公开(公告)号：US20170308696A1

公开(公告)日：2017-10-26

申请号：US15643408

申请日：2017-07-06

Applicant: Amazon Technologies, Inc.

Inventor： Rahul Gautam Patel ,  Nachiketh Rao Potlapally ,  William John Earl ,  Matthew Shawn Wilson

IPC: G06F21/55 ,  G06F9/50 ,  G06F9/46 ,  G06F21/53 ,  G06F9/455

CPC classification number: G06F21/55 ,  G06F9/45533 ,  G06F9/468 ,  G06F9/5077 ,  G06F21/53

Abstract: Techniques are described for allocating resources to a task from a shared hardware structure. A plurality of tasks may execute on a processor, wherein the processor may include one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for allocating resources to a task from a shared hardware structure amongst multiple tasks, aspects of the disclosure describe assigning a first identifier to a first task from the plurality of tasks, associating a portion of the shared hardware resource with the first identifier, and restricting access and/or observability for computer executable instructions executed from any other task than the first task to the portion of the hardware resource associated with the first identifier.

公开(公告)号：US09378363B1

公开(公告)日：2016-06-28

申请号：US14509984

申请日：2014-10-08

Applicant: Amazon Technologies, Inc.

Inventor： Rahul Gautam Patel ,  William John Earl ,  Nachiketh Rao Potlapally

IPC: G06F21/00 ,  G06F21/55 ,  G06F9/455 ,  G06F7/04 ,  G06F17/30 ,  H04N7/16

CPC classification number: G06F21/55 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/50 ,  G06F21/725 ,  G06F2009/45587

Abstract: Techniques are described for injecting noise in a timer value provided to an instruction requesting the timer value. A plurality of tasks may execute on a processor, wherein the processor may comprise one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for injecting noise in the timer value, a request for a first timer value is received by one or more computer executable instructions belonging to a first task from the plurality of tasks, and in response, a second timer value is provided to the first task instead of the first timer value, wherein the second timer value is derived from the first timer value and a random number.

Abstract translation: 描述了用于在提供给请求定时器值的指令的定时器值中注入噪声的技术。 多个任务可以在处理器上执行，其中处理器可以包括一个或多个处理核心，并且每个任务可以包括多个计算机可执行指令。 根据用于在定时器值中注入噪声的一种技术，通过属于来自多个任务的第一任务的一个或多个计算机可执行指令来接收对第一定时器值的请求，并且作为响应，提供第二定时器值 到第一任务而不是第一定时器值，其中从第一定时器值和随机数导出第二定时器值。

公开(公告)号：US10303879B1

公开(公告)日：2019-05-28

申请号：US14535056

申请日：2014-11-06

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Uwe Dannowski ,  Derek Del Miller ,  David James Borland ,  Rahul Gautam Patel ,  William John Earl

IPC: G06F9/44 ,  G06F9/445 ,  G06F21/57 ,  G06F9/455 ,  G06F8/65

Abstract: A multi-tenant trusted platform module (MTTPM) is attached to a communication bus of a virtualization host. The MTTPM includes a plurality of per-guest-virtual-machine (per-GVM) memory location sets. In response to an indication of a first trusted computing request (TCR) associated with a first GVM of a plurality of GVMs instantiated at the virtualization host, a first memory location of a first per-GVM memory location set is accessed to generate a first response indicative of a configuration of the first GVM. In response to an indication of a second TCR associated with a second GVM, a second memory location of a second-per-GVM memory location set is accessed to generate a second response, wherein the second response is indicative of a different configuration of the second GVM.

公开(公告)号：US10003467B1

公开(公告)日：2018-06-19

申请号：US14673570

申请日：2015-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Derek Del Miller ,  Nachiketh Rao Potlapally ,  Rahul Gautam Patel

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/57 ,  H04L9/30

CPC classification number: H04L9/3268 ,  G06F21/57 ,  G06F21/575 ,  H04L9/0877 ,  H04L9/0891

Abstract: A computing device includes a processor and a persistent memory for storing information about a first public key associated with a first asymmetric key pair for authenticating the source of a digital certificate. The computing device also includes a second memory for storing one or more current certificate version indicators, each associated with a corresponding digital certificate, and the version indicator is used by the processor to determine the trust of the corresponding digital certificate.

公开(公告)号：US09864701B1

公开(公告)日：2018-01-09

申请号：US14643932

申请日：2015-03-10

Applicant: Amazon Technologies, Inc.

Inventor： Asif Khan ,  Rahul Gautam Patel ,  Mark Bradley Davis

IPC: G06F12/1081 ,  G06F12/06 ,  G06F13/10

CPC classification number: G06F12/1081 ,  G06F12/0653 ,  G06F13/102 ,  G06F2212/1041 ,  G06F2212/154 ,  G06F2212/657

Abstract: One or more resources for an SoC can be directly mapped to a host address space in a host system as peripheral bus functions. A translation unit can provide translation between the host address space and an SoC address space for transactions targeted for a resource from the one or more resources to facilitate performing the transactions with the resource using the host address space. Some embodiments of the technology can provide peer to peer capability for communication between the SoC resources using the translation unit.

