公开(公告)号：US20170207911A1

公开(公告)日：2017-07-20

申请号：US15476931

申请日：2017-03-31

Applicant: NETFLIX, INC.

Inventor： Poornaprajna UDUPI ,  Jason CHAN ,  Jay ZARFOSS

IPC: H04L9/08

CPC classification number: H04L63/0435 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0827 ,  H04L9/083 ,  H04L9/0844 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/0894 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/062 ,  H04L63/08

Abstract: Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encrypted key pairs and maintains an active window of keys to can be accepted from client devices that communicate sensitive data to the computing infrastructure. If the key consumer receives a key from a client device that is outside of the active window yet that corresponds to a future key pair in the list, the key consumer advances the active window towards the future key pair.

公开(公告)号：US20150333904A1

公开(公告)日：2015-11-19

申请号：US14810340

申请日：2015-07-27

Applicant: Netflix, Inc.

Inventor： Poornaprajna UDUPI ,  Jason CHAN ,  Jay ZARFOSS

IPC: H04L9/08

CPC classification number: H04L63/0435 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0827 ,  H04L9/083 ,  H04L9/0844 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/0894 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/062 ,  H04L63/08

Abstract: Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encrypted key pairs and maintains an active window of keys to can be accepted from client devices that communicate sensitive data to the computing infrastructure. If the key consumer receives a key from a client device that is outside of the active window yet that corresponds to a future key pair in the list, the key consumer advances the active window towards the future key pair.

公开(公告)号：US20180307849A1

公开(公告)日：2018-10-25

申请号：US15960468

申请日：2018-04-23

Applicant: NETFLIX, INC.

Inventor： Ariel TSEITLIN ,  Roy RAPOPORT ,  Jason CHAN

IPC: G06F21/60 ,  H04L29/06 ,  G06F9/50 ,  G06F11/30 ,  G06F17/30 ,  H04L12/26 ,  H04L12/24 ,  H04L9/32 ,  G06F21/57 ,  G06F21/45 ,  H04L29/08

Abstract: A security application manages security and reliability of networked applications executing collection of interacting computing elements within a distributed computing architecture. The security application monitors various classes of resources utilized by the collection of nodes within the distributed computing architecture and determine whether utilization of a class of resources is approaching a pre-determined maximum limit. The security application performs a vulnerability scan of a networked application to determine whether the networked application is prone to a risk of intentional or inadvertent breach by an external application. The security application scans a distributed computing architecture for the existence of access control lists (ACLs), and stores ACL configurations and configuration changes in a database. The security application scans a distributed computing architecture for the existence of security certificates, places newly discovered security certificates in a database, and deletes outdated security certificates. Advantageously, security and reliability are improved in a distributed computing architecture.

公开(公告)号：US20150235035A1

公开(公告)日：2015-08-20

申请号：US14703862

申请日：2015-05-04

Applicant: NETFLIX, INC

Inventor： Ariel TSEITLIN ,  Roy RAPOPORT ,  Jason CHAN

IPC: G06F21/60 ,  G06F17/30 ,  H04L29/06 ,  H04L12/26

CPC classification number: G06F21/604 ,  G06F9/50 ,  G06F11/302 ,  G06F11/3051 ,  G06F17/30598 ,  G06F21/00 ,  G06F21/45 ,  G06F21/577 ,  G06F2209/504 ,  G06F2221/034 ,  G06F2221/2141 ,  H04L9/3268 ,  H04L41/12 ,  H04L43/16 ,  H04L63/101 ,  H04L63/1408 ,  H04L63/1433 ,  H04L67/10 ,  Y02D10/22

Abstract: A security application manages security and reliability of networked applications executing collection of interacting computing elements within a distributed computing architecture. The security application monitors various classes of resources utilized by the collection of nodes within the distributed computing architecture and determine whether utilization of a class of resources is approaching a pre-determined maximum limit. The security application performs a vulnerability scan of a networked application to determine whether the networked application is prone to a risk of intentional or inadvertent breach by an external application. The security application scans a distributed computing architecture for the existence of access control lists (ACLs), and stores ACL configurations and configuration changes in a database. The security application scans a distributed computing architecture for the existence of security certificates, places newly discovered security certificates in a database, and deletes outdated security certificates. Advantageously, security and reliability are improved in a distributed computing architecture.

Abstract translation: 安全应用程序管理在分布式计算体系结构中执行交互式计算元素集合的网络应用程序的安全性和可靠性。 安全应用程序监视在分布式计算架构内收集节点所利用的各种资源，并确定一类资源的利用率是否接近预定的最大限制。 安全应用程序执行联网应用程序的漏洞扫描，以确定网络应用程序是否容易受到外部应用程序有意或无意的违规的风险。 安全应用程序扫描分布式计算架构以存在访问控制列表（ACL），并将ACL配置和配置更改存储在数据库中。 安全应用程序扫描分布式计算架构以确保安全证书的存在，将新发现的安全证书放置在数据库中，并删除过期的安全证书。 有利地，在分布式计算架构中提高了安全性和可靠性。

公开(公告)号：US20150052358A1

公开(公告)日：2015-02-19

申请号：US13969365

申请日：2013-08-16

Applicant: Netflix, Inc.

Inventor： Poornaprajna UDUPI ,  Jason CHAN ,  Jay ZARFOSS

IPC: H04L29/06

CPC classification number: H04L63/0435 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0827 ,  H04L9/083 ,  H04L9/0844 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/0894 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/062 ,  H04L63/08

Abstract: Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encrypted key pairs and maintains an active window of keys to can be accepted from client devices that communicate sensitive data to the computing infrastructure. If the key consumer receives a key from a client device that is outside of the active window yet that corresponds to a future key pair in the list, the key consumer advances the active window towards the future key pair.

Abstract translation: 实施例提供了在计算基础设施内生成和管理加密密钥的技术。 实施例提供了以可配置的间隔在列表中生成和维护密钥对的密钥发布者。 此外，密钥发布者将列表发布到计算基础架构内的其他组件。 实施例还提供了下载加密密钥对列表并维护主动密钥窗口的关键消费者，可以从将敏感数据传送到计算基础设施的客户端设备接受。 如果密钥客户端从活动窗口之外的客户端设备接收到与列表中未来的密钥对相对应的密钥，则密钥客户端将向未来密钥对移动活动窗口。