公开(公告)号：US09178866B2

公开(公告)日：2015-11-03

申请号：US14557222

申请日：2014-12-01

Applicant: Amazon Technologies, Inc.

Inventor： Dominique I. Brezinski ,  Benjamin S. Kirzhner ,  Emilia S. Buneci ,  Martin M. O'Reilly ,  Cyrus J. Durgin ,  Lane R. LaRue

IPC: H04L29/06 ,  G06F21/31 ,  G06F21/32 ,  G06F21/42 ,  G07C9/00

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/32 ,  G06F21/42 ,  G06F2221/2103 ,  G07C9/00166 ,  H04L63/10

Abstract: Techniques for user authentication are disclosed. In some situations, the techniques include receiving, from a client device, an authentication request to access a network resource, the request including a user identifier, obtaining a security credential associated with the user identifier contained in the received request, generating an authorization code based on the obtained security credential, providing to the client device instructions to obtain first information corresponding to the generated authorization code, receiving, from the client device, the first information provided in response to the provided instructions, and, when the first information received from the client device corresponds to at least a portion of the generated authorization code, authorizing the client device to access the network resource.

Abstract translation: 公开了用于用户认证的技术。 在某些情况下，这些技术包括从客户端设备接收访问网络资源的认证请求，该请求包括用户标识符，获得与接收到的请求中包含的用户标识符相关联的安全凭证，生成基于授权码的授权码 在获得的安全凭证上，向客户端提供指令以获得对应于所生成的授权码的第一信息，从客户端设备接收响应于所提供的指令而提供的第一信息，以及当从 客户端设备对应于所生成的授权码的至少一部分，授权客户端设备访问网络资源。

公开(公告)号：US08848922B1

公开(公告)日：2014-09-30

申请号：US13685643

申请日：2012-11-26

Applicant: Amazon Technologies, Inc.

Inventor： Cyrus J. Durgin ,  Pratik S. Dave ,  Eric J. Martin

IPC: H04L9/12 ,  G06F21/62 ,  H04L9/14

CPC classification number: G06F21/6218 ,  G06F21/6209

Abstract: Secure information is managed for each host or machine in an electronic environment using a series of key identifiers that each represent one or more secure keys, passwords, or other secure information. Applications and services needing access to the secure information can specify the key identifier, for example, and the secure information currently associated with that identifier can be determined without any change to the code or manual input or exposure of the secure information on the respective device. Functionality such as encryption key management and rotation are inaccessible and transparent to the user. In a networked or distributed environment, the key identifiers can be associated with host classes such that at startup any host in a class can obtain the necessary secure information. Updates and key rotation can be performed in a similar fashion by pushing updates to host classes transparent to a user, application, or service.

Abstract translation: 使用一系列关键标识符，每个代表一个或多个安全密钥，密码或其他安全信息，在电子环境中为每个主机或计算机管理安全信息。 需要访问安全信息的应用和服务可以指定密钥标识符，例如，可以确定当前与该标识符相关联的安全信息，而不改变代码或手动输入或者在相应设备上的安全信息的暴露。 诸如加密密钥管理和旋转等功能对于用户来说是无法访问和透明的。 在联网或分布式环境中，密钥标识符可以与主机类相关联，使得在启动时，类中的任何主机都可以获得必要的安全信息。 通过将更新推送给用户，应用程序或服务透明的主机类，可以以类似的方式执行更新和关键循环。

公开(公告)号：US08925062B1

公开(公告)日：2014-12-30

申请号：US14080599

申请日：2013-11-14

Applicant: Amazon Technologies, Inc.

