| 发明名称 | Virtualized endpoints in a multi-tenant environment | ||
| 摘要 | Customers accessing resources or services in a multi-tenant environment can obtain assurance that a provider of that environment will honor only requests associated with the customer and will reject any requests that might have been tampered with or otherwise falsely generated. Various endpoints or interfaces can be used, which can be located in the multi-tenant environment, in a customer environment, or in a separate location. These endpoints or interfaces can sign unsigned requests, or otherwise increase the credentials of a signed request, on behalf of a customer. In some embodiments, additional metadata can be added that can increase the authentication level of the requests. Such an approach can enable a customer to provide or delegate access to the resources without exposing the credentials outside a secure environment. | ||
| 申请公布号 | US9485234(B1) | 申请公布日期 | 2016.11.01 |
| 申请号 | US201213676840 | 申请日期 | 2012.11.14 |
| 申请人 | Amazon Technologies, Inc. | 发明人 | Roth Gregory Branchek |
| 分类号 | H04L29/00;H04L29/06 | 主分类号 | H04L29/00 |
| 代理机构 | Hogan Lovells US LLP | 代理人 | Hogan Lovells US LLP |
| 主权项 | 1. A computer-implemented method of managing communications in a multi-tenant environment, comprising: providing an interface for receiving a communication associated with a customer and directed to a specified application programming interface (API) of the multi-tenant environment; receiving a communication to the interface; determining an association of the communication to the customer; in response to determining the association of the communication to the customer, performing a modification of the communication by at least one of signing the communication with a credential, encapsulating the communication, or injecting the communication with context information for authenticating the communication to the specified API of the multi-tenant environment without requiring the customer to provide the credential or the context information to the communication; authenticating the communication to the specified API of the multi-tenant environment; and sending the communication to the specified API, wherein the communication received to the interface and receiving the modification is granted access to one or more resources in the multi-tenant environment associated with the specified API, and wherein a second communication received to the interface and not receiving the modifying is denied access by the specified API. | ||
| 地址 | Reno NV US | ||