公开(公告)号：US12107971B2

公开(公告)日：2024-10-01

申请号：US18321540

申请日：2023-05-22

Applicant: Amazon Technologies, Inc.

Inventor： Justin Paul Yancey

IPC: H04L9/32 ,  G06F16/22 ,  G06F16/27

CPC classification number: H04L9/3268 ,  G06F16/2282 ,  G06F16/27

Abstract: A certificate revocation manager performs scheduled synchronization of a certificate revocation table with certificate revocation lists (CRLs) independent of connection requests from clients. The certificate revocation table includes entries that each indicate a client certificate that has been revoked by a certificate authority (CA). On a scheduled basis, the certificate revocation manager synchronizes the entries of the certificate revocation table with current CRLs obtained from different CAs. When a service at receives a request from a client to establish a connection, the service generates a composite key based on a CA identifier and a certificate identifier of a client certificate provided by the client. The service performs a lookup on the certificate revocation table based on the composite key. Based on a result of the lookup, the certificate revocation manager determines whether the client certificate is revoked.

公开(公告)号：US11722319B1

公开(公告)日：2023-08-08

申请号：US16584845

申请日：2019-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Justin Paul Yancey

IPC: H04L9/32 ,  G06F16/22 ,  G06F16/27

CPC classification number: H04L9/3268 ,  G06F16/2282 ,  G06F16/27

Abstract: A certificate revocation manager performs scheduled synchronization of a certificate revocation table with certificate revocation lists (CRLs) independent of connection requests from clients. The certificate revocation table includes entries that each indicate a client certificate that has been revoked by a certificate authority (CA). On a scheduled basis, the certificate revocation manager synchronizes the entries of the certificate revocation table with current CRLs obtained from different CAs. When a service at receives a request from a client to establish a connection, the service generates a composite key based on a CA identifier and a certificate identifier of a client certificate provided by the client. The service performs a lookup on the certificate revocation table based on the composite key. Based on a result of the lookup, the certificate revocation manager determines whether the client certificate is revoked.

公开(公告)号：US20210211473A1

公开(公告)日：2021-07-08

申请号：US17104905

申请日：2020-11-25

Applicant: Amazon Technologies, Inc.

Inventor： Justin Paul Yancey

IPC: H04L29/06

Abstract: Security policies can be dynamically updated in response to changes in endpoints associated with those policies. A user can indicate one or more regions or networks from which access is to be granted under a specific security policy. The user can subscribe to receive notifications upon a change relating to those endpoints, such as the addition or removal of one or more endpoints. When a change is detected, new policy information can be generated automatically and published for subscribed policies, which can then have the updates applied automatically or provided for manual review and application. Such a process enables access determinations to be made based upon up-to-date endpoint information.