公开(公告)号：US09910994B1

公开(公告)日：2018-03-06

申请号：US14837952

申请日：2015-08-27

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Nima Sharifi Mehr

IPC: G06F21/60 ,  G06F17/30 ,  G06F17/27

CPC classification number: G06F21/604 ,  G06F17/2705 ,  G06F17/30598 ,  G06F17/30864 ,  H04L29/06 ,  H04L63/1441 ,  H04L63/20

Abstract: Described are techniques for determining and mitigating leakage of sensitive data into log data. An application programming interference (API) is instrumented to recognize data classification tags indicative of sensitive data in a message to or from a service. Values associated with the data classification tags may be sampled and added to a dictionary of watch data. Log data may be searched for the values in the dictionary. If the occurrence of one or more of these values in the log data exceeds a threshold value mitigation actions may be taken. Also described is a system to sample non-sensitive information about the API interactions known to have occurred. The log data may be inspected to find these interactions, with their absence indicative of a failure in the logging system.

公开(公告)号：US09849978B1

公开(公告)日：2017-12-26

申请号：US14866706

申请日：2015-09-25

Applicant: Amazon Technologies, Inc.

Inventor： Scott Gerard Carmack ,  Narasimha Rao Lakkakula ,  Nima Sharifi Mehr

IPC: B64C39/02 ,  G01C21/20 ,  G01C21/00 ,  G08G5/00

CPC classification number: B64C39/024 ,  B64C2201/024 ,  B64C2201/145 ,  G01C21/005 ,  G01C21/20 ,  G01S19/015 ,  G08G5/0008 ,  G08G5/0013 ,  G08G5/0056 ,  G08G5/0069

Abstract: Techniques for determining whether data associated with an autonomous operation of an unmanned vehicle may be trusted. For example, a first set of data may be provided from a source external to the unmanned vehicle. A second set of data may be accessed. This second set may be provided from a source internal to the unmanned vehicle and may be associated with the same autonomous operation. The two sets may be compared to determine whether the first set of data may be trusted or not. If untrusted, the autonomous navigation may be directed based on the second set of data and independently of the first set.

公开(公告)号：US09725171B1

公开(公告)日：2017-08-08

申请号：US14866743

申请日：2015-09-25

Applicant: Amazon Technologies, Inc.

Inventor： Scott Gerard Carmack ,  Narasimha Rao Lakkakula ,  Nima Sharifi Mehr

IPC: B64C39/02 ,  G05D1/00 ,  G05D3/00

CPC classification number: B64C39/024 ,  B64C2201/027 ,  B64C2201/123 ,  B64C2201/128 ,  B64C2201/145 ,  G05D1/102 ,  G05D3/00

Abstract: Techniques for determining whether data associated with an autonomous operation of an unmanned vehicle may be trusted. For example, the data may be analyzed in light of a capability of the unmanned vehicle. The analysis may indicate an operation of the unmanned vehicle. If the operation is unsupported by the capability, the data may be determined to be untrusted. Accordingly, the autonomous navigation may be directed independently of the untrusted data.

公开(公告)号：US20170149817A1

公开(公告)日：2017-05-25

申请号：US15422253

申请日：2017-02-01

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Christopher Dunn ,  Alexis Floyd ,  David James Kane-Parry ,  Volker Helmut Mosthaf ,  Christopher Gordon Williams

IPC: H04L29/06 ,  G06Q20/40 ,  G06Q10/08 ,  H04L9/32

CPC classification number: H04L63/1433 ,  G06Q10/083 ,  G06Q20/405 ,  H04L9/3268 ,  H04L12/4625 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/101 ,  H04L63/1441 ,  H04L63/1483 ,  H04L67/10 ,  H04L2209/26 ,  H04L2209/56

Abstract: A first computer is selected for testing. Information sent from a second computer system to the first computer is intercepted. The information is modified to be noncompliant with a communication protocol, thereby producing noncompliant information. A determination is made whether the first computer device has failed to provide a particular response to receipt of the noncompliant information, and an operation is performed based at least in part on the determination.

公开(公告)号：US09501321B1

公开(公告)日：2016-11-22

申请号：US14163023

申请日：2014-01-24

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Nima Sharifi Mehr

IPC: G06F9/46 ,  G06F9/50

CPC classification number: G06F9/5027 ,  G06F9/4812 ,  G06F9/4881 ,  G06F9/50 ,  G06F2209/483

Abstract: Computing platforms may enable clients to use services to execute data processing tasks. Each of these services consumes resources during execution. Described herein are systems, devices and methods for generating resource consumption data for service calls. The resource consumption data may indicate amounts of resources consumed to process computational tasks associated with service calls. The system may determine when to process computational tasks based on the resource consumption data.

