公开(公告)号：US09507943B1

公开(公告)日：2016-11-29

申请号：US13770390

申请日：2013-02-19

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F21/56 ,  G06F21/57

CPC classification number: G06F21/577 ,  G06F21/56 ,  G06F2221/033

Abstract: Technologies are described herein for an analysis tool for data security. An analysis tool can be configured to analyze data using a dynamic analysis and a static analysis. During the dynamic analysis, test execution paths can be executed against the data to track dynamic flows corresponding to execution paths through the data and to track variable values for variables referenced during the dynamic analysis. During the static analysis, possible program execution paths can be identified. The dynamic flows can be mapped to the static flows and a taint status of the variables associated with the mapped dynamic flows can be evaluated. Based upon the taint status, the analysis tool can identify potentially unsafe static flows.

Abstract translation: 本文描述了用于数据安全性的分析工具的技术。 分析工具可以配置为使用动态分析和静态分析来分析数据。 在动态分析期间，可以针对数据执行测试执行路径，以跟踪与通过数据执行路径相对应的动态流，并跟踪动态分析期间引用的变量的变量值。 在静态分析期间，可以识别可能的程序执行路径。 可以将动态流映射到静态流，并且可以评估与映射的动态流相关联的变量的污点状态。 基于污染状态，分析工具可以识别潜在的不安全静态流。

公开(公告)号：US09270662B1

公开(公告)日：2016-02-23

申请号：US14153847

申请日：2014-01-13

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Nicholas Alexander Allen

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/45 ,  G06F21/62 ,  G06F2221/2101 ,  G06F2221/2111 ,  H04L61/2007 ,  H04L63/08 ,  H04L63/105 ,  H04L63/1441

Abstract: Source information for requests submitted to a system are classified to enable differential handling of requests over a session whose source information changes over the session. For source information (e.g., an IP address) classified as fixed, stronger authentication may be required to fulfill requests when the source information changes during the session. Similarly, for source information classified as dynamic, source information may be allowed to change without requiring the stronger authentication.

Abstract translation: 提交给系统的请求的源信息被分类，以便能够通过会话的源信息更改的会话对请求进行差异处理。 对于分类为固定的源信息（例如，IP地址），当源信息在会话期间改变时，可能需要更强的认证来满足请求。 类似地，对于分类为动态的源信息，可以允许源信息改变而不需要更强的认证。

公开(公告)号：US09261898B1

公开(公告)日：2016-02-16

申请号：US13875999

申请日：2013-05-02

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F1/12 ,  G06F1/10

CPC classification number: G06F1/10 ,  G06F1/12 ,  G06F1/14

Abstract: Systems and methods are described for coordinating clocks in a distributed computing environment. In one embodiment, a plurality of groups of nodes are formed. Nodes within a group may be time-synchronized and time differences between groups may be tracked. Clock adjustments between groups may be accumulated for tracked activities. The accumulated clock adjustments may be used to determine an ordering of the tracked activities.

Abstract translation: 描述了用于在分布式计算环境中协调时钟的系统和方法。 在一个实施例中，形成多个节点组。 组内的节点可以是时间同步的，并且可以跟踪组之间的时间差。 可能会为跟踪的活动累积群组之间的时钟调整。 积累的时钟调整可以用于确定所跟踪的活动的顺序。

公开(公告)号：US09112777B1

公开(公告)日：2015-08-18

申请号：US13633555

申请日：2012-10-02

Applicant: Amazon Technologies, Inc.

Inventor： Christopher B. Barclay ,  Nicholas Alexander Allen ,  William T. Shelton

IPC: H04L12/24

CPC classification number: H04L41/0803 ,  H04L41/0866 ,  H04L41/0869 ,  H04L41/0893

Abstract: In a system that provides network-based infrastructure services, customer resources are tagged in accordance with policies provided by the customers. Resources may be automatically tagged upon creation based on the provided policies. In addition, existing resources may be analyzed and automatically tagged to indicate characteristics of the resources that may be of interest to the customer. The customers may also specify configuration policies in terms of resource tags, and the system may be configured to apply and/or enforce the configuration policies.

