公开(公告)号：US09064124B1

公开(公告)日：2015-06-23

申请号：US13720865

申请日：2012-12-19

Applicant: Amazon Technologies, Inc.

Inventor： Melissa Elaine Davis ,  Antoun Joubran Kanawati ,  Mukul Vijay Karnik ,  Kal Lyndon McFate ,  Vishal Parakh ,  Alexander Julian Tribble

IPC: G06F21/00 ,  G06F21/60 ,  G06F21/10

CPC classification number: G06F21/606 ,  G06F21/10 ,  G06F21/60 ,  H04L63/0485 ,  H04L63/168 ,  H04L67/146 ,  H04L67/148 ,  H04L67/2842 ,  H04L67/288

Abstract: The disclosure describes embodiments of a distributed caching system that are configured to store session state identifiers in a networked cache, enabling dynamic allocation of requests to servers. Client devices can resume secure sessions even if assigned to new servers as the new servers can obtain the session state identifiers from the distributed caching system. In at least some cases, the client device can be authenticated without the server having to perform a full authentication, thereby reducing the workload of the server and decreasing latency as the server can respond faster.

Abstract translation: 本公开描述了分布式缓存系统的实施例，其被配置为在联网高速缓存中存储会话状态标识符，使得能够对服务器进行动态分配请求。 即使分配给新服务器，客户端设备也可以恢复安全会话，因为新服务器可以从分布式缓存系统获取会话状态标识符。 在至少一些情况下，可以对客户端设备进行身份验证，而不需要服务器执行完全身份验证，从而减少服务器的工作负载，并减少延迟，因为服务器可以更快地响应。

公开(公告)号：US10574703B1

公开(公告)日：2020-02-25

申请号：US15914690

申请日：2018-03-07

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Alexander Julian Tribble ,  Robert Barry ,  Jeremy Boynes ,  Igor Spac

IPC: H04L29/06

Abstract: Techniques are described for delivering one or more first resources of a page using a first security level, and delivering one or more second resources of a page using a second, different security level. A page is generated to include elements identifying resources to be presented in the page, and the elements may include security level identifiers indicating a security level to be employed in communicating the corresponding resource. Each security level may be associated with a set of security measures that ensure the integrity or confidentiality of the resource while it is communicated. The use of multiple security levels to communicate multiple resources may provide appropriate security for each resource, reducing latency and overhead in page generation, communication, and rendering.

公开(公告)号：US10574443B2

公开(公告)日：2020-02-25

申请号：US15045113

申请日：2016-02-16

Applicant: Amazon Technologies, Inc.

Inventor： Alexander Julian Tribble ,  Robert Michael Barry ,  Jeremy Boynes ,  Melissa Elaine Davis ,  Igor Spac

IPC: H04L9/08 ,  H04L29/06 ,  G06F21/60

Abstract: A computing device can obtain a session key for encrypting data that is communicated between a client device and the computing device. The computing device can receive, from the client device, an encrypted request for data. The encrypted request can be encrypted by the client device using the session key. The data requested can be stored on a second computing device. The computing device can send, to the second computing device, a copy of the session key and the encrypted request for data. The second computing device can decrypt the data using the session key and can also encrypt data responsive to the request using the session key.

公开(公告)号：US20180176192A1

公开(公告)日：2018-06-21

申请号：US15382577

申请日：2016-12-16

Applicant: Amazon Technologies, Inc.

Inventor： Melissa Elaine Davis ,  Gavin Richard Jewell ,  Brady Montz ,  Alec Peterson ,  Igor Spac ,  Alexander Julian Tribble ,  Radu Weiss

IPC: H04L29/06 ,  H04L9/32

Abstract: A computing resource service provider may operate a secure proxy fleet responsible for directing network traffic from one or more backend services to one or more client devices. The network traffic may be encrypted or otherwise obfuscated to protect sensitive data. The secure proxy device may detect encrypted data and may decrypt the data prior to forwarding the data to the one or more client devices.

