公开(公告)号：US11575522B2

公开(公告)日：2023-02-07

申请号：US15836581

申请日：2017-12-08

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen

IPC: H04L29/06 ,  H04L9/32

Abstract: A certificate authority service receives a request to issue a long-duration digital certificate from an entity for validation purposes between the entity and the service. Upon issuance of the long-duration digital certificate, the entity submits a request to the service for issuance of a short-duration digital certificate that includes a shorter validity period than the long-duration digital certificate. The service may utilize the long-duration digital certificate to validate the entity and, upon validating the entity, issues the short-duration digital certificate to the entity. The entity may subsequently utilize the short-duration digital certificate to enable a user client to authenticate the entity and securely communicate with the entity.

公开(公告)号：US20170366538A1

公开(公告)日：2017-12-21

申请号：US15674408

申请日：2017-08-10

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/321 ,  H04L9/3234 ,  H04L9/3236 ,  H04L9/3268

Abstract: A customer can demonstrate control over an element, such as a domain, by receiving a certificate from a certificate authority. The customer can utilize a device for sending a request relating to a specified domain and receiving a request token to be provided to a domain registry associated with the subject domain. Request token creation can entail generating at least one of a random string, a string generated based on information about a customer, a string generated based on information about the application, a password, or a key. After receiving the request token, the domain registry, in turn, will provide the token to the authority, which will verify that the request token received from the domain registry corresponds to the request token originally provided to the customer's device. If the two tokens match, the authority can act in accordance with the request, such as by issuing the certificate.

公开(公告)号：US09407505B2

公开(公告)日：2016-08-02

申请号：US13784276

申请日：2013-03-04

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen

IPC: H04L12/24 ,  G06F21/57

CPC classification number: H04L41/0866 ,  G06F21/57 ,  H04L41/28

Abstract: A computing resource is loaded with the code or data, and an audited record of the loaded code or data is generated. Furthermore, a configuration integrity is generated based on the record of the loaded code or data. The configuration integrity verifier is sent to a requestor for verification of the code or data, the configuration integrity verifier being usable as a trusted verification of the loaded code or data.

Abstract translation: 计算资源被加载代码或数据，并且生成加载的代码或数据的审计记录。 此外，基于加载的代码或数据的记录来生成配置完整性。 配置完整性验证器被发送到请求者以验证代码或数据，配置完整性验证器可用作加载的代码或数据的可靠验证。

公开(公告)号：US11997222B1

公开(公告)日：2024-05-28

申请号：US17732362

申请日：2022-04-28

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen ,  Todd Lawrence Cignetti ,  Preston Anthony Elder, III ,  Brandonn Gorman ,  Ronald Andrew Hoskinson ,  Jonathan Kozolchyk ,  Kenneth Lawler ,  Marcel Andrew Levy ,  Kyle Benjamin Schultheiss ,  Sandeep Shantharaj ,  Param Sharma ,  Jose Maria Silveira Neto

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3268 ,  H04L9/0897 ,  H04L9/3247 ,  H04L9/3297

Abstract: A computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by private certificate authorities. A private certificate authority hosted by the computing resource service provider is able to issue signed certificates to network entities within the customer enterprise. The certificate management service provides a network-accessible application programming interface to the private certificate authority that allows applications to create and deploy private certificates programmatically. The system provides the flexibility to create private certificates for applications that require custom certificate lifetimes or resource names.

公开(公告)号：US11563590B1

公开(公告)日：2023-01-24

申请号：US16018009

申请日：2018-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen ,  Todd Lawrence Cignetti ,  Preston Anthony Elder, III ,  Brandonn Gorman ,  Ronald Andrew Hoskinson ,  Jonathan Kozolchyk ,  Kenneth Lawler ,  Marcel Andrew Levy ,  Kyle Benjamin Schultheiss ,  Sandeep Shantharaj ,  Param Sharma ,  Jose Maria Silveira Neto

IPC: H04L9/32

Abstract: A computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by public and/or private certificate authorities. In an embodiment, when a new certificate is generated, a certificate template is used to apply various settings and policies for the new certificate. In various examples, templates may be used to establish default values, enforce required and optional values, place restrictions on one or more data fields, and enforce signature requirements. In some embodiments, the template establishes rules for rejecting certificate requests that don't conform to the template.

