-
公开(公告)号:US09215076B1
公开(公告)日:2015-12-15
申请号:US13431882
申请日:2012-03-27
申请人: Gregory B. Roth , Marc R. Barbour , Bradley Jeffery Behm , Cristian M. Ilac , Eric Jason Brandwine
发明人: Gregory B. Roth , Marc R. Barbour , Bradley Jeffery Behm , Cristian M. Ilac , Eric Jason Brandwine
CPC分类号: H04L63/062 , G06F21/64 , H04L9/0836 , H04L9/321 , H04L9/3242 , H04L9/3247 , H04L63/06 , H04L63/08 , H04L2209/38 , H04L2209/60 , H04L2463/061
摘要: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.
摘要翻译: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用用于专门化密钥的参数形式的专门信息。 可以使用由多个机构保存的密钥导出的密钥和/或信息来生成其他密钥,使得可以在不访问密钥的情况下验证需要这样的密钥和/或信息的签名。 还可以导出密钥以形成分布的密钥的层次结构,使得密钥持有者解密数据的能力取决于密钥在层级中相对于用于加密数据的密钥的位置的位置。 密钥层次也可以用于将密钥集分配给内容处理设备,以使得设备能够解密内容,使得未经授权的内容的源或潜在来源可以从解密的内容中识别。
-
公开(公告)号:US09183028B1
公开(公告)日:2015-11-10
申请号:US12894722
申请日:2010-09-30
CPC分类号: H04L61/2503 , G06F9/45558 , G06F2009/45595 , H04L61/6068 , H04L67/18 , H04L67/28 , H04L67/2814 , H04L67/2823
摘要: Systems and method for the management of virtual machine instances are provided. A network data transmission analysis system can host virtual machine networks. The hosted virtual machine networks are configured in an manner such that at least a portion of the components of the hosted virtual machine network have overlapping network addresses. Through the utilization of addressable proxy IP addresses in each of the hosted virtual machine networks, the hosted virtual machine networks can exchange data.
摘要翻译: 提供了用于管理虚拟机实例的系统和方法。 网络数据传输分析系统可以托管虚拟机网络。 托管的虚拟机网络被配置为使得所托管的虚拟机网络的组件的至少一部分具有重叠的网络地址。 通过在每个托管的虚拟机网络中利用可寻址的代理IP地址,托管的虚拟机网络可以交换数据。
-
公开(公告)号:US08973108B1
公开(公告)日:2015-03-03
申请号:US13149619
申请日:2011-05-31
申请人: Gregory B. Roth , Kevin Ross O'Neill , Eric Jason Brandwine , Brian Irl Pratt , Bradley Jeffery Behm , Nathan R. Fitch
发明人: Gregory B. Roth , Kevin Ross O'Neill , Eric Jason Brandwine , Brian Irl Pratt , Bradley Jeffery Behm , Nathan R. Fitch
CPC分类号: H04L63/0807 , G06F21/00 , H04L9/3213 , H04L63/20
摘要: Systems and methods for controlling access to one or more computing resources relate to generating session credentials that can be used to access the one or more computing resources. Access to the computing resources may be governed by a set of policies and requests for access made using the session credentials may be fulfilled depending on whether they are allowed by the set of policies. The session credentials themselves may include metadata that may be used in determining whether to fulfill requests to access the one or more computing resources. The metadata may include permissions for a user of the session credential, claims related to one or more users, and other information.
摘要翻译: 用于控制对一个或多个计算资源的访问的系统和方法涉及生成可用于访问所述一个或多个计算资源的会话凭证。 对计算资源的访问可以由一组策略来管理,并且可以根据它们是否被该策略集合允许而使用会话凭证进行访问的请求来实现。 会话凭证本身可以包括可用于确定是否实现访问一个或多个计算资源的请求的元数据。 元数据可以包括会话证书的用户的权限,与一个或多个用户相关的声明以及其他信息。
-
公开(公告)号:US08856957B1
公开(公告)日:2014-10-07
申请号:US13334490
申请日:2011-12-22
申请人: Gregory B. Roth , Kevin Ross O'Neill , Eric Jason Brandwine , Eric D. Crahen , Cristian M. Ilac
发明人: Gregory B. Roth , Kevin Ross O'Neill , Eric Jason Brandwine , Eric D. Crahen , Cristian M. Ilac
CPC分类号: H04L63/0884 , G06F21/33
摘要: A federated identity system is described. A federated identity broker registers a first customer as an identity provider and a second customer as an identity consumer. The federated identity broker acts as an intermediary between the first customer and the second customer, to broker an identity request from the first customer that is fulfilled by the second customer.
