公开(公告)号：US10951652B1

公开(公告)日：2021-03-16

申请号：US15003651

申请日：2016-01-21

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L29/06

Abstract: The present document describes a communication session resumption mechanism. A client computer system establishes a communication session to a server computer that is a member of a set of related server computers. As a result of establishing the communication session, the server computer identifies the set of related server computers to the client computer system. The set of related server computers share communication session information with each other, allowing the client computer system to resume the communication session with another server computer belonging to the set of related server computers. The communication session may be specified to the other server computer by the client computer system by providing a session identifier or a session ticket.

公开(公告)号：US10904277B1

公开(公告)日：2021-01-26

申请号：US15907088

申请日：2018-02-27

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L29/06 ,  G06F9/455 ,  H04L12/26

Abstract: Systems for providing a threat intelligence system differentiate between network activity that is a mass scan, or is an accidental or otherwise benign abnormality, or is a directed attack. All of the network activity of a computing resource service provider is logged, and the logs are parsed to include the activity of a particular activity source. The activity is stored in an activity profile, and is updated on a rolling window basis. The systems then use the activity profiles of activity sources that have communicated with a user's computing resources to determine whether the activity and/or activity source is a potential threat against the user's virtual computing environment(s) and/or the computing resources executing therein. The system computes a threat level score based on parameters identified in the activity profiles.

公开(公告)号：US10860382B1

公开(公告)日：2020-12-08

申请号：US15688562

申请日：2017-08-28

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06F9/50 ,  G06F21/62 ,  H04L12/911 ,  H04L29/06

Abstract: Techniques for resource protection using metric-based access control policies are described. A policy enforcement service receives a request involving a resource, and determines a dynamic metric value for the resource. The dynamic metric value is generated via a monitoring of one or more resources. The one or more resources may include the resource. Responsive to a determination that the dynamic metric value does not satisfy a dynamic metric condition of a policy defined by a user for the resource, the policy enforcement service performs one or more security actions related to the request. The dynamic metric condition was configured by the user.

公开(公告)号：US10826879B2

公开(公告)日：2020-11-03

申请号：US16410814

申请日：2019-05-13

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L29/06 ,  H04L29/08

Abstract: Cipher suites and/or other parameters for cryptographic protection of communications are dynamically selected to more closely match the intended uses of the sessions. A client indicates a planned use of a session to a server. The client's indication of the planned use may be explicit or implicit. The server selects an appropriate set of parameters for cryptographic protection of communications based at least in part on the indicated planned use and the client and server complete a handshake process to establish a cryptographically protected communications session to use the selected set of parameters.

公开(公告)号：US10785261B2

公开(公告)日：2020-09-22

申请号：US15917471

申请日：2018-03-09

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Darren Ernest Canavor ,  Jon Arron McClintock ,  Gregory Branchek Roth ,  Gregory Alan Rubin ,  Nima Sharifi Mehr

IPC: H04L29/06

Abstract: A client establishes a network session with a server. The network session is used to establish an encrypted communications session. The client establishes another network session with another server, such as after terminating the first network session. The client resumes the encrypted communications session over the network session with the other server. The other server is configured to receive encrypted communications from the client and forward them to the appropriate server.

公开(公告)号：US10649903B2

公开(公告)日：2020-05-12

申请号：US16035461

申请日：2018-07-13

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: G06F12/08 ,  G06F12/0866 ,  G06F11/30 ,  G06F11/34

Abstract: Modifications to throughput capacity provisioned at a data store for servicing access requests to the data store may be performed according to cache performance metrics. A cache that services access requests to the data store may be monitored to collected and evaluate cache performance metrics. The cache performance metrics may be evaluated with respect to criteria for triggering different throughput modifications. In response to triggering a throughput modification, the throughput capacity for the data store may be modified according to the triggered throughput modification. In some embodiments, the criteria for detecting throughput modifications may be determined and modified based on cache performance metrics.

公开(公告)号：US10587653B2

公开(公告)日：2020-03-10

申请号：US15091493

申请日：2016-04-05

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Kruse ,  Nima Sharifi Mehr

IPC: H04L29/06 ,  G06F11/00 ,  G06Q10/10

Abstract: A customer of a policy management service may use an interface with a configuration and management service to interact with policies that may be applicable to the customer's one or more resources. The customer may create and/or modify the policies and the configuration and management service may notify one or more other entities of the created and/or modified policies. The one or more other entities may be operated by user authorized to approve the created and/or modified policies. Interactions with the configuration and management service may be the same as the interactions with the policy management service.

公开(公告)号：US10542021B1

公开(公告)日：2020-01-21

申请号：US15187532

申请日：2016-06-20

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L29/06 ,  G06F16/23

Abstract: Actions in an electronic environment are monitored during a learning period and behavior profiles generated using feature values for those actions. Subsequent behavior can be compared against the profiles to track the anomalies, or mismatches between features of incoming events and features of the profiles. A high percentage of mismatch can make a feature a candidate for exclusion from the behavioral profile. Normalization methods can be applied on features flagged as exclusion candidates. If any normalization sufficiently decreases the mismatch rate, the feature will not be excluded from the behavior profile. Any exclusion candidate feature which does not have an adequate mismatch value after normalization can be removed from tracked features of the corresponding profile. The behavior profile can be used to detect anomalous behavior that deviates from values of the behavior profile.

公开(公告)号：US10523707B2

公开(公告)日：2019-12-31

申请号：US15925470

申请日：2018-03-19

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Darren Ernest Canavor ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  Gregory Branchek Roth

IPC: H04L9/32 ,  H04L29/06

Abstract: A plurality of cipher suites is negotiated as part of a handshake process to establish a cryptographically protected communications session. The handshake process is completed to establish the cryptographically protected communications session. A message is communicated over the established cryptographically protected communications session using at least two cipher suites of the plurality of cipher suites.

公开(公告)号：US10521584B1

公开(公告)日：2019-12-31

申请号：US15688811

申请日：2017-08-28

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06F21/55 ,  H04L29/06 ,  G06F21/56

Abstract: A system acquires diagnostic information from event logs, trace files, and other diagnostic sources to reduce a set of event records. The event records are arranged in a graph based on correlations between individual event records. Correlations may be based on time, account, credentials, tags, instance identifiers, or other characteristics. The system analyzes the graph to identify anomalies such as data exfiltration anomalies, system compromises, or security events. In some implementations, the system deploys decoy resources within a customer computing environment. Interactions with the decoy resources are captured as event records and added to the graph.