-
公开(公告)号:US10129299B1
公开(公告)日:2018-11-13
申请号:US14298860
申请日:2014-06-06
Applicant: Amazon Technologies, Inc.
Inventor: Jon Arron McClintock , Darren Ernest Canavor , Jesper Mikael Johansson
Abstract: A variety of different mobile computing devices, such as a laptop, tablet or smartphone, may be used in a mixed set of computing environments. At least some of the computing environments may be hostile computing environments where users of the mobile computing devices may be exposed to unknown risks. Furthermore, the mobile computing devices may be unable to determine if a network in a particular computing environment is in fact the network the mobile device determines it to be. A beacon device may be attached to a network and provide mutual authentication for mobile devices in the computing environment. Various security policies may be adjusted as a result of the user device and the beacon device successfully authenticating the other device.
-
公开(公告)号:US10110630B2
公开(公告)日:2018-10-23
申请号:US15446434
申请日:2017-03-01
Applicant: Amazon Technologies, Inc.
Inventor: Jon Arron McClintock , George Nikolaos Stathakopoulos
Abstract: A method and apparatus for deterring exfiltration of data from are provided. In the method and apparatus, it is determined that data is to be inflated. A request for access to data is received and data responsive to the request is retrieved. Spurious data is also generated and provided together with the responsive data in response to the request.
-
公开(公告)号:US10096216B1
公开(公告)日:2018-10-09
申请号:US14572296
申请日:2014-12-16
Applicant: Amazon Technologies, Inc.
Inventor: Jon Arron McClintock
Abstract: A system and method for activating security mechanisms based at least in part on accelerometer-based dead reckoning wherein accelerometer data, reflecting acceleration in a local coordinate system of a device, is obtained from an accelerometer of a device. Movement of the device is determined based at least in part on the accelerometer data, and, based at least in part on whether the movement of the device exceeds a threshold value, a determination is made whether to change a current security state of the device. If it is determined to change the current security state of the device, the current security state of the device is changed to a new security state.
-
公开(公告)号:US10007792B1
公开(公告)日:2018-06-26
申请号:US14092553
申请日:2013-11-27
Applicant: Amazon Technologies, Inc.
Inventor: Jon Arron McClintock , George Nikolaos Stathakopoulos
CPC classification number: G06F21/577 , H04L63/1416 , H04L63/20
Abstract: Disclosed are various embodiments that model a network security environment as a game. A data model corresponding to a network security environment is received. A gaming environment is generated based at least in part on the data model. The gaming environment represents a decontextualized version of the network security environment.
-
公开(公告)号:US09998444B2
公开(公告)日:2018-06-12
申请号:US15455169
申请日:2017-03-10
Applicant: Amazon Technologies, Inc.
Inventor: Jesper Mikael Johansson , Darren Ernest Canavor , Daniel Wade Hitchcock , Bharath Kumar Bhimanaik , Jon Arron McClintock
CPC classification number: H04L63/08 , G06F21/10 , G06F21/602 , H04L9/08 , H04L9/14 , H04L29/06639 , H04L29/06646 , H04L63/0407 , H04L63/0414 , H04L63/0421 , H04L63/0428 , H04L67/306 , H04L2209/38
Abstract: Disclosed are various embodiments for correlating a first use case-specific entity identifier with a second use case-specific entity identifier. A chained entity identifier corresponds to the first use case-specific entity identifier. The chained entity identifier can include the second use case-specific entity identifier cryptographically wrapped by a use case-specific key. The second use case-specific entity identifier can be received from the chained entity identifier. The second use case-specific entity identifier can be correlated to the first use case-specific entity identifier.
-
Patent Agency Ranking
公开(公告)号:US09946619B1
公开(公告)日:2018-04-17
申请号:US14977306
申请日:2015-12-21
Applicant: Amazon Technologies, Inc.
Inventor: Jon Arron McClintock , George Nikolaos Stathakopoulos
CPC classification number: G06F11/261 , G06F11/1451 , G06F11/1464 , G06F11/2205 , G06F2201/815 , G06F2201/84
Abstract: The techniques described herein provide evaluations of a production system's ability to recover from a service disruption without actually disrupting service to the production system. In some examples, a live production system is at least partly duplicated to create a shadow production system that is a quarantined copy of the production system. Traffic between the production system, client devices, and possibly dependency services may be replicated onto the shadow production system while a recovery simulation service induces a specified type of service disruption onto the shadow production system. Behavior of the shadow production system during service disruption is used to identify performance differences and to evaluate expected recovery characteristics of the live production system.
