公开(公告)号：US10181953B1

公开(公告)日：2019-01-15

申请号：US14027843

申请日：2013-09-16

Applicant: Amazon Technologies, Inc.

Inventor： Benjamin Elias Seidenberg ,  Gregory Branchek Roth ,  Benjamin Tillman Farley

IPC: H04L9/08 ,  H04L9/32

Abstract: Electronically signed data is persistently stored in data storage. After the passage of time, the data may be accessed and presented to a trusted entity for verification of the data. The trusted entity may have access to secret information used to sign the data. The trusted entity may use the secret information to verify an electronic signature of the data. One or more actions may be taken based at least in part on a response provided by the verification system.

公开(公告)号：US10909250B2

公开(公告)日：2021-02-02

申请号：US15969695

申请日：2018-05-02

Applicant: Amazon Technologies, Inc.

Inventor： Aleksandrs J. Rudzitis ,  Sreekumar Mukundan Pisharody ,  John Kenneth Beer ,  Benjamin Tillman Farley

IPC: G06F21/60 ,  G06F21/72 ,  H04L9/08

Abstract: A network-based service for the management of cryptographic key, such as a key management service (“KMS”), provides a web service application programming interface (“API”). Cryptographic keys managed by the service may be stored in a one or more network-connected cryptographic devices such as network-connected hardware security modules (“HSM”). The key management service maintains metadata associated with the cryptographic keys. When a request is received by the key management service, the key management service uses an identifier provided with the request to identify metadata associated with a cryptographic key used to fulfill the request. The key management service uses the metadata to identify a cryptographic device containing the cryptographic key. The key management service generates a set of commands for fulfilling the request such that the commands are compatible with a protocol implemented by the identified cryptographic device, and the set of commands are sent to the identified cryptographic device.

公开(公告)号：US20190149339A1

公开(公告)日：2019-05-16

申请号：US16246331

申请日：2019-01-11

Applicant: Amazon Technologies, Inc.

Inventor： Benjamin Elias Seidenberg ,  Gregory Branchek Roth ,  Benjamin Tillman Farley

IPC: H04L9/32 ,  H04L9/08

Abstract: Electronically signed data is persistently stored in data storage. After the passage of time, the data may be accessed and presented to a trusted entity for verification of the data. The trusted entity may have access to secret information used to sign the data. The trusted entity may use the secret information to verify an electronic signature of the data. One or more actions may be taken based at least in part on a response provided by the verification system.

公开(公告)号：US10999231B1

公开(公告)日：2021-05-04

申请号：US16369668

申请日：2019-03-29

Applicant: Amazon Technologies, Inc.

Inventor： Benjamin Tillman Farley ,  Leandro Batista Lameiro ,  Christine Marie Gerpheide

IPC: G06F15/16 ,  H04L12/58

Abstract: Method and systems are disclosed for providing a function as a service for an application. The application may comprise an email application. A user may define or select an application codes set for performing a specific functionality. The user may define rules that associate specific events with execution of the application code set. Upon detection of an event, a condition may be checked associated with the application. If the condition is satisfied, the application code set may be caused to be executed. The application code set may modify data, such as an email message.

公开(公告)号：US09847983B1

公开(公告)日：2017-12-19

申请号：US14264897

申请日：2014-04-29

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Benjamin Tillman Farley ,  Graeme David Baer

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/0428 ,  H04L63/068

Abstract: Technologies are disclosed herein for epoch-based expiration of temporary security credentials. A temporary security credential is issued that identifies one or more epochs and that specifies one or more versions of the identified epochs during which the temporary security credential is valid. The temporary security credential may then be utilized to request access to another system, service or component. In order to determine whether such a request may be granted, current epoch versions for the epochs identified in the temporary security credential are obtained. The current epoch versions for the identified epochs are then compared to epoch versions specified in the temporary security credential to determine if the request can be granted. The current epoch versions may be periodically modified in order to expire previously issued temporary security credentials. A temporary security credential might also specify an expiration time after which the temporary security credential is no longer valid.

公开(公告)号：US11258611B2

公开(公告)日：2022-02-22

申请号：US16246331

申请日：2019-01-11

Applicant: Amazon Technologies, Inc.

Inventor： Benjamin Elias Seidenberg ,  Gregory Branchek Roth ,  Benjamin Tillman Farley

IPC: H04L9/32 ,  H04L9/08

Abstract: Electronically signed data is persistently stored in data storage. After the passage of time, the data may be accessed and presented to a trusted entity for verification of the data. The trusted entity may have access to secret information used to sign the data. The trusted entity may use the secret information to verify an electronic signature of the data. One or more actions may be taken based at least in part on a response provided by the verification system.

公开(公告)号：US10650003B1

公开(公告)日：2020-05-12

申请号：US15087906

申请日：2016-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Alan Rubin ,  Petr Praus ,  Benjamin Tillman Farley

IPC: G06F16/00 ,  G06F16/2457 ,  G06F16/28 ,  G06F16/23

Abstract: A computing resource service receives a request. In response to the request, the computing resource service queries a probabilistic data structure for an entry corresponding to the request. The computing resource service obtains, from the probabilistic data structure, a value that corresponds to the entry. Based at least in part on this value, the computing resource service determines whether the entry has expired. If the entry is expired, the request is fulfilled. However, if the entry has not expired, the request is denied.

公开(公告)号：US20190342079A1

公开(公告)日：2019-11-07

申请号：US15969695

申请日：2018-05-02

Applicant: Amazon Technologies, Inc.

Inventor： Aleksandrs J. Rudzitis ,  Sreekumar Mukundan Pisharody ,  John Kenneth Beer ,  Benjamin Tillman Farley

IPC: H04L9/08 ,  G06F21/72

Abstract: A network-based service for the management of cryptographic key, such as a key management service (“KMS”), provides a web service application programming interface (“API”). Cryptographic keys managed by the service may be stored in a one or more network-connected cryptographic devices such as network-connected hardware security modules (“HSM”). The key management service maintains metadata associated with the cryptographic keys. When a request is received by the key management service, the key management service uses an identifier provided with the request to identify metadata associated with a cryptographic key used to fulfill the request. The key management service uses the metadata to identify a cryptographic device containing the cryptographic key. The key management service generates a set of commands for fulfilling the request such that the commands are compatible with a protocol implemented by the identified cryptographic device, and the set of commands are sent to the identified cryptographic device.