| 发明名称 | Secure inter-zone data communication | ||
| 摘要 | A proxy receives a message from a computing system in a trusted secure zone directed to a computing system outside the trusted secure zone. The proxy determines if the message includes trusted data. If the message includes trusted data, the proxy stores the trusted data for later use and provides the message to the destination computing system. When the proxy receives a message from a computing system outside the trusted secure zone directed to a computing system in the trusted secure zone, the proxy determines if the received message contains trusted data. If the message contains trusted data, the proxy determines if the trusted data matches previously stored trusted data. If the trusted data does not match, the proxy overwrites the trusted data in the message with the previously stored trusted data. The proxy then provides the modified message to the destination computing system in the trusted secure zone. | ||
| 申请公布号 | US9294440(B1) | 申请公布日期 | 2016.03.22 |
| 申请号 | US201213607183 | 申请日期 | 2012.09.07 |
| 申请人 | Amazon Technologies, Inc. | 发明人 | Conner James A.;Connolly Jeremiah J.;Marinus Dennis;Sethi Tushaar |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Lee & Hayes, PLLC | 代理人 | Lee & Hayes, PLLC |
| 主权项 | 1. A computer-implemented method for enabling data communication between computing systems within a trusted secure zone and computing systems outside the trusted secure zone, the computer-implemented method comprising executing instructions in a computer system to perform the operations of: receiving a first message, the first message directed from a computing system located within the trusted secure zone to a computing system located outside the trusted secure zone; determining that the first message contains first trusted data upon which one or more security decisions may be made; storing the first trusted data in response to determining that the first message includes the first trusted data; transmitting the first message to the computing system located outside the trusted secure zone; receiving a second message, the second message directed from the computing system located outside the trusted secure zone to the computing system located within the trusted secure zone; determining that the second message contains second trusted data; in response to determining that the second trusted data in the second message is the same as the stored first trusted data, transmitting the second message to the computing system located within the trusted secure zone; and in response to determining that the second trusted data in the second message is not the same as the stored first trusted data, modifying the second message by overwriting the second trusted data in the second message with the stored first trusted data, and transmitting the modified second message to the computing system located within the trusted secure zone. | ||
| 地址 | Seattle WA US | ||