公开(公告)号：US20160188360A1

公开(公告)日：2016-06-30

申请号：US15061932

申请日：2016-03-04

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/455 ,  G06F12/02

CPC classification number: G06F9/45558 ,  G06F9/45533 ,  G06F9/45541 ,  G06F9/4555 ,  G06F9/50 ,  G06F9/5027 ,  G06F12/023 ,  G06F2009/45562 ,  G06F2009/4557 ,  G06F2009/45583

Abstract: A computer system implements a hypervisor which, in turn, implements one or more computer system instances and a controller. The controller and a computer system instance share a memory. A request is processed using facilities of both the computer system instance and the controller. As part of request processing, information is passed between the computer system instance and the controller via the shared memory.

公开(公告)号：US09349144B1

公开(公告)日：2016-05-24

申请号：US13827432

申请日：2013-03-14

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06Q30/00 ,  G06Q30/08

CPC classification number: G06Q30/08

Abstract: Shared electronic resources can be allocated to customers by auction when there is contention among the customers for the resources. Each customer can receive a bid pool for a shared electronic resource. A customer may prioritize a request by withdrawing a bid amount from the customer's bid pool and submitting the bid amount with a request for the shared resource. A resource provider may assess the capacity of the shared resource to process requests and conduct an auction at various times, such as during periods of congestion, to determine the requests that the shared resource will process at a given time. The auction can be concluded when an auction price is determined, and those requests including bids greater than or equal to the determined auction price can be selected for processing by the shared resource.

Abstract translation: 共享的电子资源可以在客户争夺资源的时候通过拍卖分配给客户。 每个客户可以收到共享电子资源的出价池。 客户可以通过从客户的出价池中提取出价金额来提出请求来优先处理请求，并通过对共享资源的请求提交出价金额。 资源提供商可以评估共享资源处理请求的能力，并在诸如在拥塞期间的不同时间进行拍卖，以确定共享资源在给定时间处理的请求。 当拍卖价格确定时，拍卖可以结束，并且可以选择包括所确定的拍卖价格以上的出价的请求以供共享资源处理。

公开(公告)号：US09313191B1

公开(公告)日：2016-04-12

申请号：US14181078

申请日：2014-02-14

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen ,  Gregory Branchek Roth ,  Elena Dykhno

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L67/2823

Abstract: A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/or authentication service to translate the virtual request components over the first protocol to one or more second requests using the second protocol. Virtual request components may also prove the authenticity of the virtual request received by the servicer to an authentication service. If virtual request is valid, the authentication service may issue a credential to the servicer to send the one or more second requests to an independent service. Virtual requests may be included in various protocols, including credential-based protocols and certificate exchange-based protocols.

Abstract translation: 来自使用第一协议的客户端的第一请求由服务器使用第一协议通过虚拟请求使用第二协议转换成一个或多个第二请求。 客户端可以使用第一协议的参数将虚拟请求组件传递给服务器。 客户端，服务器和/或认证服务之间的格式协议可以允许服务器和/或认证服务使用第二协议将第一协议上的虚拟请求组件转换成一个或多个第二请求。 虚拟请求组件也可以证明服务器接收到的认证服务的虚拟请求的真实性。 如果虚拟请求有效，则认证服务可以向服务器发出凭证以将一个或多个第二请求发送到独立服务。 虚拟请求可以包括在各种协议中，包括基于证书的协议和基于证书交换的协议。

公开(公告)号：US09258120B1

公开(公告)日：2016-02-09

申请号：US14133052

申请日：2013-12-18

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L9/00 ,  H04L9/08

CPC classification number: H04L9/0891 ,  H04L9/0894

Abstract: Techniques for improving the security and availability of cryptographic key systems are described herein. A graph representation of a network of cryptographic key servers is created with vertices representing the servers and edges representing connections between pairs of servers. As cryptographic key events are received, the graph is used to locate the appropriate servers upon which to perform the operations associated with the events. In the event that the network requires repairing, the graph is first repaired obeying any constraints on the graph and then the network is updated to reflect alterations to the graph.

