公开(公告)号：US12174854B2

公开(公告)日：2024-12-24

申请号：US17508831

申请日：2021-10-22

Applicant: Amazon Technologies, Inc.

Inventor： Srikanth Mandadi ,  Matthew Berry ,  Slavka Praus ,  Chris Baker ,  Marvin Michael Theimer ,  Anders Samuelsson ,  Khaled Salah Sedky

IPC: G06F16/27 ,  G06F16/18 ,  G06F16/23 ,  G06F16/28 ,  G06F16/901

Abstract: A distributed data store may maintain versioned hierarchical data structures. Different versions of a hierarchical data structure may be maintained consistent with a transaction log for the hierarchical data structure. When access requests directed to the hierarchical data structure are received, a version of the hierarchical data structure may be identified for processing an access request. For access requests with snapshot isolation, the identified version alone may be sufficient to consistently process the access request. For access requests with higher isolation requirements, such as serializable isolation, transactions based on the access request may be submitted to the transaction log so that access requests resulting in committed transactions may be allowed, whereas access requests resulting in conflicting transactions may be denied.

公开(公告)号：US20180145835A1

公开(公告)日：2018-05-24

申请号：US15875995

申请日：2018-01-19

Applicant: Amazon Technologies, Inc.

Inventor： Marc R. Barbour ,  Khaled Salah Sedky ,  Srikanth Mandadi ,  Slavka Praus

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: Techniques for using short-term credentials using asymmetric session keys are described herein. A request for a short-term credential is received that is digitally signed with a different credential. In response to the request, short-term credential data is generated and populated with a public session key corresponding to a private session key. The short-term credential data is then encrypted with a session encryption key to produce the short-term credential token, which can then be used by the requester as a short-term credential for subsequent requests.

公开(公告)号：US10680827B2

公开(公告)日：2020-06-09

申请号：US15875995

申请日：2018-01-19

Applicant: Amazon Technologies, Inc.

Inventor： Marc R. Barbour ,  Khaled Salah Sedky ,  Srikanth Mandadi ,  Slavka Praus

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

Abstract: Techniques for using short-term credentials using asymmetric session keys are described herein. A request for a short-term credential is received that is digitally signed with a different credential. In response to the request, short-term credential data is generated and populated with a public session key corresponding to a private session key. The short-term credential data is then encrypted with a session encryption key to produce the short-term credential token, which can then be used by the requester as a short-term credential for subsequent requests.

公开(公告)号：US10182044B1

公开(公告)日：2019-01-15

申请号：US14958892

申请日：2015-12-03

Applicant: Amazon Technologies, Inc.

Inventor： Slavka Praus ,  Khaled Salah Sedky ,  Srikanth Mandadi ,  Marc R. Barbour

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  G06F21/33

Abstract: Techniques for personalizing short-term session credentials are described herein. A global session key is provided to a plurality of regions of a computing resource service provider and an account key is also provided to one or more of the plurality of regions based at least in part on those regions being trusted by a customer of the computing resource service provider. When a request for short-term session credentials is received at the trusted region by that customer, a session token is generated and encrypted with a combination of the global session key and the account key, thereby creating a session token that can be uniquely associated with the customer and that may only be used in regions that that customer has designated as trusted regions.

公开(公告)号：US20170300552A1

公开(公告)日：2017-10-19

申请号：US15132098

申请日：2016-04-18

Applicant: Amazon Technologies, Inc.

Inventor： Srikanth Mandadi ,  Matthew Berry ,  Slavka Praus ,  Chris Baker ,  Marvin Michael Theimer ,  Anders Samuelsson ,  Khaled Salah Sedky

IPC: G06F17/30

CPC classification number: G06F16/273 ,  G06F16/1873 ,  G06F16/2365 ,  G06F16/282 ,  G06F16/9024

Abstract: A distributed data store may maintain versioned hierarchical data structures. Different versions of a hierarchical data structure may be maintained consistent with a transaction log for the hierarchical data structure. When access requests directed to the hierarchical data structure are received, a version of the hierarchical data structure may be identified for processing an access request. For access requests with snapshot isolation, the identified version alone may be sufficient to consistently process the access request. For access requests with higher isolation requirements, such as serializable isolation, transactions based on the access request may be submitted to the transaction log so that access requests resulting in committed transactions may be allowed, whereas access requests resulting in conflicting transactions may be denied.

