-
公开(公告)号:US20220217182A1
公开(公告)日:2022-07-07
申请号:US17706320
申请日:2022-03-28
Applicant: Amazon Technologies, Inc.
Inventor: Justin Paul Yancey
IPC: H04L9/40
Abstract: Security policies can be dynamically updated in response to changes in endpoints associated with those policies. A user can indicate one or more regions or networks from which access is to be granted under a specific security policy. The user can subscribe to receive notifications upon a change relating to those endpoints, such as the addition or removal of one or more endpoints. When a change is detected, new policy information can be generated automatically and published for subscribed policies, which can then have the updates applied automatically or provided for manual review and application. Such a process enables access determinations to be made based upon up-to-date endpoint information.
-
公开(公告)号:US12301629B2
公开(公告)日:2025-05-13
申请号:US17706320
申请日:2022-03-28
Applicant: Amazon Technologies, Inc.
Inventor: Justin Paul Yancey
IPC: H04L9/40
Abstract: Security policies can be dynamically updated in response to changes in endpoints associated with those policies. A user can indicate one or more regions or networks from which access is to be granted under a specific security policy. The user can subscribe to receive notifications upon a change relating to those endpoints, such as the addition or removal of one or more endpoints. When a change is detected, new policy information can be generated automatically and published for subscribed policies, which can then have the updates applied automatically or provided for manual review and application. Such a process enables access determinations to be made based upon up-to-date endpoint information.
-
公开(公告)号:US11503012B1
公开(公告)日:2022-11-15
申请号:US16456770
申请日:2019-06-28
Applicant: Amazon Technologies, Inc.
Inventor: Justin Paul Yancey , Jack A. Drooger , Beau Jared Hunter , Harvir Singh
IPC: H04L9/40
Abstract: A service or load balancer may use the techniques herein to perform client authentication using a certificate-based identity provider. A client may send a request for access to a service of the provider network. In response, the service or a load balancer may redirect the request to a certificate-based identity provider in accordance with a standard identity protocol (e.g., a federated identity protocol such as the protocol for OpenID Connect (OIDC)). The certificate-based identity provider may obtain a client certificate and validate the client certificate. The identity provider may also obtain and verify other credentials. In response to validating the client certificate (and in some cases authenticating the credentials), the certificate-based identity provider may generate and sign an identity token and redirect the client back to the service in accordance with the identity protocol.
-
公开(公告)号:US12238085B1
公开(公告)日:2025-02-25
申请号:US16588980
申请日:2019-09-30
Applicant: Amazon Technologies, Inc.
Inventor: Justin Paul Yancey , Jack A. Drooger , Sanjay Dey
IPC: H04L9/40
Abstract: A device management service may enforce compliance of remote devices with device specifications by disabling or enabling use of client certificates by applications installed on the devices. The device management service receives configuration data from an agent installed on the remote device. If the device management service determines that the device is no longer compliant with specifications for the device, then the device management service may prevent subsequent use of client certificate(s) by applications on the device to establish certificate-based connections. For example, the device management service may disable or revoke a client certificate or may instruct the device to disable or remove the client certificate. If the device becomes compliant at a subsequent time, then the device management service may enable the client certificate or cause a new client certificate to be sent to the device.
-
公开(公告)号:US20250007959A1
公开(公告)日:2025-01-02
申请号:US18882354
申请日:2024-09-11
Applicant: Amazon Technologies, Inc.
Inventor: Justin Paul Yancey
IPC: H04L9/40
Abstract: Security policies can be dynamically updated in response to changes in endpoints associated with those policies. A user can indicate one or more regions or networks from which access is to be granted under a specific security policy. The user can subscribe to receive notifications upon a change relating to those endpoints, such as the addition or removal of one or more endpoints. When a change is detected, new policy information can be generated automatically and published for subscribed policies, which can then have the updates applied automatically or provided for manual review and application. Such a process enables access determinations to be made based upon up-to-date endpoint information.
-
Patent Agency Ranking
公开(公告)号:US11683349B2
公开(公告)日:2023-06-20
申请号:US17104905
申请日:2020-11-25
Applicant: Amazon Technologies, Inc.
