公开(公告)号：US20180139061A1

公开(公告)日：2018-05-17

申请号：US15870099

申请日：2018-01-12

Applicant: NETFLIX, INC.

Inventor： Kevin Glisson

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3268 ,  H04L9/321 ,  H04L63/062

Abstract: A certificate orchestration system for digital certificate and encryption key management is provided herein along with associated methods. The system includes a certificate orchestration server having a processing device in communication with a coupled storage system that is coupled to the certificate orchestration server. The system further includes an interface provided by the certificate orchestration server to a client device; and a database to store digital certificates and keys. The certificate orchestration server is configured to receive a request from the client device to generate a public key, receive the public key from a third-party certificate authority system over an external network, store the public key in the coupled storage system. The coupled storage system is not directly connected to the client device.

公开(公告)号：US20170099292A1

公开(公告)日：2017-04-06

申请号：US14876629

申请日：2015-10-06

Applicant: NETFLIX, INC.

Inventor： Patrick Kelley ,  Ben Hagen ,  Jason Chan ,  Kevin Glisson

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/10 ,  H04L63/20 ,  H04L67/10 ,  H04L67/306

Abstract: Provided herein are systems and methods of managing permissions for applications deployed in a distributed computing infrastructure. An exemplary system includes an access management server having a processing device, a distributed computing infrastructure in communication with the management server having a plurality of resource instances and a request log, an administration system having a security application executing thereon. The security application has access policies associated with each of a plurality of applications. The processing device of the management server: receives application request information from the request log describing requests made by a first application being monitored by the access management server. The management server receives an access policy describing a set of accessible APIs associated with the first application from the security application and determines that access to a first API of the set should be removed, and modifies the access policy to remove access to the first API.

公开(公告)号：US09871662B2

公开(公告)日：2018-01-16

申请号：US14865698

申请日：2015-09-25

Applicant: NETFLIX, INC.

Inventor： Kevin Glisson

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L9/3268 ,  H04L9/321 ,  H04L63/062

Abstract: A certificate orchestration system for digital certificate and encryption key management is provided herein along with associated methods. The system includes a certificate orchestration server having a processing device in communication with a coupled storage system that is coupled to the certificate orchestration server. The system further includes an interface provided by the certificate orchestration server to a client device; and a database to store digital certificates and keys. The certificate orchestration server is configured to receive a request from the client device to generate a digital certificate and an associated public key, receive the digital certificate and associated public key from a third-party certificate authority system over an external network, store the digital certificate and public key in the coupled storage system. The coupled storage system is not directly connected to the client device.

公开(公告)号：US20170093587A1

公开(公告)日：2017-03-30

申请号：US14865698

申请日：2015-09-25

Applicant: NETFLIX, INC.

Inventor： Kevin Glisson

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L9/321 ,  H04L63/062

Abstract: A certificate orchestration system for digital certificate and encryption key management is provided herein along with associated methods. The system includes a certificate orchestration server having a processing device in communication with a coupled storage system that is coupled to the certificate orchestration server. The system further includes an interface provided by the certificate orchestration server to a client device; and a database to store digital certificates and keys. The certificate orchestration server is configured to receive a request from the client device to generate a digital certificate and an associated public key, receive the digital certificate and associated public key from a third-party certificate authority system over an external network, store the digital certificate and public key in the coupled storage system. The coupled storage system is not directly connected to the client device.

公开(公告)号：US11483325B2

公开(公告)日：2022-10-25

申请号：US16514687

申请日：2019-07-17

Applicant: NETFLIX, INC.

Inventor： Forest Monsen ,  Kevin Glisson

IPC: H04L9/40 ,  G06F16/903 ,  G06N20/00 ,  G06N5/04

Abstract: In various embodiments, a forensic scoping application analyzes host instances in order to detect anomalies. The forensic scoping application acquires a snapshot for each host instance included in an instance group. Each snapshot represents a current operational state of the associated host instance. Subsequently, the forensic scoping application performs clustering operation(s) based on the snapshots to generate a set of clusters. The forensic scoping application determines that a first cluster in the set of clusters is associated with fewer host instances than at least a second cluster in the set of clusters. Based on the first cluster, the forensic scoping application determines that a first host instance included in the instance group is operating in an anomalous fashion. Advantageously, efficiently determining host instances that are operating in an anomalous fashion during a security attack can reduce the amount of damage caused by the security attack.

公开(公告)号：US09825956B2

公开(公告)日：2017-11-21

申请号：US14876629

申请日：2015-10-06

Applicant: NETFLIX, INC.

Inventor： Patrick Kelley ,  Ben Hagen ,  Jason Chan ,  Kevin Glisson

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/10 ,  H04L63/20 ,  H04L67/10 ,  H04L67/306

Abstract: Provided herein are systems and methods of managing permissions for applications deployed in a distributed computing infrastructure. An exemplary system includes an access management server having a processing device, a distributed computing infrastructure in communication with the management server having a plurality of resource instances and a request log, an administration system having a security application executing thereon. The security application has access policies associated with each of a plurality of applications. The processing device of the management server: receives application request information from the request log describing requests made by a first application being monitored by the access management server. The management server receives an access policy describing a set of accessible APIs associated with the first application from the security application and determines that access to a first API of the set should be removed, and modifies the access policy to remove access to the first API.