公开(公告)号：US12107892B1

公开(公告)日：2024-10-01

申请号：US17213592

申请日：2021-03-26

Applicant: Amazon Technologies, Inc.

Inventor： Atiye Alaeddini ,  Homer Strong

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/0263 ,  H04L63/0876 ,  H04L63/102

Abstract: An identity set may be selected from an identity pool of an identity management service. The identity set may be selected based on a threshold quantity of unnecessary permissions relative to one or more existing managed policies provided by the identity management service. The identity set may be grouped into a plurality of identity subsets. The grouping may be performed based at least in part on services accessed by the identity set. A plurality of candidate policies may be generated, such as by generating, for each identity subset of the plurality of identity subsets, based at least in part on a plurality of policy generation rules, a respective candidate policy. At least one candidate policy of the plurality of candidate policies may be selected as a new managed policy that is provided by the identity management service to users.

公开(公告)号：US20230216888A1

公开(公告)日：2023-07-06

申请号：US17362807

申请日：2021-06-29

Applicant: Amazon Technologies, Inc.

Inventor： Atiye Alaeddini ,  Homer Strong

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/101 ,  H04L63/102 ,  H04L63/08

Abstract: Identity management recommendations for use of existing policies are described herein. An available policy set of existing policies that are available to an identity may be determined. Selected permissions associated with permission-usage by the identity may be determined. It may be determined whether the available policy set includes one or more matching policy subsets that cover all the selected permissions without allowing any additional permissions. When the available policy set includes the one or more matching policy subsets, a first recommendation may be provided to attach, to the identity, at least one matching policy subset of the one or more matching policy subsets. When the available policy set does not include the one or more matching policy subsets, a second recommendation may be provided to attach, to the identity, one or more alternative policies.

公开(公告)号：US11803621B1

公开(公告)日：2023-10-31

申请号：US17218570

申请日：2021-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Homer Strong

IPC: G06F21/31 ,  G06F16/903 ,  G06F21/60

CPC classification number: G06F21/31 ,  G06F16/903 ,  G06F21/604

Abstract: Context information may be obtained associated with an error corresponding to an operation. The operation may be defined in a programmatic interface, such as a command line interface. The context information may include identity information regarding an identity that operates the programmatic interface, operation information regarding the operation, and result information regarding a result of the operation. A selected resolution interface type for a resolution interface to assist in resolving the error may be selected based at least in part on the context information. The selected resolution interface type may be a permissions search interface. Scenario-based contents of the resolution interface, such as search terms, may be determined, based at least in part on the context information. The resolution interface may be automatically launched. Input for resolving the error, such as selection of an appropriate permissions policy for attachment to the identity, may be received via the resolution interface.

公开(公告)号：US12238106B1

公开(公告)日：2025-02-25

申请号：US17547659

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Homer Strong ,  Lucie Klimosova

IPC: H04L29/06 ,  H04L9/40

Abstract: One or more indications may be received of a decision to deny an attempted access of a computing resource by an identity. A plurality of relevant policies may be determined whose permissions are evaluated as inputs to the decision to deny. One or more denial-related policies of the relevant policies may be determined that are associated with at least one of explicitly denying or implicitly denying the attempted access. One or more denial indications may be provided of the one or more denial-related policies. The one or more denial indications may include at least one explicit deny indication of at least one of the one or more denial-related policies that explicitly denies the attempted access. The one or more denial indications may also include at least one implicit deny indication of at least one of the one or more denial-related policies that implicitly denies the attempted access.

公开(公告)号：US12099591B1

公开(公告)日：2024-09-24

申请号：US17547786

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Homer Strong ,  Lucie Klimosova

IPC: G06F21/41 ,  G06F21/31

CPC classification number: G06F21/41 ,  G06F21/316

Abstract: One or more indications may be received of a decision to allow an access of a computing resource by an identity. A plurality of relevant policies may be determined whose permissions are evaluated as inputs to the decision to allow. One or more explicit allow policies of the plurality of relevant access permission policies may be determined that explicitly allow the access. At least one explicit allow indication may be provided of at least one of the one or more explicit allow policies. One or more acceptable properties of the plurality of relevant access permission policies may be determined that do not need to be modified to change the decision to allow the access. One or more acceptability indications may be provided of the one or more acceptable properties.

公开(公告)号：US11783325B1

公开(公告)日：2023-10-10

申请号：US17213513

申请日：2021-03-26

Applicant: Amazon Technologies, Inc.

