-
公开(公告)号:US20170272423A1
公开(公告)日:2017-09-21
申请号:US15610295
申请日:2017-05-31
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Nathan R. Fitch , Kevin Ross O'Neill , Graeme D. Baer , Bradley Jeffery Behm , Brian Irl Pratt
CPC classification number: H04L63/08 , G06F21/62 , G06F2221/2141 , H04L63/10
Abstract: Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.
-
公开(公告)号:US09727743B1
公开(公告)日:2017-08-08
申请号:US15012639
申请日:2016-02-01
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Nathan R. Fitch , Bradley Jeffery Behm , Patrick J. Ward , Graeme D. Baer , Eric Jason Brandwine
CPC classification number: G06F21/6227 , G06F17/30389 , G06F17/30427 , G06F17/30477 , G06F21/602 , G06F21/6218 , H04L9/3247 , H04L9/3263
Abstract: A database access system may protect a field by storing the field as one or more underlying fields within a database. The database engine may not have access to keys used to protect the underlying fields within the database, such as by encryption, while the database access system may have access to the keys. Underlying fields may be used to store protected data and aid in the querying of protected data. The database access system may modify queries to use the underlying fields, which may include encrypting query terms and/or modifying query terms to fit the use of the underlying fields. The database access system may modify query results to match the format of the original query, which may include decrypting protected results and/or removing underlying fields.
-
公开(公告)号:US09276754B1
公开(公告)日:2016-03-01
申请号:US14563891
申请日:2014-12-08
Applicant: Amazon Technologies, Inc.
Inventor: Graeme D. Baer , David M. Hulme , Benjamin E. Seidenberg
CPC classification number: H04L9/3263 , G06F21/6209 , H04L9/0816 , H04L9/0825 , H04L9/083 , H04L9/0891 , H04L2209/24 , H04L2209/64
Abstract: A material set, such as an asymmetric keypair, is processed using an associated workflow to prepare the material set for activation and/or use. In one embodiment, a material set is generated and information about the material set is communicated to a workflow manager. Based at least on the information, the workflow manager generates a workflow that when accomplished will allow the material set to be activated and/or used. In another embodiment, a service provider provides a key manager, workflow manager and destination for the key, such as a load balancer that terminates SSL connections. A key can be generated by the key manager, sent through the workflow manager for processing (potentially communicated to third parties such as a certificate authority, if needed) and installed at a destination.
Abstract translation: 使用关联的工作流来处理诸如非对称密钥对的材料集以准备用于激活和/或使用的材料集。 在一个实施例中,生成材料集,并且关于材料集的信息被传送到工作流管理器。 至少基于信息,工作流管理器生成工作流程,当完成时将允许材料集被激活和/或使用。 在另一个实施例中,服务提供商为密钥提供密钥管理器,工作流管理器和目的地,诸如终止SSL连接的负载均衡器。 密钥管理器可以生成一个密钥,通过工作流管理器发送以进行处理(可能会传送给第三方,如果需要的话),并安装在目的地。
-
公开(公告)号:US10834139B2
公开(公告)日:2020-11-10
申请号:US16140393
申请日:2018-09-24
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Graeme D. Baer , Eric Jason Brandwine
IPC: H04L29/06 , G06F15/173
Abstract: Techniques for processing data according to customer-defined rules are disclosed. In particular, methods and systems for implementing a data alteration service using one or resources of a distributed computing system are described. The data alteration service is flexibly configurable by entities using the distributed computing system, and may be used to augment, compress, filter or otherwise modify data crossing a customer boundary.
-
公开(公告)号:US10270781B2
公开(公告)日:2019-04-23
申请号:US15076264
申请日:2016-03-21
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Eric Jason Brandwine , Graeme D. Baer
Abstract: The usage of data in a multi-tenant environment can be controlled by utilizing functionality at the hypervisor level of various resources in the environment. Data can be associated with various tags, security levels, and/or compartments. The ability of resources or entities to access the data can depend at least in part upon whether the resources or entities are also associated with the tags, security levels, and/or compartments. Limitations on the usage of the data can be controlled by one or more policies associated with the tags, security levels, and/or compartments. A control service can monitor traffic to enforce the appropriate rules or policies, and in some cases can prevent encrypted traffic from passing beyond a specified egress point unless the encryption was performed by a trusted resource with the appropriate permissions.
-
Patent Agency Ranking
公开(公告)号:US10110587B2
公开(公告)日:2018-10-23
申请号:US15610295
申请日:2017-05-31
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Nathan R. Fitch , Kevin Ross O'Neill , Graeme D. Baer , Bradley Jeffery Behm , Brian Irl Pratt
Abstract: Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.
-
公开(公告)号:US09639705B1
公开(公告)日:2017-05-02
申请号:US14742247
申请日:2015-06-17
Applicant: Amazon Technologies, Inc.
Inventor: Graeme D. Baer , Eric Jason Brandwine
CPC classification number: G06F21/602 , G06F21/6218 , H04L9/0894
Abstract: Large volumes of data to be securely imported to, and exported from, a data storage service or other such location in a secure manner without a customer having to manage keys or encryption. A data management component can execute on a client device that can identify data to be stored and obtain the appropriate key for encrypting the data. Once the data is encrypted, the data can be transmitted to the data storage service. When the data is received to the data storage service, an ingestion station reads the encrypted data and causes the encrypted data to be stored to the data storage service. The data remains encrypted from the client device through being stored to the data storage service. When a request for the data is received, access to the key can be obtained and the data decrypted and returned in response to the request.
-
公开(公告)号:US20150304294A1
公开(公告)日:2015-10-22
申请号:US14629332
申请日:2015-02-23
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Nathan R. Fitch , Kevin Ross O'Neill , Graeme D. Baer , Bradley Jeffery Behm , Brian Irl Pratt
IPC: H04L29/06
CPC classification number: H04L63/08 , G06F21/62 , G06F2221/2141 , H04L63/10
Abstract: Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.
Abstract translation: 描述了授权以启用帐户访问的系统和方法。 系统利用可以在至少一个用户的安全帐户内创建的委托简档。 授权简介包括一个名称,一个确认策略,指定可能在该帐户外部以及被允许承担该授权简档的主体,以及一个授权策略,指示在该帐户内为在 委托简介。 创建授权配置文件后,可以将其提供给外部主体或服务。 这些外部主体或服务可以使用委托简档来获取使用委托简档的凭据在帐户中执行各种操作的凭据。
-
公开(公告)号:US10904233B2
公开(公告)日:2021-01-26
申请号:US15601914
申请日:2017-05-22
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Graeme D. Baer
Abstract: A credential, such as a password, for an entity is used to generate multiple keys. The generated keys are distributed to credential verification systems to enable the credential verification systems to perform authentication operations. The keys are generated such that access to a generated key allows for authentication with a proper subset of the credential verification systems. Thus, unauthorized access to information used by one authentication system does not, by itself, allow for successful authentication with other authentication systems.
-
公开(公告)号:US20190036973A1
公开(公告)日:2019-01-31
申请号:US16140393
申请日:2018-09-24
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Graeme D. Baer , Eric Jason Brandwine
IPC: H04L29/06 , G06F15/173
Abstract: Techniques for processing data according to customer-defined rules are disclosed. In particular, methods and systems for implementing a data alteration service using one or resources of a distributed computing system are described. The data alteration service is flexibly configurable by entities using the distributed computing system, and may be used to augment, compress, filter or otherwise modify data crossing a customer boundary.
-
-
-
-
-
-
-
-
-
Search Results
25
records
(took 0.021 seconds)
