公开(公告)号：US20180026968A1

公开(公告)日：2018-01-25

申请号：US15679205

申请日：2017-08-17

Applicant: Amazon Technologies, Inc.

Inventor： Darren Ernest Canavor ,  Jesper Mikael Johansson

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L63/0815 ,  H04L63/0853

Abstract: Disclosed are various embodiments for managing security credentials. In one embodiment, network content for a network site is obtained in response to a user request. A connection with a remote computing device that stores and manages security credentials for accessing network sites is authenticated using a master security credential and answers to knowledge-based questions. A security credential associated with the network site is provided to the client from the remote computing device based at least in part on the answers. Access to the network site is authenticated according to the security credential.

公开(公告)号：US20180007020A1

公开(公告)日：2018-01-04

申请号：US15688255

申请日：2017-08-28

Applicant: Amazon Technologies, Inc.

Inventor： Daniel Wade Hitchcock ,  Darren Ernest Canavor ,  Tushaar Sethi

IPC: H04L29/06 ,  G06F21/62 ,  G06F21/10 ,  H04L9/08 ,  H04L9/32 ,  H04L9/14

CPC classification number: H04L63/0435 ,  G06F21/10 ,  G06F21/62 ,  H04L9/0825 ,  H04L9/0877 ,  H04L9/0891 ,  H04L9/0897 ,  H04L9/14 ,  H04L9/3234 ,  H04L9/3268 ,  H04L63/0823

Abstract: Aspects related to the secure transfer and use of secret material are described. In one embodiment, an encrypted secret key and encrypted revocation data are imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret key or revocation data of a customer, as the secret key and revocation data are decrypted and stored within the trusted execution environment but not accessed in an unencrypted form. In turn, the provider can receive various instructions to perform cryptographic operations on behalf of the customer. Based on the outcome of a revocation check using the revocation data, the instructions can be performed by the trusted execution environment.

公开(公告)号：US09838384B1

公开(公告)日：2017-12-05

申请号：US14571247

申请日：2014-12-15

Applicant: Amazon Technologies, Inc.

Inventor： David James Kane-Parry ,  Darren Ernest Canavor ,  Jesper Mikael Johansson

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/31 ,  G06Q30/06

CPC classification number: H04L63/083 ,  G06F21/316 ,  G06Q30/0601

Abstract: Techniques for marking or flagging an account as potentially being compromised may be provided. Information about the popularity of passwords associated with a plurality of accounts may be maintained. In an example, an account may be marked as potentially being compromised based at least in part on the information about the popularity of passwords and a password included in a request to change the password associated with the account. A notification indicating that an account has been marked as potentially compromised may be generated.

公开(公告)号：US09787673B2

公开(公告)日：2017-10-10

申请号：US15293534

申请日：2016-10-14

Applicant: Amazon Technologies, Inc.

Inventor： Jesper Mikael Johansson ,  Darren Ernest Canavor ,  Matthew Ryan Jezorek ,  Brian Young Lee

IPC: H04L29/06 ,  G06F21/31 ,  H04W12/06

CPC classification number: H04L63/0838 ,  G06F21/31 ,  H04L63/0853 ,  H04W12/06

Abstract: Disclosed are various embodiments for a computing device with an integrated authentication token. The computing device includes first circuitry having a processor and a memory and providing general-purpose computing capability. The computing device also includes second circuitry configured to generate a one-time password. The first circuitry is incapable of determining the one-time password due to a separation from the second circuitry, and the first and second circuitry may be in a single enclosure.

公开(公告)号：US09774573B2

公开(公告)日：2017-09-26

申请号：US14831341

申请日：2015-08-20

Applicant: Amazon Technologies, Inc.

Inventor： Daniel W. Hitchcock ,  Darren Ernest Canavor ,  Tushaar Sethi

IPC: H04L29/06 ,  G06F21/10 ,  H04L9/14 ,  H04L9/08 ,  G06F21/62 ,  H04L9/32

CPC classification number: H04L63/0435 ,  G06F21/10 ,  G06F21/62 ,  H04L9/0825 ,  H04L9/0877 ,  H04L9/0891 ,  H04L9/0897 ,  H04L9/14 ,  H04L9/3234 ,  H04L9/3268 ,  H04L63/0823

Abstract: Aspects related to the secure transfer and use of secret material are described. In one embodiment, public vendor and provider keys are provided to a customer and encrypted secret material is received in return. The encrypted secret material may include a customer secret material encrypted by the public vendor and provider keys. The encrypted secret material is imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret material of the customer, as the customer secret material is decrypted and stored within the trusted execution environment but is not accessed by the provider in an unencrypted form. In turn, the provider may receive various instructions to perform cryptographic operations on behalf of the customer, and those instructions may be performed by the trusted execution environment.

公开(公告)号：US09754100B1

公开(公告)日：2017-09-05

申请号：US14580043

申请日：2014-12-22

Applicant: Amazon Technologies, Inc.

Inventor： Daniel Wade Hitchcock ,  Darren Ernest Canavor ,  Jesper Mikael Johansson

IPC: G06F21/00 ,  G06F21/45 ,  H04L9/32

CPC classification number: G06F21/45 ,  H04L9/0891 ,  H04L9/3268

Abstract: Disclosed are various embodiments for replicating authentication data between computing devices. A computing device monitors a first certificate store located on a first client device for a change in a first state of the first certificate store. The computing device updates a record of the first state of the first certificate store with the change in the first state of the first certificate store, wherein the record is stored in a memory of the computing device. The computing device then determines that the first state of the first certificate store differs from a second state of a second certificate store located on a second client device. Finally, the computing device sends an update to the second client device, wherein the update comprises a change set representing a difference between the updated record and the second certificate store.

