公开(公告)号：US09805215B1

公开(公告)日：2017-10-31

申请号：US14828276

申请日：2015-08-17

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Dominique Imjya Brezinski ,  Darren Ernest Canavor ,  Darin Keith McAdams ,  Jon Arron McClintock ,  Brandon William Porter

IPC: G06F21/62 ,  H04L29/06

CPC classification number: G06F21/6245 ,  G06F21/6227 ,  H04L67/42

Abstract: A technology is described for making a decision based on identifying without disclosing the identifying information. The method may include receiving a mapping value that represents identifying information that has been converted into a mapping value. A request for data associated with the identifying information may be made by providing the mapping value as a proxy for the identifying information whereby the data associated with the identifying information may be located using the mapping value and returned to a requesting client or service.

公开(公告)号：US09727737B1

公开(公告)日：2017-08-08

申请号：US14810275

申请日：2015-07-27

Applicant: Amazon Technologies, Inc.

Inventor： Daniel Wade Hitchcock ,  Darren Ernest Canavor ,  Jesper Mikael Johansson ,  Bharath Kumar Bhimanaik ,  Andrew Jay Roths

IPC: G06F21/00 ,  G06F21/57 ,  G06F3/0484

CPC classification number: G06F21/577 ,  G06F3/04842 ,  G06F3/04883 ,  G06F2221/033

Abstract: Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the devices. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. Additional security information regarding the trustworthiness of the computer program may be displayed on the primary display device of the computing device. The display of the security information is triggered by a user of the computing device submitting a request through a secure mechanism, where the request is unobservable and inaccessible to programs executing on the computing device. Additional secure mechanisms, such as a unique user interface for displaying the security information, can be utilized to ensure the authenticity of the displayed security information.

公开(公告)号：US09712520B1

公开(公告)日：2017-07-18

申请号：US14747919

申请日：2015-06-23

Applicant: Amazon Technologies, Inc.

Inventor： Darren Ernest Canavor ,  William Alexander Strand

IPC: H04L29/06 ,  H04L29/08 ,  G06Q30/06

CPC classification number: H04L63/083 ,  G06Q30/0609 ,  H04L63/102 ,  H04L67/02 ,  H04L67/14 ,  H04L67/22 ,  H04L67/306

Abstract: Techniques for authenticating a user may be described. In particular, a network-based document may be provided to a computing system of a user. The network-based document may include code and an identifier of another network-based document. The code may be configured to, upon execution, determine whether the other network-based document was accessed prior to providing the network-based document to the computing system. The other network-based document may be accessible to the user based on an identifier of the user. An indication that the other network-based document was accessed may be determined. For example, the indication may be received from the computing system based on an execution of the code at the computing system. The user may be authenticated based on the indication.

公开(公告)号：US20170187702A1

公开(公告)日：2017-06-29

申请号：US15455169

申请日：2017-03-10

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Darren Ernest Canavor ,  Daniel Wade Hitchcock ,  Bharath Kumar Bhimanaik ,  Jon Arron McClintock

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/08 ,  G06F21/10 ,  G06F21/602 ,  H04L9/08 ,  H04L9/14 ,  H04L29/06639 ,  H04L29/06646 ,  H04L63/0407 ,  H04L63/0414 ,  H04L63/0421 ,  H04L63/0428 ,  H04L67/306 ,  H04L2209/38

Abstract: Disclosed are various embodiments for correlating a first use case-specific entity identifier with a second use case-specific entity identifier. A chained entity identifier corresponds to the first use case-specific entity identifier. The chained entity identifier can include the second use case-specific entity identifier cryptographically wrapped by a use case-specific key. The second use case-specific entity identifier can be received from the chained entity identifier. The second use case-specific entity identifier can be correlated to the first use case-specific entity identifier.

公开(公告)号：US09674194B1

公开(公告)日：2017-06-06

申请号：US14207157

申请日：2014-03-12

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Darren Ernest Canavor ,  Daniel Wade Hitchcock ,  Jonathan Kozolchyk

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/10 ,  G06F21/10 ,  G06F21/33 ,  G06F21/34 ,  G06F21/604 ,  G06F21/6218 ,  H04L9/3234 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/102 ,  H04L63/12 ,  H04L63/123 ,  H04L63/126

Abstract: A resource owner or administrator submits a request to a permissions management service to create a permissions grant which may include a listing of actions a user may perform on a resource. Accordingly, the permissions management service may create the permissions grant and use a private cryptographic key to digitally sign the created permissions grant. The permissions management service may transmit this digitally signed permissions grant, as well as a digital certificate comprising a public cryptographic key for validating the permissions grant, to a target resource. The target resource may use the public cryptographic key to validate the digital signature of the permissions grant and determine whether a user is authorized to perform one or more actions based at least in part on a request from the user to perform these one or more actions on the resource.

公开(公告)号：US09646104B1

公开(公告)日：2017-05-09

申请号：US14747880

申请日：2015-06-23

Applicant: Amazon Technologies, Inc.

Inventor： Darren Ernest Canavor ,  William Alexander Strand

IPC: G06F17/00 ,  G06F17/30 ,  G06F17/21 ,  H04L29/08

CPC classification number: G06F17/30905 ,  G06F17/212 ,  G06F17/30896 ,  H04L67/02 ,  H04L67/22 ,  H04L67/306

Abstract: Techniques for associating a user with a user characteristic may be described. In particular, a network-based document may be provided to a computing system of the user. The network-based document may include least an identifier of another network-based document and code. The code may be configured to, upon execution, determine whether the other network-based document was accessed prior to providing the network-based document. An indication of whether the other network-based document was accessed may be determined. For example, the indication may be received from the computing system based on an execution of the code at the computing system. The user may be associated with the user characteristic based on the indication.

