公开(公告)号：US10104185B1

公开(公告)日：2018-10-16

申请号：US14822453

申请日：2015-08-10

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Nima Sharifi Mehr ,  Scott Gerard Carmack ,  Narasimha Rao Lakkakula

IPC: H04L29/08 ,  H04L12/24 ,  H04L29/06 ,  G06F9/54 ,  G06F9/455 ,  G06F9/48

Abstract: A non-transitory computer-readable storage device stores instructions that, when executed on a computing system, cause the computing system to receive a request for creating a new software container and determine that characteristics of the new software container match a co-tenant policy of an existing software container on a server. The instructions further cause the computing system to determine that characteristics of the existing software container match a co-tenant policy of the new software container as well as cause the new software container to be created on the server.

公开(公告)号：US20180262530A1

公开(公告)日：2018-09-13

申请号：US15925470

申请日：2018-03-19

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Darren Ernest Canavor ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  Gregory Branchek Roth

IPC: H04L29/06 ,  H04L9/32

Abstract: A plurality of cipher suites is negotiated as part of a handshake process to establish a cryptographically protected communications session. The handshake process is completed to establish the cryptographically protected communications session. A message is communicated over the established cryptographically protected communications session using at least two cipher suites of the plurality of cipher suites.

公开(公告)号：US10055591B1

公开(公告)日：2018-08-21

申请号：US14863391

申请日：2015-09-23

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06F11/00 ,  G06F21/57 ,  G06F21/62 ,  G06F21/31

CPC classification number: G06F21/31 ,  G06F21/36 ,  G06F2221/2133

Abstract: A handshake for establishing a secure connection between a client computer system and a service includes a CAPTCHA element. When the client computer system initiates the secure connection to the service, the service responds by generating a key seed and providing the key seed to the client computer system in the form of the CAPTCHA element. The CAPTCHA element is solvable by a human user at the client computer system to obtain a solution. The solution to the CAPTCHA is used to recover the key seed. The client and the server use the key seed to generate an encryption key which is used to encrypt communications between the client computer system and the service.

公开(公告)号：US10025718B1

公开(公告)日：2018-07-17

申请号：US15195884

申请日：2016-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: G06F12/08 ,  G06F12/0877

Abstract: Modifications to throughput capacity provisioned at a data store for servicing access requests to the data store may be performed according to cache performance metrics. A cache that services access requests to the data store may be monitored to collected and evaluate cache performance metrics. The cache performance metrics may be evaluated with respect to criteria for triggering different throughput modifications. In response to triggering a throughput modification, the throughput capacity for the data store may be modified according to the triggered throughput modification. In some embodiments, the criteria for detecting throughput modifications may be determined and modified based on cache performance metrics.

公开(公告)号：US09961055B1

公开(公告)日：2018-05-01

申请号：US14576126

申请日：2014-12-18

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Darren Ernest Canavor ,  Jon Arron McClintock ,  Gregory Branchek Roth ,  Gregory Alan Rubin ,  Nima Sharifi Mehr

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L63/061 ,  H04L9/0827 ,  H04L63/0823 ,  H04L2463/062

Abstract: A client negotiates multiple cryptographic keys with a server. One of the cryptographic keys is used to encrypt communications that the server can decrypt. Another of the cryptographic keys is used to encrypt communications that, while sent to the server, are not decryptable to the server. The server is configured to forward communications that it is unable to decrypt to another computer system having an ability to decrypt the communications.

公开(公告)号：US09923923B1

公开(公告)日：2018-03-20

申请号：US14720625

申请日：2015-05-22

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Darren Ernest Canavor ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  Gregory Branchek Roth

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L63/166 ,  H04L9/32 ,  H04L63/04 ,  H04L63/0428 ,  H04L63/205

Abstract: Cipher suites and/or other parameters for cryptographic protection of communications are dynamically selected to more closely match the intended uses of the sessions. A server selects and/or determines, for a cryptographically protected communications session, a plurality of supported cipher suites that may be used for communications with the server over an established protected communications session. A selected cipher suites may be a cipher suite that are selected from a plurality of acceptable cipher suites provided to the server, either implicitly or explicitly. The selection of a cipher suite may further require that the cipher suite be mutually acceptable to the server and one or more parties participating in the cryptographically protected communications session such as a client.

