrew Stroud Saville ,  Andrew John Kiggins ,  Atulya S. Beheray

IPC: H04L29/06

Abstract: Systems and methods are described to enable mitigation of network attacks in communication networks. When a network attack is detected, packets within the communication network are routed through a hierarchical mitigation system, which includes at least two tiers of mitigation devices configured to apply mitigation techniques to the packets. Outer tiers of the hierarchical mitigation system (e.g., closer to an edge of the communication network) can apply simple mitigation techniques that are efficient even when distributed, and which provide early mitigation for attack packets while not requiring large amounts of computing resources. Inner tiers of the hierarchical mitigation system (e.g., closer to a destination device) can apply more complex mitigation systems that may require centralized application, and which provide more robust mitigation at a potentially higher computing resource cost.

公开(公告)号：US09432387B2

公开(公告)日：2016-08-30

申请号：US14671843

申请日：2015-03-27

Applicant: Amazon Technologies, Inc.

Inventor： Amit J. Mhatre ,  Andrew John Kiggins ,  Michael F. Diggins

IPC: H04L29/06 ,  G06F21/56

CPC classification number: H04L63/1416 ,  G06F21/566 ,  H04L63/1458

Abstract: This disclosure generally relates to the generation of a packet signature for packets determined to correspond to a network attack, such as a denial of service (“DoS”) attack. Specifically, a set of data packets captured during normal system operations can be analyzed to determine a set of baseline attributes. Additional packets captured during an attack can be compared to the baseline attributes, to determine, for individual packets, a probability that the packet forms a part of the attack. A packet signature can then be generated to identify attributes that are characteristic of the attack. That signature can then be used to filter out packets and mitigate the attack.

Abstract translation: 本公开通常涉及为对应于诸如拒绝服务（“DoS”）攻击的网络攻击确定的分组的生成分组签名。 具体地，可以分析在正常系统操作期间捕获的一组数据分组以确定一组基线属性。 在攻击期间捕获的附加数据包可以与基线属性进行比较，以确定各个数据包是数据包构成攻击的一部分的概率。 然后可以生成分组签名以识别作为攻击特征的属性。 然后可以使用该签名来过滤掉数据包并减轻攻击。

公开(公告)号：US20210092115A1

公开(公告)日：2021-03-25

申请号：US17113858

申请日：2020-12-07

Applicant: Amazon Technologies, Inc.

Inventor： Ramkishore Bhattacharyya ,  Rameez Loladia ,  William Alexander Stevenson ,  Ashutosh Thakur ,  Rodrigo Diaz Martin ,  Andrew John Kiggins ,  Xin Yi Liu

IPC: H04L29/06 ,  H04L9/32

Abstract: Systems and methods are disclosed herein for enforcing digital signature on a token useable by a network-addressable device to invoke service calls on services of a service provider. A device platform service of the service provider may receive service calls from the network-addressable device and cause one or more operations to be performed by other services of the service provider in response to receiving a notification that the request is authentic. An authentication service analyses a fingerprint associated with a request submitted by the device and determines whether it is a match to a fingerprint generated from cryptographic authentication information provided by the user in connection with registering the network-addressable device.

公开(公告)号：US10862883B1

公开(公告)日：2020-12-08

申请号：US15728341

申请日：2017-10-09

Applicant: Amazon Technologies, Inc.

Inventor： Ramkishore Bhattacharyya ,  Rameez Loladia ,  William Alexander Stevenson ,  Ashutosh Thakur ,  Rodrigo Diaz Martin ,  Andrew John Kiggins ,  Xin Yi Liu

IPC: H04L29/06 ,  H04L9/32

Abstract: Systems and methods are disclosed herein for enforcing digital signature on a token useable by a network-addressable device to invoke service calls on services of a service provider. A device platform service of the service provider may receive service calls from the network-addressable device and cause one or more operations to be performed by other services of the service provider in response to receiving a notification that the request is authentic. An authentication service analyses a fingerprint associated with a request submitted by the device and determines whether it is a match to a fingerprint generated from cryptographic authentication information provided by the user in connection with registering the network-addressable device.

公开(公告)号：US20150215331A1

公开(公告)日：2015-07-30

申请号：US14671843

申请日：2015-03-27

Applicant: Amazon Technologies, Inc.

Inventor： Amit J. Mhatre ,  Andrew John Kiggins ,  Michael F. Diggins

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/566 ,  H04L63/1458

Abstract: This disclosure generally relates to the generation of a packet signature for packets determined to correspond to a network attack, such as a denial of service (“DoS”) attack. Specifically, a set of data packets captured during normal system operations can be analyzed to determine a set of baseline attributes. Additional packets captured during an attack can be compared to the baseline attributes, to determine, for individual packets, a probability that the packet forms a part of the attack. A packet signature can then be generated to identify attributes that are characteristic of the attack. That signature can then be used to filter out packets and mitigate the attack.

Abstract translation: 本公开通常涉及为对应于诸如拒绝服务（“DoS”）攻击的网络攻击确定的分组的生成分组签名。 具体地，可以分析在正常系统操作期间捕获的一组数据分组以确定一组基线属性。 在攻击期间捕获的附加数据包可以与基线属性进行比较，以确定各个数据包是数据包构成攻击的一部分的概率。 然后可以生成分组签名以识别作为攻击特征的属性。 然后可以使用该签名来过滤掉数据包并减轻攻击。