-
公开(公告)号:US09819727B2
公开(公告)日:2017-11-14
申请号:US13781289
申请日:2013-02-28
发明人: Nachiketh Rao Potlapally , Andrew Paul Mikulski , Donald Lee Bailey, Jr. , Robert Eric Fitzgerald
CPC分类号: H04L67/10 , H04L9/0662 , H04L9/0869 , H04L63/20 , H04L67/1023
摘要: Methods and apparatus for a computing infrastructure for configurable-quality random data are disclosed. A storage medium stores program instructions that when executed on a processor designate some servers of a provider network as members of a pool of producers of random data usable by random data consumers. The instructions, when executed, determine a subset of the pool to be used to supply a collection of random data intended for a random data consumer, and one or more sources of random phenomena to be used to generate the collection of random data. The instructions, when executed, initiate a transmission of the collection of random data directed to the random data consumer.
-
公开(公告)号:US11695569B2
公开(公告)日:2023-07-04
申请号:US17212915
申请日:2021-03-25
发明人: William Frederick Hingle Kruse , Conor Patrick Cahill , Jeffrey Cicero Canton , Dmitry Frenkel , Harshad Vasant Kulkarni , Colin Watson , Andrew Paul Mikulski
CPC分类号: H04L9/3247 , G06F12/1408 , H04L63/061 , H04L63/126 , G06F2212/402
摘要: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
-
公开(公告)号:US10972288B2
公开(公告)日:2021-04-06
申请号:US16726734
申请日:2019-12-24
发明人: William Frederick Hingle Kruse , Conor Patrick Cahill , Jeffrey Cicero Canton , Dmitry Frenkel , Harshad Vasant Kulkarni , Colin Watson , Andrew Paul Mikulski
摘要: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
-
公开(公告)号:US20170331822A1
公开(公告)日:2017-11-16
申请号:US15632787
申请日:2017-06-26
CPC分类号: H04L63/0876 , H04L9/3234 , H04L9/3242 , H04L9/3247 , H04L9/3271 , H04L9/3297 , H04L63/061 , H04L63/0884 , H04L63/123 , H04L63/166 , H04L2463/121
摘要: A server obtains a challenge from another computer system during a negotiation with a client according to a protocol. The server injects the challenge into a message of the protocol to the client. The client uses the challenge in an authentication request. The server submits the authentication request to the other computer system for verification. The other computer system verifies the authentication request using a key registered to the client. The server operates further dependent at least in part on whether verification of the authentication request was successful.
-
公开(公告)号:US09425966B1
公开(公告)日:2016-08-23
申请号:US13826888
申请日:2013-03-14
发明人: Nachiketh Rao Potlapally , Eric Jason Brandwine , Gregory Alan Rubin , Patrick James Ward , James Leon Irving, Jr. , Andrew Paul Mikulski , Donald Lee Bailey, Jr.
CPC分类号: H04L9/3263 , H04L9/302 , H04L9/3268 , H04L63/0823 , H04L63/1433
摘要: Methods and apparatus for a security mechanism evaluation service are disclosed. A storage medium stores program instructions that when executed on a processor define a programmatic interface enabling a client to submit an evaluation request for a security mechanism. On receiving an evaluation request from a client indicating a particular security mechanism using public-key encryption, the instructions when executed, identify resources of a provider network to be used to respond. The instructions, when executed, provide to the client, one or more of: (a) a trustworthiness indicator for a certificate authority that issued a public-key certificate in accordance with the particular security mechanism; (b) a result of a syntax analysis of the public-key certificate; or (c) a vulnerability indicator for a key pair.
摘要翻译: 公开了用于安全机制评估服务的方法和装置。 存储介质存储当在处理器上执行时定义编程接口的程序指令,使得客户端能够提交对安全机制的评估请求。 在从客户端接收到指示使用公钥加密的特定安全机制的评估请求时,执行指令时,识别要用于响应的提供商网络的资源。 指令在执行时向客户提供以下一个或多个:(a)根据特定安全机制发布公钥证书的认证机构的可信赖性指示符; (b)公钥证书的语法分析结果; 或(c)密钥对的漏洞指示符。
-
公开(公告)号:US12028461B2
公开(公告)日:2024-07-02
申请号:US18196266
申请日:2023-05-11
发明人: William Frederick Hingle Kruse , Conor Patrick Cahill , Jeffrey Cicero Canton , Dmitry Frenkel , Harshad Vasant Kulkarni , Colin Watson , Andrew Paul Mikulski
CPC分类号: H04L9/3247 , G06F12/1408 , H04L63/061 , H04L63/126 , G06F2212/402
摘要: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
-
公开(公告)号:US10536277B1
公开(公告)日:2020-01-14
申请号:US14979308
申请日:2015-12-22
发明人: William Frederick Hingle Kruse , Conor Patrick Cahill , Jeffrey Cicero Canton , Dmitry Frenkel , Harshad Vasant Kulkarni , Colin Watson , Andrew Paul Mikulski
摘要: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
-
公开(公告)号:US10250603B1
公开(公告)日:2019-04-02
申请号:US14673371
申请日:2015-03-30
IPC分类号: H04L29/06
摘要: The launching of new software code, virtual machines, and other such instances can undergo one or more scans before being fully available in an electronic environment. One or more policies may apply to such a launch, which can cause the launch to first be performed under a first network configuration, wherein the instance may not be granted access to resources other than scanning infrastructure. After one or more scans are performed, the results can be compared against the policies and, if the results pass, the instance can be caused to operate in a second network configuration, whether launching a new instance in a production environment, altering the configuration of the network, or other such tasks. The policies can be set by a provider of the relevant resources, an administrator of one or more affected resources, an administrator of the instance, or another appropriate party.
-
公开(公告)号:US09935940B1
公开(公告)日:2018-04-03
申请号:US14481798
申请日:2014-09-09
CPC分类号: H04L63/083 , G06F17/30864 , H04L63/20
摘要: Techniques are disclosed for increasing the security of a database. A database is coupled with an access manager to limit certain applications that use the database to store user password information to queries that return at most one row. Additionally, returning a record may be limited to a case where the query includes the hash of the user name and password that is stored in the database. Other techniques may be implemented for other user account operations, such as password resets.
-
公开(公告)号:US09602288B1
公开(公告)日:2017-03-21
申请号:US14672029
申请日:2015-03-27
CPC分类号: H04L63/1433 , G06F21/577 , G06F21/602 , H04L9/088 , H04L9/3247 , H04L9/3252
摘要: A system records use of values used in cryptographic algorithms where the values are subject to uniqueness constraints. As new values are received, the system checks whether violations of a unique constraint has occurred. If a violation occurs, the system performs actions to mitigate potential compromise caused by exploitation of a vulnerability caused by violation of the uniqueness constraint.
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.02 秒)
