公开(公告)号：US20180191710A1

公开(公告)日：2018-07-05

申请号：US15906966

申请日：2018-02-27

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Guruprakash Bangalore Rao ,  Shuo Wang ,  Sameer Palande ,  Krithi Rai ,  Chirag Pravin Pandya

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/0853 ,  G06F16/24 ,  G06F21/6218 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/102 ,  H04L63/105

Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.

公开(公告)号：US09705881B2

公开(公告)日：2017-07-11

申请号：US14098298

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Guruprakash Bangalore Rao ,  Thomas Christopher Rizzo ,  Gaurang Pankaj Mehta

IPC: H04L29/06

Abstract: A customer of a computing resource service provider may utilize a set of credentials to request creation of an identity pool within a managed directory service. Accordingly, the managed directory service may create the identity pool. Instead of having the customer create a separate account within this identity pool, the managed directory service may create a shadow administrator account within the identity pool, which may be used to manage other users and resources in the identity pool within the managed directory service. The managed directory service further exposes an application programming interface command that may be used to obtain a set of credentials for accessing the shadow administrator account. The customer may use this command to receive the set of credentials and access the shadow administrator account. Accordingly, the customer can manage users and resources in the identity pool within the managed directory service.

公开(公告)号：US09407615B2

公开(公告)日：2016-08-02

申请号：US14098341

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Gaurang Pankaj Mehta ,  Venakta N. S. S. Harsha Koonaparaju ,  Thomas Christopher Rizzo ,  Guruprakash Bangalore Rao

IPC: H04L29/06 ,  G06F21/00 ,  G06F15/16 ,  G06F7/04 ,  H04L9/32

CPC classification number: H04L63/08 ,  G06F9/45558 ,  G06F21/41 ,  G06F21/6218 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/10 ,  H04L63/102 ,  H04L63/104 ,  H04L63/105 ,  H04L63/20 ,  H04L67/02 ,  H04L67/10 ,  H04L67/306

Abstract: A user may utilize a set of credentials to access, through a managed directory service, one or more services provided by a computing resource service provider. The managed directory service may be configured to identify one or more policies applicable to the user. These policies may define the level of access to the one or more services provided by the computing resource service provider. Based at least in part on these policies, the managed directory service may transmit a request to an identity management system to obtain a set of temporary credentials that may be used to enable the user to access the one or more services. Accordingly, the managed directory service may be configured to enable the user, based at least in part on the policies and the set of temporary credentials, to access an interface, which can be used to access the one or more services.

Abstract translation: 用户可以利用一组凭证来通过托管目录服务访问由计算资源服务提供商提供的一个或多个服务。 托管目录服务可以被配置为识别适用于用户的一个或多个策略。 这些策略可以定义对由计算资源服务提供商提供的一个或多个服务的访问级别。 至少部分地基于这些策略，托管目录服务可以向身份管理系统发送请求以获得可以用于使得用户访问一个或多个服务的一组临时凭证。 因此，托管目录服务可以被配置为至少部分地基于策略和一组临时凭证来使用户能够访问可以用于访问一个或多个服务的接口。

公开(公告)号：US20160094584A1

公开(公告)日：2016-03-31

申请号：US14499714

申请日：2014-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Shon Kiran Shah ,  Krithi Rai ,  Guruprakash Bangalore Rao

IPC: H04L29/06 ,  G06F21/44

CPC classification number: H04L63/205 ,  G06F21/44 ,  G06F21/604 ,  G06F21/62 ,  G06F21/6209 ,  G06F21/6218 ,  H04L61/1505 ,  H04L63/10 ,  H04L63/20

Abstract: Features are disclosed for facilitating management of network directories of multiple organizations by a centralized directory management system. Various applications can access the directories of the organizations via the directory management system according to the permissions that the applications have been granted by the respective organizations. Organizations may maintain directories on-premises or off-premises, and the applications can access the directories via the directory management system regardless of the physical location of the directories. Additionally, the applications may be hosted by a computing service provider that also hosts or otherwise manages the directory management service, or the applications can be hosted by third-party servers separate from the directory management system and the organizations.

Abstract translation: 公开了用于通过集中式目录管理系统来管理多个组织的网络目录的特征。 各种应用程序可以通过目录管理系统根据各个组织授予的应用程序的权限来访问组织的目录。 组织可以在内部或外部维护目录，并且应用程序可以通过目录管理系统访问目录，而不管目录的物理位置如何。 此外，应用程序可以由还承载或以其他方式管理目录管理服务的计算服务提供商托管，或者可以由与目录管理系统和组织分离的第三方服务器托管应用程序。

公开(公告)号：US20150160956A1

公开(公告)日：2015-06-11

申请号：US14098323

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Gaurang Pankaj Mehta ,  Thomas Christopher Rizzo ,  Guruprakash Bangalore Rao

IPC: G06F9/455

CPC classification number: G06F9/45533 ,  G06F2221/2113 ,  H04L41/5096 ,  H04L63/08 ,  H04L63/10

Abstract: A customer utilizes an interface provided by a virtual computer system service to provision a virtual machine instance and join this instance to a directory. The interface may have previously obtained the domain name and the Internet Protocol addresses for one or more directories available to the customer for joining the virtual machine instance. The virtual computer system service may communicate with a managed directory service to obtain a set of temporary credentials that may be used to transmit a request to the directory to allow joining of the virtual machine instance. Upon provisioning of the instance, an agent operating within the instance may be configured to obtain the domain name and Internet Protocol addresses for the directory to establish a connection with the directory. The agent may also be configured to obtain the set of temporary credentials to transmit a request to the directory for joining of the instance.

