公开(公告)号：US20170134434A1

公开(公告)日：2017-05-11

申请号：US15414498

申请日：2017-01-24

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L29/06 ,  G06F17/11

CPC classification number: G06F21/31 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/629 ,  H04L63/101 ,  H04L63/102 ,  H04L63/104 ,  H04L63/105 ,  H04L63/20

Abstract: A first probability that indicates a probability that a user is associated with a role is determined, with the first probability having a first score. The first probability is perturbed to determine a second probability having a second score. The second score is evaluated against the first score to determine that the second probability indicates a more optimal probability of the user being associated with the role than the first probability. The role is assigned to the user based at least in part on the second score.

公开(公告)号：US09632823B1

公开(公告)日：2017-04-25

申请号：US14480184

申请日：2014-09-08

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/46 ,  G06F9/48

CPC classification number: G06F9/4843 ,  G06F11/3409 ,  G06F11/3452 ,  G06F11/3466

Abstract: A method and apparatus for multithreaded application thread schedule selection are disclosed. In the method and apparatus a thread execution schedule for executing an application is selected from a plurality of thread execution schedules, whereby the selection is based at least in part on an identity associated with the application and an identity associated with one or more inputs to the application. The application is then executed in accordance with the thread execution schedule and execution status information is stored as a result of execution of the application.

公开(公告)号：US09497023B1

公开(公告)日：2016-11-15

申请号：US13830308

申请日：2013-03-14

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F21/64 ,  H04L9/08 ,  G06F21/56

CPC classification number: H04L9/083 ,  H04L63/0478

Abstract: A multiple encryption mechanism is described. In an embodiment, an encrypted electronic message and a first decryption key of a public-private key group is received. The first decryption key is operable to decrypt a set of properties for the encrypted electronic message without decrypting the encrypted electronic message. The encrypted electronic message and the set of message properties are encrypted using one or more encryption keys of the public-private key group. The set of properties for the encrypted electronic message is decrypted using the first decryption key. Using the decrypted set of properties, it is determined whether the encrypted electronic message should be flagged as a specified type of electronic message.

Abstract translation: 描述多重加密机制。 在一个实施例中，接收到加密电子消息和公私密钥组的第一解密密钥。 第一解密密钥可操作以解密加密的电子消息的一组属性，而不对加密的电子消息进行解密。 使用公共 - 私人密钥组的一个或多个加密密钥来加密加密的电子消息和消息属性集合。 使用第一解密密钥解密加密电子消息的一组属性。 使用解密的一组属性，确定加密的电子消息是否应被标记为指定类型的电子消息。

公开(公告)号：US09275249B1

公开(公告)日：2016-03-01

申请号：US13788749

申请日：2013-03-07

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L29/06 ,  G06F21/62

CPC classification number: G06F21/6227 ,  G06F2221/2107

Abstract: Accelerated encrypted database operations may include a database receiving a modified database query and one or more decryption keys that correspond to the modified database query. Based, at least in part, on the modified database query and the one or more decryption keys, the database may generate partially decrypted query results. The database may submit the partially decrypted query results to an encryption manager for further decryption by an offload processor to generate further decrypted query results.

Abstract translation: 加速的加密数据库操作可以包括接收修改的数据库查询的数据库和对应于修改的数据库查询的一个或多个解密密钥。 至少部分地基于修改的数据库查询和一个或多个解密密钥，数据库可以生成部分解密的查询结果。 数据库可以将部分解密的查询结果提交给加密管理器，以便卸载处理器进一步解密以产生进一步解密的查询结果。

公开(公告)号：US20160004860A1

公开(公告)日：2016-01-07

申请号：US14852361

申请日：2015-09-11

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F21/53 ,  G06F9/455

CPC classification number: G06F21/53 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2221/034

Abstract: Techniques for restricting the execution of algorithms contained in applications executing on virtual machines executing within a computer system are described herein. A first sampled set of computer executable instructions is gathered from a virtual machine by a controlling domain and compared against a reference set of computer executable instructions. If the first set is similar to the reference set, and if the execution of the algorithm corresponding to the reference set is restricted by one or more computer system polices, one or more operations limiting the execution of the restricted algorithm are performed, thus ensuring conformance with the computer system policies.

