公开(公告)号：US11451516B1

公开(公告)日：2022-09-20

申请号：US16364029

申请日：2019-03-25

Applicant: Amazon Technologies, Inc.

Inventor： Eknath Venkataramani

IPC: H04L29/00 ,  H04L9/40 ,  H04W12/50 ,  H04W12/086

Abstract: Systems and methods are described for implementing a device isolation service. A device isolation service creates and administers per-device virtual networks for individual computing devices, thereby isolating the computing devices from each other and limiting device-to-device communication. The device isolation service may further provide a monitored and access-controlled network that facilitates access to the isolated devices, thereby allowing “administrator” devices to access and administer devices while preventing a compromised device from seeing, probing, or compromising other devices on the network. The device isolation service may group devices by category or function, and may put devices that communicate with each other on the same virtual network while isolating other devices to different virtual networks.

公开(公告)号：US12242593B1

公开(公告)日：2025-03-04

申请号：US17543593

申请日：2021-12-06

Applicant: Amazon Technologies, Inc.

Inventor： Eknath Venkataramani

IPC: G06F21/46

Abstract: An agent running on an IoT device of a client's network may receive a default password from a provider network and use the received default password to determine whether the password assigned to the IoT device has been changed from the default password to a different one. The agent may retrieve a salt string, a hashing algorithm, and a hashed string from a password database of the IoT device, combine the salt string with the received default password to generate a salted default password, and apply the hashing algorithm to the salted default password to generate a new hashed string. The agent may then compare the new hashed string to the hashed string retrieved from the password database. If they match, then the agent sends an indication to the provider network that the default password is still assigned to the IoT device.

公开(公告)号：US12212546B2

公开(公告)日：2025-01-28

申请号：US17933390

申请日：2022-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Eknath Venkataramani

IPC: H04L29/00 ,  H04L9/40 ,  H04W12/086 ,  H04W12/50

Abstract: Systems and methods are described for implementing a device isolation service. A device isolation service creates and administers per-device virtual networks for individual computing devices, thereby isolating the computing devices from each other and limiting device-to-device communication. The device isolation service may further provide a monitored and access-controlled network that facilitates access to the isolated devices, thereby allowing “administrator” devices to access and administer devices while preventing a compromised device from seeing, probing, or compromising other devices on the network. The device isolation service may group devices by category or function, and may put devices that communicate with each other on the same virtual network while isolating other devices to different virtual networks.

公开(公告)号：US11777823B1

公开(公告)日：2023-10-03

申请号：US17535455

申请日：2021-11-24

Applicant: Amazon Technologies, Inc.

Inventor： Eknath Venkataramani ,  Amit Jagannath Mhatre

IPC: H04L43/0817 ,  H04L43/065 ,  H04L43/0823

CPC classification number: H04L43/0817 ,  H04L43/065 ,  H04L43/0823

Abstract: An anomaly detection service of a provider network may be used to efficiently monitor for metric anomalies across a large number of IoT devices using mandatory and optional values for metrics. A client may configure any number of mandatory and optional values for a metric to be collected from IoT devices of a fleet. The client may also configure one or more criteria to by used for evaluating the mandatory values (e.g., a threshold percentage such as 99%). When the service receives metric values for the metric, the service determines whether the values satisfy the criteria for the mandatory value. If not, then the service indicates an anomaly. The service may also determine if any values other than the mandatory and optional values are present. If not, then the service indicates an anomaly.

公开(公告)号：US11233823B1

公开(公告)日：2022-01-25

申请号：US16707578

申请日：2019-12-09

Applicant: Amazon Technologies, Inc.

Inventor： Eknath Venkataramani ,  Daniel J. Miller ,  Swati Kulkarni

IPC: H04L29/06 ,  G06F9/455

Abstract: The present disclosure generally relates to enabling efficient implementation of honeypot devices in a honeypot service environment. Each honeypot device can be implemented as a virtualized device, executing software modified from a production version of a device such that interactions with the honeypot device closely match interactions with a production device. By using virtualization, each honeypot device can be reset to a known good state when a potential security breach occurs. Because network-based attacks are often wide-spread, the honeypot service environment can deduplicate attacks that occur at a large number of devices, discarding duplicate attack traffic to reduce overall load on the environment. While deduplication can be inappropriate for production environments (given the corresponding data loss), deduplication in a honeypot environment can reduce load while still enabling detection of a network attack.

公开(公告)号：US20230115472A1

公开(公告)日：2023-04-13

申请号：US17933390

申请日：2022-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Eknath Venkataramani

IPC: H04L9/40 ,  H04W12/50 ,  H04W12/086

Abstract: Systems and methods are described for implementing a device isolation service. A device isolation service creates and administers per-device virtual networks for individual computing devices, thereby isolating the computing devices from each other and limiting device-to-device communication. The device isolation service may further provide a monitored and access-controlled network that facilitates access to the isolated devices, thereby allowing “administrator” devices to access and administer devices while preventing a compromised device from seeing, probing, or compromising other devices on the network. The device isolation service may group devices by category or function, and may put devices that communicate with each other on the same virtual network while isolating other devices to different virtual networks.