公开(公告)号：US09503451B1

公开(公告)日：2016-11-22

申请号：US14571264

申请日：2014-12-15

Applicant: Amazon Technologies, Inc.

Inventor： David James Kane-Parry ,  Darren Ernest Canavor ,  Jesper Mikael Johansson

IPC: G06F15/16 ,  H04L29/06

CPC classification number: G06F21/46 ,  H04L63/083 ,  H04L63/1441 ,  H04L2463/102

Abstract: Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor.

Abstract translation: 可以提供用于维护用于多个帐户的可能受损的认证信息的技术。 单个认证信息可以与一个或多个标签相关联，该标签指示还提供和维护其他潜在受损认证信息的请求者的访问权限。 可能基于一个或多个标签来响应于来自请求者的针对可能受到损害的认证信息的请求来确定潜在受损认证信息的子集。 在一个实施例中，潜在受损的认证信息的子集可以被提供给请求者。

公开(公告)号：US09497312B1

公开(公告)日：2016-11-15

申请号：US14624497

申请日：2015-02-17

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Phivos Costas Aristides ,  Darren Ernest Canavor ,  Arnaud Marie Froment ,  Scott Donald Gregory ,  Cory Adam Johnson ,  Chelsea Celest Krueger ,  Jon Arron McClintock ,  Vijay Rangarajan ,  Andrew Jay Roths

IPC: H04W12/06 ,  H04M1/725

CPC classification number: H04W12/06 ,  H04L63/08 ,  H04L63/083 ,  H04L63/0876 ,  H04L63/107 ,  H04M1/67 ,  H04M1/72522 ,  H04M1/72572 ,  H04M1/72577

Abstract: An access control application for mobile devices is provided. The access control application may be configured to generate a set of security tasks based at least in part on information corresponding to a user's interactions with the mobile device. An unlock screen of the mobile device may be triggered and a security tasks from the generated set of security tasks may be displayed through a user interface of the mobile device. The user's response to the security tasks may be obtained and a confidence score may be calculated, based at least in part on the response. The access control application may then determine, based at least in part on the score and one or more attributes of the environment, whether to unlock the mobile device or prompt the user to provide an additional response to another security task.

Abstract translation: 提供了用于移动设备的访问控制应用。 访问控制应用可以被配置为至少部分地基于与用户与移动设备的交互相对应的信息来生成一组安全任务。 可以触发移动设备的解锁屏幕，并且可以通过移动设备的用户界面显示来自生成的一组安全任务的安全任务。 可以至少部分地基于响应来获得用户对安全任务的响应并且可以计算可信度得分。 访问控制应用程序可以至少部分地基于环境的得分和一个或多个属性来确定是解锁移动设备还是提示用户向另一个安全任务提供额外的响应。

公开(公告)号：US20160285863A1

公开(公告)日：2016-09-29

申请号：US14671161

申请日：2015-03-27

Applicant: Amazon Technologies, Inc.

Inventor： Darren Ernest Canavor ,  Varadarajan Gopalakrishnan ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  Brandon William Porter ,  Andrew Jay Roths

IPC: H04L29/06 ,  H04W4/12 ,  H04W12/06 ,  B64C39/02

CPC classification number: H04L63/0823 ,  B64C39/02 ,  B64C39/024 ,  B64C2201/146 ,  G05D1/00 ,  G05D1/0027 ,  G07C5/00 ,  G08G5/00 ,  G08G5/0034 ,  G08G5/0039 ,  H04B7/185 ,  H04L29/12 ,  H04L63/123 ,  H04W4/12 ,  H04W12/06 ,  H04W12/10

Abstract: Two unmanned vehicles come within communication range of one another. The unmanned vehicles exchange logs of messages each has received. Each of the unmanned vehicles analyzes the messages that it received from the other unmanned vehicle to determine whether any of the received messages warrants changing a set of tasks it was planning to perform. When a message indicates that a task should be changed, the task is updated accordingly.

Abstract translation: 两辆无人车相互通讯。 无人车交换每个消息的日志。 每个无人驾驶车辆分析从其他无人驾驶车辆接收到的消息，以确定是否有任何接收到的消息需要更改其计划执行的一组任务。 当消息指示应该更改任务时，相应地更新任务。

公开(公告)号：US09356971B1

公开(公告)日：2016-05-31

申请号：US14497146

申请日：2014-09-25

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Darren Ernest Canavor ,  George Nikolaos Stathakopoulos

IPC: G06F7/04 ,  H04L29/06

CPC classification number: H04L63/0876 ,  G06Q20/40 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/0884 ,  H04L63/126

Abstract: A method and apparatus for device authentication are provided. In the method and apparatus, authentication data for a first device is received. The first device is then authenticated based at least in part on demonstrated access to authentication data prior to broadcast of the authentication data. One or more actions may be taken in response to the authentication of the first device based at least in part on the demonstrated access to the authentication data.

Abstract translation: 提供了一种用于设备认证的方法和装置。 在该方法和装置中，接收第一设备的认证数据。 然后至少部分地基于在广播认证数据之前证明对认证数据的访问来认证第一设备。 至少部分地基于所证明的对认证数据的访问，可以响应于第一设备的认证而采取一个或多个动作。