公开(公告)号：US09514324B1

公开(公告)日：2016-12-06

申请号：US14311027

申请日：2014-06-20

申请人： Amazon Technologies, Inc.

发明人： Nachiketh Rao Potlapally ,  Jonathan Matthew Miller ,  Eric Jason Brandwine ,  Stephen Edward Schmidt ,  Donald Lee Bailey, Jr.

IPC分类号： G06F21/62 ,  H04L29/06

CPC分类号： G06F21/6218 ,  G06F2221/2111 ,  H04L63/06 ,  H04L63/10

摘要： A computer-implemented method includes restricting access to customer data to certain geographic regions authorized by the customer. The restriction can be managed by associating policy information with the customer data that identifies the geographic regions authorized by the customer. Resources attempting to access the customer data can evaluate the policy information associated with the customer data with respect to the geographic location in which the resource is located to determine whether the resource is permitted to access the customer data. The restriction can also be managed by encrypting the customer data with a cryptographic key that corresponds to the customer and/or the authorized geographic regions.

摘要翻译： 计算机实现的方法包括将客户数据的访问限制到客户授权的某些地理区域。 可以通过将策略信息与识别客户授权的地理区域的客户数据相关联来管理该限制。 尝试访问客户数据的资源可以针对资源所在的地理位置评估与客户数据相关联的策略信息，以确定资源是否被允许访问客户数据。 也可以通过使用与客户和/或授权的地理区域对应的加密密钥加密客户数据来管理该限制。

公开(公告)号：US20190332786A1

公开(公告)日：2019-10-31

申请号：US16505586

申请日：2019-07-08

申请人： Amazon Technologies, Inc.

发明人： Eric Jason Brandwine ,  Stephen Edward Schmidt

IPC分类号： G06F21/62 ,  H04L29/06 ,  G06F21/50

摘要： A request to access a computing resource of a computing resource service provider is determined to be associated with specious data previously generated by the computing resource service provider. Information about an entity associated with the request is determined from the request. The information is provided to a breach detection system as notification of a potential attack against the computing resource service provider.

公开(公告)号：US10037257B1

公开(公告)日：2018-07-31

申请号：US15084251

申请日：2016-03-29

申请人： Amazon Technologies, Inc.

发明人： Adi Habusha ,  Eric Jason Brandwine ,  Stephen Edward Schmidt

IPC分类号： G06F11/30 ,  G06F13/42 ,  G06F3/06 ,  G06F21/57 ,  G06F21/55

CPC分类号： G06F11/3027 ,  G06F13/423 ,  G06F13/4282 ,  G06F21/55 ,  G06F21/57 ,  G06F21/85 ,  G06F2213/0024 ,  G06F2213/0026

摘要： Provided are methods and peripheral devices for examining local hardware and configuring a location-aware peripheral device accordingly. In some implementations, a peripheral device may be configured to examine, using a bus interface, another device connected to the bus. Examining may include determining characteristics of the other device. In some implementations, the peripheral device may further compare the determined characteristics against information derived from data stored in a memory of the peripheral device. The information may describe acceptable operating parameters for the computing system. In some implementations, the peripheral device may further determine, based on a result of the comparison, a status for the computing system. The status may indicate whether the computing system is operating within acceptable operating parameters. The status may direct an action by the peripheral device.

公开(公告)号：US11055425B2

公开(公告)日：2021-07-06

申请号：US16505586

申请日：2019-07-08

申请人： Amazon Technologies, Inc.

发明人： Eric Jason Brandwine ,  Stephen Edward Schmidt

IPC分类号： G06F21/62 ,  G06F21/50 ,  H04L29/06 ,  G06F21/55

摘要： A request to access a computing resource of a computing resource service provider is determined to be associated with specious data previously generated by the computing resource service provider. Information about an entity associated with the request is determined from the request. The information is provided to a breach detection system as notification of a potential attack against the computing resource service provider.

公开(公告)号：US10346623B1

公开(公告)日：2019-07-09

申请号：US14675347

申请日：2015-03-31

申请人： Amazon Technologies, Inc.

发明人： Eric Jason Brandwine ,  Stephen Edward Schmidt

IPC分类号： G06F21/62 ,  G06F21/50 ,  H04L29/06

摘要： A computing resource service provider may operate one or more services configured to provide customers with access to computing resources. Attackers may attempt to exfiltrate customer data from the one or more services. In order to prevent attackers from obtaining customer data the one or more services may provide specious data in response to an attack. The attack may be detected based at least in part on a set of triggers that indicate a likelihood of attack. The specious data may be configured to appear to the attacker as authentic customer data and/or that the attack is successful. Additionally, the specious data may be detectable by the one or more service, enabling the one or more service to collect additional data corresponding to the attack and/or attacker.