公开(公告)号：US12003505B2

公开(公告)日：2024-06-04

申请号：US17113858

申请日：2020-12-07

Applicant: Amazon Technologies, Inc.

Inventor： Ramkishore Bhattacharyya ,  Rameez Loladia ,  William Alexander Stevenson ,  Ashutosh Thakur ,  Rodrigo Diaz Martin ,  Andrew John Kiggins ,  Xin Yi Liu

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L63/0861 ,  H04L9/3242 ,  H04L9/3247 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/061 ,  H04L63/0807

Abstract: Systems and methods are disclosed herein for enforcing digital signature on a token useable by a network-addressable device to invoke service calls on services of a service provider. A device platform service of the service provider may receive service calls from the network-addressable device and cause one or more operations to be performed by other services of the service provider in response to receiving a notification that the request is authentic. An authentication service analyses a fingerprint associated with a request submitted by the device and determines whether it is a match to a fingerprint generated from cryptographic authentication information provided by the user in connection with registering the network-addressable device.

公开(公告)号：US11552946B2

公开(公告)日：2023-01-10

申请号：US16852220

申请日：2020-04-17

Applicant: Amazon Technologies, Inc.

Inventor： Ramkishore Bhattacharyya ,  Amit J. Mhatre ,  Ashutosh Thakur ,  Atulya S. Beheray ,  Rameez Loladia

IPC: G06F7/04 ,  H04L9/32 ,  H04L29/06 ,  H04L9/40 ,  H04L9/14 ,  H04L9/30

Abstract: A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.

公开(公告)号：US10382203B1

公开(公告)日：2019-08-13

申请号：US15359506

申请日：2016-11-22

Applicant: Amazon Technologies, Inc.

Inventor： Rameez Loladia ,  Ashutosh Thakur ,  Julian Embry Herwitz

IPC: H04L29/06 ,  H04L9/32 ,  H04L29/08 ,  H04L9/14 ,  H04L9/30 ,  H04W12/06 ,  H04W12/04

Abstract: A three-way pairing handshake may include an internet-of-things (IoT) service sending an encrypted token to an IoT device in response to a request for a token from that IoT device. The encrypted token may store a service managed client identifier and a device identifier. The IoT device may share the encrypted token with a companion application on a mobile device. In turn, the companion application sends a pairing request to the IoT service which includes the encrypted token, along with a copy of the device identifier and the client identifier. The IoT service may validate the pairing request by decrypting the encrypted token included in the pairing request and verifying that the device identifier and the client identifier recovered from the decrypted token matches the device identifier and client identifier received in the pairing request.

公开(公告)号：US11190516B1

公开(公告)日：2021-11-30

申请号：US15686004

申请日：2017-08-24

Applicant: Amazon Technologies, Inc.

Inventor： Rameez Loladia

IPC: G06F7/04 ,  H04L29/06 ,  H04L9/32 ,  H04L9/08

Abstract: A technology is described for device communication with computing regions. An example method may include receiving a request for an identity token at a first computing region, where the identity token enables a device to communicate with a second computing region. In receiving the request, the device associated with the request may be authenticated using authentication credentials for the device. A determination may be made that the device is authorized to communicate with the second computing region and an identity token may be generated to indicate that the device is authorized to communicate with the second computing region. The identity token may be provided to the device and the device may present the identity token to the second computing region, allowing the device to communicate with the second computing region.

公开(公告)号：US10382213B1

公开(公告)日：2019-08-13

申请号：US15250709

申请日：2016-08-29

Applicant: Amazon Technologies, Inc.

Inventor： Mark Edward Rafn ,  Ashutosh Thakur ,  Rameez Loladia ,  James Christopher Sorenson, III ,  Christoph Saalfeld

IPC: H04L9/32

Abstract: A technology is provided for certificate authentication for registering a certificate in computing service environment. A request may be received to register a certificate authority (CA) certificate. A registration token associated with a customer account in a service provider environment may be generated to enable association of the customer account with the CA certificate and to authenticate a registration of the CA certificate. The registration token may be sent to a requester desiring to register the CA certificate. A verification certificate that contains the registration token and that is signed by a certificate authority (CA) of the CA certificate and the CA certificate that is signed by the CA may be received to register the CA certificate with the customer account within a service provider environment The CA certificate is persisted with the service provider environment after verifying the registration token is associated with the customer account and the CA certificate is signed by the CA.

