公开(公告)号：US10445495B2

公开(公告)日：2019-10-15

申请号：US15894611

申请日：2018-02-12

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06F21/00 ,  G06F21/52

Abstract: A call to a memory management application programming interface (API) that results in a buffer overflow due to inaccurate bounds checking could potentially leave the system vulnerable to being exploited by a third party. Approaches presented herein can monitor calls to these APIs in order to determine typical memory sizes passed to these APIs. During an initial baselining period a number of profiles are generated that indicate expected memory size parameters under various different call conditions, such from specific sources or call stacks. Comparing subsequently received API calls against the expected values from the relevant profile enables the legitimacy of an API call to be determined with relatively high accuracy. A suspicious call is identified based at least in part upon determining that the memory size of the call falls outside an expected range for that API and the relevant context.

公开(公告)号：US20190124110A1

公开(公告)日：2019-04-25

申请号：US16230901

申请日：2018-12-21

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Christopher Dunn ,  Alexis Floyd ,  David James Kane-Parry ,  Volker Helmut Mosthaf ,  Christopher Gordon Williams

IPC: H04L29/06 ,  H04L29/08 ,  G06Q10/08 ,  G06Q20/40 ,  H04L9/32 ,  H04L12/46

CPC classification number: H04L63/1433 ,  G06Q10/083 ,  G06Q20/405 ,  H04L9/3268 ,  H04L12/4625 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/101 ,  H04L63/1441 ,  H04L63/1483 ,  H04L67/10 ,  H04L2209/26 ,  H04L2209/56

Abstract: A first computer is selected for testing. Information sent from a second computer system to the first computer is intercepted. The information is modified to be noncompliant with a communication protocol, thereby producing noncompliant information. A determination is made whether the first computer device has failed to provide a particular response to receipt of the noncompliant information, and an operation is performed based at least in part on the determination.

公开(公告)号：US10243957B1

公开(公告)日：2019-03-26

申请号：US14837410

申请日：2015-08-27

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: H04L29/06 ,  H04L29/12

Abstract: Disclosed are various embodiments for preventing the unintended leakage of cookie data between network sites using a shared high-level domain and vice versa. In one embodiment, a browser application stores data from a first network site having a high-level domain in a client computing device. Access to the data is limited to one or more network sites having the high-level domain. A first classification is assigned to the first network site. A second classification is assigned to a second network site having the high-level domain. The data is sent to the second network site in response to determining that the first classification matches the second classification.

公开(公告)号：US10173777B1

公开(公告)日：2019-01-08

申请号：US15461209

申请日：2017-03-16

Applicant: Amazon Technologies, Inc.

Inventor： Scott Gerard Carmack ,  Narasimha Rao Lakkakula ,  Nima Sharifi Mehr

IPC: B64C39/00 ,  B64C27/08 ,  B64C11/00 ,  B64D5/00 ,  G05D1/00 ,  B64C39/02

Abstract: This disclosure describes systems and processes using multirotor lifter to deploy and/or engage fixed wing aircraft. For example, one or more unmanned multirotor lifters may engage an unmanned fixed wing aircraft, aerially navigate the fixed wing aircraft vertically to a desired altitude, and then release the fixed wing aircraft so that the fixed wing aircraft can initiate a flight plan. In some implementations, multirotor lifter may also be configured to engage fixed wing aircraft while both the multirotor lifters and the fixed wing aircraft are in flight.

公开(公告)号：US09946895B1

公开(公告)日：2018-04-17

申请号：US14969686

申请日：2015-12-15

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Matthew John Campagna ,  Nima Sharifi Mehr ,  Hardik Nagda ,  Radu Berciu ,  Gergory Branchek Roth

IPC: G06F21/62

CPC classification number: G06F21/6245 ,  G06F21/6227 ,  G06F21/6263

Abstract: Sensitive data can be obfuscated before being provided for processing (i.e., aggregating, sorting, grouping, or transforming) using a pair of keys to generate a token that contains the sensitive data. The token can include a synthetic initialization vector, generated using a first key, and a ciphertext portion including the sensitive data encrypted under a second key. This tokenization can be performed by a data service or by an intermediate service that acts as an overlay or proxy for the underlying data service. The tokenized data can be provided for processing, and can remain tokenized until being received by an entity or system having access to at least the second key. A receiving entity with access to the second key can decrypt the ciphertext to obtain the plaintext, and if the first key is available the entity can perform a further integrity check on the tokenized data.

