公开(公告)号：US10608997B1

公开(公告)日：2020-03-31

申请号：US14751022

申请日：2015-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Tushaar Sethi ,  Jon Arron McClintock

IPC: H04L29/06

Abstract: The current document describes systems and methods that provide access controls in a system of interconnected services such as an online service platform. In various implementations, the system maintains contextual information associated with tokenized data. In additional implementations, data brokers authorize access to detokenized data by comparing the context of the data to the context of the service requesting the data. In yet additional implementations, the system maintains contextual information associated with requests that are processed within the system. When a request is made to a particular service, the particular service can use the identity of the requester, the context of the request, and the context of the data to determine whether the request is authorized. In some implementations, the integrity of contextual information is protected using a digital signature.

公开(公告)号：US10560338B2

公开(公告)日：2020-02-11

申请号：US15829725

申请日：2017-12-01

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Dominique Imjya Brezinski ,  Tushaar Sethi ,  Maarten Van Horenbeeck

IPC: H04L12/24 ,  H04L12/733

Abstract: A method and apparatus for path detection are disclosed. In the method and apparatus, a data path may link two path-end nodes in a network. Event data for the network may be received and may be used to determine, for each node resident on the path, proximity measures to each path-end node. The proximity measure of network nodes may be evaluated to determine whether a path exists between the two path-end nodes.

公开(公告)号：US10515212B1

公开(公告)日：2019-12-24

申请号：US15189824

申请日：2016-06-22

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Matthew James Parker

IPC: G06F21/56 ,  G06F21/62 ,  G06Q30/06 ,  G06F16/21 ,  G06F16/901

Abstract: Computing resource service providers may operate a plurality of computing resources in a distributed computing environment. In addition, the computing resource server providers may provide customers with access to applications and/or services. The applications and/or services may include sensitive data. Sensitive data in the distributed computing environment may be tracked by analyzing source code associated with the applications and/or services. Analysis of the source code may include detecting operations associated with databases and generating schemas associated with the databases based at least in part on attributes included in the source code. Sensitive data may be detected based at least in part on the schemas generated by analyzing the source code.

公开(公告)号：US10445514B1

公开(公告)日：2019-10-15

申请号：US13896934

申请日：2013-05-17

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Jon Arron McClintock

IPC: G06F21/62

Abstract: A computing resource service provider detects that an account has been compromised. The computing resource service provider applies a set of restrictions on the account. The computing resource service provider denies a request if the request is preempted by the set of restrictions. The computing resource service provider fulfills a request that is not preempted by the set of restrictions.

公开(公告)号：US10440007B1

公开(公告)日：2019-10-08

申请号：US14869864

申请日：2015-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Harsha Ramalingam ,  Zachary Damen Wolfe ,  Darren Ernest Canavor ,  Brian Dang ,  Max Funderburk ,  Jesper Mikael Johansson ,  Bharath Kumar Bhimanaik ,  Jon Arron McClintock ,  Jason Christopher Rudmann

IPC: H04L29/06 ,  G06F21/45 ,  G06F3/0484 ,  G06F16/84

Abstract: User input into a user interface is symbolically represented to increase security. User input received into a user interface and a mapping is applied to the user input. A result of the mapping is provided. The user interface may be updated to include the result of the mapping and/or may be provided to another device, such as over a short range communication channel. A person who views or otherwise has access to the user interface does not obtain the user input, but the result of the mapping indicates whether the user input was provided correctly.

公开(公告)号：US10387825B1

公开(公告)日：2019-08-20

申请号：US14745193

申请日：2015-06-19

Applicant: Amazon Technologies, Inc.

Inventor： Darren Ernest Canavor ,  Jon Arron McClintock ,  Brandon William Porter

IPC: G06Q10/08 ,  H04W12/06 ,  H04W4/02 ,  H04W76/10 ,  H04W84/12

Abstract: An unmanned vehicle obtains first location information associated with a customer order, which causes the unmanned vehicle to travel to a first location. While at the first location, the unmanned vehicle receives, from another device, second location information. The unmanned vehicle uses the second location information to travel to a second location where the other device is located. Once at the second location, the unmanned vehicle performs one or more operations involved with fulfillment of the order.

公开(公告)号：US10372905B1

公开(公告)日：2019-08-06

申请号：US14569265

申请日：2014-12-12

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Jon Arron McClintock ,  Darren Ernest Canavor ,  George Nikolaos Stathakopoulos

IPC: G06F21/56

Abstract: Techniques are described for preventing a software module from executing in an unauthorized environment. A software module may be configured to collect context information that describes an environment in which the software module is executing. If the context information indicates that the environment is unauthorized for executing the software module, the software module may alter its behavior(s) or its binary signature to simulate a threat. Threat detection module(s), such as anti-virus software, anti-malware software, and so forth, may then identify the software module as a threat and disable its execution or perform other actions. In some cases, the analysis of the context information may be performed on server device(s), which may send a signal to cause the software module to alter its behavior(s) or its binary signature.

公开(公告)号：US10333937B2

公开(公告)日：2019-06-25

申请号：US15612067

申请日：2017-06-02

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Darren Ernest Canavor ,  Daniel Wade Hitchcock ,  Jonathan Kozolchyk

IPC: H04L29/06 ,  G06F21/10 ,  G06F21/62 ,  G06F21/33 ,  G06F21/34 ,  G06F21/60 ,  H04L9/32

Abstract: A resource owner or administrator submits a request to a permissions management service to create a permissions grant which may include a listing of actions a user may perform on a resource. Accordingly, the permissions management service may create the permissions grant and use a private cryptographic key to digitally sign the created permissions grant. The permissions management service may transmit this digitally signed permissions grant, as well as a digital certificate comprising a public cryptographic key for validating the permissions grant, to a target resource. The target resource may use the public cryptographic key to validate the digital signature of the permissions grant and determine whether a user is authorized to perform one or more actions based at least in part on a request from the user to perform these one or more actions on the resource.

公开(公告)号：US20190073483A1

公开(公告)日：2019-03-07

申请号：US16174093

申请日：2018-10-29

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock ,  Tushaar Sethi ,  Maarten Van Horenbeeck

IPC: G06F21/62 ,  H04L29/06 ,  G06F21/55

Abstract: Techniques for detecting access to data classified as sensitive by plugin running on a computer system are described herein. A data event is generated that includes information about the access to the data classified as sensitive as a result of detecting the access to the data. The data event is then transmitted to a logging service over a network.

公开(公告)号：US20190035238A1

公开(公告)日：2019-01-31

申请号：US16151058

申请日：2018-10-03

Applicant: Amazon Technologies, Inc.

Inventor： Jon Arron McClintock

IPC: G08B13/14

CPC classification number: G08B13/1436 ,  G06F3/017 ,  G08B13/08 ,  G08B13/12 ,  G08B13/1418 ,  G08B13/1427 ,  G08B13/1454 ,  G08B13/1463 ,  G08B13/2448 ,  G08B21/0216 ,  G08B21/023 ,  G08B21/0261 ,  G08B21/0269 ,  G08B21/0272 ,  G08B21/0277 ,  G08B29/188 ,  G11C13/0069

Abstract: A system and method for activating security mechanisms based at least in part on accelerometer-based dead reckoning wherein accelerometer data, reflecting acceleration in a local coordinate system of a device, is obtained from an accelerometer of a device. Movement of the device is determined based at least in part on the accelerometer data, and, based at least in part on whether the movement of the device exceeds a threshold value, a determination is made whether to change a current security state of the device. If it is determined to change the current security state of the device, the current security state of the device is changed to a new security state.