Abstract translation: 本文描述了用于限制在计算机系统内执行的虚拟机上执行的应用中包含的算法执行的技术。 通过控制域从虚拟机收集第一采样的计算机可执行指令集，并与计算机可执行指令的参考集进行比较。 如果第一组与参考集相似，并且如果与参考集相对应的算法的执行被一个或多个计算机系统策略所限制，则执行限制执行受限算法的一个或多个操作，从而确保一致性 与计算机系统策略。

公开(公告)号：US09146829B1

公开(公告)日：2015-09-29

申请号：US13733731

申请日：2013-01-03

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F11/00 ,  G06F11/36

CPC classification number: G06F11/3632 ,  G06F11/3668 ,  G06F11/3684 ,  G06F11/3692

Abstract: Systems and methods are described for analyzing and verifying distributed applications. In one embodiment, an application program is parsed and a set of inputs is determined. The application program is executed as one or more independently executable components. During execution, non-deterministic events are modified in order to effectuate a deterministic result. Redundant portions of the set of inputs are aggregated, and the set of inputs is iteratively updated.

Abstract translation: 描述了分析和验证分布式应用程序的系统和方法。 在一个实施例中，应用程序被解析并确定一组输入。 应用程序被执行为一个或多个可独立执行的组件。 在执行期间，修改非确定性事件以实现确定性结果。 该组输入的冗余部分被聚合，并且该组输入被迭代地更新。

公开(公告)号：US20150046920A1

公开(公告)日：2015-02-12

申请号：US13964889

申请日：2013-08-12

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/45533 ,  G06F9/45541 ,  G06F9/4555 ,  G06F9/50 ,  G06F9/5027 ,  G06F12/023 ,  G06F2009/45562 ,  G06F2009/4557 ,  G06F2009/45583

Abstract: A computer system implements a hypervisor which, in turn, implements one or more computer system instances and a controller. The controller and a computer system instance share a memory. A request is processed using facilities of both the computer system instance and the controller. As part of request processing, information is passed between the computer system instance and the controller via the shared memory.

Abstract translation: 计算机系统实现管理程序，其又实现一个或多个计算机系统实例和控制器。 控制器和计算机系统实例共享内存。 使用计算机系统实例和控制器的设施来处理请求。 作为请求处理的一部分，信息通过共享存储器在计算机系统实例和控制器之间传递。

公开(公告)号：US11778053B1

公开(公告)日：2023-10-03

申请号：US16898880

申请日：2020-06-11

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L67/00 ,  H04L41/0823 ,  H04L41/50 ,  G06N20/00

CPC classification number: H04L67/34 ,  G06N20/00 ,  H04L41/0836 ,  H04L41/5096

Abstract: Techniques for fault-tolerant function placement across multiple computing placement locations are described. An application placement service obtains a latency-based placement of functions of an application and utilizes resource information associated with the placement locations to determine error rates for flows of the placement. For flows having an error rate falling outside of an allowable range, the application placement service can modify the placement to improve the error rate, e.g., by adding additional redundancy for functions in higher-error placement locations within those placement location tiers, and/or by adding additional redundancy for functions in higher-error placement locations within different placement location tiers.

公开(公告)号：US11620387B2

公开(公告)日：2023-04-04

申请号：US17321356

申请日：2021-05-14

Applicant: Amazon Technologies, Inc.

Inventor： Matthew John Campagna ,  Gregory Alan Rubin ,  Eric Jason Brandwine ,  Nicholas Alexander Allen ,  Andrew Kyle Driggs

IPC: G06F21/57 ,  H04L9/40 ,  H04L9/32 ,  H04L9/08 ,  G06F21/64 ,  H04L9/14 ,  H04L67/01

Abstract: A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.

公开(公告)号：US11424939B1

公开(公告)日：2022-08-23

申请号：US16836561

申请日：2020-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen ,  Daniel Ron Simon ,  Andrew Hopkins

IPC: H04L9/32

Abstract: Described implementations obtain a proof of valid attestation data. The attestation data may include configuration data of a host computing system. A prover service may receive the attestation data. The prover service may generate a proof to prove that the attestation data includes valid configuration data of the host computer system, without revealing sensitive or private information of the host computing system. The proof may be a zero-knowledge proof.