公开(公告)号：US09912486B1

公开(公告)日：2018-03-06

申请号：US14838172

申请日：2015-08-27

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L9/3268 ,  H04L9/321 ,  H04L9/3247 ,  H04L9/3265 ,  H04L2209/38

Abstract: A digital certificate for an entity is issued and signed by a certificate authority. One or more counter signing entities are identified in an extension to the digital certificate. Each countersigning entity adds a countersignature to the digital certificate using a private cryptographic key maintained by each countersigning entity. A client that receives the digital certificate validates the digital certificate by in part validating the digital signature of the issuing certificate authority and validating the digital signatures of the countersigning entities. In determining whether the digital certificate is valid, the client may consider the geographic regions, legal jurisdictions, and identity verification processes of the certificate authority and of the countersigning entities. In some examples, the client requires that the issuing certificate authority and the countersigning entities represent a minimum amount of geographic and jurisdictional diversity. In other examples, the client requires a minimum threshold number of countersigning entities.

公开(公告)号：US09749305B1

公开(公告)日：2017-08-29

申请号：US14472002

申请日：2014-08-28

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Eric Desmond Keith Villiers

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/44

CPC classification number: G06F21/44 ,  G06F21/606 ,  H04L63/126 ,  H04L63/1441

Abstract: A destination server receives an application layer request, including a user-agent and one or more cipher suites, from a user client to initiate a secure communications channel. In response to the request, the destination server obtains from a user-agent database a set of one or more cipher suites that are supported by a user agent corresponding to the user-agent provided by the user client. The destination server uses this set of one or more cipher suites to determine if the user client fails to support any of these cipher suites. If the destination server determines, based on the set of one or more cipher suites, that the user client fails to support any of these cipher suites, the destination server initiates one or more security measures.

公开(公告)号：US09689686B1

公开(公告)日：2017-06-27

申请号：US14866719

申请日：2015-09-25

Applicant: Amazon Technologies, Inc.

Inventor： Scott Gerard Carmack ,  Narasimha Rao Lakkakula ,  Nima Sharifi Mehr

IPC: G01C21/20 ,  B64C39/02 ,  G05D1/00

CPC classification number: G01C21/20 ,  B64C39/024 ,  B64C2201/027 ,  B64C2201/123 ,  B64C2201/128 ,  B64C2201/145 ,  G01S13/86 ,  G01S19/00 ,  G01S19/215 ,  G01S19/48 ,  G05D1/0022 ,  G05D1/0038 ,  G06F21/64 ,  G06F2221/2111 ,  H04L63/0869 ,  H04L63/123 ,  H04W4/02 ,  H04W12/06 ,  H04W12/10

Abstract: Techniques for determining whether data associated with an autonomous navigation of an unmanned vehicle may be trusted. For example, navigation-related data may be provided from a source external to the unmanned vehicle. Image data associated with the autonomous navigation may be generated. The navigation-related data and the image data may be compared to determine whether the navigation data may be trusted or not. If untrusted, the autonomous navigation may be directed independently of the navigation data.

公开(公告)号：US20170142097A1

公开(公告)日：2017-05-18

申请号：US15420011

申请日：2017-01-30

Applicant: Amazon Technologies, Inc.

Inventor： Muhammad Wasiq ,  Nima Sharifi Mehr

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/123 ,  H04L63/1483

Abstract: A service receives from a sender service a digital message and a corresponding trace, which includes an ordered set of digital signatures of one or more services that participated in causing the service to receive the digital message. The trace may further specify an ordering of the one or more services, which may be generated according to the order of participation of these one or more services. The service may compare the received trace to recorded message paths to determine whether the ordering specified within the trace is valid. If the ordering is valid, the service may use one or more digital certificates to further verify the digital signatures included within the trace. If the service determines that these digital signatures are also valid, the service may process the message.

公开(公告)号：US20170039569A1

公开(公告)日：2017-02-09

申请号：US15331179

申请日：2016-10-21

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr

IPC: G06Q20/40 ,  G07F7/08 ,  G06Q20/34 ,  G06K7/08 ,  G06Q20/20

CPC classification number: G06Q20/4014 ,  G06K7/087 ,  G06Q20/204 ,  G06Q20/24 ,  G06Q20/3226 ,  G06Q20/3567 ,  G06Q2220/00 ,  G07F7/088

Abstract: A credit card reader is attached to a mobile device to process credit card transactions at the point of sale. In response to detecting attachment of the credit card reader to the mobile device, the credit card reader displays a one-time password for authenticating the credit card reader. The algorithm used to generate the one-time password is synchronized with a user token configured to display one-time passwords. If there is a match between the one-time passwords of the credit card reader and the token, the credit card reader is authentic. Further, if there is a match, the credit card reader may allow the user to process credit card transactions through the credit card reader.

Abstract translation: 信用卡阅读器附加到移动设备以在销售点处理信用卡交易。 响应于检测到信用卡读取器对移动设备的附着，信用卡读卡器显示用于认证信用卡读卡器的一次性密码。 用于生成一次性密码的算法与配置为显示一次性密码的用户令牌同步。 如果信用卡阅读器的一次性密码和令牌之间存在匹配，则信用卡读卡器是真实的。 此外，如果存在匹配，信用卡读卡器可以允许用户通过信用卡读卡器处理信用卡交易。