Abstract translation: 在提供基于网络的基础架构服务的系统中，客户资源根据客户提供的策略进行标记。 基于提供的策略，资源可能会在创建时自动标记。 此外，可以分析现有资源并自动标记，以指示客户可能感兴趣的资源的特征。 客户还可以根据资源标签指定配置策略，并且系统可以被配置为应用和/或实施配置策略。

公开(公告)号：US09104707B1

公开(公告)日：2015-08-11

申请号：US13829375

申请日：2013-03-14

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F17/30

CPC classification number: G06F17/30292 ,  G06F17/30315 ,  G06F17/30336 ,  G06F17/30619

Abstract: Systems and methods for iteratively generating a partial column schema indicative of semantic relationships in a corpus of key-value data are disclosed. A set of textual values is extracted from a pre-existing corpus of key-value data and potential column names are generated. Value reassignment and potential column pruning proceeds based on semantic fit quality, potential column utilization and random factors influenced by a decreasing system temperature.

Abstract translation: 公开了用于迭代地生成指示密钥值数据语料库中的语义关系的部分列模式的系统和方法。 从预先存在的键值数据语料库中提取一组文本值，并生成潜在的列名称。 基于语义拟合质量，潜在列利用率和受系统温度降低影响的随机因素，进行值重新分派和潜在列修剪。

公开(公告)号：US20150046922A1

公开(公告)日：2015-02-12

申请号：US13964977

申请日：2013-08-12

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F8/63 ,  G06F8/71 ,  G06F2009/45562

Abstract: As requests are received, virtual computer systems are provisioned to process the requests. The virtual computer systems may be configured without various components typically implemented by virtual computer systems, such as traditional operating systems, network interfaces and the like. Application images for the virtual computer systems are configured so that execution of the applications can begin soon after provisioning, with minimal overhead the provisioning process contributing relatively little to any latency in processing the request.

Abstract translation: 当接收到请求时，会提供虚拟计算机系统来处理请求。 可以配置虚拟计算机系统，而不需要通常由诸如传统操作系统，网络接口等的虚拟计算机系统实现的各种组件。 配置虚拟计算机系统的应用程序映像被配置为使得应用程序的执行可以在配置之后立即开始，以最小的开销，供应过程对处理请求的任何延迟造成相对较小的贡献。

公开(公告)号：US12058113B2

公开(公告)日：2024-08-06

申请号：US16903873

申请日：2020-06-17

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen ,  Matthew J. Campagna

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/40 ,  H04L9/32

CPC classification number: H04L63/045 ,  H04L9/14 ,  H04L63/205

Abstract: A first computing system establishes a cryptographically protected communication session with a second computing system by proposing a hybrid cryptographic scheme. In response to the proposed hybrid cryptographic scheme, a second computing system transmits cryptographic materials to the first computing system, and the first computing system transmits cryptographic materials to the second computing system. Using the cryptographic materials, two or more cryptographic keys are derived. One cryptographic key is used to perform an inner cryptographic operation on one or more data items, and another cryptographic key is used to perform an outer cryptographic operation on the one or more data items that have been cryptographically protected by the inner cryptographic operation.

公开(公告)号：US20210326442A1

公开(公告)日：2021-10-21

申请号：US17321356

申请日：2021-05-14

Applicant: Amazon Technologies, Inc.

Inventor： Matthew John Campagna ,  Gregory Alan Rubin ,  Eric Jason Brandwine ,  Nicholas Alexander Allen ,  Andrew Kyle Driggs

IPC: G06F21/57 ,  H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  G06F21/64 ,  H04L9/14

Abstract: A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.

公开(公告)号：US11093270B2

公开(公告)日：2021-08-17

申请号：US15697191

申请日：2017-09-06

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/455 ,  G06F9/4401 ,  G06F3/06 ,  G06F8/61 ,  G06F8/71

Abstract: A method and apparatus for configuring an overlay network are provided. In the method and apparatus, an application source comprising an executable portion is obtained. A computer system instance is caused to execute at least some of the executable portion, and a snapshot of the computer system instance after partial but incomplete execution of the executable portion is obtained such that the snapshot is usable to instantiate another computer system instance to continue execution of the executable portion from a point in execution at which the snapshot was obtained.

公开(公告)号：US10936577B1

公开(公告)日：2021-03-02

申请号：US15479116

申请日：2017-04-04

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F16/00 ,  G06F16/23 ,  G06F40/197 ,  G06F21/62 ,  G06F16/93 ,  G06F16/957 ,  G06F16/27

Abstract: A revision request is received at a revision control system that includes a repository identifier, version summary information, and a change description. In response to receiving the revision request, a determination is made as to whether a document repository identified by the repository identifier is active or offline. If the document repository is offline, the version summary information is utilized to determine whether the revision request is probably consistent with current contents of the document repository. If the revision request is probably consistent with the current contents of the document repository, the revision request is placed into a queue, an acceptance message is transmitted in response to the revision request, the document repository is placed into an active state, and the revision request is dequeued and applied to the document repository using the change description.