公开(公告)号：US09723003B1

公开(公告)日：2017-08-01

申请号：US14298853

申请日：2014-06-06

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Darren Ernest Canavor ,  Jesper Mikael Johansson

IPC: H04W12/08 ,  H04L29/06 ,  H04W12/06

CPC classification number: H04L63/10 ,  H04L63/0869 ,  H04L63/102 ,  H04W12/06 ,  H04W12/08

Abstract: A variety of different mobile computing devices, such as a laptop, tablet or smartphone, may be used in a mixed set of computing environments. At least some of the computing environments may be hostile computing environments where users of the mobile computing devices may be exposed to unknown risks. Furthermore, the mobile computing devices may be unable to determine if a network in a particular computing environment is in fact the network the mobile device determines it to be. A beacon device may be attached to a network and provide mutual authentication for mobile devices in the computing environment. The beacon device may provide a credential store for user device in the computing environment. Furthermore, the beacon device may provide a trusted third-party enabling access to restricted computing resources with requiring users to share their credentials.

公开(公告)号：US09606983B1

公开(公告)日：2017-03-28

申请号：US14470886

申请日：2014-08-27

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Darren Ernest Canavor ,  Jesper Mikael Johansson

IPC: G06F17/27 ,  G06F17/20 ,  G06F17/28

CPC classification number: G06F17/2765 ,  G06F3/0481 ,  G06F17/2276 ,  G06F17/271 ,  G06F17/2735 ,  G06F17/2755 ,  G06F17/28 ,  G06F17/2881 ,  G06F17/30386

Abstract: A mechanism is provided for representing information, such as binary sequence, in a manner that is easier to read and less likely to generate errors when interacted with by human. A dictionary is seeded with two or more set of words, the words being selected from distinct categories. Symbols may be created by combining words from the distinct categories. A mapping of symbols to corresponding values may then be generated. The generated mapping may be used to translate bit values to symbols and symbols to bit values.

公开(公告)号：US20170063811A1

公开(公告)日：2017-03-02

申请号：US14831341

申请日：2015-08-20

Applicant: Amazon Technologies, Inc.

Inventor： Daniel W. Hitchcock ,  Darren Ernest Canavor ,  Tushaar Sethi

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/0435 ,  G06F21/10 ,  G06F21/62 ,  H04L9/0825 ,  H04L9/0877 ,  H04L9/0891 ,  H04L9/0897 ,  H04L9/14 ,  H04L9/3234 ,  H04L9/3268 ,  H04L63/0823

Abstract: Aspects related to the secure transfer and use of secret material are described. In one embodiment, public vendor and provider keys are provided to a customer and encrypted secret material is received in return. The encrypted secret material may include a customer secret material encrypted by the public vendor and provider keys. The encrypted secret material is imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret material of the customer, as the customer secret material is decrypted and stored within the trusted execution environment but is not accessed by the provider in an unencrypted form. In turn, the provider may receive various instructions to perform cryptographic operations on behalf of the customer, and those instructions may be performed by the trusted execution environment.

Abstract translation: 描述与秘密材料的安全转移和使用相关的方面。 在一个实施例中，公共供应商和供应商密钥被提供给客户，并且收到加密的秘密材料。 加密的秘密材料可以包括由公共供应商加密的客户秘密材料和提供商密钥。 加密的秘密资料被导入到受信任的执行环境中，并用专用提供商和供应商密钥进行解密。 以这种方式，密码处理提供者不会暴露给客户的秘密资料，因为客户秘密资料被解密并存储在受信任的执行环境中，但未被提供者以未加密形式访问。 反过来，提供商可以接收代表客户执行密码操作的各种指令，并且这些指令可以由可信执行环境执行。

公开(公告)号：US20160280371A1

公开(公告)日：2016-09-29

申请号：US14671224

申请日：2015-03-27

Applicant: Amazon Technologies, Inc.

Inventor： Darren Ernest Canavor ,  Varadarajan Gopalakrishnan ,  Jesper Mikael Johansson ,  Jon Arron McClintock ,  Brandon William Porter ,  Andrew Jay Roths

IPC: B64C39/02 ,  H04W12/04 ,  H04W12/10

CPC classification number: B64C39/024 ,  B64C2201/141 ,  B64C2201/146 ,  G05D1/104 ,  G06Q10/00 ,  H04L9/3247 ,  H04L9/3263 ,  H04L9/3268 ,  H04L9/3297 ,  H04L63/0823 ,  H04L63/12 ,  H04L2209/80 ,  H04L2209/84 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10

Abstract: An unmanned vehicle determines how to perform a task based at least in part on a message received from another unmanned vehicle. At a later time, the unmanned vehicle detects that the other unmanned vehicle has become untrusted. The unmanned vehicle recalculates how to perform the task such that the recalculation is independent of any messages from the other unmanned vehicle. The unmanned vehicle may also transmit messages to other unmanned vehicles to provide notification of untrustworthiness of the other unmanned vehicle.

Abstract translation: 至少部分地基于从另一无人车接收到的消息，无人驾驶车辆确定如何执行任务。 以后，无人驾驶车辆检测到其他无人驾驶车辆已经不受信任。 无人驾驶车辆重新计算如何执行任务，使得重新计算独立于来自其他无人驾驶车辆的任何消息。 无人驾驶车辆还可以向其他无人驾驶车辆发送消息，以提供其他无人驾驶车辆的不可信度的通知。