-
公开(公告)号:US12028461B2
公开(公告)日:2024-07-02
申请号:US18196266
申请日:2023-05-11
发明人: William Frederick Hingle Kruse , Conor Patrick Cahill , Jeffrey Cicero Canton , Dmitry Frenkel , Harshad Vasant Kulkarni , Colin Watson , Andrew Paul Mikulski
CPC分类号: H04L9/3247 , G06F12/1408 , H04L63/061 , H04L63/126 , G06F2212/402
摘要: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
-
公开(公告)号:US10536277B1
公开(公告)日:2020-01-14
申请号:US14979308
申请日:2015-12-22
发明人: William Frederick Hingle Kruse , Conor Patrick Cahill , Jeffrey Cicero Canton , Dmitry Frenkel , Harshad Vasant Kulkarni , Colin Watson , Andrew Paul Mikulski
摘要: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
-
公开(公告)号:US20190245862A1
公开(公告)日:2019-08-08
申请号:US16384866
申请日:2019-04-15
IPC分类号: H04L29/06
CPC分类号: H04L63/102 , H04L63/20
摘要: A policy management service receives a request to evaluate a provisional policy to determine the impact of implementation of the provisional policy. The policy management service evaluates an active policy against a request to access a computing resource to determine an authorization decision. The policy management service then evaluates the provisional policy against the request to access the computing resource to generate an evaluation of the provisional policy. The policy management service provides the evaluation and the authorization decision in response to the request to evaluate the provisional policy.
-
公开(公告)号:US20190073488A1
公开(公告)日:2019-03-07
申请号:US16056322
申请日:2018-08-06
摘要: A record of usage data is obtained, with the record sampled according to a sampling rate from a set of usage data records, with the record specifying a request to access a resource of a computing resource service provider, with the request indicating a set of permissions, and with the sampling rate being based at least in part on a criterion associated with the request. The record is aggregated, based at least in part on a permission of the set of permissions, with at least another record sampled according to the sampling rate from the set of usage data records to produce a set of aggregated usage records and at least a portion of the set of aggregated usage records is provided.
-
公开(公告)号:US10043030B1
公开(公告)日:2018-08-07
申请号:US14615347
申请日:2015-02-05
摘要: Techniques for large-scale authorization data collection and aggregation are disclosed herein. An authorization data service may first receive a set of usage data records, may next aggregate the set of usage data records to reduce the number of usage data records, may next store the aggregated set of usage data records in a usage data repository, and may next provide subsets of the aggregated set of usage data records in response to an application processing request to inform policy decisions associated with a computer system.
-
公开(公告)号:US11711420B2
公开(公告)日:2023-07-25
申请号:US16172607
申请日:2018-10-26
IPC分类号: H04L67/10 , H04L41/0813 , H04L67/1097 , H04L41/0896 , H04L41/0806 , H04L43/0876
CPC分类号: H04L67/10 , H04L41/0806 , H04L41/0813 , H04L41/0896 , H04L43/0876 , H04L67/1097
摘要: A provider network hosting multiple network-based services that implement different resources for a client may provide automated management of resource attributes across the multiple network-based services. A client may send a request to a resource attribute service implemented at the provider network to add a resource attribute to different resources implemented among different network-based services that satisfy resource metadata selection criteria. In response to receiving the request, resource metadata maintained for the different resources implemented among the different network-based resources, which may include one or more previously applied resource attributes, may be evaluated to identify those resources that satisfy the resource metadata selection criteria. For those resources that satisfy the resource metadata selection criteria, the resource attribute may be added to the resource metadata maintained for the different resources.
-
公开(公告)号:US10917240B2
公开(公告)日:2021-02-09
申请号:US16428535
申请日:2019-05-31
摘要: A cryptographic key management service receives a request, associated with a principal, to use a cryptographic key to perform a cryptographic operation. In response to the request, the service determines whether a rate limit specific to the principal is associated with the cryptographic key. If the rate limit is associated with the cryptographic key, the service generates a response to the request that conforms to the rate limit. The service provides the response in response to the request.
-
公开(公告)号:US10567388B1
公开(公告)日:2020-02-18
申请号:US15087007
申请日:2016-03-31
发明人: William Frederick Hingle Kruse , Jeffrey John Wierer , Nima Sharifi Mehr , Ashish Rangole , Kunal Chadha , Bharath Mukkati Prakash , Radu Mihai Berciu , Kai Zhao , Hardik Nagda , Chenxi Zhang
摘要: A policy/resource decommissioning service determines whether a resource has been inactive for a period of time greater than at least one period of time threshold for decommissioning. If the resource has been inactive greater than a first period of time threshold, the service disables the resource such that requests to access the resource are denied. If the resource has been inactive for a period of time greater than a second threshold, longer than the first period of time threshold, the service archives the resource. The service deletes the resource if the inactivity period of the resource is greater than a third period of time threshold, where the third period of time threshold is longer than the first and the second period of time thresholds.
-
公开(公告)号:US20190288836A1
公开(公告)日:2019-09-19
申请号:US16428535
申请日:2019-05-31
摘要: A cryptographic key management service receives a request, associated with a principal, to use a cryptographic key to perform a cryptographic operation. In response to the request, the service determines whether a rate limit specific to the principal is associated with the cryptographic key. If the rate limit is associated with the cryptographic key, the service generates a response to the request that conforms to the rate limit. The service provides the response in response to the request.
-
公开(公告)号:US10110629B1
公开(公告)日:2018-10-23
申请号:US15080504
申请日:2016-03-24
发明人: William Frederick Hingle Kruse , Hassan Sultan , Nicholas Howard Brown , James Leon Irving, Jr. , Donald Lee Bailey, Jr.
IPC分类号: H04L29/06
摘要: A honeypot resource management service receives a request to provision one or more honeypot resources. In response to the request, the service identifies at least one computing resource service that is to be used to present the one or more honeypot resources. The service generates configuration information that is transmitted to the at least one computing resource service to cause the computing resource service to present the one or more honeypot resources to users in accordance with a set of parameters specified in the configuration information.
-
-
-
-
-
-
-
-
-
搜索结果
33 条记录 (耗时 0.023 秒)
