| 发明名称 | Security mechanism evaluation service | ||
| 摘要 | Methods and apparatus for a security mechanism evaluation service are disclosed. A storage medium stores program instructions that when executed on a processor define a programmatic interface enabling a client to submit an evaluation request for a security mechanism. On receiving an evaluation request from a client indicating a particular security mechanism using public-key encryption, the instructions when executed, identify resources of a provider network to be used to respond. The instructions, when executed, provide to the client, one or more of: (a) a trustworthiness indicator for a certificate authority that issued a public-key certificate in accordance with the particular security mechanism; (b) a result of a syntax analysis of the public-key certificate; or (c) a vulnerability indicator for a key pair. | ||
| 申请公布号 | US9425966(B1) | 申请公布日期 | 2016.08.23 |
| 申请号 | US201313826888 | 申请日期 | 2013.03.14 |
| 申请人 | Amazon Technologies, Inc. | 发明人 | Potlapally Nachiketh Rao;Brandwine Eric Jason;Rubin Gregory Alan;Ward Patrick James;Irving, Jr. James Leon;Mikulski Andrew Paul;Bailey, Jr. Donald Lee |
| 分类号 | H04L29/06;H04L9/32;H04L9/30 | 主分类号 | H04L29/06 |
| 代理机构 | Meyertons, Hood, Kivlin, Kowert & Goetzel, P.C. | 代理人 | Kowert Robert C.;Meyertons, Hood, Kivlin, Kowert & Goetzel, P.C. |
| 主权项 | 1. A system, comprising: one or more computing devices configured to implement, via one or more hardware processors of the one or more computing devices, a network-accessible security mechanism evaluation service configured to: receive, on behalf of a client and via one or more programmatic interfaces, an evaluation request for one or more security mechanisms, wherein the evaluation request includes at least one parameter to determine resources of a provider network to be used for evaluating the one or more security mechanisms, wherein the at least one parameter comprises one or more of: (a) a service usage type or duration, (b) one or more types of analysis to be performed, (c) one or more time constraints, (d) one or more budget limits, or (e) identification information for the client; and in accordance with the evaluation request received on behalf of the client via a programmatic interface of the one or more programmatic interfaces, wherein the evaluation request indicates a particular security mechanism using public-key encryption: identify, in accordance with the at least one parameter of the evaluation request, one or more resources of the provider network to be used to evaluate the particular security mechanism, wherein to identify the one or more resources, the service is configured to determine, based at least in part on the at least one parameter, (a) an upper bound on computing capacity to be dedicated to respond to the evaluation request, and (b) one or more compute resources of the provider network in accordance with the upper bound; obtain, using the one or more resources: (a) a trustworthiness indicator for a certificate authority that issued a public-key certificate in accordance with the particular security mechanism; (b) a result of a syntax analysis of the public-key certificate; and (c) a vulnerability indicator for a key pair used in accordance with the particular security mechanism; and provide, to the client, an evaluation response including the trustworthiness indicator, the result of the syntax analysis, and the vulnerability indicator. | ||
| 地址 | Reno NV US | ||