Patent search ap:("Amazon Technologies Page Inc.") AND inv:"Petre Eftime"

1.

发明公开
ISOLATED RUNTIME ENVIRONMENTS FOR SECURING SECRETS USED TO ACCESS REMOTE RESOURCES FROM COMPUTE INSTANCES 审中-公开

公开(公告)号：US20240095338A1

公开(公告)日：2024-03-21

申请号：US17810291

申请日：2022-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Joshua Benjamin Levinson , Colm MacCarthaigh , Alexander Graf , Iulia-Daniela Doras-Prodan , Petre Eftime

IPC: G06F21/53 , G06F9/455 , H04L9/08

CPC classification number: G06F21/53 , G06F9/455 , H04L9/0891 , G06F2221/2149

Abstract: An instance secrets management isolated runtime environment is launched at a virtualization server, and utilizes a subset of memory assigned to a compute instance. The subset of memory is inaccessible from entities external to the runtime environment. A secrets manager of the runtime environment provides a security artifact to an application, running at the compute instance, which has requested access to a resource. The artifact is generated by the secrets manager using a security secret associated with the compute instance; the secret is not accessible to programs external to the runtime environment. In response to a determination that the artifact is valid, the application obtains access to the resource.

2.

发明授权
Cryptographic artifact generation using virtualized security modules 有权

公开(公告)号：US11924336B1

公开(公告)日：2024-03-05

申请号：US17359240

申请日：2021-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Atul Khare , Deepak Gupta , Petre Eftime , Madalin Razvan Nastase

IPC: H04L9/08 , G06F9/455

CPC classification number: H04L9/0861 , G06F9/45558 , G06F2009/45587

Abstract: A pair of virtualized security device initialization data sets are received at a first virtualization server from respective sources prior to a launch of a compute instance at the server. A first virtualized security device is initialized using the data sets, and used to generate cryptographic artifacts used by the compute instance. A data item which was included in one of the data sets is modified after the cryptographic artifacts are generated. Additional cryptographic artifacts are generated by a second virtualized security device at a second virtualization server to which the compute instance has been migrated. The second virtualized security device is initialized using at least the modified data item.

Patent Agency Ranking