公开(公告)号：US20170250821A1

公开(公告)日：2017-08-31

申请号：US15597841

申请日：2017-05-17

Applicant: Amazon Technologies, Inc.

Inventor： David R. Richardson ,  Mustafa I. Abrar ,  Don Johnson ,  John Cormie ,  Bradley Eugene Marshall ,  Mark Joseph Cavage

IPC: H04L9/32 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L9/3247 ,  H04L63/101 ,  H04L63/126 ,  H04L63/20 ,  H04L67/1097

Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.

公开(公告)号：US09455975B2

公开(公告)日：2016-09-27

申请号：US14204124

申请日：2014-03-11

Applicant: Amazon Technologies, Inc.

Inventor： Marc J. Brooker ,  Mark Joseph Cavage ,  David Brown ,  Kevin Ross O'Neill ,  Eric Jason Brandwine ,  Christopher Richard Jacques de Kadt

IPC: H04L29/06 ,  G06F21/44 ,  H04L9/32

CPC classification number: H04L63/08 ,  G06F21/44 ,  H04L9/3247 ,  H04L63/10 ,  H04L63/20

Abstract: Systems and methods for managing credentials distribute the credentials to subsets of a set of collectively managed computing resources. The collectively managed computing resources may include one or more virtual machine instances. The credentials distributed to the computing resources may be used by the computing resources to perform one or more actions. Actions may include performing one or more functions in connection with configuration, management, and/or operation of the one or more resources, and/or access of other computing resources. The ability to use credentials may be changed based at least in part on the occurrence of one or more events.

Abstract translation: 用于管理凭据的系统和方法将凭证分发到一组共同管理的计算资源的子集。 共同管理的计算资源可以包括一个或多个虚拟机实例。 分配给计算资源的证书可以被计算资源用于执行一个或多个动作。 操作可以包括执行与一个或多个资源的配置，管理和/或操作有关的一个或多个功能，和/或其他计算资源的访问。 至少部分地基于一个或多个事件的发生来改变使用凭证的能力。

公开(公告)号：US20150319194A1

公开(公告)日：2015-11-05

申请号：US14800591

申请日：2015-07-15

Applicant: Amazon Technologies, Inc.

Inventor： David R. Richardson ,  Mustafa I. Abrar ,  Don Johnson ,  John Cormie ,  Bradley Eugene Marshall ,  Mark Joseph Cavage

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/32

CPC classification number: H04L9/3247 ,  H04L63/101 ,  H04L63/126 ,  H04L63/20 ,  H04L67/1097

Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.

Abstract translation: 提供了一种用于由CDN服务提供商管理安全内容的系统，方法和计算机可读介质。 网络存储提供商代表内容提供商存储一个或多个资源。 CDN服务提供商获得安全内容的客户端计算设备请求。 基于处理第一签名信息，CDN服务提供商确定安全内容是否可用于客户端计算设备。 如果CDN服务提供商不保持所请求的内容，则CDN服务提供商向网络存储提供商发送请求。 基于第二签名信息和与CDN服务提供商相关联的标识符，网络存储提供商处理与该标识符相关联的基于请求的策略信息。

公开(公告)号：US10785037B2

公开(公告)日：2020-09-22

申请号：US16195628

申请日：2018-11-19

Applicant: Amazon Technologies, Inc.

Inventor： David R. Richardson ,  Mustafa I. Abrar ,  Don Johnson ,  John Cormie ,  Bradley Eugene Marshall ,  Mark Joseph Cavage

IPC: H04L9/32 ,  H04L29/06

Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.

公开(公告)号：US10097531B2

公开(公告)日：2018-10-09

申请号：US15276691

申请日：2016-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Marc J. Brooker ,  Mark Joseph Cavage ,  David Brown ,  Kevin Ross O'Neill ,  Eric Jason Brandwine ,  Christopher Richard Jacques de Kadt

IPC: H04L29/06 ,  G06F21/45 ,  G06F21/44 ,  H04L9/32

Abstract: A plurality of virtual computing resources is detected to have been provisioned. Credentials are distributed to the plurality of virtual computing resources. A credentials map that maps the credentials to the plurality of virtual computing resources is updated. The credentials for the plurality of virtual computing resources are activated to enable the plurality of virtual computing resources to use the credentials to authenticate to a second computer system that manages a resource service, with the credentials being inaccessible to resources of the resource service. A virtual computing resource of the plurality of virtual computing resources is detected to been deprovisioned, and the credentials for the virtual computing resource are deactivated.

