NETWORK NAMESPACE MONITORING SYSTEM
Granted: September 26, 2024
Application Number:
20240323159
A namespace monitoring service may track released namespaces such as internet protocol (IP) addresses and manage namespace cooldown pools, available namespace pools, and a registry of released namespaces to detect and mitigate security vulnerabilities that arise from reassignment of namespaces. The namespace monitoring service provides access to the released namespace registry and/or sends a data stream of namespace registry updates. The namespace monitoring service may manage namespace…
DISTRIBUTED SYSTEM FOR EFFICIENT ENTITY RECOGNITION
Granted: September 26, 2024
Application Number:
20240320951
A first encoding representing a set of detected signals is obtained at a sensor-proximity resource of an object recognition application which also includes resources of an analytics service of a provider network. In response to a determination that a cache at the sensor-proximity resource does not include a second encoding which satisfies a similarity criterion with respect to the first encoding, at least a portion of a partition of a spatial index is obtained from another resource…
ANALYSIS OF ROLE REACHABILITY WITH TRANSITIVE TAGS
Granted: September 19, 2024
Application Number:
20240314134
Methods, systems, and computer-readable media for analysis of role reachability with transitive tags are disclosed. An access control analyzer determines a graph including nodes and edges. The nodes represent roles in a provider network hosting resources. The roles are associated with access control policies granting or denying access to individual resources. One or more of the access control policies grant or deny access based (at least in part) on key-value attributes. The access…
PROVISIONING OF A SHIPPABLE STORAGE DEVICE AND INGESTING DATA FROM THE SHIPPABLE STORAGE DEVICE
Granted: September 5, 2024
Application Number:
20240296236
When a client requests a data import job, a remote storage service provider provisions a shippable storage device that will be used to transfer client data from the client to the service provider for import. The service provider generates security information for the data import job, provisions the shippable storage device with the security information, and sends the shippable storage device to the client. The service provider also sends client-keys to the client, separate from the…
PERSISTENT EXECUTION ENVIRONMENT
Granted: September 5, 2024
Application Number:
20240296062
Methods and apparatus for providing persistent execution environments for computation systems including but not limited to interactive computation systems. A service is provided that extends the notion of static containers to dynamically changing execution environments into which users can install code, add files, etc. The execution environments are monitored, and changes to an execution environment are automatically persisted to environment versions(s) so that code run in the execution…
AUTOMATED THREAT MODELING USING APPLICATION RELATIONSHIPS
Granted: August 29, 2024
Application Number:
20240289450
Methods, systems, and computer-readable media for automated threat modeling using application relationships are disclosed. A graph is determined that includes of nodes and edges. At least a portion of the nodes represent software components, and at least a portion of the edges represent relationships between software components. An event is received, and a sub-graph associated with the event is determined. The event is indicative of a change to one or more of the nodes or edges in the…
CLIENT-DIRECTED PLACEMENT OF REMOTELY-CONFIGURED SERVICE INSTANCES
Granted: August 22, 2024
Application Number:
20240283840
Methods and apparatus for client-directed placement of remotely configured service instances are described. One or more placement target options are selected for a client of a network-accessible service based on criteria such as service characteristics of the placement targets. The selected options, including a particular placement target that includes instance hosts configurable from remote control servers, are indicated programmatically to the client. A determination is made that a…
CRYPTOGRAPHIC ASSERTIONS FOR CERTIFICATE ISSUANCE
Granted: August 15, 2024
Application Number:
20240275615
Components of a public certificate authority (CA) generate respective cryptographic assertions during performance of respective tasks of a certificate issuance workflow and a workflow approval component approves/rejects certificate issuance, based upon verification of the cryptographic assertions. For example, a workflow manager may assign tasks of a certificate workflow process to a number of components that process the tasks. The components generate responses and sign the respective…
INTELLIGENT CONNECTIVITY FOR VEHICLES
Granted: August 15, 2024
Application Number:
20240276579
A connectivity monitor of a vehicle determines current and/or future states of antennas. A workload monitor of the vehicle receives execution criteria for different workloads to be executed. An intelligent connectivity engine at the vehicle receives the current and/or future states of the antennas and the execution criteria for the respective workloads. Based on the current and/or future states of the antennas and the execution criteria for the respective workloads, the intelligent…
PROVIDING VIRTUAL NETWORKING DEVICE FUNCTIONALITY FOR MANAGED COMPUTER NETWORKS
Granted: August 15, 2024
Application Number:
20240275689
Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by…
ARTIFICIAL INTELLIGENCE SYSTEM PROVIDING INTERACTIVE MODEL INTERPRETATION AND ENHANCEMENT TOOLS
Granted: August 15, 2024
Application Number:
20240273389
An interactive interpretation session with respect to a first version of a machine learning model is initiated. In the session, indications of factors contributing to a prediction decision are provided, as well indications of candidate model enhancement actions. In response to received input, an enhancement action is implemented to obtain a second version of the model. The second version of the model is stored.
