公开(公告)号：US10826844B2

公开(公告)日：2020-11-03

申请号：US14870627

申请日：2015-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Carl Wesley Summers ,  Syed Omair Zafar Gillani ,  Jonathan Jorge Nadal

IPC: H04L12/927 ,  G06F21/62 ,  H04L12/911 ,  H04L29/08 ,  H04L29/06

Abstract: Information for a data object can be prevented from loss for import and export operations across a trust boundary, such as may exist between environments under control of different legal entities. A set of dependencies, including information such as data tags and identifiers for applicable policies, can be embedded in a data object, such as directly in a header or in a digest or token of the data object. When the data object is transmitted across a trust boundary, such as to a destination bucket, the destination bucket can ensure that all dependencies are available and able to be enforced in the destination environment. If not, the request can be denied or the destination environment can contact the source environment to attempt to obtain and enforce the missing dependencies. At least some of the dependencies may also need to be transformed in the second environment.

公开(公告)号：US20170093753A1

公开(公告)日：2017-03-30

申请号：US14870627

申请日：2015-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Carl Wesley Summers ,  Syed Omair Zafar Gillani ,  Jonathan Jorge Nadal

IPC: H04L12/927 ,  H04L12/911 ,  H04L29/08 ,  H04L29/06

Abstract: Information for a data object can be prevented from loss for import and export operations across a trust boundary, such as may exist between environments under control of different legal entities. A set of dependencies, including information such as data tags and identifiers for applicable policies, can be embedded in a data object, such as directly in a header or in a digest or token of the data object. When the data object is transmitted across a trust boundary, such as to a destination bucket, the destination bucket can ensure that all dependencies are available and able to be enforced in the destination environment. If not, the request can be denied or the destination environment can contact the source environment to attempt to obtain and enforce the missing dependencies. At least some of the dependencies may also need to be transformed in the second environment.

公开(公告)号：US10523532B1

公开(公告)日：2019-12-31

申请号：US15472160

申请日：2017-03-28

Applicant: Amazon Technologies, Inc.

Inventor： Carl Wesley Summers ,  Nataraj Mocherla ,  Jungwoo Jang ,  Arvinth Ravi ,  Ayush Goyal

IPC: H04L29/08 ,  H04L12/24

Abstract: Computing resource service providers provide computing resources to a plurality of customers. To avoid customers experiencing a degradation in service associated with the computing resources provided to customers, a main queue and a sideline queue may be used to manage and distribute customer events to service endpoints. Customer events may be placed in a main queue and transmitted, by a delivery host, to a service endpoint. If the delivery host receives a throttle response from the service endpoint, the delivery host may enqueue the customer event in a sideline queue and generate and/or store state information associated with the customer event. The state information may include an interval of time at the expiration of which the customer event may be retransmitted to the service endpoint.

公开(公告)号：US20170093913A1

公开(公告)日：2017-03-30

申请号：US14863804

申请日：2015-09-24

Applicant: Amazon Technologies, Inc.

Inventor： Carl Wesley Summers ,  Jonathan Jorge Nadal ,  Praveen Kumar Gattu ,  Syed Omair Zafar Gillani

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/20 ,  G06F21/604 ,  G06F21/6236 ,  G06F2221/2101 ,  G06F2221/2107 ,  G06F2221/2115 ,  G06F2221/2141 ,  H04L63/08 ,  H04L63/0846 ,  H04L63/105 ,  H04L67/10

Abstract: A customer of a resource provider environment can apply policies at the data object level that will live with a data object during its lifecycle, even as the object moves across trusted boundaries. A customer can classify data, causing tags and/or predicates to be applied to the corresponding data object. Each tag corresponds to a policy, with predicates relating to various actions that can be performed on the data. A chain of custody is maintained for each data object, such that any changes to the object, tags, or policies for the data can be determined, as may be required for various audit processes. The support of such policies also enables the resource provider environment to function as an intermediary, whereby a third party can receive the data along with the tags, policies, and chain of custody as long as the environment trusts the third party to receive the data object.

公开(公告)号：US11386041B1

公开(公告)日：2022-07-12

申请号：US14962746

申请日：2015-12-08

Applicant: Amazon Technologies, Inc.

Inventor： Syed Omair Zafar Gillani ,  Carl Wesley Summers ,  Jonathan Jorge Nadal

IPC: G06F16/11 ,  G06F16/176 ,  G06F16/2455 ,  G06F16/2457

Abstract: Data tags, such as may be used to classify data, can be automatically applied at appropriate times in a resource environment. A customer can provide an auto-tagging configuration file that can be used to determine tags to be applied to specific data objects based upon properties of those objects. The customer can also provide policies that indicate which actions can be performed for those objects based at least in part upon the applied tags. The tags can be automatically applied at any appropriate time, such as upon storage into the environment, upon modification of the auto-tagging configuration, or upon modification or the data object. In some embodiments, an auto-tagging process can also be performed in response to a request for access to the data object in order to ensure that the correct tags are applied before determining the permitted actions.

公开(公告)号：US20200228574A1

公开(公告)日：2020-07-16

申请号：US16835925

申请日：2020-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Carl Wesley Summers ,  Jonathan Jorge Nadal ,  Praveen Kumar Gattu ,  Syed Omair Zafar Gillani

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/60 ,  G06F21/62

Abstract: A customer of a resource provider environment can apply policies at the data object level that will live with a data object during its lifecycle, even as the object moves across trusted boundaries. A customer can classify data, causing tags and/or predicates to be applied to the corresponding data object. Each tag corresponds to a policy, with predicates relating to various actions that can be performed on the data. A chain of custody is maintained for each data object, such that any changes to the object, tags, or policies for the data can be determined, as may be required for various audit processes. The support of such policies also enables the resource provider environment to function as an intermediary, whereby a third party can receive the data along with the tags, policies, and chain of custody as long as the environment trusts the third party to receive the data object.

公开(公告)号：US10594730B1

公开(公告)日：2020-03-17

申请号：US14962762

申请日：2015-12-08

Applicant: Amazon Technologies, Inc.

Inventor： Carl Wesley Summers ,  Syed Omair Zafar Gillani ,  Jonathan Jorge Nadal

IPC: G06F17/00 ,  H04L29/06

Abstract: Data tags, such as may be used to classify data, can be automatically applied at appropriate times in a resource environment. A customer can provide an auto-tagging configuration file that can be used to determine tags to be applied to specific data objects based upon properties of those objects. The customer can also provide policies that indicate which actions can be performed for those objects based at least in part upon the applied tags. The tags can be automatically applied at any appropriate time, such as upon storage into the environment, upon modification of the auto-tagging configuration, or upon modification or the data object. In some embodiments, an auto-tagging process can also be performed in response to a request for access to the data object in order to ensure that the correct tags are applied before determining the permitted actions.