公开(公告)号：US12088738B2

公开(公告)日：2024-09-10

申请号：US17541998

申请日：2021-12-03

Applicant: Amazon Technologies, Inc.

Inventor： Josh Rosenthol ,  Param Sharma ,  Kyle Benjamin Schultheiss ,  Marcel Andrew Levy ,  Todd Cignetti

IPC: G06F21/00 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L9/3268 ,  H04L9/0825 ,  H04L9/3213 ,  H04L63/102 ,  H04L63/20

Abstract: Techniques are described for enabling users of a certificate management service to create certificate issuance policies that can be applied to certificate issuance requests across both public and private certificate authorities (CAs) and other certificate-related services. According to embodiments described herein, a certificate issuance policy includes one or more certificate issuance rules to be applied to requests associated with one or more specified user accounts or roles for certificate-related resources (e.g., public certificates, private certificates, etc.). The application of a certificate issuance rule can be conditioned on a particular request context (e.g., based on a user account or role associated with a request, a type of certificate requested, a subject name identified in the request, etc.) and can specify a wide range of actions to be performed on requests matching a rule (e.g., allowing or denying a request, modifying one or more parameters of the request, etc.).

公开(公告)号：US12067036B1

公开(公告)日：2024-08-20

申请号：US18227281

申请日：2023-07-27

Applicant: Amazon Technologies, Inc.

Inventor： Manikandan Subramanian ,  Marcel Andrew Levy

IPC: G06F16/33 ,  G06F3/06 ,  G06F16/2453 ,  G06F16/27 ,  H04L9/40

CPC classification number: G06F16/33 ,  G06F3/061 ,  G06F16/2453 ,  G06F16/27 ,  H04L63/105 ,  H04L63/108

Abstract: Techniques for managing certificate metrics are described. A method of managing certificate metrics can include adding certificate data associated with one or more certificates to a plurality of slots of a metric certificate data store, reading, by a metric publisher, the certificate data associated with a first slot of the metric certificate data store in response to an event, determining a metric associated with each certificate associated with a subset of the certificate data associated with the first slot of the metric certificate data store, and providing the metric associated with each certificate to a resource monitoring service.

公开(公告)号：US11782960B1

公开(公告)日：2023-10-10

申请号：US17110684

申请日：2020-12-03

Applicant: Amazon Technologies, Inc.

Inventor： Manikandan Subramanian ,  Marcel Andrew Levy

IPC: G06F16/33 ,  G06F16/2453 ,  G06F16/27 ,  H04L9/40 ,  G06F3/06

CPC classification number: G06F16/33 ,  G06F3/061 ,  G06F16/2453 ,  G06F16/27 ,  H04L63/105 ,  H04L63/108

Abstract: Techniques for managing certificate metrics are described. A method of managing certificate metrics can include adding certificate data associated with one or more certificates to a plurality of slots of a metric certificate data store, reading, by a metric publisher, the certificate data associated with a first slot of the metric certificate data store in response to an event, determining a metric associated with each certificate associated with a subset of the certificate data associated with the first slot of the metric certificate data store, and providing the metric associated with each certificate to a resource monitoring service.

公开(公告)号：US11997222B1

公开(公告)日：2024-05-28

申请号：US17732362

申请日：2022-04-28

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen ,  Todd Lawrence Cignetti ,  Preston Anthony Elder, III ,  Brandonn Gorman ,  Ronald Andrew Hoskinson ,  Jonathan Kozolchyk ,  Kenneth Lawler ,  Marcel Andrew Levy ,  Kyle Benjamin Schultheiss ,  Sandeep Shantharaj ,  Param Sharma ,  Jose Maria Silveira Neto

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3268 ,  H04L9/0897 ,  H04L9/3247 ,  H04L9/3297

Abstract: A computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by private certificate authorities. A private certificate authority hosted by the computing resource service provider is able to issue signed certificates to network entities within the customer enterprise. The certificate management service provides a network-accessible application programming interface to the private certificate authority that allows applications to create and deploy private certificates programmatically. The system provides the flexibility to create private certificates for applications that require custom certificate lifetimes or resource names.

公开(公告)号：US11784831B1

公开(公告)日：2023-10-10

申请号：US17304537

申请日：2021-06-22

Applicant: Amazon Technologies, Inc.

Inventor： Marcel Andrew Levy

IPC: H04L9/32

CPC classification number: H04L9/3268

Abstract: The present disclosure generally relates to systems and methods for the gradual application of a new digital certificate to a service endpoint or server, with repeated rollbacks to an old digital certificate, whereby the new certificate is applied to a service endpoint and automatically rolled back to the previous certificate after an amount of time. After a period that corresponds to a set amount of time minus the time the new certificate was applied to the endpoint, the process starts again, except with an increased period of time for the new certificate.