Inventor: Justin Paul Yancey
IPC: H04L9/40
CPC classification number: H04L63/205 , H04L63/0227 , H04L63/101 , H04L63/107 , H04L63/108 , H04L63/20
Abstract: Security policies can be dynamically updated in response to changes in endpoints associated with those policies. A user can indicate one or more regions or networks from which access is to be granted under a specific security policy. The user can subscribe to receive notifications upon a change relating to those endpoints, such as the addition or removal of one or more endpoints. When a change is detected, new policy information can be generated automatically and published for subscribed policies, which can then have the updates applied automatically or provided for manual review and application. Such a process enables access determinations to be made based upon up-to-date endpoint information.
-
7.发明公开公开(公告)号:US20230299980A1
公开(公告)日:2023-09-21
申请号:US18321540
申请日:2023-05-22
Applicant: Amazon Technologies, Inc.
Inventor: Justin Paul Yancey
CPC classification number: H04L9/3268 , G06F16/27 , G06F16/2282
Abstract: A certificate revocation manager performs scheduled synchronization of a certificate revocation table with certificate revocation lists (CRLs) independent of connection requests from clients. The certificate revocation table includes entries that each indicate a client certificate that has been revoked by a certificate authority (CA). On a scheduled basis, the certificate revocation manager synchronizes the entries of the certificate revocation table with current CRLs obtained from different CAs. When a service at receives a request from a client to establish a connection, the service generates a composite key based on a CA identifier and a certificate identifier of a client certificate provided by the client. The service performs a lookup on the certificate revocation table based on the composite key. Based on a result of the lookup, the certificate revocation manager determines whether the client certificate is revoked.
-
公开(公告)号:US20230283644A1
公开(公告)日:2023-09-07
申请号:US18196269
申请日:2023-05-11
Applicant: Amazon Technologies, Inc.
Inventor: Justin Paul Yancey
IPC: H04L9/40
CPC classification number: H04L63/205 , H04L63/101 , H04L63/107 , H04L63/20 , H04L63/108 , H04L63/0227
Abstract: Security policies can be dynamically updated in response to changes in endpoints associated with those policies. A user can indicate one or more regions or networks from which access is to be granted under a specific security policy. The user can subscribe to receive notifications upon a change relating to those endpoints, such as the addition or removal of one or more endpoints. When a change is detected, new policy information can be generated automatically and published for subscribed policies, which can then have the updates applied automatically or provided for manual review and application. Such a process enables access determinations to be made based upon up-to-date endpoint information.
-
公开(公告)号:US10708269B1
公开(公告)日:2020-07-07
申请号:US15783123
申请日:2017-10-13
Applicant: Amazon Technologies, Inc.
Inventor: Justin Paul Yancey
Abstract: A method and system for managing requests from a customer system domain, the requests for access to an application executed by a web service in a cloud computing environment. In one embodiment, an access management system includes an authentication layer and an authorization layer. The authentication layer includes a proxy web service to receive a request for access to an application according to a membership-based authentication protocol and generate an object to be passed to an interface of the web-based execution platform. A second object is generated including user identity and membership information. The second object is configured with a protocol that enables processing by the web-based execution platform. The web-based execution platform receives the second object, extracts the authentication information in the second protocol, and translates the authentication information of the second object back into the first object as in the original request. Using the first object, the application determines a validity of the request.
-
公开(公告)号:US12132764B2
公开(公告)日:2024-10-29
申请号:US18196269
申请日:2023-05-11
Applicant: Amazon Technologies, Inc.
Inventor: Justin Paul Yancey
IPC: H04L9/40
CPC classification number: H04L63/205 , H04L63/0227 , H04L63/101 , H04L63/107 , H04L63/108 , H04L63/20
Abstract: Security policies can be dynamically updated in response to changes in endpoints associated with those policies. A user can indicate one or more regions or networks from which access is to be granted under a specific security policy. The user can subscribe to receive notifications upon a change relating to those endpoints, such as the addition or removal of one or more endpoints. When a change is detected, new policy information can be generated automatically and published for subscribed policies, which can then have the updates applied automatically or provided for manual review and application. Such a process enables access determinations to be made based upon up-to-date endpoint information.
-
-
-
-
-
-
-
-
-
Search Results
13
records
(took 0.017 seconds)