公开(公告)号：US11860895B2

公开(公告)日：2024-01-02

申请号：US17723369

申请日：2022-04-18

Applicant: Amazon Technologies, Inc.

Inventor： Alazel Acheson ,  Christopher Ryan Baker ,  Mahendra Manshi Chheda ,  James Robert Englert ,  Meng Li ,  Srikanth Mandadi ,  Slavka Praus ,  Colin Watson

IPC: G06F16/27 ,  G06F16/22 ,  G06F16/23

CPC classification number: G06F16/273 ,  G06F16/2246 ,  G06F16/2379

Abstract: Updates to a hierarchical data structure may be selectively replicated to other replicas of the hierarchical data structure. An update for a hierarchical data structure may be received and committed to the hierarchical data structure. A determination as to whether any other replicas of the hierarchical data structure have permission to receive the update may be made. For those replicas of the hierarchical data structure with permission to receive the update, the update may be provided to the replicas and committed to the replicas. Different types of replication techniques may be implemented, such as pull-based replication techniques or push-based replication techniques. Replication permissions for objects of the hierarchical data structure may be individually defined, in some embodiments.

公开(公告)号：US20220245171A1

公开(公告)日：2022-08-04

申请号：US17723369

申请日：2022-04-18

Applicant: Amazon Technologies, Inc.

Inventor： Alazel Acheson ,  Christopher Ryan Baker ,  Mahendra Manshi Chheda ,  James Robert Englert ,  Meng Li ,  Srikanth Mandadi ,  Slavka Praus ,  Colin Watson

IPC: G06F16/27 ,  G06F16/22 ,  G06F16/23

Abstract: Updates to a hierarchical data structure may be selectively replicated to other replicas of the hierarchical data structure. An update for a hierarchical data structure may be received and committed to the hierarchical data structure. A determination as to whether any other replicas of the hierarchical data structure have permission to receive the update may be made. For those replicas of the hierarchical data structure with permission to receive the update, the update may be provided to the replicas and committed to the replicas. Different types of replication techniques may be implemented, such as pull-based replication techniques or push-based replication techniques. Replication permissions for objects of the hierarchical data structure may be individually defined, in some embodiments.

公开(公告)号：US11240042B2

公开(公告)日：2022-02-01

申请号：US16826973

申请日：2020-03-23

Applicant: Amazon Technologies, Inc.

Inventor： Slavka Praus ,  Matthew John Campagna ,  Nicholas Alexander Allen ,  Petr Praus

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: A first public key is generated based at least in part on a first plurality of signing keys and a second public key is generated based at least in part on a second plurality of signing keys. The signing keys may be used to generate digital signatures. The second public key may be made available to verify a digital signature generated using a signing key from the second plurality of signing keys. In some cases, a first Merkle tree may be formed by the first public key and the first plurality of signing keys, and a second Merkle tree may be formed by the second public key, the first public key, and the second plurality of signing keys.

公开(公告)号：US20200220735A1

公开(公告)日：2020-07-09

申请号：US16826973

申请日：2020-03-23

Applicant: Amazon Technologies, Inc.

Inventor： Slavka Praus ,  Matthew John Campagna ,  Nicholas Alexander Allen ,  Petr Praus

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: A first public key is generated based at least in part on a first plurality of signing keys and a second public key is generated based at least in part on a second plurality of signing keys. The signing keys may be used to generate digital signatures. The second public key may be made available to verify a digital signature generated using a signing key from the second plurality of signing keys. In some cases, a first Merkle tree may be formed by the first public key and the first plurality of signing keys, and a second Merkle tree may be formed by the second public key, the first public key, and the second plurality of signing keys.

公开(公告)号：US11671425B2

公开(公告)日：2023-06-06

申请号：US16912490

申请日：2020-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Srikanth Mandadi ,  Khaled Salah Sedky ,  Slavka Praus ,  Marc R. Barbour

IPC: H04L9/40 ,  H04L9/32

CPC classification number: H04L63/0876 ,  H04L9/3247 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/0807 ,  H04L63/20

Abstract: A request is obtained for accessing a resource in a different region from a region indicated by a session token included with the request. The session token is re-encrypted using secret information of the second region. The request to access the resource in the different region can be fulfilled using the re-encrypted session token.