公开(公告)号：US11568038B1

公开(公告)日：2023-01-31

申请号：US15709194

申请日：2017-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Harshad Vasant Kulkarni ,  Ashish Rangole

IPC: H04L67/306 ,  H04L9/40 ,  G06F21/40

Abstract: An authentication system receives authentication information from a user as part of a request to access a web-based service. The authentication system transmits the authentication information to a set of second users authorized to evaluate the authentication information. If a threshold number of the set of second users authenticate the identity of the first user, the authentication system enables the user to access the web-based service.

公开(公告)号：US11120154B2

公开(公告)日：2021-09-14

申请号：US16056322

申请日：2018-08-06

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Ashish Rangole

IPC: G06F21/62 ,  G06Q10/06 ,  G06F16/21

Abstract: A record of usage data is obtained, with the record sampled according to a sampling rate from a set of usage data records, with the record specifying a request to access a resource of a computing resource service provider, with the request indicating a set of permissions, and with the sampling rate being based at least in part on a criterion associated with the request. The record is aggregated, based at least in part on a permission of the set of permissions, with at least another record sampled according to the sampling rate from the set of usage data records to produce a set of aggregated usage records and at least a portion of the set of aggregated usage records is provided.

公开(公告)号：US10581919B2

公开(公告)日：2020-03-03

申请号：US15953262

申请日：2018-04-13

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Bharath Mukkati Prakash ,  Ashish Rangole ,  Nima Sharifi Mehr ,  Jeffrey John Wierer ,  Kunal Chadha ,  Chenxi Zhang ,  Hardik Nagda ,  Kai Zhao

IPC: H04L9/32 ,  H04L29/06

Abstract: A computing resource service receives a request to access the service and perform various actions. In response to the request, the computing resource service obtains a set of active policies that are applicable to the request. As a result of the service determining that the set of active policies fail to provide sufficient permissions for fulfillment of the request, the service determines if an enforcement policy is available that is applicable to the request. The service evaluates the request using the enforcement policy such that if the enforcement policy includes permissions sufficient for fulfillment of the request, the request is fulfilled.

公开(公告)号：US10122757B1

公开(公告)日：2018-11-06

申请号：US14574328

申请日：2014-12-17

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Ashish Rangole ,  James E. Scharf, Jr. ,  Kai Zhao ,  Jeffrey John Wierer

IPC: G06F17/00 ,  H04L29/06

Abstract: Techniques for self-learning access control policies are disclosed herein. A set of security policy modification recommendations is produced based on set of effective permissions and also based on a set of requests for access subject to that set of effective permission. Each policy modification recommendation is configured to alter the set of effective permissions by performing one or more actions altering one or more of the effective permissions. A selected policy modification recommendation is provided that is configured to produce a modified set of effective permissions.