公开(公告)号：US20170013013A1

公开(公告)日：2017-01-12

申请号：US14885228

申请日：2015-10-16

Applicant: Amazon Technologies, Inc.

Inventor： Jesper M. Johansson

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/1466 ,  G06F21/31 ,  G06F21/72 ,  H04L9/321 ,  H04L9/3263 ,  H04L63/0869 ,  H04L63/10 ,  H04L63/166

Abstract: Disclosed are various embodiments of techniques that may be used to improve the reliability of network authentication. A communication session is established between a server computing device and a client computing device. The communication session is established via a network using a credential for a network site. A verifier for the credential is generated, which may be used to confirm the authenticity of the credential. The verifier is provided to the client computing device via the network.

Abstract translation: 公开了可以用于提高网络认证的可靠性的技术的各种实施例。 在服务器计算设备和客户端计算设备之间建立通信会话。 该通信会话是通过使用网络凭证的网络建立的。 生成用于证书的验证者，其可用于确认证书的真实性。 验证者通过网络提供给客户端计算设备。

公开(公告)号：US09361457B1

公开(公告)日：2016-06-07

申请号：US14616143

申请日：2015-02-06

Applicant: Amazon Technologies, Inc.

Inventor： Harsha Ramalingam ,  Timothy Mark Edward Bollefer ,  Dominique I. Brezinkski ,  Jesper M. Johansson ,  James C. Petts

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/56 ,  G06F17/30 ,  H04L12/66 ,  G06F13/00

CPC classification number: G06F21/56 ,  G06F17/30864 ,  G06F21/55 ,  G06F2221/034 ,  H04L63/1416 ,  H04L63/1491

Abstract: Disclosed are various embodiments for identifying a table of non-decoy data matching a set of criteria. Decoy data is inserted into the table of non-decoy data. The decoy data is detected in a result comprising the decoy data, the result generated in response to an access of the data store. An alarm is generated based at least upon the result.

公开(公告)号：US09898621B2

公开(公告)日：2018-02-20

申请号：US15044684

申请日：2016-02-16

Applicant: Amazon Technologies, Inc.

Inventor： Jesper M. Johansson ,  Darren E. Canavor

IPC: G06F17/30 ,  G06F21/62 ,  H04L29/06 ,  G06F21/31

CPC classification number: G06F21/6254 ,  G06F17/30 ,  G06F21/31 ,  G06F2221/2141 ,  H04L63/0421 ,  H04L63/08

Abstract: Disclosed are various embodiments for facilitating the anonymization of unique entity information. A service may send anonymized responses to requests for data from multiple requestors, the data being associated with entity identifiers. The anonymized responses may comprise the data requested in association with anonymous entity identifiers as opposed to the entity identifiers.

公开(公告)号：US09778939B2

公开(公告)日：2017-10-03

申请号：US15229043

申请日：2016-08-04

Applicant: Amazon Technologies, Inc.

Inventor： Jesper M. Johansson ,  Matthew T. Corddry ,  Tom F. Hansen ,  Luke F. Kearney

IPC: H04L9/00 ,  G06F9/44 ,  H04L29/06 ,  G06F21/33 ,  H04L9/32

CPC classification number: G06F9/4416 ,  G06F9/4406 ,  G06F21/33 ,  H04L9/3268 ,  H04L29/06 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0876 ,  H04L63/10 ,  H04L2209/64

Abstract: Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.

公开(公告)号：US09705915B2

公开(公告)日：2017-07-11

申请号：US14885228

申请日：2015-10-16

Applicant: Amazon Technologies, Inc.

Inventor： Jesper M. Johansson

IPC: H04L29/06 ,  G06F21/31 ,  G06F21/72 ,  H04L9/32

CPC classification number: H04L63/1466 ,  G06F21/31 ,  G06F21/72 ,  H04L9/321 ,  H04L9/3263 ,  H04L63/0869 ,  H04L63/10 ,  H04L63/166

Abstract: Disclosed are various embodiments of techniques that may be used to improve the reliability of network authentication. A communication session is established between a server computing device and a client computing device. The communication session is established via a network using a credential for a network site. A verifier for the credential is generated, which may be used to confirm the authenticity of the credential. The verifier is provided to the client computing device via the network.

公开(公告)号：US09001977B1

公开(公告)日：2015-04-07

申请号：US13682596

申请日：2012-11-20

Applicant: Amazon Technologies, Inc.

Inventor： Harsha Ramalingam ,  Jesper M. Johansson ,  Bhavnish H. Lathia

IPC: H04M1/64 ,  H04M3/38

CPC classification number: H04M3/385

Abstract: This disclosure is directed to, in part, providing information about a user to a requesting party where the information is provided by an identity provider that has a preexisting relationship with the user. The user may request the identity provider to provide the information to the relying party using an interactive voice response (IVR) system. After the relying party requests the user's account information, the user may be redirected, at least momentarily, to an IVR system provided by the identity provider. The IVR system may authenticate the user. Once authenticated, the identity provider may provide the user information to the relying party. By authenticating the user, the identity provider may provide the user information to the relying party without compromising user credentials or other private or sensitive information of the user.