公开(公告)号：US09703951B2

公开(公告)日：2017-07-11

申请号：US14502891

申请日：2014-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Rahul Gautam Patel ,  Nachiketh Rao Potlapally ,  William John Earl ,  Matthew Shawn Wilson

IPC: G06F21/44 ,  G06F21/55 ,  G06F9/455 ,  G06F9/50 ,  G06F9/46 ,  G06F21/53

CPC classification number: G06F21/55 ,  G06F9/45533 ,  G06F9/468 ,  G06F9/5077 ,  G06F21/53

Abstract: Techniques are described for allocating resources to a task from a shared hardware structure. A plurality of tasks may execute on a processor, wherein the processor may include one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for allocating resources to a task from a shared hardware structure amongst multiple tasks, aspects of the disclosure describe assigning a first identifier to a first task from the plurality of tasks, associating a portion of the shared hardware resource with the first identifier, and restricting access and/or observability for computer executable instructions executed from any other task than the first task to the portion of the hardware resource associated with the first identifier.

公开(公告)号：US09479340B1

公开(公告)日：2016-10-25

申请号：US14673585

申请日：2015-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Derek Del Miller ,  Nachiketh Rao Potlapally ,  Rahul Gautam Patel

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/30 ,  G06F21/57

CPC classification number: H04L9/3268 ,  G06F21/33 ,  G06F21/44 ,  G06F2221/034 ,  G06F2221/0771 ,  G09C1/00

Abstract: A computing device includes a processor and a persistent memory for storing information about a first public key associated with a first asymmetric key pair for authenticating the source of a digital certificate. The computing device also includes a second memory for storing one or more current key version indicators. Each of the current key version indicators is associated with a corresponding secondary public key, and the one or more current key version indicators are used by the processor to determine the trust of the corresponding secondary public key.

Abstract translation: 计算设备包括处理器和持久存储器，用于存储关于与用于认证数字证书的来源的第一非对称密钥对相关联的第一公共密钥的信息。 计算设备还包括用于存储一个或多个当前密钥版本指示符的第二存储器。 当前密钥版本指示符中的每一个与相应的次级公钥相关联，并且处理器使用一个或多个当前密钥版本指示符来确定对应的次级公钥的信任。

公开(公告)号：US10116645B1

公开(公告)日：2018-10-30

申请号：US15299183

申请日：2016-10-20

Applicant: Amazon Technologies, Inc.

Inventor： Derek Del Miller ,  Nachiketh Rao Potlapally ,  Rahul Gautam Patel

IPC: H04L29/06 ,  G06F21/57

Abstract: A computing device includes a processor and a persistent memory for storing information about a first public key associated with a first asymmetric key pair for authenticating the source of a digital certificate. The computing device also includes a second memory for storing one or more current key version indicators. Each of the current key version indicators is associated with a corresponding secondary public key, and the one or more current key version indicators are used by the processor to determine the trust of the corresponding secondary public key.

公开(公告)号：US09864636B1

公开(公告)日：2018-01-09

申请号：US14566642

申请日：2014-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Rahul Gautam Patel ,  Nachiketh Rao Potlapally ,  William John Earl

IPC: G06F9/46 ,  G06F9/50 ,  G06F9/48 ,  H04L12/911 ,  G06F9/455

CPC classification number: G06F9/50 ,  G06F9/45533 ,  G06F9/5061 ,  G06F2009/4557 ,  G06F2009/45579 ,  H04L47/70 ,  H04L47/805

Abstract: Techniques are described for allocating computing resources to a task from a shared hardware structure. The techniques may involve receiving a request to execute a task for a tenant on shared hardware resources, and determining a set of computing resources for allocation to the task based on a service level agreement associated with the tenant. The set of computing resources can be allocated to the task based on the service level agreement associated with the tenant. In some aspects, one or more performance counters associated with one or more of the computing resources can be monitored to determine an activity level for the one or more computing resources during execution of the task, and one or more allocations of the computing resources for execution of the task can be adjusted based on the activity level for the one or more computing resources.

公开(公告)号：US09792143B1

公开(公告)日：2017-10-17

申请号：US14921555

申请日：2015-10-23

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Derek Del Miller ,  Mark Bradley Davis ,  Matthew Shawn Wilson ,  Eric Jason Brandwine ,  Anthony Nicholas Liguori ,  Rahul Gautam Patel

IPC: G06F9/455 ,  G06F21/74 ,  G06F21/62 ,  G06F21/72

CPC classification number: G06F9/45558 ,  G06F21/53 ,  G06F21/6218 ,  G06F21/72 ,  G06F21/74 ,  G06F2009/45587

Abstract: The performing of virtual machine (VM)-based secure operations is enabled using a trusted co-processor that is able to operate in a secure mode to perform operations in a multi-tenant environment that are protected from other VMs and DOM-0, among other domains and components. A customer VM can contact a VM manager (VMM) to perform an operation with respect to sensitive data. The VMM can trigger secure mode operation, whereby memory pages are marked and access blocked to entities outside a trusted enclave. The trusted co-processer can measure the VMM and compare the result against an earlier result to ensure that the VMM has not been compromised. Once the operations are performed, the trusted co-processor can return the results, and the VMM can exit the secure mode such that access to the marked pages and customer data is restored.