公开(公告)号：US09824232B1

公开(公告)日：2017-11-21

申请号：US14860408

申请日：2015-09-21

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Scott Gerard Carmack ,  Narasimha Rao Lakkakula ,  Nima Sharifi Mehr

IPC: G06F21/64 ,  G06F21/62 ,  G06F17/30 ,  H04L29/12

CPC classification number: G06F21/6218 ,  G06F17/30867 ,  G06F21/16

Abstract: Described are techniques for associating messages with a particular portion of media content. A message received from a first device, associated with a portion of media content stored on the first device, may be provided to a second device and stored in association with a corresponding portion of media content on the second device. Content consumption data associated with the second device may indicate whether the second device has previously accessed the portion of the media content. The message may be suppressed from presentation if the second device has not previously accessed the corresponding portion of the media content. The message may be presented to the second device when the corresponding portion of the media content is accessed.

公开(公告)号：US09813450B1

公开(公告)日：2017-11-07

申请号：US14623414

申请日：2015-02-16

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: G06F17/00 ,  H04L29/06

CPC classification number: H04L63/20 ,  G06F21/577 ,  G06F2221/033

Abstract: An automated quality compliance verifier QCV identifies a quality control policy to be implemented for artifacts in a repository. The QCV determines one or more artifact metadata categories, including at least one category indicating an activity status (such as recent or ongoing use) of the artifacts. Metadata entries for at least the activity status category are obtained for a first and a second artifact. Based on an analysis of the metadata entries, the QCV assigns a higher priority to a first policy violation detection operation (PVDO) for the first artifact than to a second PVDO for the second artifact. Based on a result of the first PVDO, the QCV initiates one or more responsive actions.

公开(公告)号：US09465942B1

公开(公告)日：2016-10-11

申请号：US14459037

申请日：2014-08-13

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： David James Kane-Parry ,  Thibault Candebat ,  Nima Sharifi Mehr

IPC: G06F21/00 ,  G06F21/57

CPC classification number: G06F21/57 ,  G06F21/125 ,  G06F21/577 ,  G06F21/75 ,  G06F2221/033

Abstract: Techniques are described for identifying security credentials or other sensitive information by creating a dictionary of data elements included in documents such as source code files, object code files, or other types of files. The data elements may be identified for inclusion in the dictionary based on parsing the documents for delimiter characters, and based on the context of the data elements within the documents. The data elements may also be identified through an entropy-based analysis to detect portions of the documents exhibiting a high degree of entropy compared to a baseline entropy for the documents. The dictionary may be used in a dictionary attack against various systems to determine whether any of the data elements included in the dictionary enable access the systems. The data elements that enable access may be designated as sensitive information hard-coded into the documents.

Abstract translation: 描述了通过创建诸如源代码文件，目标代码文件或其他类型的文件的文档中包括的数据元素的字典来识别安全凭证或其他敏感信息的技术。 可以基于解析用于定界符字符的文档，并且基于文档内的数据元素的上下文来识别数据元素以包括在字典中。 也可以通过基于熵的分析来识别数据元素，以便与文档的基线熵相比较，以检测表现出高度熵的文档的部分。 字典可以用于针对各种系统的字典攻击，以确定包括在字典中的任何数据元素是否能够访问系统。 可以将访问的数据元素指定为硬编码到文档中的敏感信息。

公开(公告)号：US20160219081A1

公开(公告)日：2016-07-28

申请号：US15091493

申请日：2016-04-05

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Kruse ,  Nima Sharifi Mehr

IPC: H04L29/06

Abstract: A customer of a policy management service may use an interface with a configuration and management service to interact with policies that may be applicable to the customer's one or more resources. The customer may create and/or modify the policies and the configuration and management service may notify one or more other entities of the created and/or modified policies. The one or more other entities may be operated by user authorized to approve the created and/or modified policies. Interactions with the configuration and management service may be the same as the interactions with the policy management service.

Abstract translation: 策略管理服务的客户可以使用与配置和管理服务的接口与可能适用于客户的一个或多个资源的策略进行交互。 客户可以创建和/或修改策略，配置和管理服务可以通知一个或多个其他实体创建和/或修改的策略。 一个或多个其他实体可以由被授权以批准所创建和/或修改的策略的用户操作。 与配置和管理服务的交互可能与与策略管理服务的交互相同。