CLIENT ACCOUNT VERSIONING METADATA MANAGER FOR CLOUD COMPUTING ENVIRONMENTS

    公开(公告)号:US20200067791A1

    公开(公告)日:2020-02-27

    申请号:US16672146

    申请日:2019-11-01

    Abstract: Methods and apparatus for a client account versioning metadata manager for cloud computing environments are disclosed. A system includes a plurality of resources, a plurality of service managers coordinating respective multitenant network-accessible services, and a metadata manager. The metadata manager receives a multi-service account state view request. The metadata manager generates a representation of an administrative state of a client account indicated by the request with respect a plurality of services accessible by the client account, as of a time indicated in the request. The administrative state with respect to a particular service comprises an indication of an assignment to the client account of resources participating in implementation of the particular service.

    Browser security module
    2.
    发明授权

    公开(公告)号:US10313112B2

    公开(公告)日:2019-06-04

    申请号:US14980033

    申请日:2015-12-28

    Abstract: Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.

    Stateless and secure authentication

    公开(公告)号:US10110579B2

    公开(公告)日:2018-10-23

    申请号:US14834218

    申请日:2015-08-24

    Abstract: Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.

    ENTITY TO AUTHORIZE DELEGATION OF PERMISSIONS

    公开(公告)号:US20170272423A1

    公开(公告)日:2017-09-21

    申请号:US15610295

    申请日:2017-05-31

    CPC classification number: H04L63/08 G06F21/62 G06F2221/2141 H04L63/10

    Abstract: Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.

    Multi-user secret decay
    7.
    发明授权

    公开(公告)号:US10341359B2

    公开(公告)日:2019-07-02

    申请号:US14822586

    申请日:2015-08-10

    Abstract: Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.

    Multiple authority key derivation

    公开(公告)号:US10044503B1

    公开(公告)日:2018-08-07

    申请号:US14542492

    申请日:2014-11-14

    Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

    PROVISIONING A DEVICE TO BE AN AUTHENTICATION DEVICE

    公开(公告)号:US20170223014A1

    公开(公告)日:2017-08-03

    申请号:US15488357

    申请日:2017-04-14

    Abstract: In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.

Patent Agency Ranking