公开(公告)号：US20190268342A1

公开(公告)日：2019-08-29

申请号：US16406783

申请日：2019-05-08

Applicant: Amazon Technologies, Inc.

Inventor： Hart Matthew Rossman ,  Erik Lee Swensson

IPC: H04L29/06

Abstract: A quorum-based access mechanism can require multiple entities to provide credentials over a determined period of time in order to obtain access to one or more resources in an electronic environment. This can include receiving a request that is signed by multiple signatories, or receiving multiple requests within a determined period that are each signed by a respective and authorized signatory. In some embodiments the receiving of a primary request causes notifications to be sent to other potential signatories, and a specified or minimum number must respond timely with a signed request to have the access granted. The quorum-based access mechanism can function as an additional authorization layer sitting in front of more conventional authorization and authentication mechanisms. In some embodiments a quorum token can be passed with the request, whereby resources in the environment can make access determinations based on the information in the token.

公开(公告)号：US11785051B1

公开(公告)日：2023-10-10

申请号：US16368595

申请日：2019-03-28

Applicant: Amazon Technologies, Inc.

Inventor： Hart Matthew Rossman ,  Neal J. Rothleder

IPC: H04L9/40 ,  G06F16/9535 ,  G06F7/14 ,  G06F16/901 ,  G06F16/9538

CPC classification number: H04L63/20 ,  G06F7/14 ,  G06F16/9024 ,  G06F16/9535 ,  G06F16/9538 ,  H04L63/1433

Abstract: A processing device receives security data from a plurality of web services associated with an organization and stores the security data separately in an unstructured data storage. The processing device generates one or more purpose built databases from the security data in the unstructured data storage, the one or more purpose built databases merging the security data from the plurality of web services. The processing device further receives, from a requestor, an analysis request pertaining to the plurality of web services, executes an analysis using the one or more purpose built databases to generate a response to the analysis request, and provides the response to the analysis request to the requestor.

公开(公告)号：US11838296B1

公开(公告)日：2023-12-05

申请号：US17219163

申请日：2021-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Hart Matthew Rossman ,  Eric Vanwieren ,  Eric Jason Brandwine ,  Cameron John Maxwell ,  Tyler Thomas Maklebust ,  Nathaniel Schaaf

IPC: H04L9/40 ,  G06F8/33 ,  G06F8/71

CPC classification number: H04L63/126 ,  G06F8/33 ,  G06F8/71 ,  H04L63/20

Abstract: Techniques are described for providing software developers with secure software project development environments via cloud-based or locally installed integrated development environments (IDEs). A cloud provider network provides a project development environment policy service that enables users to configure project development environment policies associated with various software projects and to deploy configured policies to users' project development environments as appropriate. A project development environment policy can include rules related to monitoring and controlling version control system actions, monitoring the content of project source code pushed to version control repositories, among other software project governance-related configurations.

公开(公告)号：US11328073B1

公开(公告)日：2022-05-10

申请号：US16407517

申请日：2019-05-09

Applicant: Amazon Technologies, Inc.

Inventor： Hart Matthew Rossman

IPC: G06F21/62 ,  G06F16/23

Abstract: Users are authorized to access tagged metadata in a provider network. A revision control and binding mechanism may be applied to tagged metadata that is added or modified by the user. A recommendation pertaining to security and compliance for the computing resource may be determined based on an analysis of the computing resource, scoring criteria, and data pertaining to customer and system data.

公开(公告)号：US10291622B1

公开(公告)日：2019-05-14

申请号：US15070915

申请日：2016-03-15

Applicant: Amazon Technologies, Inc.

Inventor： Hart Matthew Rossman ,  Erik Lee Swensson

IPC: H04L29/06

Abstract: A quorum-based access mechanism can require multiple entities to provide credentials over a determined period of time in order to obtain access to one or more resources in an electronic environment. This can include receiving a request that is signed by multiple signatories, or receiving multiple requests within a determined period that are each signed by a respective and authorized signatory. In some embodiments the receiving of a primary request causes notifications to be sent to other potential signatories, and a specified or minimum number must respond timely with a signed request to have the access granted. The quorum-based access mechanism can function as an additional authorization layer sitting in front of more conventional authorization and authentication mechanisms. In some embodiments a quorum token can be passed with the request, whereby resources in the environment can make access determinations based on the information in the token.

公开(公告)号：US11019068B2

公开(公告)日：2021-05-25

申请号：US16406783

申请日：2019-05-08

Applicant: Amazon Technologies, Inc.