Abstract translation: 客户利用由虚拟计算机系统服务提供的接口来配置虚拟机实例并将此实例加入目录。 接口可能之前已经获得了用于加入虚拟机实例的客户可用的一个或多个目录的域名和互联网协议地址。 虚拟计算机系统服务可以与被管理的目录服务进行通信，以获得一组临时凭证，这些临时凭证可用于将请求发送到目录以允许加入虚拟机实例。 在提供实例之后，在实例中操作的代理可以被配置为获得用于建立与目录的连接的目录的域名和Internet协议地址。 代理还可以被配置为获得一组临时凭证以将请求发送到用于加入该实例的目录。

公开(公告)号：US10757086B2

公开(公告)日：2020-08-25

申请号：US15583715

申请日：2017-05-01

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Chirag Pravin Pandya

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08 ,  G06F21/31

Abstract: A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint.

公开(公告)号：US20200028752A1

公开(公告)日：2020-01-23

申请号：US16512170

申请日：2019-07-15

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Shon Kiran Shah ,  Sameer Palande

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/911 ,  G06Q10/00

Abstract: Features are disclosed for facilitating remote management of network directories of organizations by a directory management system. The network directories may change over time, experiencing growth in size and number of current connections, increased latency, reduced performance, and the like. The network directories may also shrink over time, experience fewer connections, etc. Organizations can define scaling policies by which the directory management system can automatically respond to the occurrence of various events, such as changes in the size or usage of the organizations' network directories, by scaling resources associated with the directories. The directory management system can perform various scaling actions on-demand or without requiring additional action by the organizations, thereby reducing the time and effort required by the organizations to monitor their own directories and implement (or request implementation of) changes.

公开(公告)号：US10447610B1

公开(公告)日：2019-10-15

申请号：US14098446

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Guruprakash Bangalore Rao ,  Thomas Christopher Rizzo ,  Connor John Yorks ,  Kevin Gillett ,  Gaurang Pankaj Mehta

IPC: H04L29/12 ,  H04L12/911 ,  G06F16/955 ,  G06F17/22 ,  H04L29/08 ,  H04L12/24

Abstract: Techniques for connecting computer system entities to remotely located computer system resources by redirecting locators are described herein. A computer system entity that requests access to a computer system resource may first obtain an identifier for that resource and, based on the identifier, may determine the region for that resource. A routing service then resolves the locator to locate a content management system that stores executable scripts that provide access to the computer system resources by redirecting the locator. The location of the executable scripts is based at least in part on the processing of the locator by the content management system.

公开(公告)号：US09998499B2

公开(公告)日：2018-06-12

申请号：US14499714

申请日：2014-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Shon Kiran Shah ,  Krithi Rai ,  Guruprakash Bangalore Rao

IPC: G06F7/04 ,  G06F17/30 ,  H04N7/16 ,  H04L29/06 ,  G06F21/44 ,  G06F21/60 ,  G06F21/62 ,  H04L29/12

CPC classification number: H04L63/205 ,  G06F21/44 ,  G06F21/604 ,  G06F21/62 ,  G06F21/6209 ,  G06F21/6218 ,  H04L61/1505 ,  H04L63/10 ,  H04L63/20

Abstract: Features are disclosed for facilitating management of network directories of multiple organizations by a centralized directory management system. Various applications can access the directories of the organizations via the directory management system according to the permissions that the applications have been granted by the respective organizations. Organizations may maintain directories on-premises or off-premises, and the applications can access the directories via the directory management system regardless of the physical location of the directories. Additionally, the applications may be hosted by a computing service provider that also hosts or otherwise manages the directory management service, or the applications can be hosted by third-party servers separate from the directory management system and the organizations.

公开(公告)号：US09853978B2

公开(公告)日：2017-12-26

申请号：US15424691

申请日：2017-02-03

Applicant: Amazon Technologies, Inc.

Inventor： Erik Jonathon Tellvik ,  Gaurang Pankaj Mehta ,  Ajit Nagendra Padukone ,  Chirag Pravin Pandya ,  Colin Harrison Brace ,  Deepak Suryanarayanan ,  Guruprakash Bangalore Rao ,  Krithi Rai ,  Malcolm Russell Ah Kun ,  Sameer Palande ,  Shon Kiran Shah ,  Vivek Lakshmanan

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06

CPC classification number: H04L63/0807 ,  H04L63/083

Abstract: A virtual computing environment service may receive a request from a customer to provision a virtual computing environment and join the virtual computing environment to a managed directory. The virtual computing environment service may provision the virtual computing environment and uses a set of administrator credentials from the customer and a set of credentials corresponding to the environment to access the managed directory and request joining of the environment to the managed directory. In response, the managed directory may create a computer account corresponding to the environment and which enables the environment to be used to access the managed directory. The virtual computing environment service may then enable the customer to specify one or more users that may utilize the virtual computing environment to access the managed directory.