公开(公告)号：US09935977B1

公开(公告)日：2018-04-03

申请号：US14100663

申请日：2013-12-09

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Alexander Julian Tribble ,  Robert Michael Barry ,  Jeremy Boynes ,  Igor Spac

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/0428 ,  H04L63/105 ,  H04L63/12 ,  H04L63/168

Abstract: Techniques are described for delivering one or more first resources of a page using a first security level, and delivering one or more second resources of a page using a second, different security level. A page is generated to include elements identifying resources to be presented in the page, and the elements may include security level identifiers indicating a security level to be employed in communicating the corresponding resource. Each security level may be associated with a set of security measures that ensure the integrity or confidentiality of the resource while it is communicated. The use of multiple security levels to communicate multiple resources may provide appropriate security for each resource, reducing latency and overhead in page generation, communication, and rendering.

公开(公告)号：US10516764B1

公开(公告)日：2019-12-24

申请号：US15382434

申请日：2016-12-16

Applicant: Amazon Technologies, Inc.

Inventor： Alexander Julian Tribble ,  Maxim Chetrusca ,  Dan Mutescu ,  Radu Weiss

IPC: G06F21/60 ,  H04L29/06 ,  H03M7/30 ,  H03M7/46 ,  H04L29/08

Abstract: A computing device may receive a compress data streams which may then be decompressed to generate decompressed data. The computing device may then determine if the decompressed data includes a flag indicating that the decompressed data should be modified. If the decompressed data is to be modified, the computing device may add padding values to the compressed data stream until a boundary block of the compressed data stream is reached. The modified compressed data stream may then be transmitted to an endpoint.

公开(公告)号：US20190356530A1

公开(公告)日：2019-11-21

申请号：US16531465

申请日：2019-08-05

Applicant: Amazon Technologies, Inc.

Inventor： Paul William Berg ,  Christopher Dunn ,  Alexander Julian Tribble ,  Tristan Daniel Fries Wilson ,  Zachary Jared Wiggins

IPC: H04L29/08

Abstract: Techniques for improving communications efficiency between pairs of communication nodes running within a computer system are described herein. Potential locations for placing a communication node are evaluated using one or more fitness values wherein the fitness value is based at least in part on one or more system metrics associated with placing a communication node in the potential location. If an improved location is found based on the fitness value, the communication node may be migrated to the new location, thus improving system efficiency.

公开(公告)号：US10374866B1

公开(公告)日：2019-08-06

申请号：US14231010

申请日：2014-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Paul William Berg ,  Christopher Dunn ,  Alexander Julian Tribble ,  Tristan Daniel Fries Wilson ,  Zachary Jared Wiggins

IPC: H04L29/08

Abstract: Techniques for improving communications efficiency between pairs of communication nodes running within a computer system are described herein. Potential locations for placing a communication node are evaluated using one or more fitness values wherein the fitness value is based at least in part on one or more system metrics associated with placing a communication node in the potential location. If an improved location is found based on the fitness value, the communication node may be migrated to the new location, thus improving system efficiency.

公开(公告)号：US20180176193A1

公开(公告)日：2018-06-21

申请号：US15382579

申请日：2016-12-16

Applicant: Amazon Technologies, Inc.

Inventor： Melissa Elaine Davis ,  Gavin Richard Jewell ,  Brady Montz ,  Alec Peterson ,  Igor Spac ,  Alexander Julian Tribble ,  Radu Weiss

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/32

Abstract: A computing resource service provider may operate a secure proxy fleet within a content delivery network. The secure proxy fleet may protect sensitive data communicated between a client device and a backend service over one or more networks, for example, over the content delivery network to a computing resource service provider environment. The secure proxy fleet may protect sensitive data by encrypting the sensitive data before it is forwarded to a destination.

公开(公告)号：US20180176187A1

公开(公告)日：2018-06-21

申请号：US15382571

申请日：2016-12-16

Applicant: Amazon Technologies, Inc.

Inventor： Melissa Elaine Davis ,  Gavin Richard Jewell ,  Brady Montz ,  Alec Peterson ,  Igor Spac ,  Alexander Julian Tribble ,  Radu Weiss

IPC: H04L29/06

Abstract: A computing resource service provider may operate a secure proxy fleet responsible for directing network traffic to one or more backend services. The network traffic may be received over a cryptographically protected communications session at a secure proxy device. The secure proxy device may detect sensitive data included in the network traffic and encrypt the sensitive data to protect the sensitive data during transmission to the backend service.