公开(公告)号：US10757086B2

公开(公告)日：2020-08-25

申请号：US15583715

申请日：2017-05-01

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Chirag Pravin Pandya

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08 ,  G06F21/31

Abstract: A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint.

公开(公告)号：US20180191710A1

公开(公告)日：2018-07-05

申请号：US15906966

申请日：2018-02-27

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Guruprakash Bangalore Rao ,  Shuo Wang ,  Sameer Palande ,  Krithi Rai ,  Chirag Pravin Pandya

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/0853 ,  G06F16/24 ,  G06F21/6218 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/102 ,  H04L63/105

Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.

公开(公告)号：US20170366501A1

公开(公告)日：2017-12-21

申请号：US15693089

申请日：2017-08-31

Applicant: Amazon Technologies, Inc.

Inventor： Chirag Pravin Pandya ,  Connor John Yorks ,  Krithi Rai ,  Lawrence Hun-Gi Aung

IPC: H04L29/12

CPC classification number: H04L61/3025 ,  H04L61/1511

Abstract: A computing resource service receives a request from a customer to assign a domain name to a computing resource. The computing resource service may submit a query to a domain name system service to determine whether the domain name has been reserved for the customer. The domain name system service may provide an encrypted alias record corresponding to the requested domain name and specifying one or more identifiers of customers for whom the domain name has been reserved. The computing resource service may decrypt the alias record and determine whether the customer corresponds to one of the one or more identifiers within the alias record. If the customer does correspond to one of the one or more identifiers within the alias record, the computing resource service may assign the domain name to the computing resource.

公开(公告)号：US10326731B2

公开(公告)日：2019-06-18

申请号：US15693089

申请日：2017-08-31

Applicant: Amazon Technologies, Inc.

Inventor： Chirag Pravin Pandya ,  Connor John Yorks ,  Krithi Rai ,  Lawrence Hun-Gi Aung

IPC: G06F15/177 ,  H04L29/12

Abstract: A computing resource service receives a request from a customer to assign a domain name to a computing resource. The computing resource service may submit a query to a domain name system service to determine whether the domain name has been reserved for the customer. The domain name system service may provide an encrypted alias record corresponding to the requested domain name and specifying one or more identifiers of customers for whom the domain name has been reserved. The computing resource service may decrypt the alias record and determine whether the customer corresponds to one of the one or more identifiers within the alias record. If the customer does correspond to one of the one or more identifiers within the alias record, the computing resource service may assign the domain name to the computing resource.

公开(公告)号：US09756012B1

公开(公告)日：2017-09-05

申请号：US14305848

申请日：2014-06-16

Applicant: Amazon Technologies, Inc.

Inventor： Chirag Pravin Pandya ,  Connor John Yorks ,  Krithi Rai ,  Lawrence Hun-Gi Aung

IPC: G06F15/177 ,  H04L29/12

CPC classification number: H04L61/3025 ,  H04L61/1511

Abstract: A computing resource service receives a request from a customer to assign a domain name to a computing resource. The computing resource service may submit a query to a domain name system service to determine whether the domain name has been reserved for the customer. The domain name system service may provide an encrypted alias record corresponding to the requested domain name and specifying one or more identifiers of customers for whom the domain name has been reserved. The computing resource service may decrypt the alias record and determine whether the customer corresponds to one of the one or more identifiers within the alias record. If the customer does correspond to one of the one or more identifiers within the alias record, the computing resource service may assign the domain name to the computing resource.

公开(公告)号：US09641522B1

公开(公告)日：2017-05-02

申请号：US14538003

申请日：2014-11-11

Applicant: Amazon Technologies, Inc.

Inventor： Lawrence Hun-Gi Aung ,  Gaurang Pankaj Mehta ,  Krithi Rai ,  Chirag Pravin Pandya ,  Shuo Wang

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  H04L63/0428 ,  H04L63/0807 ,  H04L63/10 ,  H04L63/102

Abstract: A centralized policy management may allow for one set of credentials to various applications and services offered by a computing resource service provider or other third-party servers. Systems, methods, and computer readable medium can be configured to receive a request to access a first computing system service provided by the computing resource service provider, generate an encrypted data bundle including at least a user identifier and a data type, and transmit the encrypted data bundle to a recipient, wherein the encrypted data bundle is configured to be returned to the one or more computing devices to facilitate access to the first computing system service provided by the computing resource service provider.

公开(公告)号：US11695744B2

公开(公告)日：2023-07-04

申请号：US16987877

申请日：2020-08-07

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Chirag Pravin Pandya

IPC: H04L9/40 ,  H04L67/10 ,  H04L67/1021 ,  G06F21/31 ,  H04L61/45 ,  H04L61/4523 ,  H04L61/4552 ,  H04L67/51 ,  H04L67/52 ,  H04L67/1001 ,  H04L61/4511

CPC classification number: H04L63/08 ,  G06F21/31 ,  H04L61/45 ,  H04L61/4523 ,  H04L61/4552 ,  H04L63/083 ,  H04L63/0815 ,  H04L63/107 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/1021 ,  H04L67/51 ,  H04L67/52 ,  H04L61/4511

Abstract: A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint.

公开(公告)号：US10547599B1

公开(公告)日：2020-01-28

申请号：US14626843

申请日：2015-02-19

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Sameer Palande ,  Lawrence Hun-Gi Aung ,  Raghavendra Reddy Madakkagari ,  Shuo Wang ,  Salman Aftab Paracha ,  Chirag Pravin Pandya

IPC: H04L29/06

Abstract: A user transmits a request to an authentication service to access a managed directory. The request may include a first set of credentials usable by a managed directory service to authenticate the user. As a result of the first set of credentials being valid, the authentication service may prompt the user to provide a multi-factor authentication code, which may be used by an authentication server to further authenticate the user and enable the user to access the managed directory. The authentication service subsequently provides the multi-factor authentication code to the authentication server for validation. If the multi-factor authentication code is valid, the authentication service may enable the user to access the managed directory through an encrypted communications session.

公开(公告)号：US20170250980A1

公开(公告)日：2017-08-31

申请号：US15456158

申请日：2017-03-10

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Guruprakash Bangalore Rao ,  Shuo Wang ,  Sameer Palande ,  Krithi Rai ,  Chirag Pravin Pandya

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/0853 ,  G06F17/30386 ,  G06F21/6218 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/102 ,  H04L63/105

Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.

公开(公告)号：US09596233B1

公开(公告)日：2017-03-14

申请号：US15060236

申请日：2016-03-03

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung ,  Guruprakash Bangalore Rao ,  Shuo Wang ,  Sameer Palande ,  Krithi Rai ,  Chirag Pravin Pandya

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  G06F17/30386 ,  G06F21/6218 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/102 ,  H04L63/105

Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.

Abstract translation: 用户，组和设备管理和认证系统允许管理员通过一组API来管理与一个或多个目录的域不相关联的设备的一个或多个目录。 该系统还允许不能直接访问目录用户列表的应用程序和服务来访问一个或多个目录。 用户，组和设备管理和认证系统可以是与中央管理的目录服务一起工作以提供这样的功能的附加系统。 例如，系统可以生成与特定目录相关联的访问令牌，该目录可由管理员访问的服务使用以调用由系统提供的API。 API调用可能会转换为特定于目录的API调用，该调用可用于在特定目录中执行操作。