公开(公告)号：US20170012958A1

公开(公告)日：2017-01-12

申请号：US15276691

申请日：2016-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Marc J. Brooker ,  Mark Joseph Cavage ,  David Brown ,  Kevin Ross O'Neill ,  Eric Jason Brandwine ,  Christopher Richard Jacques de Kadt

IPC: H04L29/06 ,  G06F21/44

CPC classification number: H04L63/08 ,  G06F21/44 ,  H04L9/3247 ,  H04L63/10 ,  H04L63/20

Abstract: A plurality of virtual computing resources is detected to have been provisioned. Credentials are distributed to the plurality of virtual computing resources. A credentials map that maps the credentials to the plurality of virtual computing resources is updated. The credentials for the plurality of virtual computing resources are activated to enable the plurality of virtual computing resources to use the credentials to authenticate to a second computer system that manages a resource service, with the credentials being inaccessible to resources of the resource service. A virtual computing resource of the plurality of virtual computing resources is detected to been deprovisioned, and the credentials for the virtual computing resource are deactivated.

Abstract translation: 检测到多个虚拟计算资源被提供。 凭证分配给多个虚拟计算资源。 更新将凭证映射到多个虚拟计算资源的凭证图。 多个虚拟计算资源的凭证被激活，以使得多个虚拟计算资源能够使用证书来对管理资源服务的第二计算机系统进行身份验证，其中凭证对于资源服务的资源是不可访问的。 检测到多个虚拟计算资源的虚拟计算资源被取消配置，并且虚拟计算资源的凭证被去激活。

公开(公告)号：US09130756B2

公开(公告)日：2015-09-08

申请号：US13794415

申请日：2013-03-11

Applicant: Amazon Technologies, Inc.

Inventor： David R. Richardson ,  Mustafa I. Abrar ,  Don Johnson ,  John Cormie ,  Bradley E. Marshall ,  Mark Joseph Cavage

IPC: H04L29/06 ,  H04L9/32 ,  H04L29/08

CPC classification number: H04L9/3247 ,  H04L63/101 ,  H04L63/126 ,  H04L63/20 ,  H04L67/1097

Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.

Abstract translation: 提供了一种用于由CDN服务提供商管理安全内容的系统，方法和计算机可读介质。 网络存储提供商代表内容提供商存储一个或多个资源。 CDN服务提供商获得安全内容的客户端计算设备请求。 基于处理第一签名信息，CDN服务提供商确定安全内容是否可用于客户端计算设备。 如果CDN服务提供商不保持所请求的内容，则CDN服务提供商向网络存储提供商发送请求。 基于第二签名信息和与CDN服务提供商相关联的标识符，网络存储提供商处理与标识符相关联的基于请求的策略信息。

公开(公告)号：US20140196130A1

公开(公告)日：2014-07-10

申请号：US14204124

申请日：2014-03-11

Applicant: Amazon Technologies, Inc.

Inventor： Marc J. Brooker ,  Mark Joseph Cavage ,  David Brown ,  Kevin Ross O'Neill ,  Eric Jason Brandwine ,  Christopher Richard Jacques de Kadt

IPC: H04L29/06

CPC classification number: H04L63/08 ,  G06F21/44 ,  H04L9/3247 ,  H04L63/10 ,  H04L63/20

Abstract: Systems and methods for managing credentials distribute the credentials to subsets of a set of collectively managed computing resources. The collectively managed computing resources may include one or more virtual machine instances. The credentials distributed to the computing resources may be used by the computing resources to perform one or more actions. Actions may include performing one or more functions in connection with configuration, management, and/or operation of the one or more resources, and/or access of other computing resources. The ability to use credentials may be changed based at least in part on the occurrence of one or more events.

Abstract translation: 用于管理凭据的系统和方法将凭证分发到一组共同管理的计算资源的子集。 共同管理的计算资源可以包括一个或多个虚拟机实例。 分配给计算资源的证书可以被计算资源用于执行一个或多个动作。 操作可以包括执行与一个或多个资源的配置，管理和/或操作有关的一个或多个功能，和/或其他计算资源的访问。 至少部分地基于一个或多个事件的发生来改变使用凭证的能力。

公开(公告)号：US11658971B1

公开(公告)日：2023-05-23

申请号：US16427099

申请日：2019-05-30

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Ross O'Neill ,  Mark Joseph Cavage ,  Nathan R. Fitch ,  Anders Samuelsson ,  Brian Irl Pratt ,  Yunong Jeff Xiao ,  Bradley Jeffery Behm ,  James E. Scharf, Jr.

IPC: H04L9/40 ,  H04L41/28 ,  H04L67/00

CPC classification number: H04L63/10 ,  H04L41/28 ,  H04L63/0263 ,  H04L63/20 ,  H04L67/00 ,  H04L63/08 ,  H04L63/102

Abstract: Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.

公开(公告)号：US10313346B1

公开(公告)日：2019-06-04

申请号：US14553915

申请日：2014-11-25

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Ross O'Neill ,  Mark Joseph Cavage ,  Nathan R. Fitch ,  Anders Samuelsson ,  Brian Irl Pratt ,  Yunong Jeff Xiao ,  Bradley Jeffery Behm ,  James E. Scharf, Jr.

IPC: H04L29/06 ,  H04L12/24

Abstract: Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.