公开(公告)号：US11451392B2

公开(公告)日：2022-09-20

申请号：US16029358

申请日：2018-07-06

Applicant: Amazon Technologies, Inc.

Inventor： Jonathan Kozolchyk ,  Darren E. Canavor ,  Jeffrey J. Fielding ,  Vaibhav Mallya ,  Darin Keith McAdams

IPC: H04L29/00 ,  H04L9/32 ,  H04L9/40 ,  H04L67/1097

Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.

公开(公告)号：US10356104B2

公开(公告)日：2019-07-16

申请号：US15990389

申请日：2018-05-25

Applicant: Amazon Technologies, Inc.

Inventor： Jonathan Kozolchyk ,  Darin Keith McAdams ,  Jeffrey J. Fielding ,  Vaibhav Mallya ,  Darren E. Canavor

IPC: H04L29/06

Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.