公开(公告)号：US11113046B1

公开(公告)日：2021-09-07

申请号：US16581650

申请日：2019-09-24

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen ,  Darin Lee Frink ,  Eric Robert Northup ,  David A Skirmont ,  Manish Singh Rathaur

IPC: G06F8/656 ,  G06F9/48 ,  G06F9/455 ,  G06F11/30 ,  H05K7/14 ,  H01H9/16

Abstract: A branded fleet server system includes a pre-assembled third-party computer system integrated into a chassis of the branded fleet server system. The pre-assembled third-party computer system is configured to execute proprietary software that is only licensed for use on branded hardware. A baseboard management controller (BMC) included in the server chassis couples with the pre-assembled computer system via one or more cables coupled to ports of the pre-assembled computer system. The BMC enables remote control of the pre-assembled computer system, such as remote power on and power off. Also the BMC may enable automatic and remote software and/or firmware updates to be performed at the pre-assembled computer system.

公开(公告)号：US10460114B1

公开(公告)日：2019-10-29

申请号：US16186351

申请日：2018-11-09

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Popuveniuc ,  Peter Zachary Bowen ,  Alexander Edward Schoof ,  Andrew Jeffrey Doane ,  Todd Lawrence Cignetti ,  Robert Eric Fitzgerald

IPC: G06F21/60 ,  G06F21/64 ,  H04L29/12

Abstract: Techniques are disclosed for mitigating against registering a domain name that is confusingly similar to a pre-existing domain name, possibly for the purpose of fooling users. In embodiments, a domain name is presented for registration. The domain name is rendered as an image, and optical character recognition is performed on the image to extract the rendered text. This extracted text is compared against a list of domain names for which confusingly similar domain names cannot be registered, and when the extracted text matches a domain name in this list of domain names, registration of the domain name is denied.

公开(公告)号：US09769153B1

公开(公告)日：2017-09-19

申请号：US14821477

申请日：2015-08-07

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/321 ,  H04L9/3234 ,  H04L9/3236 ,  H04L9/3268

Abstract: A customer can demonstrate control over an element, such as a domain, by receiving a certificate from a certificate authority. A customer can submit a request and receive a request token. The customer can generate a cryptographic hash of the request using the token, which a service provider can compare against an expected hash similarly generated. If the hashes match, an action can be taken such as a certificate issued. A customer can request one or more request tokens up front, whereby the tokens can be used to submit hashes with requests at the appropriate time. In some embodiments a customer can submit a request specifying one or more domains, and a service provider can provide a list of confirmatory email addresses from which the customer can select. The service provider can then send a message to that address that include a link for requesting a certificate.

公开(公告)号：US11853771B1

公开(公告)日：2023-12-26

申请号：US16581651

申请日：2019-09-24

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen ,  Darin Lee Frink ,  Eric Robert Northup ,  David A Skirmont ,  Manish Singh Rathaur

IPC: G06F9/44 ,  G06F9/4401 ,  G06F9/455 ,  G06F8/65 ,  G06F21/57 ,  H04L9/40 ,  G06F13/42 ,  H04L12/46 ,  G06F13/40 ,  H04L67/1001 ,  G06F1/26

CPC classification number: G06F9/4416 ,  G06F8/65 ,  G06F9/455 ,  G06F13/4045 ,  G06F13/4282 ,  G06F21/572 ,  H04L12/4633 ,  H04L63/0272 ,  H04L67/1001 ,  G06F1/26 ,  G06F2213/0026 ,  G06F2221/033

Abstract: A branded fleet server system includes a pre-assembled third-party computer system integrated into a chassis of the branded fleet server system. The pre-assembled third-party computer system is configured to execute proprietary software that is only licensed for use on branded hardware. A virtualization offloading component is included in the server chassis of the branded fleet server along with the pre-assembled third-party computer system. The virtualization offloading component acts as a bridge between the pre-assembled third-party computer system and a virtualized computing service. As such, the virtualization offloading component manages communications, security, metadata, etc. to allow the pre-assembled computer system to function as one of a fleet of virtualization hosts of the virtualized computing service.

公开(公告)号：US11323274B1

公开(公告)日：2022-05-03

申请号：US16018004

申请日：2018-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Peter Zachary Bowen ,  Todd Lawrence Cignetti ,  Preston Anthony Elder, III ,  Brandonn Gorman ,  Ronald Andrew Hoskinson ,  Jonathan Kozolchyk ,  Kenneth Lawler ,  Marcel Andrew Levy ,  Kyle Benjamin Schultheiss ,  Sandeep Shantharaj ,  Param Sharma ,  Jose Maria Silveira Neto

IPC: H04L9/32 ,  H04L9/08

Abstract: In an embodiment, a computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by private certificate authorities. In an embodiment, a private certificate authority hosted by the computing resource service provider is able to issue signed certificates to network entities within the customer enterprise. In an embodiment, the certificate management service provides a network-accessible application programming interface to the private certificate authority that allows applications to create and deploy private certificates programmatically. In an embodiment, the system provides the flexibility to create private certificates for applications that require custom certificate lifetimes or resource names.