摘要翻译: 描述联合身份系统。 联合身份经纪人将第一个客户作为身份提供者注册,第二个客户作为身份消费者注册。 联合身份证券代理人作为第一客户和第二客户之间的中间人,从第二客户履行的第一客户身份验证身份请求。
-
公开(公告)号:US08769059B1
公开(公告)日:2014-07-01
申请号:US13478777
申请日:2012-05-23
申请人: Mahendra M. Chheda , Shawn E. Heidel , Robert B. Jaye , Justin K. Brindley-Koonce , Eric Jason Brandwine
发明人: Mahendra M. Chheda , Shawn E. Heidel , Robert B. Jaye , Justin K. Brindley-Koonce , Eric Jason Brandwine
IPC分类号: G06F15/177 , G06F15/173 , G06Q30/00 , G06Q10/00
CPC分类号: H04L41/0866
摘要: Embodiments of the present disclosure are directed to, among other things, providing resource allocation advice, configuration recommendations, and/or migration advice regarding data storage, access, placement, and/or related web services. In some examples, a web service may utilize or otherwise control a client instance to control, access, or otherwise manage resources of a distributed system. Based at least in part on one or more resource usage checks and/or configuration checks, resource usage information and/or configuration information of an account utilizing a web service, and/or user preferences and/or settings, resource allocation advice, system configuration recommendations, and/or migration advice may be provided to a user of an account. Additionally, in some examples, one or more remediation operations may be performed automatically.
摘要翻译: 本公开的实施例尤其涉及提供关于数据存储,访问,放置和/或相关web服务的资源分配建议,配置建议和/或迁移建议。 在一些示例中,Web服务可以利用或以其他方式控制客户端实例来控制,访问或以其他方式管理分布式系统的资源。 至少部分地基于一个或多个资源使用检查和/或配置检查,使用Web服务的帐户的资源使用信息和/或配置信息,和/或用户偏好和/或设置,资源分配建议,系统配置 可以向帐户的用户提供建议和/或迁移建议。 此外,在一些示例中,可以自动执行一个或多个修复操作。
-
公开(公告)号:US08667399B1
公开(公告)日:2014-03-04
申请号:US12980931
申请日:2010-12-29
IPC分类号: G06F17/30
CPC分类号: H04L41/22 , G06F9/46 , G06F9/5072 , G06F17/30 , G06Q10/0633 , G06Q30/06
摘要: Control planes of virtual resource providers may be customized in a secure, stable and efficient manner with virtual control planes. Control planes may be modularized. Control plane modules may be supplied with data from standardized sensors, and required to generate standardized resource configuration requests responsive to solicitations with specified response latencies. Custom control plane modules may be selected to replace or complement default control plane modules. Financial and computational costs associated with control plane modules may be tracked. Competing resource configurations may be mediated by a control plane supervisor. Such mediation may be based on control plane module reputation scores. Reputation scores may be based on customer feedback ratings and/or measured performance with respect to module goals. Mediated configuration parameter values may be based on a combination of competing configuration parameter values weighted according to reputation. Contribution of individual modules to goal achievement may be tracked and rewarded accordingly.
摘要翻译: 可以使用虚拟控制平面以安全,稳定和有效的方式定制虚拟资源提供商的控制平面。 控制平面可以模块化。 控制平面模块可以从标准化传感器提供数据,并且需要响应于具有指定响应延迟的请求来生成标准化的资源配置请求。 可以选择自定义控制平面模块来替换或补充默认控制平面模块。 可跟踪与控制平面模块相关的财务和计算成本。 竞争资源配置可能由控制平面主管介导。 这种调解可以基于控制平面模块的信誉评分。 信誉分数可以基于客户反馈评级和/或与模块目标相关的测量性能。 介入的配置参数值可以基于根据声誉加权的竞争配置参数值的组合。 个别模块对目标实现的贡献可以相应地跟踪和奖励。
-
97.发明授权公开(公告)号:US08644188B1
公开(公告)日:2014-02-04
申请号:US12491818
申请日:2009-06-25
CPC分类号: H04L41/12 , G06F9/45558 , G06F9/5077 , G06F2009/45595 , H04L12/4641 , H04L12/4645 , H04L12/4666 , H04L41/0803 , H04L45/00 , H04L49/354
摘要: Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify one or more virtual local area networks (“VLANs”) for a managed computer network being provided for the user, such as with each VLAN including multiple computing nodes of the managed computer network. Networking functionality corresponding to the specified VLAN(s) may then be provided in various manners, such as if the managed computer network itself is a distinct virtual computer network overlaid on one or more other computer networks, and communications between computing nodes of the managed virtual computer network are handled in accordance with the specified VLAN(s) of the managed virtual computer network by emulating functionality that would be provided by networking devices of the managed virtual computer network if they were physically present and configured to support the specified VLAN(s).
