公开(公告)号：US09129118B1

公开(公告)日：2015-09-08

申请号：US13887143

申请日：2013-05-03

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Dominique Imjya Brezinski ,  Darren Ernest Canavor ,  Darin Keith McAdams ,  Jon Arron McClintock ,  Brandon William Porter

IPC: G06F21/62 ,  G06F21/60

CPC classification number: G06F21/6245 ,  G06F21/6227 ,  H04L67/42

Abstract: A technology is described for making a decision based on identifying without disclosing the identifying information. The method may include receiving a mapping value that represents identifying information that has been converted into a mapping value. A request for data associated with the identifying information may be made by providing the mapping value as a proxy for the identifying information whereby the data associated with the identifying information may be located using the mapping value and returned to a requesting client or service.

Abstract translation: 描述了一种基于识别而不公开识别信息进行决策的技术。 该方法可以包括接收表示已被转换成映射值的标识信息的映射值。 可以通过提供映射值作为识​​别信息的代理来进行与识别信息相关联的数据的请求，从而可以使用映射值将与识别信息相关联的数据定位并返回到请求的客户端或服务。

公开(公告)号：US10992660B2

公开(公告)日：2021-04-27

申请号：US15793833

申请日：2017-10-25

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Jon Arron McClintock

IPC: H04L29/06 ,  H04L12/911 ,  H04W12/06 ,  H04W12/08

Abstract: Methods and systems are provided for managing access to a client account related (CAR) resource. When a privilege-constrained (PC) application requests access to an individual client account, a single use authorization (SUA) code is created that is associated with the individual client account. The SUA code is routed to, and returned from, the privilege-constrained (PC) application to authenticate the PC application. The PC application, once authenticated, receives a permitted action token that identifies a limited set of privileges that the PC application is authorized to perform in connection with the CAR resource. The PC application provides the permitted action token to an access service. The access service limits access, by the PC application, to the CAR resource based on the permitted action token.

公开(公告)号：US10785261B2

公开(公告)日：2020-09-22

申请号：US15917471

申请日：2018-03-09

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Darren Ernest Canavor ,  Jon Arron McClintock ,  Gregory Branchek Roth ,  Gregory Alan Rubin ,  Nima Sharifi Mehr

IPC: H04L29/06

Abstract: A client establishes a network session with a server. The network session is used to establish an encrypted communications session. The client establishes another network session with another server, such as after terminating the first network session. The client resumes the encrypted communications session over the network session with the other server. The other server is configured to receive encrypted communications from the client and forward them to the appropriate server.

公开(公告)号：US10600293B2

公开(公告)日：2020-03-24

申请号：US16151058

申请日：2018-10-03

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock

IPC: G08B13/14 ,  G06F3/01 ,  G08B29/18 ,  G11C13/00 ,  G08B13/08 ,  G08B13/12 ,  G08B21/02 ,  G08B13/24

Abstract: A system and method for activating security mechanisms based at least in part on accelerometer-based dead reckoning wherein accelerometer data, reflecting acceleration in a local coordinate system of a device, is obtained from an accelerometer of a device. Movement of the device is determined based at least in part on the accelerometer data, and, based at least in part on whether the movement of the device exceeds a threshold value, a determination is made whether to change a current security state of the device. If it is determined to change the current security state of the device, the current security state of the device is changed to a new security state.

公开(公告)号：US10523707B2

公开(公告)日：2019-12-31

申请号：US15925470

申请日：2018-03-19

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Darren Ernest Canavor ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  Gregory Branchek Roth

IPC: H04L9/32 ,  H04L29/06

Abstract: A plurality of cipher suites is negotiated as part of a handshake process to establish a cryptographically protected communications session. The handshake process is completed to establish the cryptographically protected communications session. A message is communicated over the established cryptographically protected communications session using at least two cipher suites of the plurality of cipher suites.

公开(公告)号：US10313882B2

公开(公告)日：2019-06-04

申请号：US15804886

申请日：2017-11-06

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Phivos Costas Aristides ,  Darren Ernest Canavor ,  Arnaud Marie Froment ,  Scott Donald Gregory ,  Cory Adam Johnson ,  Chelsea Celest Krueger ,  Jon Arron McClintock ,  Vijay Rangarajan ,  Andrew Jay Roths

IPC: H04W12/06 ,  H04M1/725 ,  H04L29/06 ,  H04M1/67

Abstract: An access control application for mobile devices is provided. The access control application may be configured to generate a set of security tasks based at least in part on information corresponding to a user's interactions with the mobile device. An unlock screen of the mobile device may be triggered and security tasks from the generated set of security tasks may be displayed through a user interface of the mobile device. The user's response to the security tasks may be obtained and a confidence score may be calculated, based at least in part on the response. The access control application may then determine, based at least in part on the score and one or more attributes of the environment, whether to unlock the mobile device or prompt the user to provide an additional response to another security task.

公开(公告)号：US10187428B2

公开(公告)日：2019-01-22

申请号：US15618419

申请日：2017-06-09

Applicant: Amazon Technologies, Inc.

Inventor： Harsha Ramalingam ,  Dominique Imjya Brezinski ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  James Connelly Petts

IPC: H04L29/06 ,  G06F21/14 ,  G06F21/54 ,  G06F21/55

Abstract: Disclosed are various embodiments for active data that tracks usage. The active data includes instructions that are executable by a computing device. The computing device is scanned to identify characteristics of the computing device. The characteristics of the computing device are utilized to determine whether the usage of the active data is authorized. Data is transmitted to a network service, including identifying information for the particular computing device and data that identifies a deployment of the active data.

公开(公告)号：US10142301B1

公开(公告)日：2018-11-27

申请号：US14489161

申请日：2014-09-17

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Darren Ernest Canavor ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  Gregory Branchek Roth ,  Gregory Alan Rubin

IPC: H04L29/06 ,  H04L9/08

Abstract: Multiple communications that encode data are encrypted for transit from one entity to the other. An entity receiving the communications decrypts at least some of the communications to determine how to process the communications. As part of processing the communications, the entity receiving the communications provides at least some of the encrypted communications to a data storage system without reencrypting those communications.

公开(公告)号：US20180262530A1

公开(公告)日：2018-09-13

申请号：US15925470

申请日：2018-03-19

Applicant: Amazon Technologies, Inc.

Inventor： Nima Sharifi Mehr ,  Darren Ernest Canavor ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  Gregory Branchek Roth

IPC: H04L29/06 ,  H04L9/32

Abstract: A plurality of cipher suites is negotiated as part of a handshake process to establish a cryptographically protected communications session. The handshake process is completed to establish the cryptographically protected communications session. A message is communicated over the established cryptographically protected communications session using at least two cipher suites of the plurality of cipher suites.

公开(公告)号：US10007779B1

公开(公告)日：2018-06-26

申请号：US14869185

申请日：2015-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Yogesh Vilas Golwalkar ,  Bharath Kumar Bhimanaik ,  Darin Keith McAdams ,  Tushaar Sethi

IPC: G06F21/45 ,  G06F21/31

CPC classification number: G06F21/45 ,  G06F21/31

Abstract: Methods and systems are provided to enable gradual expiration of credentials. Instead of depriving a user of all his access rights upon expiration of his credential (e.g., password), the user's access rights may be gradually restricted during a grace period after an expected or initial expiration time and/or before a final expiration time. The access right may be determined based on a duration from a time of the access request to the final expiration time or to the initial expiration time.