公开(公告)号：US10979403B1

公开(公告)日：2021-04-13

申请号：US16003889

申请日：2018-06-08

Applicant: Amazon Technologies, Inc.

Inventor： Dan Mutescu ,  Cristi Ursachi

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/44 ,  H04L9/14

Abstract: A system and method for providing data such as credentials to a third-party service while protecting the data from being transmitted to unintended locations. The system receives a first request containing encrypted data and information identifying the third-party service, validates that the first request is to be transmitted to the third-party service, generates a second request by replacing the encrypted data from the first request with unencrypted data, and transmits the second request to the third-party service.

公开(公告)号：US11494499B1

公开(公告)日：2022-11-08

申请号：US17182930

申请日：2021-02-23

Applicant: Amazon Technologies, Inc.

Inventor： Cristi Ursachi ,  Amanda Gray ,  Priti Marappan ,  Dan Mutescu

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/30 ,  G06F16/22

Abstract: Disclosed are various embodiments for searching encrypted data stores. A first computing device can send a message authentication code (MAC) to a second computing device the MAC representing a tuple of a name of a data table, an identifier of a column of the data table, and a valid value for the column. Then, an encrypted bitmap can be received from the second computing device and decrypted to generate a decrypted bitmap. Bitwise operations can be performed on the decrypted bitmap to identify a plurality of encrypted rows of the data table containing a cell that comprises the valid value. Then, at least the plurality of at least partially encrypted rows of the data table can be requested from the second computing device and decrypted to generate a respective plurality of decrypted rows.

公开(公告)号：US11159498B1

公开(公告)日：2021-10-26

申请号：US15927954

申请日：2018-03-21

Applicant: Amazon Technologies, Inc.

Inventor： Cristinel Casu ,  Dan Mutescu ,  Armen Bearj Shimoon ,  Igor Spac ,  Cristi Ursachi

IPC: H04L29/06 ,  H04L9/08

Abstract: A system and method for providing data such as credentials to a third-party service while protecting the data from exposure to intermediate services. The system receives a first request containing encrypted data, generates a second request by replacing the encrypted data from the first request with unencrypted data, and transmits the second request to the third-party service.

公开(公告)号：US11003783B1

公开(公告)日：2021-05-11

申请号：US16137987

申请日：2018-09-21

Applicant: Amazon Technologies, Inc.

Inventor： Cristi Ursachi ,  Amanda Gray ,  Priti Marappan ,  Dan Mutescu

IPC: G06F21/60 ,  H04L9/30 ,  G06F21/62 ,  G06F16/22

Abstract: Disclosed are various embodiments for searchable encrypted data stores. A plurality of rows in a data table that have a cell in a column of the row that matches a value are identified. A bitmap that represents the plurality of rows is generated. The bitmap is encrypted. A key is then generated for a key-value pair. The key can be represented by a message authentication code (MAC) based at least in part on a tuple of a name of the data table, an identifier of the column, and the value. The key-value pair with the key and the encrypted bitmap is then sent to a remote computing device for storage.

公开(公告)号：US10516764B1

公开(公告)日：2019-12-24

申请号：US15382434

申请日：2016-12-16

Applicant: Amazon Technologies, Inc.

Inventor： Alexander Julian Tribble ,  Maxim Chetrusca ,  Dan Mutescu ,  Radu Weiss

IPC: G06F21/60 ,  H04L29/06 ,  H03M7/30 ,  H03M7/46 ,  H04L29/08

Abstract: A computing device may receive a compress data streams which may then be decompressed to generate decompressed data. The computing device may then determine if the decompressed data includes a flag indicating that the decompressed data should be modified. If the decompressed data is to be modified, the computing device may add padding values to the compressed data stream until a boundary block of the compressed data stream is reached. The modified compressed data stream may then be transmitted to an endpoint.