Inventor： Homer Strong

IPC: H04L9/40 ,  G06Q20/38 ,  G06N7/01

CPC classification number: G06Q20/382 ,  G06N7/01 ,  H04L63/102

Abstract: A plurality of cross account resource accessibility instances may be identified in which a plurality of resources are accessible by a plurality of identities that are external to an account that controls the plurality of resources. A plurality of estimated occurrence probabilities of a plurality of links between the plurality of resources and the plurality of identities may be determined. A plurality of estimated removal probabilities of the plurality of cross account resource accessibility instances may be determined based at least in part on the plurality of estimated occurrence probabilities. A plurality of weights for the plurality of cross account resource accessibility instances may be generated based at least in part on the plurality of estimated removal probabilities. A prioritized display of a plurality of indications of the plurality of cross account resource accessibility instances may be provided based at least in part on the plurality of weights.

公开(公告)号：US20230216887A1

公开(公告)日：2023-07-06

申请号：US17107082

申请日：2020-11-30

Applicant: Amazon Technologies, Inc.

Inventor： Homer Strong ,  Brigid Ann Johnson ,  Mathangi Ramesh

IPC: H04L29/06 ,  G06N7/00

CPC classification number: H04L63/20 ,  G06N7/005

Abstract: A first permission allocated to a first identity may be identified. Permission usage information may be analyzed. The permission usage information may include permission usage history information and permission usage pattern data. An estimated probability of a future usage of the first permission by the first identity may be forecasted based, at least in part, on the permission usage information. A first recommendation relating to allocation of the first permission to the first identity may be determined based, at least in part, on the estimated probability. The first recommendation may be a recommendation for the first identity to retain the first permission or a recommendation to deallocate the first permission from the first identity. An indication of the first recommendation may be provided to a user.

公开(公告)号：US20230214681A1

公开(公告)日：2023-07-06

申请号：US17209782

申请日：2021-03-23

Applicant: Amazon Technologies, Inc.

Inventor： Homer Strong ,  Yigitcan Kaya

IPC: G06N5/04 ,  G06N20/00

CPC classification number: G06N5/04 ,  G06N20/00

Abstract: A machine learning model may generate a first recommendation relating to allocation of a first permission to an identity, wherein the first recommendation is a recommendation for the identity to retain the first permission or a recommendation to deallocate the first permission from the identity. A first indication of the first recommendation may be provided to one or more users. The machine learning model may, based on speculative execution, determine a first condition that, when attributed to the identity, causes changing of the first recommendation to a second recommendation relating to the allocation of the first permission to the identity, wherein the second recommendation differs from the first recommendation. A second indication may be provided, to the one or more users, that attribution of the first condition to the entity causes the changing of the first recommendation to the second recommendation.

公开(公告)号：US12177254B2

公开(公告)日：2024-12-24

申请号：US17362807

申请日：2021-06-29

Applicant: Amazon Technologies, Inc.

Inventor： Atiye Alaeddini ,  Homer Strong

IPC: H04L29/06 ,  H04L9/40

Abstract: Identity management recommendations for use of existing policies are described herein. An available policy set of existing policies that are available to an identity may be determined. Selected permissions associated with permission-usage by the identity may be determined. It may be determined whether the available policy set includes one or more matching policy subsets that cover all the selected permissions without allowing any additional permissions. When the available policy set includes the one or more matching policy subsets, a first recommendation may be provided to attach, to the identity, at least one matching policy subset of the one or more matching policy subsets. When the available policy set does not include the one or more matching policy subsets, a second recommendation may be provided to attach, to the identity, one or more alternative policies.

公开(公告)号：US11887021B1

公开(公告)日：2024-01-30

申请号：US16802876

申请日：2020-02-27

Applicant: Amazon Technologies, Inc.

Inventor： Matthew J. Bales ,  Kimberly Sue Houchens ,  Ralph Giovanni Caprio ,  Homer Strong ,  Nicola Preli ,  Michael Hodgkinson

IPC: G06Q50/28 ,  G06N20/00 ,  G06N5/04 ,  G06Q10/04 ,  G06F16/24 ,  G06Q10/0631 ,  G06F16/23

CPC classification number: G06Q50/28 ,  G06F16/2379 ,  G06F16/24 ,  G06N5/04 ,  G06N20/00 ,  G06Q10/043 ,  G06Q10/06315

Abstract: Techniques for improving packaging systems are described. In an example, a computer system receives item data from a workstation. The item data includes a description of an item. The workstation is configured to facilitate packaging of the item. Based at least in part on an input to the predictive model, the computer system generates a package decision indicating a package type associated with the packaging of the item. The input is based at least in part on the item data. The predictive model is trained based at least in part on damage data associated with packaging. The computer system sends the package decision to the workstation.