公开(公告)号：US20190273619A1

公开(公告)日：2019-09-05

申请号：US16410859

申请日：2019-05-13

Applicant: Amazon Technologies, Inc.

Inventor： Matthew John Campagna ,  Nicholas Alexander Allen ,  Gregory Alan Rubin

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/60

Abstract: A proof-of-work system where a first party (e.g., a client computer system) may request access to a computing resource. A second party (e.g., a service provider) may determine a challenge that may be provided to the first party. A valid solution to the challenge may be generated and provided for the request to be fulfilled. The challenge may include a message and a seed, such that the seed may be used at least in part to cryptographically derive information that may be used to generate a solution to the challenge. A hash tree may be generated as of generating the solution.

公开(公告)号：US10338946B1

公开(公告)日：2019-07-02

申请号：US15862523

申请日：2018-01-04

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F15/173 ,  G06F9/455

Abstract: A computer system image is executed on a computing node over a network. A system specification file transmitted over the network specifies the computer system image by specifying components of the computer system image. The components include an operating system and at least one resource. The system specification file also contains a signature associated with the resource. A resource is determined to be authorized to be incorporated into the computer system image by verifying the signature. A computer system image can then be formed based on the components specified by the system specification file and executed locally.

公开(公告)号：US10320698B1

公开(公告)日：2019-06-11

申请号：US14180275

申请日：2014-02-13

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L12/911 ,  H04L12/751 ,  H04L12/753 ,  H04L12/24 ,  H04L29/08

Abstract: Techniques for making placement decisions for the placement of computing resources in a computer network utilize approximations of the network. A simplified representation of the network is used to determine a placement that satisfies a set of connectivity requirements. The simplified representation may be generated, at least in part, probabilistically based on the network.

公开(公告)号：US10313364B2

公开(公告)日：2019-06-04

申请号：US15048823

申请日：2016-02-19

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Nicholas Alexander Allen

IPC: G06F21/45 ,  G06F21/62 ,  H04L29/06 ,  H04L29/12

Abstract: Source information for requests submitted to a system are classified to enable differential handling of requests over a session whose source information changes over the session. For source information (e.g., an IP address) classified as fixed, stronger authentication may be required to fulfill requests when the source information changes during the session. Similarly, for source information classified as dynamic, source information may be allowed to change without requiring the stronger authentication.

公开(公告)号：US10242174B2

公开(公告)日：2019-03-26

申请号：US14617691

申请日：2015-02-09

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F21/44 ,  G06F21/62

Abstract: Secure information flow may include a service receiving a request for data from a caller. The service may respond to the request with the requested data via a secure flow container. The secure flow container may then send the information to the caller component. Before the secure flow container receives or sends the information, a monitoring environment may permit the secure flow container to receive or send the information, respectively.

公开(公告)号：US10218511B2

公开(公告)日：2019-02-26

申请号：US15390176

申请日：2016-12-23

Applicant: Amazon Technologies, Inc.

Inventor： Matthew John Campagna ,  Gregory Alan Rubin ,  Nicholas Alexander Allen ,  Andrew Kyle Driggs ,  Eric Jason Brandwine

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: A signature authority generates a master seed value that is used as the root of a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values which are distributed to one or more key generators, each of which generates a set of one-time-use cryptographic keys. Each key generator generates a hash tree from its set of one-time-use cryptographic keys, and the root of its hash tree is returned to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree. The root of the comprehensive hash tree acts as a public key for the signature authority.

公开(公告)号：US20180314820A1

公开(公告)日：2018-11-01

申请号：US16029469

申请日：2018-07-06

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F21/45

CPC classification number: G06F21/45 ,  G06F21/46

Abstract: A method and apparatus for encoding security codes are provided. In the method and apparatus a first code, which may be an erroneous code, is compared to a set of codes to identify a code portion. The code portion may be identified as contributing to inducing erroneous entry of the first code. The likelihood associated with issuing a second code including the code portion may be updated to negatively bias issuing the second code.

公开(公告)号：US20180262529A1

公开(公告)日：2018-09-13

申请号：US15981632

申请日：2018-05-16

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1491 ,  G06F16/188 ,  G06F16/245 ,  G06F16/248 ,  G06F16/256 ,  G06F21/554 ,  G06F21/566 ,  H04L63/061 ,  H04L63/062 ,  H04L63/08

Abstract: The disclosure relates to provisioning honeypot computing services using a simulation state database to simulate a set of computing resources. One example includes a system that receives a mutating request associated with honeypot credentials, updates a simulation state database associated with the honeypot credentials at least based on the mutating request and generates a simulated mutating response based at least on the simulation state database that simulates a response to the mutating request. The system can also receive a query request associated with the honeypot credentials, query the simulation state database at least based on the query request, and generate a simulated query response based at least on the simulation state database that simulates a response to the query request.

公开(公告)号：US20180183602A1

公开(公告)日：2018-06-28

申请号：US15390176

申请日：2016-12-23

Applicant: Amazon Technologies, Inc.

Inventor： Matthew John Campagna ,  Gregory Alan Rubin ,  Nicholas Alexander Allen ,  Andrew Kyle Driggs ,  Eric Jason Brandwine

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

CPC classification number: H04L9/3247 ,  H04L9/0643 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/30

Abstract: A signature authority generates a master seed value that is used as the root of a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values which are distributed to one or more key generators, each of which generates a set of one-time-use cryptographic keys. Each key generator generates a hash tree from its set of one-time-use cryptographic keys, and the root of its hash tree is returned to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree. The root of the comprehensive hash tree acts as a public key for the signature authority.

公开(公告)号：US20180034710A1

公开(公告)日：2018-02-01

申请号：US15725671

申请日：2017-10-05

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L12/24

CPC classification number: H04L41/0896 ,  H04L63/1425 ,  H04L63/1458

Abstract: A response rate limiting device is provided that may reduce the volume of network traffic generated as a result of an amplification attack. The rate liming device receives a packet and determines identification information corresponding to the packet. The rate limiting device receives a second packet bound for a network destination. Based at least in part on the size of the first packet and the size of the second packet, the rate limiting device determines a transmission rate for the second packet. The second packet is transmitted to the network destination in accordance with the determined transfer rate.