公开(公告)号：US10205717B1

公开(公告)日：2019-02-12

申请号：US13854697

申请日：2013-04-01

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Ajit Nagendra Padukone ,  Deepak Suryanarayanan ,  Erik Jonathon Tellvik ,  David Everard Brown

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/00

Abstract: Systems and methods are described for providing federated access to end-users of virtual machines. The method includes receiving a request from a user to access a resource outside of the user's original security domain. The user's existing security credentials are forwarded to an authentication entity, which determines if the user's credentials are authentic. If it is determined that the user's credentials are authentic, the user's target identity provider generates a security token that provides the virtual machine user with access to the resource, the resource residing in an external security domain. The user may log on to the virtual machine with access to the desired resource, subject to the privileges identified in the security token.

公开(公告)号：US09998499B2

公开(公告)日：2018-06-12

申请号：US14499714

申请日：2014-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Shon Kiran Shah ,  Krithi Rai ,  Guruprakash Bangalore Rao

IPC: G06F7/04 ,  G06F17/30 ,  H04N7/16 ,  H04L29/06 ,  G06F21/44 ,  G06F21/60 ,  G06F21/62 ,  H04L29/12

CPC classification number: H04L63/205 ,  G06F21/44 ,  G06F21/604 ,  G06F21/62 ,  G06F21/6209 ,  G06F21/6218 ,  H04L61/1505 ,  H04L63/10 ,  H04L63/20

Abstract: Features are disclosed for facilitating management of network directories of multiple organizations by a centralized directory management system. Various applications can access the directories of the organizations via the directory management system according to the permissions that the applications have been granted by the respective organizations. Organizations may maintain directories on-premises or off-premises, and the applications can access the directories via the directory management system regardless of the physical location of the directories. Additionally, the applications may be hosted by a computing service provider that also hosts or otherwise manages the directory management service, or the applications can be hosted by third-party servers separate from the directory management system and the organizations.

公开(公告)号：US09853978B2

公开(公告)日：2017-12-26

申请号：US15424691

申请日：2017-02-03

Applicant: Amazon Technologies, Inc.

Inventor： Erik Jonathon Tellvik ,  Gaurang Pankaj Mehta ,  Ajit Nagendra Padukone ,  Chirag Pravin Pandya ,  Colin Harrison Brace ,  Deepak Suryanarayanan ,  Guruprakash Bangalore Rao ,  Krithi Rai ,  Malcolm Russell Ah Kun ,  Sameer Palande ,  Shon Kiran Shah ,  Vivek Lakshmanan

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06

CPC classification number: H04L63/0807 ,  H04L63/083

Abstract: A virtual computing environment service may receive a request from a customer to provision a virtual computing environment and join the virtual computing environment to a managed directory. The virtual computing environment service may provision the virtual computing environment and uses a set of administrator credentials from the customer and a set of credentials corresponding to the environment to access the managed directory and request joining of the environment to the managed directory. In response, the managed directory may create a computer account corresponding to the environment and which enables the environment to be used to access the managed directory. The virtual computing environment service may then enable the customer to specify one or more users that may utilize the virtual computing environment to access the managed directory.

公开(公告)号：US20150134827A1

公开(公告)日：2015-05-14

申请号：US14098454

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Thomas Christopher Rizzo ,  Gaurang Pankaj Mehta ,  Guruprakash Bangalore Rao ,  Sameer Palande ,  Krithi Rai

IPC: H04L29/12

Abstract: Techniques for connecting computer system entities to remotely extended local computer system resources are described herein. A computer system entity that requests access to a local computer system resource has that request fulfilled by a managed directory service which receives the request and connects the computer system entity to the local computer system resource. While connected, the managed directory service extends the local computer system resource to a corresponding extended remote computer system resource, receives commands to perform operations on the local or extended remote computer system resources and, if the computer system entity is authorized to perform the operations on the appropriate computer system resource, the managed directory service performs the operations on the appropriate computer system resource.

Abstract translation: 本文描述了将计算机系统实体连接到远程扩展的本地计算机系统资源的技术。 请求访问本地计算机系统资源的计算机系统实体具有由接收请求并将计算机系统实体连接到本地计算机系统资源的受管目录服务实现的请求。 在连接时，托管目录服务将本地计算机系统资源扩展到相应的扩展远程计算机系统资源，接收对本地或扩展远程计算机系统资源执行操作的命令，以及如果计算机系统实体被授权执行操作 适当的计算机系统资源，托管目录服务在适当的计算机系统资源上执行操作。