公开(公告)号：US20180191710A1

公开(公告)日：2018-07-05

申请号：US15906966

申请日：2018-02-27

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Guruprakash Bangalore Rao ,  Shuo Wang ,  Sameer Palande ,  Krithi Rai ,  Chirag Pravin Pandya

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/0853 ,  G06F16/24 ,  G06F21/6218 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/102 ,  H04L63/105

Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.

公开(公告)号：US20170366501A1

公开(公告)日：2017-12-21

申请号：US15693089

申请日：2017-08-31

Applicant: Amazon Technologies, Inc.

Inventor： Chirag Pravin Pandya ,  Connor John Yorks ,  Krithi Rai ,  Lawrence Hun-Gi Aung

IPC: H04L29/12

CPC classification number: H04L61/3025 ,  H04L61/1511

Abstract: A computing resource service receives a request from a customer to assign a domain name to a computing resource. The computing resource service may submit a query to a domain name system service to determine whether the domain name has been reserved for the customer. The domain name system service may provide an encrypted alias record corresponding to the requested domain name and specifying one or more identifiers of customers for whom the domain name has been reserved. The computing resource service may decrypt the alias record and determine whether the customer corresponds to one of the one or more identifiers within the alias record. If the customer does correspond to one of the one or more identifiers within the alias record, the computing resource service may assign the domain name to the computing resource.

公开(公告)号：US10757086B2

公开(公告)日：2020-08-25

申请号：US15583715

申请日：2017-05-01

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Chirag Pravin Pandya

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08 ,  G06F21/31

Abstract: A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint.

公开(公告)号：US09853978B2

公开(公告)日：2017-12-26

申请号：US15424691

申请日：2017-02-03

Applicant: Amazon Technologies, Inc.

Inventor： Erik Jonathon Tellvik ,  Gaurang Pankaj Mehta ,  Ajit Nagendra Padukone ,  Chirag Pravin Pandya ,  Colin Harrison Brace ,  Deepak Suryanarayanan ,  Guruprakash Bangalore Rao ,  Krithi Rai ,  Malcolm Russell Ah Kun ,  Sameer Palande ,  Shon Kiran Shah ,  Vivek Lakshmanan

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06

CPC classification number: H04L63/0807 ,  H04L63/083

Abstract: A virtual computing environment service may receive a request from a customer to provision a virtual computing environment and join the virtual computing environment to a managed directory. The virtual computing environment service may provision the virtual computing environment and uses a set of administrator credentials from the customer and a set of credentials corresponding to the environment to access the managed directory and request joining of the environment to the managed directory. In response, the managed directory may create a computer account corresponding to the environment and which enables the environment to be used to access the managed directory. The virtual computing environment service may then enable the customer to specify one or more users that may utilize the virtual computing environment to access the managed directory.

公开(公告)号：US09344427B1

公开(公告)日：2016-05-17

申请号：US14538187

申请日：2014-11-11

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Chirag Pravin Pandya

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L63/0428 ,  H04L63/0884

Abstract: Techniques and constructs to facilitate multiple authentications of passwords are described. For instance, the disclosure describes systems and processes that authenticate a password and return an encrypted password that may be subsequently decrypted for additional authentications.

Abstract translation: 描述了促进密码多重验证的技术和结构。 例如，本公开描述了认证密码并返回加密密码的系统和过程，该密码可随后被解密以用于附加认证。

公开(公告)号：US11134067B1

公开(公告)日：2021-09-28

申请号：US15457273

申请日：2017-03-13

Applicant: Amazon Technologies, Inc.

Inventor： Lawrence Hun-Gi Aung ,  Gaurang Pankaj Mehta ,  Krithi Rai ,  Chirag Pravin Pandya ,  Shuo Wang

IPC: H04L29/06

Abstract: A centralized policy management may allow for one set of credentials to various applications and services offered by a computing resource service provider or other third-party servers. Systems, methods, and computer readable medium can be configured to receive a request to access a first computing system service provided by the computing resource service provider, generate an encrypted data bundle including at least a user identifier and a data type, and transmit the encrypted data bundle to a recipient, wherein the encrypted data bundle is configured to be returned to the one or more computing devices to facilitate access to the first computing system service provided by the computing resource service provider.

公开(公告)号：US09942224B2

公开(公告)日：2018-04-10

申请号：US15456158

申请日：2017-03-10

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Guruprakash Bangalore Rao ,  Shuo Wang ,  Sameer Palande ,  Krithi Rai ,  Chirag Pravin Pandya

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/0853 ,  G06F17/30386 ,  G06F21/6218 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/102 ,  H04L63/105

Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.

公开(公告)号：US20170302643A1

公开(公告)日：2017-10-19

申请号：US15583715

申请日：2017-05-01

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Chirag Pravin Pandya

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/31 ,  H04L29/12

Abstract: A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint.

公开(公告)号：US09641503B2

公开(公告)日：2017-05-02

申请号：US14506342

申请日：2014-10-03

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Chirag Pravin Pandya

IPC: H04L9/32 ,  H04L29/06 ,  H04L29/12 ,  H04L29/08 ,  G06F21/31

CPC classification number: H04L63/08 ,  G06F21/31 ,  H04L61/15 ,  H04L61/1511 ,  H04L61/1523 ,  H04L61/1552 ,  H04L61/1576 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/107 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/1021 ,  H04L67/16 ,  H04L67/18

Abstract: A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint.

公开(公告)号：US10326731B2

公开(公告)日：2019-06-18

申请号：US15693089

申请日：2017-08-31

Applicant: Amazon Technologies, Inc.

Inventor： Chirag Pravin Pandya ,  Connor John Yorks ,  Krithi Rai ,  Lawrence Hun-Gi Aung

IPC: G06F15/177 ,  H04L29/12

Abstract: A computing resource service receives a request from a customer to assign a domain name to a computing resource. The computing resource service may submit a query to a domain name system service to determine whether the domain name has been reserved for the customer. The domain name system service may provide an encrypted alias record corresponding to the requested domain name and specifying one or more identifiers of customers for whom the domain name has been reserved. The computing resource service may decrypt the alias record and determine whether the customer corresponds to one of the one or more identifiers within the alias record. If the customer does correspond to one of the one or more identifiers within the alias record, the computing resource service may assign the domain name to the computing resource.