知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

31 records (took 0.021 seconds)

    Context-based data access control
    2.
    发明授权
    Context-based data access control 有权

    公开(公告)号:US10608997B1

    公开(公告)日:2020-03-31

    申请号:US14751022

    申请日:2015-06-25

    Applicant: Amazon Technologies, Inc.

    Inventor: Tushaar Sethi Jon Arron McClintock

    IPC: H04L29/06

    Abstract: The current document describes systems and methods that provide access controls in a system of interconnected services such as an online service platform. In various implementations, the system maintains contextual information associated with tokenized data. In additional implementations, data brokers authorize access to detokenized data by comparing the context of the data to the context of the service requesting the data. In yet additional implementations, the system maintains contextual information associated with requests that are processed within the system. When a request is made to a particular service, the particular service can use the identity of the requester, the context of the request, and the context of the data to determine whether the request is authorized. In some implementations, the integrity of contextual information is protected using a digital signature.

    Secure transfer and use of secret material in a shared environment
    5.
    发明授权
    Secure transfer and use of secret material in a shared environment 有权

    公开(公告)号:US10069806B2

    公开(公告)日:2018-09-04

    申请号:US15688255

    申请日:2017-08-28

    Applicant: Amazon Technologies, Inc.

    Inventor: Daniel Wade Hitchcock Darren Ernest Canavor Tushaar Sethi

    IPC: H04L29/06 G06F21/62 H04L9/08 G06F21/10 H04L9/32 H04L9/14

    Abstract: Aspects related to the secure transfer and use of secret material are described. In one embodiment, an encrypted secret key and encrypted revocation data are imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret key or revocation data of a customer, as the secret key and revocation data are decrypted and stored within the trusted execution environment but not accessed in an unencrypted form. In turn, the provider can receive various instructions to perform cryptographic operations on behalf of the customer. Based on the outcome of a revocation check using the revocation data, the instructions can be performed by the trusted execution environment.

    Context-sensitive techniques for optimizing network connectivity
    6.
    发明授权
    Context-sensitive techniques for optimizing network connectivity 有权

    公开(公告)号:US10693724B1

    公开(公告)日:2020-06-23

    申请号:US14631600

    申请日:2015-02-25

    Applicant: Amazon Technologies, Inc.

    Inventor: Tushaar Sethi

    IPC: H04L12/24 H04L29/06 H04L29/08

    Abstract: Techniques described and suggested herein include systems and methods for optimizing network connections by using attributes of one or more of the connected entities. For example, a routing engine may be implemented to determine, based on various attributes of a client device, its desired destination, and/or the networks capable of connecting the client device and the destination, optimized parameters and routes for the network connection. Such optimization may involve the selection of an optimal network, the negotiation of an optimal connection type, and the like. The optimization may be made for one or more disparate criteria, such as data security, bandwidth, network latency, geographical proximity, and so forth.

    Authorization for build configuration using telemetry data assessment
    7.
    发明授权
    Authorization for build configuration using telemetry data assessment 有权

    公开(公告)号:US10574702B1

    公开(公告)日:2020-02-25

    申请号:US15861569

    申请日:2018-01-03

    Applicant: Amazon Technologies, Inc.

    Inventor: Jacob Edward Rickerd Amanda Gray Tushaar Sethi Pujun Wu

    IPC: H04L9/00 H04L29/06 H04L9/14

    Abstract: A system assesses a security configuration proposed for production on a target computer system. The system may receive the security configuration proposed for production and obtain telemetry metrics generated based on security configurations implemented on one or more computer systems of the service provider. The system may assess a security configuration proposed for deployment based on telemetry metrics and generate status information based on the assessment. An authorization recommendation may be provided based whether the status information indicates that the proposed security configuration satisfies one or more conditions.

    System to detect network egress points
    9.
    发明授权
    System to detect network egress points 有权

    公开(公告)号:US09992083B1

    公开(公告)日:2018-06-05

    申请号:US14862068

    申请日:2015-09-22

    Applicant: AMAZON TECHNOLOGIES, INC.

    Inventor: Jon Arron McClintock David John Burke Tushaar Sethi

    IPC: G06F15/16 H04L12/26 H04L29/06

    CPC classification number: H04L43/065 H04L63/0209 H04L63/1408 H04L63/1441 H04L69/16

    Abstract: Described are techniques for detecting network egress points. A source device on a first network may generate a probe data with loose source route data that includes internal routing data to a designated subnet within the first network. The ultimate destination of the probe data is outside the first network. Once at the designated subnet, the probe data is handled by the egress network devices, such as a router, that services the subnet. Ultimately, the probe data may arrive at a destination device by way of a second network. The destination device determines the egress point from the first network used by the probe data. By comparing the actual route data with known egress points, known egress network devices may be confirmed and unknown egress network devices may be determined.

Patent Agency Ranking