公开(公告)号：US10270875B1

公开(公告)日：2019-04-23

申请号：US15269741

申请日：2016-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Calvin Yue-Ren Kuo ,  Mark Edward Rafn ,  James Christopher Sorenson, III ,  Shyam Krishnamoorthy ,  Jonathan I. Turow ,  William Alexander Stevenson

IPC: H04L15/16 ,  H04L29/08

Abstract: A technology is described for managing dynamic groups of devices using device representations. An example method may include receiving a request for a dynamic group of device representations. In response to the request, a membership parameter used to identify member device representations included in the dynamic group of device representations may be obtained. Device representations may be queried using the membership parameter to identify member device representations that have a state that corresponds to the membership parameter, and the dynamic group of device representations may be generated to include identifiers for the member device representations.

公开(公告)号：US20180278607A1

公开(公告)日：2018-09-27

申请号：US15466659

申请日：2017-03-22

Applicant: Amazon Technologies, Inc.

Inventor： Rameez Loladia ,  Ashutosh Thakur ,  William Alexander Stevenson ,  Ramkishore Bhattacharyya

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/24

CPC classification number: H04L63/0876 ,  H04L41/0893 ,  H04L61/1588 ,  H04L63/0823 ,  H04L67/303 ,  H04W4/70 ,  H04W12/06

Abstract: A technology is described for resolving device credentials for a device. An example method may include receiving device credentials for management by a service provider. The device credentials may include authentication credentials and a device policy document that specifies permissions used to authorize resource actions requested by the device. In response to receiving a message requesting that a resource perform a resource action associated with the device, the device may be authenticated using the authentication credentials, and the resource action may be authorized using the permissions specified in the device policy document.

公开(公告)号：US10027694B1

公开(公告)日：2018-07-17

申请号：US15083183

申请日：2016-03-28

Applicant: Amazon Technologies, Inc.

Inventor： Piyush Gupta ,  Amit J. Mhatre ,  William Alexander Stevenson ,  Atulya S. Beheray

IPC: H04L29/06

Abstract: Systems and methods are described to enable detection of network attacks in communication networks. An attack detection system receives information regarding network traffic occurring at nodes of a communication network, and analyzes the information for anomalous traffic patterns. The attack detection system can use multiple, parallel metric evaluation units programmed to detect specific types of anomalies within traffic patterns. In one instance, a metric evaluation unit is programmed to detect changes in entropy for the traffic, as distributed according to a characteristic such as source address, protocol, or country of origin. Where the entropy of a set of traffic differs from historical averages by a large amount, such as by many standard deviations, the attack detection system may flag the traffic as indicative of an attack, even when the absolute volume of traffic has not changed.

公开(公告)号：US10025673B1

公开(公告)日：2018-07-17

申请号：US14032870

申请日：2013-09-20

Applicant: Amazon Technologies, Inc.

Inventor： Maximiliano Maccanti ,  Timothy Andrew Rath ,  Rama Krishna Sandeep Pokkunuri ,  Akshat Vig ,  Clarence Wing Yin Ng ,  Srivaths Badrinath Copparam ,  Rajaprabhu Thiruchi Loganathan ,  Wei Xiao ,  William Alexander Stevenson

IPC: G06F17/30 ,  G06F11/14

Abstract: A system that implements a data storage service may store data for database tables in multiple replicated partitions on respective storage nodes. In response to a request to restore a given table that was backed up in a remote storage system (e.g., key-value durable storage system), the service may create a new table, and may import a copy of each of the partitions of the given table from the remote storage system into the new table. The request to restore the table may specify a modified value for a configuration parameter for the table or for one of its partitions. The service may apply the new configuration parameter value to the table or its partitions during the restore operation. The new configuration parameter value may indicate an increase or decrease in storage capacity or throughput capacity, and its application may automatically trigger a partition split or move operation.

公开(公告)号：US20170228417A1

公开(公告)日：2017-08-10

申请号：US15495815

申请日：2017-04-24

Applicant: Amazon Technologies, Inc.

Inventor： Maximiliano Maccanti ,  Timothy Andrew Rath ,  Rama Krishna Sandeep Pokkunuri ,  Akshat Vig ,  Clarence Wing Yin NG ,  Srivaths Badrinath Copparam ,  Rajaprabhu Thiruchi Loganathan ,  Wei Xiao ,  William Alexander Stevenson

IPC: G06F17/30 ,  G06F11/14

CPC classification number: G06F16/2365 ,  G06F11/1451 ,  G06F11/1464 ,  G06F11/1469 ,  G06F11/2094 ,  G06F16/24561 ,  G06F16/278 ,  G06F2201/80 ,  G06F2201/84

Abstract: A system that implements a data storage service may store data for database tables in multiple replicated partitions on respective storage nodes. In response to a request to back up a table, the service may export individual partitions of the table from the database and package them to be independently uploaded (e.g., in parallel) to a remote storage system (e.g., a key-value durable storage system). Prior to uploading the exported and packaged partitions to the remote storage system, the service may verify that the exported and packaged partitions can be subsequently restored, which may include unpackaging and/or re-inflating the exported and packaged partitions to create additional unpackaged copies of the partitions, re-importing the additional unpackaged copies of the partitions into the database (e.g., as additional replicas), and/or comparing checksums generated for the exported partitions with checksums generated for the additional unpackaged copies of the partitions.

公开(公告)号：US09632878B1

公开(公告)日：2017-04-25

申请号：US14032894

申请日：2013-09-20

Applicant: Amazon Technologies, Inc.

Inventor： Maximiliano Maccanti ,  Timothy Andrew Rath ,  Rama Krishna Sandeep Pokkunuri ,  Akshat Vig ,  Clarence Wing Yin Ng ,  Srivaths Badrinath Copparam ,  Rajaprabhu Thiruchi Loganathan ,  Wei Xiao ,  William Alexander Stevenson

IPC: G06F7/00 ,  G06F17/00 ,  G06F11/14

CPC classification number: G06F11/1469 ,  G06F11/1464 ,  G06F11/2094 ,  G06F2201/80

Abstract: A system that implements a data storage service may store data for database tables in multiple replicated partitions on respective storage nodes. In response to a request to back up a table, the service may export individual partitions of the table from the database and package them to be independently uploaded (e.g., in parallel) to a remote storage system (e.g., a key-value durable storage system). Prior to uploading the exported and packaged partitions to the remote storage system, the service may verify that the exported and packaged partitions can be subsequently restored, which may include unpackaging and/or re-inflating the exported and packaged partitions to create additional unpackaged copies of the partitions, re-importing the additional unpackaged copies of the partitions into the database (e.g., as additional replicas), and/or comparing checksums generated for the exported partitions with checksums generated for the additional unpackaged copies of the partitions.