公开(公告)号：US11573925B2

公开(公告)日：2023-02-07

申请号：US16983849

申请日：2020-08-03

Applicant: Amazon Technologies, Inc.

Inventor： Ryan Charles Schmitt ,  Claire Elizabeth Suver ,  Mark Christopher Seigle ,  Bryan James Donlan

IPC: G06F16/16 ,  G06F11/10

Abstract: Techniques described and suggested herein include distributed deletion request processing and verification. For example, incident to migration of original data from a first data store to a second data store, verifications and confirmations related to removing the original data from the first data store may be performed so as to ensure the integrity of the original data represented on the second data store prior to removing the actual original data on the first data store. In some embodiments, the verifications and confirmations performed in connection with a deletion request may be apportioned to multiple entities, each of which may not fully trust the others. As a result, in some embodiments, a given deletion request may only be fulfilled if all of the entities involved in the verification process individually provide authorization to execute the deletion request.

公开(公告)号：US11082217B1

公开(公告)日：2021-08-03

申请号：US16264354

申请日：2019-01-31

Applicant: Amazon Technologies, Inc.

Inventor： Bryan James Donlan ,  Douglas Stewart Laurence

IPC: H04L9/08 ,  H04L29/06

Abstract: Techniques described herein enhance the durability of cryptographically protected communications sessions. The negotiation of a cryptographically protected communications session results in the negotiation of a primary secret and a secondary secret. The primary secret and secondary secret are stored in separate locations, such as in two locations in RAM, one of which being used as a RAM disk. The primary secret is used to cryptographically protect the communications session. Following the detection of a change of state event, the cryptographically protected communications session switches to the secondary secret in place of the primary secret to cryptographically protect the communications session.

公开(公告)号：US10608813B1

公开(公告)日：2020-03-31

申请号：US15401983

申请日：2017-01-09

Applicant: Amazon Technologies, Inc.

Inventor： Colin Laird Lazier ,  Bryan James Donlan

IPC: H04L29/06 ,  H04L9/06 ,  G06F21/60 ,  H04L9/08 ,  H04L9/32

Abstract: Techniques for encrypting long-term data using layered encryption based on difficult to obtain secrets are described herein. The set of data to encrypt is designated as the source data for the first iteration. Then, for each iteration, a derived set of data is generated from a set of random data and the source data is combined with the derived set of data to produce a set of encrypted data. The set of encrypted data is then designated as the source data for the next iteration.

公开(公告)号：US10592336B1

公开(公告)日：2020-03-17

申请号：US15080503

申请日：2016-03-24

Applicant: Amazon Technologies, Inc.

Inventor： Bryan James Donlan ,  Paul David Franklin ,  James Caleb Kirschner

IPC: G11C29/00 ,  G06F11/10 ,  G06F3/06

Abstract: A multilayered index is implemented for data stored in a data storage system. The multilayered index may include a granular index that specifies the location of specific files or abstractions within the data storage system, while a skip table specifies segments of the abstractions, and may point to both the granular index and the data storage devices of the data storage system. In redundancy coded systems, the use of multilayered indices may enable asynchronous retrieval of data during normal or adverse operation (such as during periods of varying data availability).

公开(公告)号：US10476663B1

公开(公告)日：2019-11-12

申请号：US15401994

申请日：2017-01-09

Applicant: Amazon Technologies, Inc.

Inventor： Colin Laird Lazier ,  Bryan James Donlan

IPC: H04L9/06 ,  H04L9/08 ,  H04L9/32 ,  G06F21/60

Abstract: Techniques for encrypting short-term data using layered encryption based on difficult to obtain secrets are described herein. Data that will be encrypted is designated as the source data for a first iteration of a layered encryption. An index indicates a data block within a large set of random data. The data block is encrypted and the encrypted data block is combined with the source data for the iteration to produce set of cryptographic data for the current iteration. The set of cryptographic data is used to generate cryptographic key data that is used to encrypt the index and the encrypted index is stored. The set of cryptographic data is then used as the source data for the next iteration.

公开(公告)号：US10180912B1

公开(公告)日：2019-01-15

申请号：US14973677

申请日：2015-12-17

Applicant: Amazon Technologies, Inc.