摘要翻译: 描述了为被管理的计算机网络提供虚拟网络功能的技术。 在某些情况下,用户可以配置或以其他方式指定为用户提供的被管理计算机网络的一个或多个虚拟局域网(“VLAN”),例如每个VLAN包括被管理计算机网络的多个计算节点。 然后可以以各种方式提供对应于指定VLAN的网络功能,例如,如果被管理计算机网络本身是覆盖在一个或多个其他计算机网络上的不同虚拟计算机网络,以及被管理虚拟机的计算节点之间的通信 计算机网络根据受管虚拟计算机网络的指定VLAN进行处理,通过模拟被管理虚拟计算机网络的网络设备提供的功能(如果物理存在并配置为支持指定的VLAN) 。
-
公开(公告)号:US08607067B1
公开(公告)日:2013-12-10
申请号:US13038277
申请日:2011-03-01
申请人: Cornelle Christiaan Pretorius Janse van Rensburg , Marc J. Brooker , David Brown , Abhinav Agrawal , Matthew S. Garman , Kevin Ross O'Neill , Eric Jason Brandwine , Christopher Richard Jacques de Kadt , Mark Joseph Cavage
发明人: Cornelle Christiaan Pretorius Janse van Rensburg , Marc J. Brooker , David Brown , Abhinav Agrawal , Matthew S. Garman , Kevin Ross O'Neill , Eric Jason Brandwine , Christopher Richard Jacques de Kadt , Mark Joseph Cavage
IPC分类号: H04L29/06
CPC分类号: G06F21/45 , H04L63/0823 , H04L63/20 , H04L67/1002
摘要: Systems and methods for attesting to information about a computing resource involve electronically signed documents. For a computing resource, a document containing information about the resource is generated and electronically signed. The document may be provided to one or more entities as an attestation to at least some of the information contained in the document. Attestation to information in the document may be a prerequisite for performance of one or more actions that may be taken in connection with the computing resource.
摘要翻译: 用于证明有关计算资源的信息的系统和方法涉及电子签名的文档。 对于计算资源,生成包含资源信息的文档并进行电子签名。 文档可以被提供给一个或多个实体,作为对文档中包含的至少一些信息的证明。 证明文档中的信息可能是执行可能与计算资源相关联的一个或多个动作的前提。
-
公开(公告)号:US08560699B1
公开(公告)日:2013-10-15
申请号:US12979863
申请日:2010-12-28
申请人: Marvin M. Theimer , Eric Jason Brandwine , Marc J. Brooker , David Brown , Christopher Richard Jacques de Kadt
发明人: Marvin M. Theimer , Eric Jason Brandwine , Marc J. Brooker , David Brown , Christopher Richard Jacques de Kadt
IPC分类号: G06F15/173
CPC分类号: H04L63/20 , G06F9/44505
摘要: Users intending to launch instances or otherwise access virtual resources in a multi-tenant environment can specify a launch configuration. For each type of instance or each type of user, at least one launch configuration is created that includes parameters and values to be used in instantiating an instance of that type, the values being optimized for the current environment and type of instance. Launch configurations can be optimized for different types of users, such as to account for security credentials and access levels. Such an approach enables users to launch instances by contacting the resource provider directly without need for a proxy, which can function as a choke point under heavy load. The use of an appropriate launch configuration can be enforced for any type of user at any level, such as at the sub-net level, by modifying a request that does not specify an appropriate launch configuration.
-
公开(公告)号:US08559324B1
公开(公告)日:2013-10-15
申请号:US12825698
申请日:2010-06-29
CPC分类号: G06Q30/04 , H04L12/14 , H04L12/1432 , H04L12/1485 , H04L45/02 , H04L45/64 , H04M15/43 , H04M15/80 , H04M15/8022 , H04M15/8044
摘要: Systems, methods, and computer-readable media for network routing metering are disclosed. In some embodiments, various changes to the routes, and other actions requested by a computer system, physical or virtual, can be metered. Those actions may be performed and later rated in order to determine what amount, if any, to charge an account associated with the requesting network participant system. The network participant system can be billed based on the activities performed on its behalf. Therefore, even if a network is performing poorly and requires more resources that would normally be allowed by a neighboring router, if the network owner pays to have these requests performed, then the embodiments herein can allocate more resources to supporting the network's rapidly changing network.
摘要翻译: 公开了用于网络路由测量的系统,方法和计算机可读介质。 在一些实施例中,可以对物理或虚拟的计算机系统请求的路线和其他动作的各种改变进行计量。 这些操作可以被执行并且稍后评级,以便确定对与请求的网络参与者系统相关联的帐户收费的数量(如果有的话)。 网络参与者系统可以根据代表其进行的活动进行结算。 因此,即使网络性能较差并且需要通常由相邻路由器允许的更多资源,如果网络所有者支付执行这些请求,则本文中的实施例可以分配更多的资源来支持网络的快速变化的网络。
-
-
-
-
-
-
-
-
-
搜索结果
129 条记录 (耗时 0.226 秒)
