公开(公告)号：US20240340273A1

公开(公告)日：2024-10-10

申请号：US18745913

申请日：2024-06-17

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen ,  Matthew J. Campagna

IPC: H04L9/40 ,  H04L9/14

CPC classification number: H04L63/045 ,  H04L9/14 ,  H04L63/205

Abstract: A first computing system establishes a cryptographically protected communication session with a second computing system by proposing a hybrid cryptographic scheme. In response to the proposed hybrid cryptographic scheme, a second computing system transmits cryptographic materials to the first computing system, and the first computing system transmits cryptographic materials to the second computing system. Using the cryptographic materials, two or more cryptographic keys are derived. One cryptographic key is used to perform an inner cryptographic operation on one or more data items, and another cryptographic key is used to perform an outer cryptographic operation on the one or more data items that have been cryptographically protected by the inner cryptographic operation.

公开(公告)号：US11936796B1

公开(公告)日：2024-03-19

申请号：US16714496

申请日：2019-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen ,  Matthew Stephen Bullock ,  Daniel Ron Simon

IPC: G06F21/00 ,  G06F21/60 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L9/3268 ,  G06F21/602 ,  H04L9/3073 ,  H04L9/3221 ,  H04L9/3242

Abstract: Described implementations obtain credential information including an encrypted digital identity (ID). The encrypted digital ID may include a public component of a credential and identity data. Furthermore, the credential information may include cryptographically obfuscated data based on the identity data and a private component of the credential. A proof is obtained that includes proof data. The proof data may confirm that the credential information was correctly generated. Verification of the proof data, and confirmation that the cryptographically obfuscated data is not associated in a collection of cryptographically obfuscated data, cause a computer-implemented service to issue a pseudonym. The pseudonym is usable to generate a relationship associated with a computer-implemented service.

公开(公告)号：US11729002B2

公开(公告)日：2023-08-15

申请号：US17018192

申请日：2020-09-11

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L9/32 ,  G06F21/64 ,  H04L9/30 ,  G06F8/65

CPC classification number: H04L9/3247 ,  G06F8/65 ,  G06F21/64 ,  H04L9/30 ,  H04L9/3268

Abstract: A computer system obtains a request to apply a signed patch to a piece of signed executable code. The computer system determines whether the signed patch is allowed to be applied to the signed executable based on a set of patch policies. If the patch policies allow the patch to be applied, the patch is applied to the signed executable code. The computer system generates a new digital signature for the modified executable code thereby allowing the resulting signed patched executable code to be verified and executed by the computer system.

公开(公告)号：US11243879B2

公开(公告)日：2022-02-08

申请号：US16780107

申请日：2020-02-03

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F12/02 ,  G06F9/32

Abstract: Non-volatile devices may be configured such that a clear operation on a single bit clears an entire block of bits. The representation of particular data structures may be optimized to reduce the number of clear operations required to store the representation in non-volatile memory. A data schema may indicate that a data structure of an application may be optimized for storage in non-volatile memory. A translation layer may convert an application level representation of a data value associated with the data structure to an optimized storage representation of the data value before storing the optimized storage representation of the data value in non-volatile memory.

公开(公告)号：US11240042B2

公开(公告)日：2022-02-01

申请号：US16826973

申请日：2020-03-23

Applicant: Amazon Technologies, Inc.

Inventor： Slavka Praus ,  Matthew John Campagna ,  Nicholas Alexander Allen ,  Petr Praus

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: A first public key is generated based at least in part on a first plurality of signing keys and a second public key is generated based at least in part on a second plurality of signing keys. The signing keys may be used to generate digital signatures. The second public key may be made available to verify a digital signature generated using a signing key from the second plurality of signing keys. In some cases, a first Merkle tree may be formed by the first public key and the first plurality of signing keys, and a second Merkle tree may be formed by the second public key, the first public key, and the second plurality of signing keys.

公开(公告)号：US11075761B2

公开(公告)日：2021-07-27

申请号：US16666245

申请日：2019-10-28

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L9/32

Abstract: A secret is securely maintained on a virtualized computer system by configuring a specialized virtual machine to manage and maintain the secret on behalf of an application. When the application requests access to the secret, a controlling domain, in combination with the specialized virtual machine, validates that the application is authorized to make the request and that the application has not been compromised prior to making the request. If the request is validated, the controlling domain and the specialized virtual machine fulfill the request by providing the application with access to the secret.

公开(公告)号：US11023595B1

公开(公告)日：2021-06-01

申请号：US16213489

申请日：2018-12-07

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen ,  Matthew John Campagna ,  Xianrui Jeri Meng

IPC: G06F21/60 ,  G06F21/62 ,  G06F16/248 ,  G06F16/2455 ,  H04L9/08

Abstract: A requester submits a request to perform an encrypted search that is received by an encrypted search provider. The encrypted search provider processes the request and produces a set of intermediate results which are loaded onto a mobile computer system that includes a mobile power source. The mobile computer system is shipped to the requester, and while in transit to the requester, the mobile computer system processes the intermediate results to produce a completed search result. After the mobile computer system arrives at the requester, the mobile computer system provides the completed search result to the requester.

公开(公告)号：US10733036B2

公开(公告)日：2020-08-04

申请号：US15701203

申请日：2017-09-11

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: G06F9/54 ,  G06F8/30 ,  G06F9/451 ,  G06F9/50 ,  G06F11/30

Abstract: Systems and methods for generating a programmatic implementation based on a set of recorded Application Programming Interface (API) calls. One example includes determining an interval of time during which actions made on an interface associated with a session user account are made, obtaining a set of records from an API call log that indicates a set of API calls made during the interval of time, and generating a programmatic implementation that is usable to submit the set of API calls.

公开(公告)号：US20200220735A1

公开(公告)日：2020-07-09

申请号：US16826973

申请日：2020-03-23

Applicant: Amazon Technologies, Inc.

Inventor： Slavka Praus ,  Matthew John Campagna ,  Nicholas Alexander Allen ,  Petr Praus

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: A first public key is generated based at least in part on a first plurality of signing keys and a second public key is generated based at least in part on a second plurality of signing keys. The signing keys may be used to generate digital signatures. The second public key may be made available to verify a digital signature generated using a signing key from the second plurality of signing keys. In some cases, a first Merkle tree may be formed by the first public key and the first plurality of signing keys, and a second Merkle tree may be formed by the second public key, the first public key, and the second plurality of signing keys.

公开(公告)号：US10708162B1

公开(公告)日：2020-07-07

申请号：US14572621

申请日：2014-12-16

Applicant: Amazon Technologies, Inc.

Inventor： Nicholas Alexander Allen

IPC: H04L12/26 ,  H04L12/24

Abstract: Techniques described and suggested herein include observing, monitoring and storing sequence data and lag data associated with write and read operations between an application and a service, such as a service provided by a computing resource service provider, so as to simulate or otherwise derive consistency behavior observed therewith. The sequence data and/or lag data may be used to configure a service, such as a mock service similar to the observed service, to respond in a fashion similar to the previously monitored service.