Abstract translation: 本公开部分地涉及将关于用户的信息提供给请求方，其中信息由与用户具有预先存在关系的身份提供者提供。 用户可以请求身份提供者使用交互式语音响应（IVR）系统向依赖方提供信息。 在依赖方请求用户的帐户信息之后，用户可以被至少暂时重定向到由身份提供商提供的IVR系统。 IVR系统可以认证用户。 一旦认证，身份提供者可以向依赖方提供用户信息。 通过对用户进行身份验证，身份提供者可以将用户信息提供给依赖方，而不会影响用户的用户凭证或其他私人或敏感信息。

公开(公告)号：US10678555B2

公开(公告)日：2020-06-09

申请号：US15722777

申请日：2017-10-02

Applicant: Amazon Technologies, Inc.

Inventor： Jesper M. Johansson ,  Matthew T. Corddry ,  Tom F. Hansen ,  Luke F. Kearney

IPC: H04L29/06 ,  G06F9/4401 ,  G06F21/33 ,  H04L9/32

Abstract: Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.

公开(公告)号：US09990481B2

公开(公告)日：2018-06-05

申请号：US14727183

申请日：2015-06-01

Applicant: Amazon Technologies, Inc.

Inventor： Jesper M. Johansson ,  George N. Stathakopoulos

IPC: G06F21/31 ,  H04L29/06

CPC classification number: G06F21/316 ,  H04L63/083 ,  H04L63/10

Abstract: Disclosed are various embodiments for a behavior-based identity system that recognizes and/or authenticates users based at least in part on determining stored behavioral events. For example, stored behavioral events may have been observed previously at a client or have been predefined by an authenticated user. Multiple behavioral events expressed by the client relative to a network site are recorded. The behavioral events may correspond to data that a user has elected to share, and the user may opt-in or opt-out of the behavior-based identity system. A comparison is performed between the multiple observed behavioral events and the stored behavioral events associated with a user identity. An inverse identity confidence score as to whether the user identity does not belong to a user at the client is generated based at least in part on the comparison.

公开(公告)号：US20150261945A1

公开(公告)日：2015-09-17

申请号：US14727183

申请日：2015-06-01

Applicant: Amazon Technologies, Inc.

Inventor： Jesper M. Johansson ,  George N. Stathakopoulos

IPC: G06F21/31 ,  H04L29/06

CPC classification number: G06F21/316 ,  H04L63/083 ,  H04L63/10

Abstract: Disclosed are various embodiments for a behavior-based identity system that recognizes and/or authenticates users based at least in part on determining stored behavioral events. For example, stored behavioral events may have been observed previously at a client or have been predefined by an authenticated user. Multiple behavioral events expressed by the client relative to a network site are recorded. The behavioral events may correspond to data that a user has elected to share, and the user may opt-in or opt-out of the behavior-based identity system. A comparison is performed between the multiple observed behavioral events and the stored behavioral events associated with a user identity. An inverse identity confidence score as to whether the user identity does not belong to a user at the client is generated based at least in part on the comparison.

Abstract translation: 公开了用于至少部分地基于确定存储的行为事件来识别和/或认证用户的基于行为的身份系统的各种实施例。 例如，存储的行为事件可以先前在客户端观察到，或已被认证的用户预定义。 记录客户端相对于网站表示的多个行为事件。 行为事件可以对应于用户选择共享的数据，并且用户可以选择或选择退出基于行为的身份系统。 在多个观察到的行为事件和与用户身份相关联的存储的行为事件之间进行比较。 至少部分地基于比较来生成关于用户身份是否不属于客户端的用户的逆身份置信度得分。

公开(公告)号：US09015485B1

公开(公告)日：2015-04-21

申请号：US14176544

申请日：2014-02-10

Applicant: Amazon Technologies, Inc.

Inventor： Jesper M. Johansson ,  Darren E. Canavor ,  Daniel W. Hitchcock

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/51 ,  G06F21/30

CPC classification number: H04L63/08 ,  G06F21/30 ,  G06F21/31 ,  G06F21/51 ,  G06F2221/2139 ,  H04L63/083

Abstract: Disclosed are various embodiments that perform confidence-based authentication of a user. A request from a user is obtained, where the request pertains to an operation on a network site. An authentication duration for the user is determined, based on a risk to the user of performing the operation. A determination is made whether a current session associated with the user has expired, based on the authentication duration. The operation requested by the user is performed in response to the determination that the current session associated with the user has expired.

Abstract translation: 公开了执行用户的基于置信度的认证的各种实施例。 获得来自用户的请求，其中请求涉及网络站点上的操作。 基于用户执行操作的风险来确定用户的认证持续时间。 基于认证持续时间确定与用户相关联的当前会话是否已经过期。 响应于与用户相关联的当前会话已经到期的确定来执行用户请求的操作。