公开(公告)号：US11563590B1

公开(公告)日：2023-01-24

申请号：US16018009

申请日：2018-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen ,  Todd Lawrence Cignetti ,  Preston Anthony Elder, III ,  Brandonn Gorman ,  Ronald Andrew Hoskinson ,  Jonathan Kozolchyk ,  Kenneth Lawler ,  Marcel Andrew Levy ,  Kyle Benjamin Schultheiss ,  Sandeep Shantharaj ,  Param Sharma ,  Jose Maria Silveira Neto

IPC: H04L9/32

Abstract: A computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by public and/or private certificate authorities. In an embodiment, when a new certificate is generated, a certificate template is used to apply various settings and policies for the new certificate. In various examples, templates may be used to establish default values, enforce required and optional values, place restrictions on one or more data fields, and enforce signature requirements. In some embodiments, the template establishes rules for rejecting certificate requests that don't conform to the template.

公开(公告)号：US11323274B1

公开(公告)日：2022-05-03

申请号：US16018004

申请日：2018-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen ,  Todd Lawrence Cignetti ,  Preston Anthony Elder, III ,  Brandonn Gorman ,  Ronald Andrew Hoskinson ,  Jonathan Kozolchyk ,  Kenneth Lawler ,  Marcel Andrew Levy ,  Kyle Benjamin Schultheiss ,  Sandeep Shantharaj ,  Param Sharma ,  Jose Maria Silveira Neto

IPC: H04L9/32 ,  H04L9/08

Abstract: In an embodiment, a computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by private certificate authorities. In an embodiment, a private certificate authority hosted by the computing resource service provider is able to issue signed certificates to network entities within the customer enterprise. In an embodiment, the certificate management service provides a network-accessible application programming interface to the private certificate authority that allows applications to create and deploy private certificates programmatically. In an embodiment, the system provides the flexibility to create private certificates for applications that require custom certificate lifetimes or resource names.

公开(公告)号：US11307912B1

公开(公告)日：2022-04-19

申请号：US17036362

申请日：2020-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Frank Gregory Williston ,  Marcel Andrew Levy ,  Andrew Ketcham ,  Blake P. Hess

IPC: G06F9/54 ,  G06F8/65 ,  G06F9/50

Abstract: A set of consumers of a producer-consumer system includes a main consumer subset and a backstop consumer subset. A plurality of updates to message processing information are deployed to the set of consumers. Each update of the plurality of updates is first deployed to the backstop consumer sub-set and is subsequently deployed to the main consumer subset. The main consumer subset may obtain messages from producers and attempt to process the messages. By contrast, the backstop consumer subset may obtain messages only after a failed processing attempt by the main consumers. Upon obtaining a message, a main consumer may process the message successfully or may fail processing and provide the message for processing by a backstop consumer, which may be more up to date than the main consumer.

公开(公告)号：US10516542B2

公开(公告)日：2019-12-24

申请号：US15453562

申请日：2017-03-08

Applicant: Amazon Technologies, Inc.

Inventor： Marcel Andrew Levy ,  Peter Zachary Bowen ,  Jonathan Kozolchyk ,  Nicholas Wexler

IPC: H04L9/32 ,  H04L9/14 ,  H04L29/06 ,  H04L9/00 ,  H04W12/08

Abstract: A certificate authority receives a request to issue a digital certificate from a customer. In response to the request, the certificate authority determines a network endpoint to be specific to the digital certificate that is to serve information usable to determine whether the digital certificate is valid. The certificate authority issues, to the customer, a digital certificate that specifies a network address for the network endpoint and records information about requests made to the network endpoint to obtain the information usable to determine whether the digital certificate is valid.

公开(公告)号：US10149156B1

公开(公告)日：2018-12-04

申请号：US14975301

申请日：2015-12-18

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Nandit Tiku ,  Derek William Bolt ,  Marcel Andrew Levy

IPC: H04W12/06 ,  H04W4/14 ,  H04M3/42 ,  H04L9/30

Abstract: A trusted caller ID authority receives registration data from a first communication device. The first communication device is authenticated by the trusted caller ID authority using the registration data and an authentication object is provided to the first communication device. A second communication device receives a call and the authentication object from the first communication device. The second communication device sends a validation request to the trusted caller ID authority that includes the authentication object. Validation information associated with the first communication device is provided to the second communication device. The validation information includes registration and authentication status of the first communication device.