Abstract translation: 本文描述了用于提高加密密钥系统的安全性和可用性的技术。 创建加密密钥服务器网络的图形表示，其中表示服务器的顶点和表示服务器对之间的连接的边。 随着接收到加密密钥事件，该图用于定位在其上执行与事件相关联的操作的适当服务器。 在网络需要修复的情况下，首先修复图表，遵循图形上的任何约束，然后更新网络以反映图形的更改。

公开(公告)号：US09239716B1

公开(公告)日：2016-01-19

申请号：US14065270

申请日：2013-10-28

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/44 ,  G06F9/445

CPC classification number: G06F8/65 ,  G06F8/75 ,  G06F11/3089 ,  G06F2201/865

Abstract: In certain embodiments, execution traces for a program definition of an application are accessed. Probability information for components of the program definition is computed based at least in part upon the execution traces. Program definition slices are determined based at least in part upon the probability information. The program definition slices comprises a baseline slice and at least one supplemental slice. The baseline slice is communicated to a client in response to a request for the application. At least one supplemental slice is communicated to the client to allow the patching of the baseline slice with the at least one supplemental slice to recreate at least a portion of the program definition.

公开(公告)号：US08955155B1

公开(公告)日：2015-02-10

申请号：US13795530

申请日：2013-03-12

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F7/00 ,  G06F21/44

CPC classification number: G06F21/44 ,  G06F21/6209

Abstract: Secure information flow may include a service receiving a request for data from a caller. The service may respond to the request with the requested data via a secure flow container. The secure flow container may then send the information to the caller component. Before the secure flow container receives or sends the information, a monitoring environment may permit the secure flow container to receive or send the information, respectively.

Abstract translation: 安全信息流可以包括接收来自呼叫者的数据请求的服务。 服务可以通过安全流量容器响应请求与请求的数据。 然后，安全流量容器可以将信息发送给呼叫者组件。 在安全流量容器接收或发送信息之前，监视环境可以允许安全流量容器分别接收或发送信息。

公开(公告)号：US12132844B1

公开(公告)日：2024-10-29

申请号：US17890976

申请日：2022-08-18

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen ,  Daniel Ron Simon ,  Andrew Hopkins

IPC: H04L9/32

CPC classification number: H04L9/3265 ,  H04L9/3218 ,  H04L9/3234 ,  H04L9/3247

Abstract: Described implementations obtain a proof of valid attestation data. The attestation data may include configuration data of a host computing system. A prover service may receive the attestation data. The prover service may generate a proof to prove that the attestation data includes valid configuration data of the host computer system, without revealing sensitive or private information of the host computing system. The proof may be a zero-knowledge proof.

公开(公告)号：US11328087B1

公开(公告)日：2022-05-10

申请号：US16141789

申请日：2018-09-25

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen ,  Xianrui Jeri Meng

IPC: G06F21/62 ,  H04L29/06 ,  G06F21/60 ,  H04L9/06 ,  G06F21/10 ,  H03K19/21

Abstract: Systems and methods for implementing a secure and efficient cryptographic protocol for analyzing data objects while providing assurances of data privacy and security. A data object may be obfuscated and provided for analysis (e.g., to a data analytics service) without necessarily providing access to the (e.g., plaintext) data object. For example, a first computing entity and second computing entity may agree upon a function or circuit that performs a certain type of computational task, such as comparing a first data set controlled by the first computing entity and a second data set controlled by the second computing entity. An event-driven function may be invoked by the event-driven compute service in response to detecting satisfaction of a condition as part of monitoring alerts that are generated as a result of the output of the computational task described above.

公开(公告)号：US11290486B1

公开(公告)日：2022-03-29

申请号：US14981722

申请日：2015-12-28

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L29/06 ,  H04L47/70

Abstract: The disclosure relates to provisioning honeypot computing services using computing resources in a defective computing resource pool. In one example, a computing system can generate a maliciousness score for a received resource allocation request, determine that the generated maliciousness score exceeds a maliciousness threshold and identify a computing resource in a defective resource pool that is eligible to satisfy the request. The system can then provision honeypot computing services to fulfill the request, using the identified computing resource in the defective resource pool.

公开(公告)号：US10996945B1

公开(公告)日：2021-05-04

申请号：US14489266

申请日：2014-09-17

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/45 ,  G06F8/72 ,  G06F8/60 ,  G06F8/30

Abstract: A computing resource service provider may provide computing resources for execution of a program on behalf of a customer. The program's resource requirements may grow over time and horizontal scaling of the programs execution may be a laborious task as the portion of the program's the in-memory state may not be replicated. The program may include a set of modules which may be split and distributed to one or more computer systems of the service provider for execution. A factoring plan may be used to determine a set of partitions, where each partitions contains a subset of the modules of the program. Performance data associated with the one or more computer systems executing the partitions may be used to determine the factoring plan.