-
公开(公告)号:US09888037B1
公开(公告)日:2018-02-06
申请号:US14838177
申请日:2015-08-27
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr
CPC classification number: H04L63/18 , H04L9/3268 , H04L63/0823 , H04L63/166 , H04L63/205
Abstract: A client and a server negotiate a cipher suite as part of establishing a TLS connection. Cipher suites are rated with an associated level of security. In one example, the client and the server maintain a historical record that identifies the cipher suites used in previous TLS connections between the client and the server. The client and the server determine a minimally acceptable cipher suite rating based at least in part on the historical record of previously used cipher suites. If the negotiated cipher suite has a rating less than the determined minimally acceptable cipher suite rating, the TLS connection may be terminated, the cipher suite may be renegotiated, or other corrective action may be taken. In another example, the client and the server exchange digital certificates, and the digital certificates identify cipher suites for use with a TLS connection that are acceptable to the certificate owner.
-
公开(公告)号:US09847033B1
公开(公告)日:2017-12-19
申请号:US14866745
申请日:2015-09-25
Applicant: Amazon Technologies, Inc.
Inventor: Scott Gerard Carmack , Narasimha Rao Lakkakula , Nima Sharifi Mehr
CPC classification number: G08G5/0069 , G01S19/215 , G05D1/0088 , G05D1/104 , G06Q10/083 , G06Q10/08355 , G08G5/0008 , G08G5/0013 , G08G5/0021 , G08G5/0026 , G08G5/0039 , G08G5/0052 , G08G5/0056
Abstract: Techniques for determining whether data associated with an autonomous operation of a first unmanned vehicle may be trusted. For example, the first unmanned vehicle may receive an indication related to the data and originating from a second unmanned vehicle over a network. For instance, the indication may indicate that similar data for a similar autonomous operation of the second unmanned vehicle may be untrusted. Based on a level of trust accorded to the indication, the first unmanned vehicle may determine that the data may be untrusted and the autonomous navigation may be directed independently of the data.
-
公开(公告)号:US09781081B1
公开(公告)日:2017-10-03
申请号:US14874248
申请日:2015-10-02
Applicant: Amazon Technologies, Inc.
Inventor: Muhammad Wasiq , Nima Sharifi Mehr
CPC classification number: H04L63/0428 , H04L63/0478 , H04L63/06 , H04L63/061 , H04L63/166 , H04L63/168
Abstract: A client application cryptographically protects application data using an application-layer cryptographic key. The application-layer cryptographic key is derived from cryptographic material provided by a cryptographically protected network connection. The client exchanges the cryptographically protected application data with a service application via the cryptographically protected network connection. The client and service applications acquire matching application-layer cryptographic keys by leveraging shared secrets negotiated as part of establishing the cryptographically protected network connection. The shared secrets may include information that is negotiated as part of establishing a TLS session such as a pre-master secret, master secret, or session key. The application-layer cryptographic keys may be derived in part by applying a key derivation function, a one-way function or a cryptographic hash function to the shared secret information.
-
公开(公告)号:US09559849B1
公开(公告)日:2017-01-31
申请号:US14490465
申请日:2014-09-18
Applicant: Amazon Technologies, Inc.
Inventor: Muhammad Wasiq , Nima Sharifi Mehr
CPC classification number: H04L63/0823 , H04L9/3247 , H04L9/3263 , H04L63/123 , H04L63/1483
Abstract: A service receives from a sender service a digital message and a corresponding trace, which includes an ordered set of digital signatures of one or more services that participated in causing the service to receive the digital message. The trace may further specify an ordering of the one or more services, which may be generated according to the order of participation of these one or more services. The service may compare the received trace to recorded message paths to determine whether the ordering specified within the trace is valid. If the ordering is valid, the service may use one or more digital certificates to further verify the digital signatures included within the trace. If the service determines that these digital signatures are also valid, the service may process the message.
Abstract translation: 服务从发送者服务接收数字消息和对应的跟踪,其包括参与使服务接收数字消息的一个或多个服务的有序数字签名集合。 跟踪可以进一步指定可以根据这些一个或多个服务的参与顺序生成的一个或多个服务的顺序。 服务可以将接收的跟踪与记录的消息路径进行比较,以确定跟踪中指定的排序是否有效。 如果订购有效,则服务可以使用一个或多个数字证书来进一步验证包含在跟踪内的数字签名。 如果服务确定这些数字签名也是有效的,则服务可以处理消息。
-
公开(公告)号:US09313230B1
公开(公告)日:2016-04-12
申请号:US14493212
申请日:2014-09-22
Applicant: Amazon Technologies, Inc.
