公开(公告)号：US11831638B1

公开(公告)日：2023-11-28

申请号：US17234372

申请日：2021-04-19

Applicant: Amazon Technologies, Inc.

Inventor： Evgeniy Retyunskiy ,  Colm MacCárthaigh ,  Maciej Broda ,  Matthew Schwartz

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/06 ,  H04L9/32

CPC classification number: H04L63/083 ,  H04L9/0643 ,  H04L9/3218

Abstract: Methods, systems, and computer-readable media for single-packet authorization using proof of work are disclosed. An access control service receives, from a client, a single-packet authorization (SPA) request. The (SPA) request comprises output of a proof-of-work task, wherein completion of the proof-of-work task requires computational resources or memory resources of the client. The access control service performs verification of the output of the proof-of-work task using fewer computational or memory resources of the access control service than were used by the client. In response to determining that verification of the output of the proof-of-work task succeeds, the access control service performs authentication of the SPA request. In response to determining that authentication of the SPA request succeeds, the access control service allows access by the client device to a service.

公开(公告)号：US11652822B2

公开(公告)日：2023-05-16

申请号：US17119640

申请日：2020-12-11

Applicant: Amazon Technologies, Inc.

Inventor： Maciej Broda ,  Eric Jason Brandwine ,  Matthew Schwartz

IPC: H04L9/40 ,  H04L67/141

CPC classification number: H04L63/102 ,  H04L63/0218 ,  H04L63/0807 ,  H04L63/20 ,  H04L67/141

Abstract: Techniques for deperimeterized access control are described. A method of deperimeterized access control may include receiving, by a controller of a deperimeterized access control service, a single packet authorization (SPA) request for a session ticket from an agent on a electronic device, wherein the agent sends the request for the session ticket in response to intercepting traffic destined for a service associated with the deperimeterized access control service and determining that the agent does not have a session ticket for the service, authorizing the SPA request, providing a session ticket to the agent based on the request, receiving, by a gateway of the deperimeterized access control service, a request to initiate a session with a service, the request including the session ticket, validating the session ticket, and providing session parameters to the agent to be used to initiate the session between the electronic device and the service.