-
公开(公告)号:US09607162B2
公开(公告)日:2017-03-28
申请号:US14714982
申请日:2015-05-18
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Eric D. Crahen , Graeme D. Baer , Eric J. Brandwine , Nathan R. Fitch
CPC classification number: G06F21/602 , G06F9/44505 , G06F9/45558 , G06F21/606 , G06F2009/45587 , G06Q30/06 , H04L63/0209 , H04L63/0428 , H04L63/0471 , H04L63/08 , H04L63/166
Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.
-
公开(公告)号:US10931442B1
公开(公告)日:2021-02-23
申请号:US16152885
申请日:2018-10-05
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Graeme D. Baer , Nathan R. Fitch , Eric D. Crahen , Eric J. Brandwine
Abstract: Client requests may be directed through a secret holding proxy system such that the secret holding proxy system may insert a secret into a client request before arriving at the destination. The insertion of a secret may include inserting a digital signature, token or other information that includes a secret or information based upon a secret, which may include secret exchange or authentication protocols. The secret holding proxy system may also remove secrets and/or transform incoming messages such that the client may transparently receive the underlying content of the message.
-
公开(公告)号:US20150347763A1
公开(公告)日:2015-12-03
申请号:US14714982
申请日:2015-05-18
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Eric D. Crahen , Graeme D. Baer , Eric J. Brandwine , Nathan R. Fitch
CPC classification number: G06F21/602 , G06F9/44505 , G06F9/45558 , G06F21/606 , G06F2009/45587 , G06Q30/06 , H04L63/0209 , H04L63/0428 , H04L63/0471 , H04L63/08 , H04L63/166
Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.
Abstract translation: 支持系统使用与guest虚拟机系统相关联的一组凭据代表多个客户系统协商安全连接。 安全连接的操作对客户系统可能是透明的,使得客系统可以发送和接收由诸如管理程序之类的支持系统加密或解密的消息。 由于支持系统在客户系统和目的地之间,支持系统可以充当安全连接的本地端点。 消息可以由支持系统改变以向客系统指示哪些通信被保护。 证书可以由支持系统管理,使得客户机系统不需要访问凭证。
-
公开(公告)号:US11356457B2
公开(公告)日:2022-06-07
申请号:US16892197
申请日:2020-06-03
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine , Nathan R. Fitch , Cristian M. Ilac , Eric D. Crahen
Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
-
公开(公告)号:US10721238B2
公开(公告)日:2020-07-21
申请号:US15924038
申请日:2018-03-16
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine , Nathan R. Fitch , Cristian M. Ilac , Eric D. Crahen
Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
-
Patent Agency Ranking
公开(公告)号:US11366870B1
公开(公告)日:2022-06-21
申请号:US16551557
申请日:2019-08-26
Applicant: Amazon Technologies, Inc.
Inventor: David C. Yanacek , David Killian , Krishnan Narayanan , Matthew Wren , Samuel J. Young , Eric D. Crahen
IPC: G06F16/957
Abstract: The load level on a server system is regulated by determining time-to-live (TTL) values to provide to requesting devices that request a content resource from the server system, thereby affecting the frequency of subsequent requests. This dynamic determination of TTL values may provide resilience to system load, for example by using longer TTL values when the system is under greater load to reduce the rate at which subsequent requests are received. A dynamic TTL service may calculate a TTL value based on one or more factors, such as overall system load, resource load, hardware load, and/or software load.
-
公开(公告)号:US20200296108A1
公开(公告)日:2020-09-17
申请号:US16892197
申请日:2020-06-03
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine , Nathan R. Fitch , Cristian M. Ilac , Eric D. Crahen
Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
-
公开(公告)号:US20180205738A1
公开(公告)日:2018-07-19
申请号:US15924038
申请日:2018-03-16
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine , Nathan R. Fitch , Cristian M. Ilac , Eric D. Crahen
CPC classification number: H04L63/102 , G06F21/335 , G06F2221/2137 , H04L9/083 , H04L9/0861 , H04L9/088 , H04L9/32 , H04L9/3242 , H04L9/3247 , H04L63/06 , H04L63/08 , H04L2209/38
Abstract: A delegation request is submitted to a session-based authentication service, fulfilment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
-
公开(公告)号:US09954866B2
公开(公告)日:2018-04-24
申请号:US14866673
申请日:2015-09-25
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine , Nathan R. Fitch , Cristian M. Ilac , Eric D. Crahen
CPC classification number: H04L63/102 , G06F21/335 , G06F2221/2137 , H04L9/083 , H04L9/0861 , H04L9/088 , H04L9/32 , H04L9/3242 , H04L9/3247 , H04L63/06 , H04L63/08 , H04L2209/38
Abstract: A delegation request is submitted to a session-based authentication service, fulfilment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
-
公开(公告)号:US20160021118A1
公开(公告)日:2016-01-21
申请号:US14866673
申请日:2015-09-25
Applicant: Amazon Technologies, Inc.
Inventor: Gregory Branchek Roth , Eric Jason Brandwine , Nathan R. Fitch , Cristian M. Ilac , Eric D. Crahen
IPC: H04L29/06
CPC classification number: H04L63/102 , G06F21/335 , G06F2221/2137 , H04L9/083 , H04L9/0861 , H04L9/088 , H04L9/32 , H04L9/3242 , H04L9/3247 , H04L63/06 , H04L63/08 , H04L2209/38
Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
Abstract translation: 委托请求被提交给基于会话的认证服务,其实现涉及授予实体对计算资源的访问权限。 从基于会话的认证服务接收会话密钥。 所述会话密钥至少部分地基于与所述基于会话的认证服务共享的限制和秘密凭证而生成,并且至少部分地可用于证明对所述计算资源拥有所述访问特权。 会话密钥提供给实体,而不提供共享的秘密凭证。
-
-
-
-
-
-
-
-
-
Search Results
10
records
(took 0.013 seconds)
