公开(公告)号：US20170099299A1

公开(公告)日：2017-04-06

申请号：US15384182

申请日：2016-12-19

Applicant: Amazon Technologies, Inc.

Inventor： Wesley Marlin Sutton ,  Apolak Borthakur ,  Derek Avery Lyon ,  Raviprasad Venkatesha Murthy Mummidi ,  Karthikeyan Natarajan

IPC: H04L29/06

CPC classification number: H04L63/105 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/10

Abstract: A computing resource service provider may receive, from a user client connected to an on-premises network, a security document specifying one or more user roles defining a level of access to customer resources within the on-premises network. In response, the service provider may generate and provide the user client with a cookie specifying the user roles and including an address for an interface within the service provider network. The service provider may receive a request from the user client to access one or more customer resources hosted by the service provider. The request may include the cookie previously provided to the user client. Accordingly, the service provider may extract the user roles from the cookie and determine, based at least in part on these user roles, whether to fulfill the user client request.

公开(公告)号：US09531719B1

公开(公告)日：2016-12-27

申请号：US14265158

申请日：2014-04-29

Applicant: Amazon Technologies, Inc.

Inventor： Wesley Marlin Sutton ,  Apolak Borthakur ,  Derek Avery Lyon ,  Raviprasad Venkatesha Murthy Mummidi ,  Karthikeyan Natarajan

IPC: H04L29/06

CPC classification number: H04L63/105 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/10

Abstract: A computing resource service provider may receive, from a user client connected to an on-premises network, a security document specifying one or more user roles defining a level of access to customer resources within the on-premises network. In response, the service provider may generate and provide the user client with a cookie specifying the user roles and including an address for an interface within the service provider network. The service provider may receive a request from the user client to access one or more customer resources hosted by the service provider. The request may include the cookie previously provided to the user client. Accordingly, the service provider may extract the user roles from the cookie and determine, based at least in part on these user roles, whether to fulfill the user client request.

Abstract translation: 计算资源服务提供商可以从连接到内部部署网络的用户客户端接收指定一个或多个用户角色的安全文档，该用户角色定义对本地网络内的客户资源的访问级别。 作为响应，服务提供商可以生成并向用户客户端提供指定用户角色并且包括服务提供商网络内的接口的地址的cookie。 服务提供商可以接收来自用户客户端的访问由服务提供商托管的一个或多个客户资源的请求。 该请求可以包括之前提供给用户客户端的cookie。 因此，服务提供商可以从cookie提取用户角色，并且至少部分地基于这些用户角色来确定是否满足用户客户端请求。

公开(公告)号：US10362039B2

公开(公告)日：2019-07-23

申请号：US15384182

申请日：2016-12-19

Applicant: Amazon Technologies, Inc.

Inventor： Wesley Marlin Sutton ,  Apolak Borthakur ,  Derek Avery Lyon ,  Raviprasad Venkatesha Murthy Mummidi ,  Karthikeyan Natarajan

IPC: H04L29/06

Abstract: A computing resource service provider may receive, from a user client connected to an on-premises network, a security document specifying one or more user roles defining a level of access to customer resources within the on-premises network. In response, the service provider may generate and provide the user client with a cookie specifying the user roles and including an address for an interface within the service provider network. The service provider may receive a request from the user client to access one or more customer resources hosted by the service provider. The request may include the cookie previously provided to the user client. Accordingly, the service provider may extract the user roles from the cookie and determine, based at least in part on these user roles, whether to fulfill the user client request.

公开(公告)号：US09778952B1

公开(公告)日：2017-10-03

申请号：US14317542

申请日：2014-06-27

Applicant: Amazon Technologies, Inc.

Inventor： Wesley Marlin Sutton ,  Raviprasad Venkatesha Murthy Mummidi ,  Karthikeyan Natarajan ,  Long Kim Do ,  Derek Avery Lyon ,  Keshav Sethi Attrey ,  Hariharan Subramanian

IPC: G06F3/00 ,  G06F9/44 ,  G06F9/46 ,  G06F13/00 ,  G06F9/48 ,  G06F9/54 ,  G06F3/0484

CPC classification number: G06F9/4856 ,  G06F8/36 ,  G06F9/45558 ,  G06F9/541 ,  G06F2009/45562 ,  G06F2009/4557

Abstract: A customer network client detects, through a user interface, selection of a graphical representation of a set of virtual machine images and an indication to migrate this set of virtual machine images to an off-premises network managed by a computing resource service provider. In response, the client generates a set of application programming interface calls, which may be transmitted to the service provider and causes the service provider to convert the selected images for use within the off-premises network. The client monitors fulfillment of the calls and, upon determining that the calls has been fulfilled, updates a portion of the user interface associated with the computing resource service provider to indicate that the images may be instantiated within the off-premises network.