公开(公告)号：US11595205B1

公开(公告)日：2023-02-28

申请号：US16693167

申请日：2019-11-22

Applicant: Amazon Technologies, Inc.

Inventor： Sroaj Sosothikul ,  Akshat Vig ,  Avinash Kodakandla ,  Nicholas Gordon ,  Sharan Rajesh Munyal ,  Somasundaram Perianayagam ,  Mazen Moez Ali ,  Ravi Math

IPC: H04L9/08 ,  G06F16/22 ,  G06F16/27 ,  G06F11/14

Abstract: A distributed database encrypts a table using a table encryption key protected by a client master encryption key. The encrypted table is replicated among a plurality of nodes of the distributed database. The table encryption key is replicated among the plurality of nodes, and is stored on each node in a respective secure memory. In the event of node failure, a copy of the stored key held by another member of the replication group is used to restore a node to operation. The replication group may continue operation in the event of a revocation of authorization to access the client master encryption key.

公开(公告)号：US11860673B1

公开(公告)日：2024-01-02

申请号：US16693166

申请日：2019-11-22

Applicant: Amazon Technologies, Inc.

Inventor： Avinash Kodakandla ,  Akshat Vig ,  Ravi Math ,  Sroaj Sosothikul ,  Nicholas Gordon ,  Somasundaram Perianayagam ,  Mazen Moez Ali ,  Sharan Rajesh Munyal

IPC: G06F16/23 ,  G06F16/22 ,  H04L9/08 ,  G06F16/27

CPC classification number: G06F16/2358 ,  G06F16/2282 ,  G06F16/2365 ,  G06F16/27 ,  H04L9/0822

Abstract: A distributed database encrypts tables using table encryption keys protected by a client master encryption key. The client may revoke and subsequently restore authorization to access the client master encryption key. A sweeper process of the distributed database examines encrypted tables and identifies changes to the status of a corresponding client master encryption key. A response to an identified change in status is initiated.

公开(公告)号：US11568063B1

公开(公告)日：2023-01-31

申请号：US16693164

申请日：2019-11-22

Applicant: Amazon Technologies, Inc.

Inventor： Akshat Vig ,  Nicholas Gordon ,  Sroaj Sosothikul ,  Ravi Math ,  Avinash Kodakandla ,  Somasundaram Perianayagam ,  Mazen Moez Ali ,  Sharan Rajesh Munyal

IPC: G06F21/60 ,  G06F16/27 ,  H04L9/08 ,  G06F16/22 ,  G06F11/14

Abstract: A distributed database encrypts tables using table encryption keys protected by a client master encryption key. The client may revoke authorization to access the client master encryption key. Subsequent to a revocation of authority to access the client master encryption key, the distributed database generates interim snapshots of the table using the table encryption key. Also subsequent to the revocation, the distributed database generates a backup of the table using a backup encryption key protected by the client master encryption key.