Inventor： Dominique I. Brezinski ,  Benjamin S. Kirzhner ,  Emilia S. Buneci ,  Martin M. O'Reilly ,  Cyrus J. Durgin ,  Lane R. LaRue

IPC: G06F7/04 ,  G06F21/32 ,  G06F21/31 ,  H04L29/06 ,  G07C9/00

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/32 ,  G06F21/42 ,  G06F2221/2103 ,  G07C9/00166 ,  H04L63/10

Abstract: Techniques for user authentication are disclosed. In some situations, the techniques include receiving, from a client device, an authentication request to access a network resource, the request including a user identifier, obtaining a security credential associated with the user identifier contained in the received request, generating an authorization code based on the obtained security credential, providing to the client device instructions to obtain first information corresponding to the generated authorization code, receiving, from the client device, the first information provided in response to the provided instructions, and, when the first information received from the client device corresponds to at least a portion of the generated authorization code, authorizing the client device to access the network resource.

Abstract translation: 公开了用于用户认证的技术。 在某些情况下，这些技术包括从客户端设备接收访问网络资源的认证请求，该请求包括用户标识符，获得与接收到的请求中包含的用户标识符相关联的安全凭证，生成基于授权码的授权码 在获得的安全凭证上，向客户端提供指令以获得对应于所生成的授权码的第一信息，从客户端设备接收响应于所提供的指令而提供的第一信息，以及当从 客户端设备对应于所生成的授权码的至少一部分，授权客户端设备访问网络资源。

公开(公告)号：US09252947B1

公开(公告)日：2016-02-02

申请号：US13946666

申请日：2013-07-19

Applicant: Amazon Technologies, Inc.

Inventor： Jacob Beacham ,  Jesper M. Johansson ,  Cyrus J. Durgin

IPC: G06F21/00 ,  H04L9/08 ,  G06F21/62 ,  H04L29/06 ,  H04L29/12

CPC classification number: H04L9/083 ,  G06F21/604 ,  G06F21/62 ,  G06F2221/2129 ,  G06F2221/2149 ,  H04L9/08 ,  H04L9/0816 ,  H04L61/1511 ,  H04L61/1523 ,  H04L63/06 ,  H04L63/062

Abstract: A secure key distribution server (SKDS) determines the identity of a requesting server without use of a shared secret by resolving the fully qualified domain name (FQDN) to a network address and comparing it with the network address of a key request. A credential string may also be used as part of the identification. Once identity is established, keys may be securely distributed. The SKDS may also be implemented in a peer-to-peer configuration.

Abstract translation: 安全密钥分发服务器（SKDS）通过将完全限定域名（FQDN）解析为网络地址并将其与密钥请求的网络地址进行比较来确定请求服务器的身份，而不使用共享秘密。 凭证字符串也可以用作标识的一部分。 一旦建立了身份，密钥可能被安全分发。 SKDS也可以在对等配置中实现。

公开(公告)号：US20150089616A1

公开(公告)日：2015-03-26

申请号：US14557222

申请日：2014-12-01

Applicant: Amazon Technologies, Inc.

Inventor： Dominique I. Brezinski ,  Benjamin S. Kirzhner ,  Emilia S. Buneci ,  Martin M. O'Reilly ,  Cyrus J. Durgin ,  Lane R. LaRue

IPC: H04L29/06

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/32 ,  G06F21/42 ,  G06F2221/2103 ,  G07C9/00166 ,  H04L63/10

Abstract: Techniques for user authentication are disclosed. In some situations, the techniques include receiving, from a client device, an authentication request to access a network resource, the request including a user identifier, obtaining a security credential associated with the user identifier contained in the received request, generating an authorization code based on the obtained security credential, providing to the client device instructions to obtain first information corresponding to the generated authorization code, receiving, from the client device, the first information provided in response to the provided instructions, and, when the first information received from the client device corresponds to at least a portion of the generated authorization code, authorizing the client device to access the network resource.

Abstract translation: 公开了用于用户认证的技术。 在某些情况下，这些技术包括从客户端设备接收访问网络资源的认证请求，该请求包括用户标识符，获得与接收到的请求中包含的用户标识符相关联的安全凭证，生成基于授权码的授权码 在获得的安全凭证上，向客户端提供指令以获得对应于所生成的授权码的第一信息，从客户端设备接收响应于所提供的指令而提供的第一信息，以及当从 客户端设备对应于所生成的授权码的至少一部分，授权客户端设备访问网络资源。