Inventor： Paul David Franklin ,  Bryan James Donlan ,  Marvin Michael Theimer

IPC: G06F21/60 ,  G06F12/14 ,  H04L9/08

Abstract: A computer system, such as a data storage system, implements techniques for segregating and controlling access to data stored in multiple regions. In some embodiments, redundancy coded shards generated from the data and stored in durable storage of a data storage system is allocated across multiple regions, but in a fashion that prevents actors with access to regions outside that of a “home” region from recovering a sufficient number of unique shards to regenerate the data represented thereby. In some embodiments, encryption is used to segregate the data by encrypting the generated shards, then storing the cryptographic information on or otherwise controlling access on hosts or other devices of only the home region.

公开(公告)号：US20180288049A1

公开(公告)日：2018-10-04

申请号：US15471941

申请日：2017-03-28

Applicant: Amazon Technologies, Inc.

Inventor： Bryan James Donlan ,  Paul David Franklin

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/32 ,  H04L9/08 ,  G06F3/06 ,  G06F13/10 ,  G06F13/16 ,  G06F13/40 ,  G06F13/42

Abstract: A switching device is implemented in a network-attachable data transfer device to provide data storage access to other such devices. In some embodiments, network-attachable data transfer devices are arranged in a clustered configuration to provide various computational and storage services. When one or more devices of the cluster fails, various implementations associated with the switching device, via an external data interface, provide operational mitigation, optimized data recovery, and efficient reinstatement of normal operation of the cluster.

公开(公告)号：US10042848B1

公开(公告)日：2018-08-07

申请号：US14578185

申请日：2014-12-19

Applicant: Amazon Technologies, Inc.

Inventor： Bryan James Donlan ,  Paul David Franklin

IPC: G06F7/00 ,  G06F17/00 ,  G06F17/30

Abstract: Techniques described and suggested herein include systems and methods for storing, indexing, and retrieving original data of data archives on data storage systems using redundancy coding techniques. For example, redundancy codes, such as erasure codes, may be applied to archives (such as those received from a customer of a computing resource service provider) so as allow the storage of original data of the individual archives available on a minimum of volumes, such as those of a data storage system, while retaining availability, durability, and other guarantees imparted by the application of the redundancy code. Sparse indexing techniques may be implemented so as to reduce the footprint of indexes used to locate the original data, once stored.

公开(公告)号：US09910603B1

公开(公告)日：2018-03-06

申请号：US14938748

申请日：2015-11-11

Applicant: Amazon Technologies, Inc.

Inventor： Bryan James Donlan

IPC: G06F12/00 ,  G06F13/00 ,  G06F13/28 ,  G06F3/06

CPC classification number: G06F3/0611 ,  G06F3/0644 ,  G06F3/0682

Abstract: Techniques for storing data on a tape using a heterogeneous data storage technique are described herein. A logical partition from a logical model of a data storage tape is associated with a set of data. If a current location of the data storage tape corresponds to the logical partition of the set of data, a first data transfer operation associated with the set of data is performed using the data storage tape. The data transfer operation is monitored and changes to the data transfer rate of the data transfer operation are used to update the logical extent of the tape and to update the logical model. If the current location of the data storage tape does not correspond to the logical partition of the set of data, the data set is staged for later storage.

公开(公告)号：US09158927B1

公开(公告)日：2015-10-13

申请号：US13925497

申请日：2013-06-24

Applicant: Amazon Technologies, Inc.

Inventor： Paul David Franklin ,  Bryan James Donlan

IPC: G06F21/00 ,  G06F21/60

CPC classification number: G06F21/602

Abstract: Reliable and efficient storage and reconstruction of secure data files is provided. Encrypted fragments are generated by exclusive-OR (XOR) based erasure-encoding and XOR encryption of data files. At least some of the encrypted fragments, and preferably at least two copies of such encrypted fragments, are stored at two or more locations, such as but not limited to two or more servers in two or more regional storage systems. Fragments are retrieved from one or more of the multiple locations and the original data file is reconstructed, even if different encryption techniques have been used. If not enough valid fragments from that original data file can be identified then hash values, checksums, seeds, and other techniques may be used to distinguish files and to identify related or identical files which may be used to reconstruct the data file.

Abstract translation: 提供安全数据文件的可靠和高效的存储和重建。 加密的片段通过基于异或（XOR）的数据文件的擦除编码和异或加密生成。 至少一些加密的片段，并且优选地，这种加密片段的至少两个副本存储在两个或更多个位置，例如但不限于两个或更多个区域存储系统中的两个或更多个服务器。 从多个位置中的一个或多个检索片段，并且即使使用不同的加密技术，也重构原始数据文件。 如果不能识别出原始数据文件中足够的有效片段，则可以使用散列值，校验和，种子和其他技术区分文件，并识别可用于重建数据文件的相关或相同的文件。