公开(公告)号：US10567388B1

公开(公告)日：2020-02-18

申请号：US15087007

申请日：2016-03-31

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Jeffrey John Wierer ,  Nima Sharifi Mehr ,  Ashish Rangole ,  Kunal Chadha ,  Bharath Mukkati Prakash ,  Radu Mihai Berciu ,  Kai Zhao ,  Hardik Nagda ,  Chenxi Zhang

IPC: G06F17/00 ,  H04L29/06

Abstract: A policy/resource decommissioning service determines whether a resource has been inactive for a period of time greater than at least one period of time threshold for decommissioning. If the resource has been inactive greater than a first period of time threshold, the service disables the resource such that requests to access the resource are denied. If the resource has been inactive for a period of time greater than a second threshold, longer than the first period of time threshold, the service archives the resource. The service deletes the resource if the inactivity period of the resource is greater than a third period of time threshold, where the third period of time threshold is longer than the first and the second period of time thresholds.

公开(公告)号：US10462116B1

公开(公告)日：2019-10-29

申请号：US14855298

申请日：2015-09-15

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Darren Ernest Canavor ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  Muhammad Wasiq

IPC: H04L29/06

Abstract: The present document describes systems and methods that detect unauthorized transmission of data from internal networks to remote service providers, even when the transmission occurs over an encrypted connection. An exfiltration monitor is configured to monitor encrypted communications between clients within an internal network and a remote service provider. In various implementations, the exfiltration monitor associates the encrypted connections with account information, and applies exfiltration policies to the connections based at least in part on the associated account information. In additional implementations, the exfiltration monitor is provided with cryptographic keys that facilitate packet inspection of the encrypted connections. In many situations, the exfiltration monitor can use this information to discern between authorized use of a remote service, and unauthorized data exfiltration to the remote service.

公开(公告)号：US10333922B1

公开(公告)日：2019-06-25

申请号：US15657878

申请日：2017-07-24

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L9/00 ,  H04L29/06

Abstract: Disclosed are various embodiments for validating the identity of network sites. A communication session is established with a network site using a credential for the network site. A validation of the communication session is generated based at least in part upon a profile for the network site. The profile is derived from at least one previous communication session with the network site. An action is initiated in response to the validation when the validation indicates a discrepancy exists between the profile for the network site and the communication session with the network site.

公开(公告)号：US20190166127A1

公开(公告)日：2019-05-30

申请号：US16265414

申请日：2019-02-01

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: H04L29/06 ,  H04L29/12

Abstract: Disclosed are various embodiments for preventing the unintended leakage of cookie data. In one embodiment, a browser application stores cookie data from a first network site having a high-level domain in a client computing device. A classification is assigned to a second network site having the high-level domain. The cookie data is sent to the second network site based at least in part on the classification rather than the default behavior of the browser application.

公开(公告)号：US10180848B1

公开(公告)日：2019-01-15

申请号：US14952596

申请日：2015-11-25

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Nima Sharifi Mehr

IPC: G06F9/451 ,  G06F17/22 ,  H04L29/08 ,  H04L29/06

Abstract: Described are techniques for determining features to be presented in a user interface based on the times that users spent viewing previous webpages or other user interfaces. A data structure associating user viewing times with the count, size, color, or other features of the elements presented in the previous user interfaces may be generated. Based on this data structure and a target viewing time, a set of user interface features to be presented in a subsequent user interface may be selected.

公开(公告)号：US20180349597A1

公开(公告)日：2018-12-06

申请号：US15894611

申请日：2018-02-12

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06F21/52

CPC classification number: G06F21/52 ,  G06F2221/033

Abstract: A call to a memory management application programming interface (API) that results in a buffer overflow due to inaccurate bounds checking could potentially leave the system vulnerable to being exploited by a third party. Approaches presented herein can monitor calls to these APIs in order to determine typical memory sizes passed to these APIs. During an initial baselining period a number of profiles are generated that indicate expected memory size parameters under various different call conditions, such from specific sources or call stacks. Comparing subsequently received API calls against the expected values from the relevant profile enables the legitimacy of an API call to be determined with relatively high accuracy. A suspicious call is identified based at least in part upon determining that the memory size of the call falls outside an expected range for that API and the relevant context.

公开(公告)号：US10135808B1

公开(公告)日：2018-11-20

申请号：US14964959

申请日：2015-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Aleksandrs J. Rudzitis ,  Nima Sharifi Mehr

IPC: H04L29/06

Abstract: Various approaches discussed herein enable validation of an application on a computing device, such as a mobile computing device, prior to that application being invoked by activation of a link in another application. Upon activation of the link in a calling application, the computing device determines a target application to be invoked in response to the activation. Sensitive or confidential data, such as login credentials, may be included in the link to be passed to the target application. By validating either the calling or the target application, the data may be safeguarded by confirming an identity of an application associated with the link.

公开(公告)号：US10063590B1

公开(公告)日：2018-08-28

申请号：US14694987

申请日：2015-04-23

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L29/06

CPC classification number: H04L63/166 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/0876 ,  H04L63/205 ,  H04L2463/041

Abstract: Observable characteristics of an encrypted data transmission can be analyzed and used to make inferences about the content of the data transmission. This information leakage is reduced by obscuring the observable characteristics of the data transmission. An obscuring engine is installed into the networking stack of a computer system that performs data transmission operations. The obscuring engine performs a variety of obscuring operations to obscure characteristics of the data transmission. The obscuring operations can include altering the size, packet ordering, packet partitioning, packet timing, and structure of the data transmission.

公开(公告)号：US09954852B2

公开(公告)日：2018-04-24

申请号：US15420011

申请日：2017-01-30

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/123 ,  H04L63/1483

Abstract: A service receives from a sender service a digital message and a corresponding trace, which includes an ordered set of digital signatures of one or more services that participated in causing the service to receive the digital message. The trace may further specify an ordering of the one or more services, which may be generated according to the order of participation of these one or more services. The service may compare the received trace to recorded message paths to determine whether the ordering specified within the trace is valid. If the ordering is valid, the service may use one or more digital certificates to further verify the digital signatures included within the trace. If the service determines that these digital signatures are also valid, the service may process the message.

公开(公告)号：US09946879B1

公开(公告)日：2018-04-17

申请号：US14837385

申请日：2015-08-27

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06F11/00 ,  G06F21/57 ,  G06F17/30 ,  G06F9/445

CPC classification number: G06F21/577 ,  G06F8/60 ,  G06F17/30725 ,  G06F21/56 ,  G06F2221/033 ,  G06F2221/2145

Abstract: Disclosed are various embodiments for establishing risk profiles for software packages that have an insufficient security history. A security history for a software package is received. It is determined that the security history does not meet a sufficiency threshold. One or more other software packages are identified that are similar to the software package and have a corresponding security history that meets the sufficiency threshold. A risk profile of the software package is generated based at least in part on the corresponding security history of the other software package(s).