Inventor： Hart Matthew Rossman ,  Erik Lee Swensson

IPC: H04L29/06 ,  G06F21/40 ,  H04L29/08

Abstract: A quorum-based access mechanism can require multiple entities to provide credentials over a determined period of time in order to obtain access to one or more resources in an electronic environment. This can include receiving a request that is signed by multiple signatories, or receiving multiple requests within a determined period that are each signed by a respective and authorized signatory. In some embodiments the receiving of a primary request causes notifications to be sent to other potential signatories, and a specified or minimum number must respond timely with a signed request to have the access granted. The quorum-based access mechanism can function as an additional authorization layer sitting in front of more conventional authorization and authentication mechanisms. In some embodiments a quorum token can be passed with the request, whereby resources in the environment can make access determinations based on the information in the token.

公开(公告)号：US10050999B1

公开(公告)日：2018-08-14

申请号：US14862052

申请日：2015-09-22

Applicant: Amazon Technologies, Inc.

Inventor： Hart Matthew Rossman

IPC: H04L29/06 ,  H04L12/923

Abstract: Technology is described for auto scaling computing resources in response to a cyber-attack in a service provider environment. The computing resources in the service provider environment may be detected as being exposed to the cyber-attack. A security scaling action may be performed in the service provider environment that mitigates the cyber-attack. The security scaling action to be performed may be determined by a security threat mitigation service that operates in the service provider environment. A performance of the security scaling action in the service provider environment may be initiated.

公开(公告)号：US09967285B1

公开(公告)日：2018-05-08

申请号：US14864777

申请日：2015-09-24

Applicant: Amazon Technologies, Inc.

Inventor： Hart Matthew Rossman ,  Jessica Paige Beegle ,  Christopher John Whalley ,  Aaron John Wilson

IPC: G06F21/00 ,  H04L29/06 ,  G06F17/30

CPC classification number: H04L63/20 ,  G06F17/30312 ,  G06F17/30914 ,  H04L63/1433

Abstract: Technology is described for supplying regulatory compliance evidence for a virtual computing service provider. A request is received for providing regulatory compliance evidence for a service provided by a virtual computing service provider. A statistical analysis of subject matter relating to the request using machine learning is provided. The subject matter associated with the request is categorized. The categorized subject matter is mapped to a control list, maintained for compliance regulations, that is mapped to the regulatory compliance evidence. A confidence level for the regulatory compliance evidence is developed according to historical data relating to previously provided regulatory compliance evidence. A response, having both the regulatory compliance evidence associated with the request and the regulatory confidence level, is provided with a set of digital signatures. An authenticated user feedback response is provided indicating an accuracy level that the response matches the request for developing the confidence level.

公开(公告)号：US09386033B1

公开(公告)日：2016-07-05

申请号：US14482753

申请日：2014-09-10

Applicant: Amazon Technologies, Inc.

Inventor： Hart Matthew Rossman

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L63/10 ,  G06F8/71 ,  G06F9/45558 ,  G06F2009/45562 ,  G06F2009/45587 ,  H04L41/0893 ,  H04L63/1433 ,  H04L63/20 ,  H04L67/2804 ,  H04L67/306 ,  H04L67/327

Abstract: Users are authorized to access tagged metadata in a provider network. A revision control and binding mechanism may be applied to tagged metadata that is added or modified by the user. A recommendation pertaining to security and compliance for the computing resource may be determined based on an analysis of the computing resource, scoring criteria, and data pertaining to customer and system data.

Abstract translation: 用户有权访问提供商网络中标记的元数据。 版本控制和绑定机制可以应用于用户添加或修改的标记元数据。 可以基于对计算资源的分析，评分标准和与客户和系统数据有关的数据来确定关于计算资源的安全性和合规性的建议。

公开(公告)号：US10484331B1

公开(公告)日：2019-11-19

申请号：US15195758

申请日：2016-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Hart Matthew Rossman

IPC: H04L29/06

Abstract: A technology is provided for security appliance provisioning. In one example, a method includes providing a variety of types of physical security appliances in a service provider environment. A selection may be received identifying a selected security appliance from among the variety of types of physical security appliances for use in a customer virtual infrastructure within the service provider environment. The selected security appliance may be provisioned for use at an edge location of the customer virtual infrastructure. The selected security appliance may be configured to enforce a security policy defined for the customer virtual infrastructure.