-
公开(公告)号:US20170331808A1
公开(公告)日:2017-11-16
申请号:US15601914
申请日:2017-05-22
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Graeme D. Baer
CPC classification number: H04L63/08 , G06F21/31 , G06F21/45 , G06F21/6218 , H04L9/0861 , H04L9/0863 , H04L9/3228 , H04L63/06 , H04L63/083 , H04L2463/061
Abstract: A credential, such as a password, for an entity is used to generate multiple keys. The generated keys are distributed to credential verification systems to enable the credential verification systems to perform authentication operations. The keys are generated such that access to a generated key allows for authentication with a proper subset of the credential verification systems. Thus, unauthorized access to information used by one authentication system does not, by itself, allow for successful authentication with other authentication systems.
-
公开(公告)号:US20170223014A1
公开(公告)日:2017-08-03
申请号:US15488357
申请日:2017-04-14
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Nathan R. Fitch , Graeme D. Baer
Abstract: In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.
-
公开(公告)号:US12113788B2
公开(公告)日:2024-10-08
申请号:US17087347
申请日:2020-11-02
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Nathan R. Fitch , Graeme D. Baer
IPC: H04L9/40 , G06F21/35 , G06F21/36 , H04L9/32 , H04Q5/22 , H04W12/06 , H04W12/30 , G06F15/173 , H04W12/77 , H04W88/02
CPC classification number: H04L63/0838 , G06F21/35 , G06F21/36 , H04L9/3228 , H04L9/3234 , H04L9/3268 , H04L63/061 , H04L63/08 , H04L63/0853 , H04Q5/22 , H04W12/06 , H04W12/068 , H04W12/35 , G06F15/173 , H04W12/77 , H04W88/02
Abstract: In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.
-
公开(公告)号:US20210211419A1
公开(公告)日:2021-07-08
申请号:US17087347
申请日:2020-11-02
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Nathan R. Fitch , Graeme D. Baer
Abstract: In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.
-
公开(公告)号:US10931442B1
公开(公告)日:2021-02-23
申请号:US16152885
申请日:2018-10-05
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Graeme D. Baer , Nathan R. Fitch , Eric D. Crahen , Eric J. Brandwine
Abstract: Client requests may be directed through a secret holding proxy system such that the secret holding proxy system may insert a secret into a client request before arriving at the destination. The insertion of a secret may include inserting a digital signature, token or other information that includes a secret or information based upon a secret, which may include secret exchange or authentication protocols. The secret holding proxy system may also remove secrets and/or transform incoming messages such that the client may transparently receive the underlying content of the message.
-
公开(公告)号:US10826892B2
公开(公告)日:2020-11-03
申请号:US15488357
申请日:2017-04-14
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Nathan R. Fitch , Graeme D. Baer
IPC: H04L29/06 , H04Q5/22 , H04W12/06 , G06F21/36 , G06F21/35 , H04W12/00 , H04L9/32 , G06F15/173 , H04W88/02
Abstract: In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.
-
公开(公告)号:US20170187521A1
公开(公告)日:2017-06-29
申请号:US14980033
申请日:2015-12-28
Applicant: Amazon Technologies, Inc.
Inventor: Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
IPC: H04L9/08
CPC classification number: H04L9/085 , H04L9/0825 , H04L9/3226 , H04L9/3234 , H04L9/3247 , H04L63/0428 , H04L63/06 , H04L67/02
Abstract: Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.
-
8.
公开(公告)号:US20150347763A1
公开(公告)日:2015-12-03
申请号:US14714982
申请日:2015-05-18
Applicant: Amazon Technologies, Inc.
Inventor: Gregory B. Roth , Eric D. Crahen , Graeme D. Baer , Eric J. Brandwine , Nathan R. Fitch
CPC classification number: G06F21/602 , G06F9/44505 , G06F9/45558 , G06F21/606 , G06F2009/45587 , G06Q30/06 , H04L63/0209 , H04L63/0428 , H04L63/0471 , H04L63/08 , H04L63/166
Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.
Abstract translation: 支持系统使用与guest虚拟机系统相关联的一组凭据代表多个客户系统协商安全连接。 安全连接的操作对客户系统可能是透明的,使得客系统可以发送和接收由诸如管理程序之类的支持系统加密或解密的消息。 由于支持系统在客户系统和目的地之间,支持系统可以充当安全连接的本地端点。 消息可以由支持系统改变以向客系统指示哪些通信被保护。 证书可以由支持系统管理,使得客户机系统不需要访问凭证。
-
公开(公告)号:US10313112B2
公开(公告)日:2019-06-04
申请号:US14980033
申请日:2015-12-28
Applicant: Amazon Technologies, Inc.
Inventor: Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
Abstract: Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.
-
公开(公告)号:US10110579B2
公开(公告)日:2018-10-23
申请号:US14834218
申请日:2015-08-24
Applicant: Amazon Technologies, Inc.
Inventor: Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
Abstract: Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.
-
-
-
-
-
-
-
-
-