公开(公告)号：US20140245425A1

公开(公告)日：2014-08-28

申请号：US13781298

申请日：2013-02-28

Applicant: Amazon Technologies, Inc.

Inventor： NACHIKETH RAO POTLAPALLY ,  DONALD LEE BAILEY, JR. ,  ANDREW PAUL MIKULSKI ,  ROBERT ERIC FITZGERALD

IPC: H04L29/06

CPC classification number: H04L63/164 ,  H04L9/0869 ,  H04L63/04 ,  H04L63/16

Abstract: Methods and apparatus for a configurable-quality random data service are disclosed. A method includes implementing programmatic interfaces enabling a determination of respective characteristics of random data to be delivered to one or more clients of a random data service of a provider network. The method includes implementing security protocols for transmission of random data to the clients, including a protocol for transmission of random data to trusted clients at devices within the provider network. The method further includes obtaining, on behalf of a particular client and in accordance with the determined characteristics, random data from one or more servers of the provider network, and initiating a transmission of the random data directed to a destination associated with the particular client.

Abstract translation: 公开了可配置质量随机数据服务的方法和装置。 一种方法包括实现程序化接口，使得能够将随机数据的相应特性确定为递送给提供者网络的随机数据服务的一个或多个客户端。 该方法包括实现用于向客户端发送随机数据的安全协议，包括用于在提供商网络内的设备处将随机数据传输到可信客户端的协议。 该方法还包括代表特定客户端并根据确定的特征获得来自提供商网络的一个或多个服务器的随机数据，以及发起指向与特定客户端相关联的目的地的随机数据的传输。

公开(公告)号：US20150244716A1

公开(公告)日：2015-08-27

申请号：US14188630

申请日：2014-02-24

Applicant: Amazon Technologies, Inc.

Inventor： NACHIKETH RAO POTLAPALLY ,  ANDREW JEFFREY DOANE ,  ERIC JASON BRANDWINE ,  ROBERT ERIC FITZGERALD

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  G06F21/57 ,  G06F21/6209 ,  H04L9/3234 ,  H04L63/06 ,  H04L63/064 ,  H04L63/0884 ,  H04L63/12

Abstract: Methods and apparatus for securing client-specified credentials at cryptographically-attested resources are described. An indication is obtained that resources deployed for execution of a compute instance of a multi-tenant computing service at an instance host of a provider network meet a client's security criteria. An encrypted representation of credentials to be used at the compute instance to implement operations on behalf of a client is received at the instance host. The credentials are extracted from the encrypted representation using a private key unique to the instance host, used for the operations, and then removed from the instance host without being saved in persistent memory.

Abstract translation: 描述了在密码证实的资源中保护客户端指定的凭证的方法和装置。 获得指示，用于执行供应商网络的实例主机处的多租户计算服务的计算实例的部署满足客户端的安全标准。 在实例主机处接收在计算实例上用于代表客户端执行操作的凭证的加密表示。 使用专用于实例主机的私有密钥从加密表示中提取凭据，然后从实例主机中删除，而不会保存在持久内存中。