-
Patent Agency Ranking
公开(公告)号:US20170373840A9
公开(公告)日:2017-12-28
申请号:US14980033
申请日:2015-12-28
Applicant: Amazon Technologies, Inc.
Inventor: Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
IPC: H04L9/08
CPC classification number: H04L9/085 , H04L9/0825 , H04L9/3226 , H04L9/3234 , H04L9/3247 , H04L63/0428 , H04L63/06 , H04L67/02
Abstract: Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.
-
公开(公告)号:US09756031B1
公开(公告)日:2017-09-05
申请号:US14513147
申请日:2014-10-13
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Cristian M. Ilac , James E. Scharf, Jr. , Nathan R. Fitch , Graeme D. Baer , Brian Irl Pratt , Kevin Ross O'Neill
CPC classification number: H04L63/08 , G06F21/123 , G06Q20/3821 , H04L63/0428 , H04L67/22
Abstract: Systems and methods provide a storage media on a portable physical object associated with a set of credentials that enables access to a set of computing resources associated with a set of Web services. In some embodiments, information including a set of credentials is prepackaged onto the storage media of the portable physical object. A pre-activated subscription to the set of Web services in a distributed system is provisioned. Access to the set of Web services is enabled when the portable physical object is coupled with a computing device and the set of credentials is authenticated. In some embodiments, the portable physical object is purchased by a user on a prepaid basis without requiring the user to register an account with the set of Web services, allowing the user to remain anonymous with respect to interaction with the set of Web services.
-
公开(公告)号:US09686261B2
公开(公告)日:2017-06-20
申请号:US14629332
申请日:2015-02-23
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Nathan R. Fitch , Kevin Ross O'Neill , Graeme D. Baer , Bradley Jeffery Behm , Brian Irl Pratt
CPC classification number: H04L63/08 , G06F21/62 , G06F2221/2141 , H04L63/10
Abstract: Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.
-
公开(公告)号:US09607162B2
公开(公告)日:2017-03-28
申请号:US14714982
申请日:2015-05-18
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Eric D. Crahen , Graeme D. Baer , Eric J. Brandwine , Nathan R. Fitch
CPC classification number: G06F21/602 , G06F9/44505 , G06F9/45558 , G06F21/606 , G06F2009/45587 , G06Q30/06 , H04L63/0209 , H04L63/0428 , H04L63/0471 , H04L63/08 , H04L63/166
Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.
-
公开(公告)号:US20160205110A1
公开(公告)日:2016-07-14
申请号:US15076264
申请日:2016-03-21
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Eric Jason Brandwine , Graeme D. Baer
IPC: H04L29/06
CPC classification number: H04L63/102 , G06F9/455 , G06F21/31 , G06F21/606 , H04L63/105 , H04L63/20
Abstract: The usage of data in a multi-tenant environment can be controlled by utilizing functionality at the hypervisor level of various resources in the environment. Data can be associated with various tags, security levels, and/or compartments. The ability of resources or entities to access the data can depend at least in part upon whether the resources or entities are also associated with the tags, security levels, and/or compartments. Limitations on the usage of the data can be controlled by one or more policies associated with the tags, security levels, and/or compartments. A control service can monitor traffic to enforce the appropriate rules or policies, and in some cases can prevent encrypted traffic from passing beyond a specified egress point unless the encryption was performed by a trusted resource with the appropriate permissions.
Abstract translation: 可以通过利用环境中各种资源的虚拟机管理程序级别的功能来控制在多租户环境中的数据的使用。 数据可以与各种标签,安全级别和/或隔离专区相关联。 资源或实体访问数据的能力至少部分取决于资源或实体是否也与标签,安全级别和/或隔离专区相关联。 可以通过与标签,安全级别和/或隔间相关联的一个或多个策略来控制数据使用的限制。 控制服务可以监视流量以执行相应的规则或策略,并且在某些情况下可以防止加密流量超出指定的出口点,除非加密是由具有适当权限的受信任资源执行的。
-
-
-
-
Search Results
25
records
(took 0.018 seconds)