Abstract translation: 计算平台可以使客户端能够使用服务来执行数据处理任务。 这些服务中的每一个在执行期间都会消耗资源。 这里描述了用于生成用于服务呼叫的资源消耗数据的系统，设备和方法。 资源消耗数据可以指示用于处理与服务呼叫相关联的计算任务所消耗的资源量。 系统可以基于资源消耗数据确定何时处理计算任务。

公开(公告)号：US09477958B2

公开(公告)日：2016-10-25

申请号：US14981740

申请日：2015-12-28

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06Q20/40 ,  G06Q20/34 ,  G06Q20/20 ,  G06Q20/24 ,  G07F7/08 ,  G06K7/08 ,  G06Q20/32

CPC classification number: G06Q20/4014 ,  G06K7/087 ,  G06Q20/204 ,  G06Q20/24 ,  G06Q20/3226 ,  G06Q20/3567 ,  G06Q2220/00 ,  G07F7/088

Abstract: A credit card reader is attached to a mobile device to process credit card transactions at the point of sale. A user of the credit card reader slides an authenticator card through the credit card reader to activate the credit card reader. Accordingly, the credit card reader may compare data stored in the authenticator card to an expected value for the data to determine whether the user is authorized to utilize the credit card reader. If there is a match, the credit card reader displays a unique password, known to the user, which the user can use to verify that the credit card reader is authentic. Further, if there is a match, the credit card reader may allow the user to process credit card transactions through the credit card reader.

Abstract translation: 信用卡阅读器附加到移动设备以在销售点处理信用卡交易。 信用卡读卡器的用户通过信用卡读卡器滑动认证卡以激活信用卡读卡器。 因此，信用卡读卡器可以将存储在认证卡中的数据与数据的预期值进行比较，以确定用户是否被授权使用信用卡读卡器。 如果有匹配，则信用卡读卡器显示用户已知的唯一密码，用户可以使用该密码来验证信用卡读卡器是否可信。 此外，如果存在匹配，信用卡读卡器可以允许用户通过信用卡读卡器处理信用卡交易。

公开(公告)号：US11916895B1

公开(公告)日：2024-02-27

申请号：US16178403

申请日：2018-11-01

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/0823 ,  H04L63/1425

Abstract: A network-connected device service receives a request to authenticate a network-connected device. The network-connected device service determines, from a digital certificate identified in the request, a set of parameters of the digital certificate. The network-connected device service utilizes the set of parameters to identify, from a set of digital certificate clusters, a digital certificate cluster associated with the set of parameters. Through an audit of the digital certificate clusters, the network-connected device service determines whether the digital certificate cluster is indicative of the digital certificate being anomalous.

公开(公告)号：US11627136B1

公开(公告)日：2023-04-11

申请号：US17025941

申请日：2020-09-18

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L9/40

Abstract: A system can determine a set of users to access an asset of a computing device. User data for a user in the set of users is obtained. The user data can specify organizational information for the user. The system can determine a value usable to regulate access to the asset. The value can be based on the organizational information for the user, and the value can be further based on other user data attributed to another user in the set of users. Based on the determined value, the system can regulate access to the asset.

公开(公告)号：US11537706B1

公开(公告)日：2022-12-27

申请号：US14578206

申请日：2014-12-19

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06F21/45 ,  G06F21/46 ,  H04L9/40

Abstract: A service provider receives a set of credentials from a customer and a request to access one or more services provided by the service provider. An authentication service of the service provider receives the set of credentials and, based at least in part on the received set of credentials, one or more activities performed by the customer, the customer's user profile, and the system configuration of the customer's computing device, calculates a risk score. The authentication service subsequently utilizes the calculated risk score to determine a credential rotation schedule for the set of credentials. The authentication service updates one or more servers to enforce the new credential rotation schedule and enables the customer to utilize the set of credentials to access the one or more services.

公开(公告)号：US11115348B2

公开(公告)日：2021-09-07

申请号：US16884636

申请日：2020-05-27

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06F15/173 ,  H04L12/911 ,  H04L12/927 ,  H04L12/26 ,  G06F9/46 ,  H04L29/14

Abstract: A resource allocation service can provide for the limited redelivery of events for processing using a set of virtual resources. A customer can provide code for execution, and the service can allocate resource instances configured to execute the code in response to various events. The processing for an event may not be completed by a single resource instance. When a resource instance is to end processing, the instance can capture state information to be returned as checkpoint data for the event. When the processing result is received, the service determines whether checkpoint data was included, which functions as a request for further processing. The service can then place the event data back in an event queue for redelivery and additional processing. A customer can specify a time limit or a retry limit such that an event can only undergo up to a maximum amount of processing before the event is failed.