公开(公告)号：US11652822B2

公开(公告)日：2023-05-16

申请号：US17119640

申请日：2020-12-11

Applicant: Amazon Technologies, Inc.

Inventor： Maciej Broda ,  Eric Jason Brandwine ,  Matthew Schwartz

IPC: H04L9/40 ,  H04L67/141

CPC classification number: H04L63/102 ,  H04L63/0218 ,  H04L63/0807 ,  H04L63/20 ,  H04L67/141

Abstract: Techniques for deperimeterized access control are described. A method of deperimeterized access control may include receiving, by a controller of a deperimeterized access control service, a single packet authorization (SPA) request for a session ticket from an agent on a electronic device, wherein the agent sends the request for the session ticket in response to intercepting traffic destined for a service associated with the deperimeterized access control service and determining that the agent does not have a session ticket for the service, authorizing the SPA request, providing a session ticket to the agent based on the request, receiving, by a gateway of the deperimeterized access control service, a request to initiate a session with a service, the request including the session ticket, validating the session ticket, and providing session parameters to the agent to be used to initiate the session between the electronic device and the service.

公开(公告)号：US12158939B1

公开(公告)日：2024-12-03

申请号：US17935500

申请日：2022-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Wesley Thomas Spears ,  David Ruysser Gabler ,  Maciej Broda ,  Yuk-Chung Eric Kam ,  Anis Bishara

IPC: G06F21/41 ,  G06F21/60 ,  H04L9/08 ,  H04L9/32

Abstract: A device, having executed a single sign-on operation, may maintain a private device key in volatile memory. A client application may request an authentication artifact as part of obtaining authentication credentials for the device. Responsive to the request, an artifact may be signed with the private device key to generate the requested authentication artifact. The single sign-on operation may be authenticated using an authentication device and a wrap key generated and applied by a secure cryptographic processor using an identifier based on an attestation certificate obtained from the authentication device after successful authentication. The wrap key may be used to decrypt the private device key stored on a persistent device storage.

公开(公告)号：US12265641B1

公开(公告)日：2025-04-01

申请号：US17957776

申请日：2022-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Matthew Michael Sommer ,  Bruce Sherrod ,  Maciej Broda ,  Laura Jane Hayward ,  Joe Stapleton

IPC: G06F21/62

Abstract: Captures or recordings of sensitive information or data displayed on screens or displays are detected by generating unique identifiers of users and embedding linked codes including such identifiers into the information or data. When the information or data is accessed by a user and displayed on a screen, and an image of the information or data is captured by a camera of a mobile device or other system, the camera detects a code within the images and requests to access a page or other networked resource associated with a link embedded in the code. Upon detecting a request to access such a page, the request may be attributed to the user. Upon detecting a unique identifier within an image depicting sensitive information, the image may be attributed to the user.

公开(公告)号：US11831638B1

公开(公告)日：2023-11-28

申请号：US17234372

申请日：2021-04-19

Applicant: Amazon Technologies, Inc.

Inventor： Evgeniy Retyunskiy ,  Colm MacCárthaigh ,  Maciej Broda ,  Matthew Schwartz

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/06 ,  H04L9/32

CPC classification number: H04L63/083 ,  H04L9/0643 ,  H04L9/3218

Abstract: Methods, systems, and computer-readable media for single-packet authorization using proof of work are disclosed. An access control service receives, from a client, a single-packet authorization (SPA) request. The (SPA) request comprises output of a proof-of-work task, wherein completion of the proof-of-work task requires computational resources or memory resources of the client. The access control service performs verification of the output of the proof-of-work task using fewer computational or memory resources of the access control service than were used by the client. In response to determining that verification of the output of the proof-of-work task succeeds, the access control service performs authentication of the SPA request. In response to determining that authentication of the SPA request succeeds, the access control service allows access by the client device to a service.