-
公开(公告)号:US20170134367A1
公开(公告)日:2017-05-11
申请号:US15409120
申请日:2017-01-18
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Nicholas Alexander Allen , Cristian M. llac
CPC classification number: H04L63/083 , H04L43/106 , H04L63/08 , H04L63/0807 , H04L63/0846 , H04L63/108 , H04L63/168 , H04L63/20 , H04L67/14 , H04L67/146 , H04L67/42 , H04L2463/121
Abstract: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.
-
公开(公告)号:US20160191993A1
公开(公告)日:2016-06-30
申请号:US15063331
申请日:2016-03-07
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Marc R. Barbour , Bradley Jeffery Behm , Cristian M. Ilac , Eric Jason Brandwine
IPC: H04N21/4405 , H04N21/4627 , H04L9/08
CPC classification number: H04N21/44055 , G06F21/60 , G06F21/602 , G06F21/6218 , G06F21/64 , H04L9/0819 , H04L9/088 , H04L9/3242 , H04L2209/24 , H04L2209/38 , H04N21/4627
Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.
Abstract translation: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用用于专门化密钥的参数形式的专门信息。 可以使用由多个机构保存的密钥导出的密钥和/或信息来生成其他密钥,使得可以在不访问密钥的情况下验证需要这样的密钥和/或信息的签名。 还可以导出密钥以形成分布的密钥的层次结构,使得密钥持有者解密数据的能力取决于密钥在层级中相对于用于加密数据的密钥的位置的位置。 密钥层次也可以用于将密钥集分配给内容处理设备,以使得设备能够解密内容,使得未经授权的内容的源或潜在来源可以从解密的内容中识别。
-
公开(公告)号:US09305177B2
公开(公告)日:2016-04-05
申请号:US14282386
申请日:2014-05-20
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Marc R. Barbour , Bradley Jeffery Behm , Cristian M. Ilac , Eric Jason Brandwine
CPC classification number: H04N21/44055 , G06F21/60 , G06F21/602 , G06F21/6218 , G06F21/64 , H04L9/0819 , H04L9/088 , H04L9/3242 , H04L2209/24 , H04L2209/38 , H04N21/4627
Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.
Abstract translation: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用用于专门化密钥的参数形式的专门信息。 可以使用由多个机构保存的密钥导出的密钥和/或信息来生成其他密钥,使得可以在不访问密钥的情况下验证需要这样的密钥和/或信息的签名。 还可以导出密钥以形成分布的密钥的层次结构,使得密钥持有者解密数据的能力取决于密钥在层级中相对于用于加密数据的密钥的位置的位置。 密钥层次也可以用于将密钥集分配给内容处理设备,以使得设备能够解密内容,使得未经授权的内容的源或潜在来源可以从解密的内容中识别。
-
公开(公告)号:US20160080367A1
公开(公告)日:2016-03-17
申请号:US14954744
申请日:2015-11-30
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Nicholas Alexander Allen , Cristian M. Ilac
CPC classification number: H04L63/083 , H04L43/106 , H04L63/08 , H04L63/0807 , H04L63/0846 , H04L63/108 , H04L63/168 , H04L63/20 , H04L67/14 , H04L67/146 , H04L67/42 , H04L2463/121
Abstract: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.
Abstract translation: 存储到cookie或其他安全令牌的会话专用信息可以被选择和/或导致随时间变化,使得较旧的副本随着时间变得不那么有用。 这种方法降低了获取cookie副本的实体在会话中执行未授权任务的能力。 使用请求收到的cookie可以包含可能需要落在当前值的可接受范围内的会话的时间戳和操作计数,以便请求被处理。 返回响应的cookie可以根据各种因素设置为正确的值或从先前值递增。 允许的频带可以随着会话的年龄而减小,并且可以基于会话的事件来连续地更新诸如会话的不良因素的各种参数值。
-
公开(公告)号:US20140310769A1
公开(公告)日:2014-10-16
申请号:US14316675
申请日:2014-06-26
Applicant: Amazon Technologies, Inc.
Inventor: Kevin Ross O'Neill , Gregory B. Roth , Eric Jason Brandwine , Brian Irl Pratt , Bradley Jeffery Behm , Nathan R. Fitch
IPC: H04L29/06
Abstract: Systems and methods for controlling access to one or more computing resources relate to generating session credentials that can be used to access the one or more computing resources. Access to the computing resources may be governed by a set of policies and requests for access made using the session credentials may be fulfilled depending on whether they are allowed by the set of policies. The session credentials themselves may include metadata that may be used in determining whether to fulfill requests to access the one or more computing resources. The metadata may include permissions for a user of the session credential, claims related to one or more users, and other information.
Abstract translation: 用于控制对一个或多个计算资源的访问的系统和方法涉及生成可用于访问所述一个或多个计算资源的会话凭证。 对计算资源的访问可以由一组策略来管理,并且可以根据它们是否被该策略集合允许而使用会话凭证进行访问的请求来实现。 会话凭证本身可以包括可用于确定是否实现访问一个或多个计算资源的请求的元数据。 元数据可以包括会话证书的用户的权限,与一个或多个用户相关的声明以及其他信息。
-
Patent Agency Ranking
公开(公告)号:US11146541B2
公开(公告)日:2021-10-12
申请号:US16512207
申请日:2019-07-15
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Marc R. Barbour , Bradley Jeffery Behm , Cristian M. Ilac , Eric Jason Brandwine
Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.
-
公开(公告)号:US10834139B2
公开(公告)日:2020-11-10
申请号:US16140393
申请日:2018-09-24
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Graeme D. Baer , Eric Jason Brandwine
IPC: H04L29/06 , G06F15/173
Abstract: Techniques for processing data according to customer-defined rules are disclosed. In particular, methods and systems for implementing a data alteration service using one or resources of a distributed computing system are described. The data alteration service is flexibly configurable by entities using the distributed computing system, and may be used to augment, compress, filter or otherwise modify data crossing a customer boundary.
-
公开(公告)号:US10270781B2
公开(公告)日:2019-04-23
申请号:US15076264
申请日:2016-03-21
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Eric Jason Brandwine , Graeme D. Baer
Abstract: The usage of data in a multi-tenant environment can be controlled by utilizing functionality at the hypervisor level of various resources in the environment. Data can be associated with various tags, security levels, and/or compartments. The ability of resources or entities to access the data can depend at least in part upon whether the resources or entities are also associated with the tags, security levels, and/or compartments. Limitations on the usage of the data can be controlled by one or more policies associated with the tags, security levels, and/or compartments. A control service can monitor traffic to enforce the appropriate rules or policies, and in some cases can prevent encrypted traffic from passing beyond a specified egress point unless the encryption was performed by a trusted resource with the appropriate permissions.
-
公开(公告)号:US10110587B2
公开(公告)日:2018-10-23
申请号:US15610295
申请日:2017-05-31
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Nathan R. Fitch , Kevin Ross O'Neill , Graeme D. Baer , Bradley Jeffery Behm , Brian Irl Pratt
Abstract: Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.
-
公开(公告)号:US20180270051A1
公开(公告)日:2018-09-20
申请号:US15984198
申请日:2018-05-18
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Marc R. Barbour , Bradley Jeffrey Behm , Cristian M. Ilac , Eric Jason Brandwine
Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.
-
-
-
-
-
-
-
-
-
Search Results
49
records
(took 0.024 seconds)