Inventor: William Frederick Kruse , Nima Sharifi Mehr
CPC classification number: H04L63/20 , G06F11/004 , G06F11/1446 , G06F2201/00 , G06Q10/10
Abstract: A customer of a policy management service may use an interface with a configuration and management service to interact with policies that may be applicable to the customer's one or more resources. The customer may create and/or modify the policies and the configuration and management service may notify one or more other entities of the created and/or modified policies. The one or more other entities may be operated by user authorized to approve the created and/or modified policies. Interactions with the configuration and management service may be the same as the interactions with the policy management service.
Abstract translation: 策略管理服务的客户可以使用与配置和管理服务的接口与可能适用于客户的一个或多个资源的策略进行交互。 客户可以创建和/或修改策略,配置和管理服务可以通知一个或多个其他实体创建和/或修改的策略。 一个或多个其他实体可以由被授权以批准所创建和/或修改的策略的用户操作。 与配置和管理服务的交互可能与与策略管理服务的交互相同。
-
Patent Agency Ranking
公开(公告)号:US12034740B1
公开(公告)日:2024-07-09
申请号:US15083098
申请日:2016-03-28
Applicant: Amazon Technologies, Inc.
Inventor: Scott Gerard Carmack , Narasimha Rao Lakkakula , Nima Sharifi Mehr
CPC classification number: H04L63/1416 , H04L63/1458
Abstract: In response to a process being triggered, at least in part by receipt of information regarding communication directed to a first application by a second application, a threat level is computed based at least in part on the information. As a result of the threat level being of a first severity, the second application is migrated to a destination zone that allows for improved communications with the first application. As a result of the threat level being of a second severity, migration of the second application to the destination zone is delayed. As a result of the threat level being of a third severity, a mitigation action is performed.
-
公开(公告)号:US12003540B1
公开(公告)日:2024-06-04
申请号:US17196875
申请日:2021-03-09
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr
IPC: H04L9/40
CPC classification number: H04L63/166 , H04L63/0428 , H04L63/0807
Abstract: The present document describes a communication session resumption mechanism. A client computer system establishes a communication session to a server computer that is a member of a set of related server computers. As a result of establishing the communication session, the server computer identifies the set of related server computers to the client computer system. The set of related server computers share communication session information with each other, allowing the client computer system to resume the communication session with another server computer belonging to the set of related server computers. The communication session may be specified to the other server computer by the client computer system by providing a session identifier or a session ticket.
-
公开(公告)号:US11509693B2
公开(公告)日:2022-11-22
申请号:US16832265
申请日:2020-03-27
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr
Abstract: A customer of a resource allocation service can register a function to be executed using virtual resources, where the function includes customer code to be executed. Customer events are defined as triggers for a registered function, and a resource instance is allocated to execute the registered function when triggering event is detected. An identity role associated with the triggering function is used to obtain access credentials for any data source which a triggering event might require for processing. An event-specific access credential is generated that provides a subset of these access privileges using a template policy for the registered function that is filled with values specific to the triggering event. The filled template policy and base credential are used to generate an event-specific credential valid only for access needed for the event. This event-specific credential can be passed with the event data for processing by an allocated instance.
-
公开(公告)号:US11228658B1
公开(公告)日:2022-01-18
申请号:US16734658
申请日:2020-01-06
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr
Abstract: Systems and methods for processing requests to execute a program code of a user use a message queue service to store requests when there are not enough resources to process the requests. The message queue service determines whether a request to be queued is associated with data that the program code needs in order to process the request. If so, the message queue service locates and retrieves the data and stores the data in a cache storage that provides faster access by the program code to the pre-fetched data. This provides faster execution of asynchronous instances of the program code.
-
公开(公告)号:US11226887B1
公开(公告)日:2022-01-18
申请号:US15371054
申请日:2016-12-06
Applicant: Amazon Technologies, Inc.
Inventor: Nima Sharifi Mehr
Abstract: Systems for processing requests to execute a program code of a user use a deployment model to select one of multiple virtual computing environments, each implemented on a plurality of server computers, which will produce the optimal program code execution, according to metrics such as latency, cost, and resource availability. The system receives the requests in the form of event messages associated with triggering events occurring on networks across the environments. The system feeds network usage data and event message metadata describing the event, event source, other target resources, and the like, into the deployment model to identify a candidate environment. The system enables the candidate environment to execute the program code, and then routes a subset of the event messages to the candidate environment, monitoring associated performance data. If the request processing is improved, the system continues routing some or all of the event messages to the candidate environment.
-
-
-
-
-
-
-
-
-
Search Results
151
records
(took 0.095 seconds)
