公开(公告)号：US10708129B1

公开(公告)日：2020-07-07

申请号：US15298208

申请日：2016-10-19

Applicant: Amazon Technologies, Inc.

Inventor： Alex Levin ,  Ihab Bishara ,  Georgy Machulsky

IPC: H04L29/06 ,  H04L29/08 ,  G06F17/30 ,  H04L12/24 ,  H04L9/32 ,  H04L9/30

Abstract: A technology is provided for changing a hardware capability of an internet capable device. A hardware capability of an internet capable device is restrained to a first limit based on a first configuration definition. A second configuration definition is requested to change the first limit set by the first configuration definition from a service provider environment. A second configuration definition is received from the service provider environment at the internet capable device. The hardware capability of the internet capable device are changed to a second limit based on the second configuration definition.

公开(公告)号：US10484348B1

公开(公告)日：2019-11-19

申请号：US15388548

申请日：2016-12-22

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Alex Levin ,  Ron Diamant ,  Ihab Bishara ,  Michael Butler Fortin ,  Gary Lee Szilagyi ,  Georgy Machulsky

IPC: H04L29/00 ,  H04L29/06 ,  H04L29/08 ,  H04L9/08 ,  H04L9/06 ,  H04L9/32 ,  G06F16/14 ,  G06F16/182

Abstract: A network device includes a processor coupled to network interface circuitry and cryptographic circuitry. The network interface circuitry is configured to couple the network device to a local computer communication network. The processor is configured to generate an encryption key based on a hardware specific value recorded in the network device, and apply the cryptographic circuitry and the encryption key to encrypt files for storage in an Internet storage system coupled to a remote computer communication network, and present the encrypted files stored, by the processor, in the Internet storage system, to a computing device coupled to the network device via the local computer communication network, as a storage system attached to the local computer communication network.

公开(公告)号：US10943013B2

公开(公告)日：2021-03-09

申请号：US16786742

申请日：2020-02-10

Applicant: Amazon Technologies, Inc.

Inventor： Ron Diamant ,  Alex Levin ,  Ihab Bishara

IPC: H04L29/06 ,  G06F21/57 ,  G06F9/4401 ,  H04L9/08

Abstract: Methods and apparatus are disclosed for securing executable code for execution with a processor using a trusted platform module (TPM). In one example of the disclosed technology, a method of decrypting executable code for execution includes measuring values stored in a CPU boot ROM and measuring second values for executable code stored in non-volatile memory, storing the resulting measurement value in a TPM platform configuration register. The PCR value is used to unseal a key stored in non-volatile memory of the TPM, which key is used to decrypt executable code for execution. Security can be further enhanced by destroying the values stored in the PCR by performing additional measurement operations with the TPM PCR used to generate the measurement value.

公开(公告)号：US11323317B1

公开(公告)日：2022-05-03

申请号：US15298206

申请日：2016-10-19

Applicant: Amazon Technologies, Inc.

Inventor： Alex Levin ,  Ihab Bishara ,  Georgy Machulsky

IPC: G06F15/177 ,  H04L41/0806 ,  H04L67/00 ,  G06F8/656 ,  G06F8/70

Abstract: A technology is described for managing network communication device software capabilities. An example method may include sending a connection request from a network communication device electronically to a service provider environment. Software capabilities for the network communication device may be verified from the service provider environment. A software capabilities modification instruction for the network communication device may be received from the service provider environment. The software capabilities of the network communication device may be modified based on the software capabilities modification instruction.

公开(公告)号：US20200175170A1

公开(公告)日：2020-06-04

申请号：US16786742

申请日：2020-02-10

Applicant: Amazon Technologies, Inc.

Inventor： Ron Diamant ,  Alex Levin ,  Ihab Bishara

IPC: G06F21/57 ,  H04L9/08 ,  G06F9/4401

Abstract: Methods and apparatus are disclosed for securing executable code for execution with a processor using a trusted platform module (TPM). In one example of the disclosed technology, a method of decrypting executable code for execution includes measuring values stored in a CPU boot ROM and measuring second values for executable code stored in non-volatile memory, storing the resulting measurement value in a TPM platform configuration register. The PCR value is used to unseal a key stored in non-volatile memory of the TPM, which key is used to decrypt executable code for execution. Security can be further enhanced by destroying the values stored in the PCR by performing additional measurement operations with the TPM PCR used to generate the measurement value.

公开(公告)号：US10565382B1

公开(公告)日：2020-02-18

申请号：US15389152

申请日：2016-12-22

Applicant: Amazon Technologies, Inc.

Inventor： Ron Diamant ,  Alex Levin ,  Ihab Bishara

IPC: H04L29/06 ,  G06F21/57 ,  G06F9/4401 ,  H04L9/08

Abstract: Methods and apparatus are disclosed for securing executable code for execution with a processor using a trusted platform module (TPM). In one example of the disclosed technology, a method of decrypting executable code for execution includes measuring values stored in a CPU boot ROM and measuring second values for executable code stored in non-volatile memory, storing the resulting measurement value in a TPM platform configuration register. The PCR value is used to unseal a key stored in non-volatile memory of the TPM, which key is used to decrypt executable code for execution. Security can be further enhanced by destroying the values stored in the PCR by performing additional measurement operations with the TPM PCR used to generate the measurement value.