CLIENT-CONFIGURABLE RETENTION PERIODS FOR MACHINE LEARNING SERVICE-MANAGED RESOURCES
Granted: August 15, 2024
Application Number:
20240272953
A post-task-completion retention period for which a computing resource is to be retained, without de-activating the resource, on behalf of a set of requesters of machine learning tasks is determined at a machine learning service. A first task, identified at the service prior to expiration of the retention period at a first computing resource at which a second task has completed, is initiated at the first computing resource. In response to obtaining an indication of a third task and…
CUSTOMIZED CONFIGURATION OF MULTIMODAL INTERACTIONS FOR DIALOG-DRIVEN APPLICATIONS
Granted: August 8, 2024
Application Number:
20240264886
An interruption-handling setting for a category of interactions of an application is determined via a programmatic interface. A set of user-generated input is obtained while presentation to a user of a set of output of the category is in progress. A response to the set of user-generated input is prepared based at least in part on the interruption-handling setting.
LOGIC REPOSITORY SERVICE USING ENCRYPTED CONFIGURATION DATA
Granted: August 1, 2024
Application Number:
20240259354
The following description is directed to a logic repository service. In one example, a method of a logic repository service can include receiving a first request to generate configuration data for configurable hardware using a specification for application logic of the configurable hardware. The method can include generating the configuration data for the configurable hardware. The configuration data can include data for implementing the application logic. The method can include…
EFFICIENT STATISTICAL TECHNIQUES FOR DETECTING SENSITIVE DATA
Granted: August 1, 2024
Application Number:
20240256704
A candidate attribute combination of a first data set is identified, such that the candidate attribute combination meets a data type similarity criterion with respect to a collection of data types of sensitive information for which the first data set is to be analyzed. A collection of input features is generated for a machine learning model from the candidate attribute combination, including at least one feature indicative of a statistical relationship between the values of the candidate…
ARTIFICIAL INTELLIGENCE SYSTEM FOR MEDIA ITEM CLASSIFICATION USING TRANSFER LEARNING AND ACTIVE LEARNING
Granted: August 1, 2024
Application Number:
20240256636
At an artificial intelligence system, training iterations of a first machine learning model are implemented. In a particular iteration, a group of data items are selected from an item collection using active learning, and respective labels selected from a set of tags are obtained for at least some of the items of the group. Using feature processing elements of a different machine learning model, a respective feature set corresponding to individual labeled items is generated in the…
SECURITY VULNERABILITY MITIGATION USING HARDWARE-SUPPORTED CONTEXT-DEPENDENT ADDRESS SPACE HIDING
Granted: August 1, 2024
Application Number:
20240256470
A system, method and processor that mitigates security vulnerabilities using context-dependent address space hiding. In some embodiments, a hardware mechanism allows a more-privileged software component managing multiple less-privileged software components to blind itself against “out-of-context” less-privileged software components. The hardware mechanism can allow the more-privileged software component to dynamically hide a portion of the more-privileged address space related to the…
QUANTUM COMPUTING PROGRAM COMPILATION USING CACHED COMPILED QUANTUM CIRCUIT FILES
Granted: July 25, 2024
Application Number:
20240249177
A quantum computing service may store, in a cache, one or more compiled files of respective quantum functions included in one or more quantum computing programs received one or more customers. When the quantum computing service receives another quantum computing program, from the same or a different customer, the quantum computing service may determine whether the quantum computing program may include one or more of the quantum functions corresponding to the compiled files in the cache.…
PERSISTENT SOURCE VALUES FOR ASSUMED ALTERNATIVE IDENTITIES
Granted: July 25, 2024
Application Number:
20240248979
An Identity and Access Management Service implements persistent source values PSVs) for assumed identities. A source value (e.g., an original identifier of an entity) is persisted across assumed identities, facilitating identification of entities (users or applications) responsible for actions taken by the assumed (e.g., alternative) identities. The Manager receives a request to assume an identity. The request includes the entities current credentials and a PSV. The current credentials…
NETWORKING DEVICE THAT BRIDGES VIRTUAL AND PHYSICAL COMPUTER NETWORKS
Granted: July 18, 2024
Application Number:
20240243966
Techniques are described for providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. In some situations, a user may configure or otherwise specify a network topology for a virtual computer network, such as a logical network topology that separates multiple computing nodes of the virtual computer network into multiple logical sub-networks and/or that specifies one or more logical…