公开(公告)号：US20170171182A1

公开(公告)日：2017-06-15

申请号：US14968697

申请日：2015-12-14

Applicant: Amazon Technologies, Inc.

Inventor： David Craig Yanacek ,  Rameez Loladia

IPC: H04L29/06 ,  H04L12/46 ,  H04L29/08

CPC classification number: H04L63/08 ,  H04L12/2818 ,  H04L12/4633 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/029 ,  H04L63/0876 ,  H04L63/101 ,  H04L63/105 ,  H04L63/166 ,  H04L67/28 ,  H04W4/70 ,  H04W12/08

Abstract: A device management service provide a centralized credential provisioning system which can instantiate a proxy device that facilitates remote connections between various computing devices and various client devices. The device management service can manage instances of proxy devices in a resource provider environment that are associated with various computing devices. When a client device requests to access a computing device, the device management service can identify an instance of a proxy device associated with the computing device. The instance of the proxy device and the computing device can be configured to securely connect using credentials exchanged through, and managed by, the device management service. The computing device can be instructed to connect to the instance of the proxy device, and the client device can be provided with access information for the instance of the proxy device.

公开(公告)号：US11088981B2

公开(公告)日：2021-08-10

申请号：US15716373

申请日：2017-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Richard David Young ,  Rameez Loladia ,  Shyam Krishnamoorthy ,  Nihal Chand Jain

IPC: G06F8/654 ,  H04L12/58

Abstract: A technology is provided for delivering a data object to device. Data delivery instructions to distribute a data object to a device may be received at a delivery service and include a storage location of the data object, a messaging topic, and a size of data receivable by the device. The data object is then divided into blocks corresponding to the size of data receivable by the device. A messaging topic is identified to which the device is subscribed via a messaging service. The blocks are sent to the device using the messaging topic and a network protocol installed on the device.

公开(公告)号：US20210092115A1

公开(公告)日：2021-03-25

申请号：US17113858

申请日：2020-12-07

Applicant: Amazon Technologies, Inc.

Inventor： Ramkishore Bhattacharyya ,  Rameez Loladia ,  William Alexander Stevenson ,  Ashutosh Thakur ,  Rodrigo Diaz Martin ,  Andrew John Kiggins ,  Xin Yi Liu

IPC: H04L29/06 ,  H04L9/32

Abstract: Systems and methods are disclosed herein for enforcing digital signature on a token useable by a network-addressable device to invoke service calls on services of a service provider. A device platform service of the service provider may receive service calls from the network-addressable device and cause one or more operations to be performed by other services of the service provider in response to receiving a notification that the request is authentic. An authentication service analyses a fingerprint associated with a request submitted by the device and determines whether it is a match to a fingerprint generated from cryptographic authentication information provided by the user in connection with registering the network-addressable device.

公开(公告)号：US10862883B1

公开(公告)日：2020-12-08

申请号：US15728341

申请日：2017-10-09

Applicant: Amazon Technologies, Inc.

Inventor： Ramkishore Bhattacharyya ,  Rameez Loladia ,  William Alexander Stevenson ,  Ashutosh Thakur ,  Rodrigo Diaz Martin ,  Andrew John Kiggins ,  Xin Yi Liu

IPC: H04L29/06 ,  H04L9/32

Abstract: Systems and methods are disclosed herein for enforcing digital signature on a token useable by a network-addressable device to invoke service calls on services of a service provider. A device platform service of the service provider may receive service calls from the network-addressable device and cause one or more operations to be performed by other services of the service provider in response to receiving a notification that the request is authentic. An authentication service analyses a fingerprint associated with a request submitted by the device and determines whether it is a match to a fingerprint generated from cryptographic authentication information provided by the user in connection with registering the network-addressable device.

公开(公告)号：US20190095505A1

公开(公告)日：2019-03-28

申请号：US15716365

申请日：2017-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Richard David Young ,  Rameez Loladia ,  Shyam Krishnamoorthy ,  Nihal Chand Jain

IPC: G06F17/30 ,  H04L29/08 ,  G06Q10/08

Abstract: A technology is provided for delivering a data object to device. Data delivery instructions to distribute a data object to a device may be received at a delivery service and include a storage location of the data object, a messaging topic, and a size of data receivable by the device. The data object is then divided into blocks corresponding to the size of data receivable by the device. A messaging topic is identified to which the device is subscribed via a messaging service. The blocks are sent to the device using the messaging topic and a network protocol installed on the device.