-
公开(公告)号:US20180063715A1
公开(公告)日:2018-03-01
申请号:US15804886
申请日:2017-11-06
Applicant: Amazon Technologies, Inc.
Inventor: Jesper Mikael Johansson , Phivos Costas Aristides , Darren Ernest Canavor , Arnaud Marie Froment , Scott Donald Gregory , Cory Adam Johnson , Chelsea Celest Krueger , Jon Arron McClintock , Vijay Rangarajan , Andrew Jay Roths
CPC classification number: H04W12/06 , H04L63/08 , H04L63/083 , H04L63/0876 , H04L63/107 , H04M1/67 , H04M1/72522 , H04M1/72572 , H04M1/72577
Abstract: An access control application for mobile devices is provided. The access control application may be configured to generate a set of security tasks based at least in part on information corresponding to a user's interactions with the mobile device. An unlock screen of the mobile device may be triggered and security tasks from the generated set of security tasks may be displayed through a user interface of the mobile device. The user's response to the security tasks may be obtained and a confidence score may be calculated, based at least in part on the response. The access control application may then determine, based at least in part on the score and one or more attributes of the environment, whether to unlock the mobile device or prompt the user to provide an additional response to another security task.
-
公开(公告)号:US20180048640A1
公开(公告)日:2018-02-15
申请号:US15793833
申请日:2017-10-25
Applicant: Amazon Technologies, Inc.
Inventor: Jesper Mikael Johansson , Jon Arron McClintock
IPC: H04L29/06 , H04W12/06 , H04L12/911 , H04W12/08
CPC classification number: H04L63/0838 , H04L47/70 , H04L63/045 , H04L63/102 , H04L63/18 , H04W12/06 , H04W12/08
Abstract: Methods and systems are provided for managing access to a client account related (CAR) resource. When a privilege-constrained (PC) application requests access to an individual client account, a single use authorization (SUA) code is created that is associated with the individual client account. The SUA code is routed to, and returned from, the privilege-constrained (PC) application to authenticate the PC application. The PC application, once authenticated, receives a permitted action token that identifies a limited set of privileges that the PC application is authorized to perform in connection with the CAR resource. The PC application provides the permitted action token to an access service. The access service limits access, by the PC application, to the CAR resource based on the permitted action token.
-
公开(公告)号:US09830099B1
公开(公告)日:2017-11-28
申请号:US14857705
申请日:2015-09-17
Applicant: Amazon Technologies, Inc.
Inventor: Jesper Mikael Johansson , Jon Arron McClintock
IPC: G06F3/06
CPC classification number: G06F3/0623 , G06F3/0652 , G06F3/0679 , G06F12/0246 , G06F21/572 , G06F21/6218 , G06F21/79 , G06F2221/2143
Abstract: Techniques for providing secure erase of data stored on a storage device may be provided. For example, a storage device comprising a first layer of firmware that is configured to receive access requests for data stored on a storage device may be in communication with a second layer of firmware. The second layer of firmware may be configured to receive, from the first layer of firmware, a request to erase a portion of the data stored on the storage device and verify the first layer of firmware before processing the erase request. In an embodiment, upon verifying the first layer of firmware, the second layer of firmware may block subsequent read requests for one or more physical blocks of the storage device that correspond to the portion of the data indicated in the erase request.
-
公开(公告)号:US20170272441A1
公开(公告)日:2017-09-21
申请号:US15612067
申请日:2017-06-02
Applicant: Amazon Technologies, Inc.
IPC: H04L29/06
CPC classification number: H04L63/10 , G06F21/10 , G06F21/33 , G06F21/34 , G06F21/604 , G06F21/6218 , H04L9/3234 , H04L9/3247 , H04L9/3263 , H04L63/102 , H04L63/12 , H04L63/123 , H04L63/126
Abstract: A resource owner or administrator submits a request to a permissions management service to create a permissions grant which may include a listing of actions a user may perform on a resource. Accordingly, the permissions management service may create the permissions grant and use a private cryptographic key to digitally sign the created permissions grant. The permissions management service may transmit this digitally signed permissions grant, as well as a digital certificate comprising a public cryptographic key for validating the permissions grant, to a target resource. The target resource may use the public cryptographic key to validate the digital signature of the permissions grant and determine whether a user is authorized to perform one or more actions based at least in part on a request from the user to perform these one or more actions on the resource.
-
-
-
-
-
-
-
-
-
Search Results
138
records
(took 0.029 seconds)
