公开(公告)号：US11762970B2

公开(公告)日：2023-09-19

申请号：US15431708

申请日：2017-02-13

Applicant: Amazon Technologies, Inc.

Inventor： David Craig Yanacek ,  Prashant Pandey

IPC: G06F16/176 ,  G06F21/33 ,  G06F21/62 ,  H04L9/40

CPC classification number: G06F21/335 ,  G06F16/1767 ,  G06F16/1774 ,  G06F21/6218 ,  H04L63/0815

Abstract: A structured data store service, such as a database service, may implement fine-grained access to data maintained at the database service using federated identity. Fine grained access requests may be received at a database service for specified data maintained for an application provider from a client of the application provider. An access credential may be also be received. Verification of the access credential may be obtained, and the database service may evaluate the fine-grained access request according to a delegation policy corresponding to the access credential to determine whether the fine-grained request is authorized. If authorized, the fine-grained access request may be service. If not authorized, the fine-grained access request may be denied. In some embodiments, multiple application clients may have the same authorization for data, such as read authorization, while another one or more application clients may have different authorization for the data, such as write authorization.

公开(公告)号：US11245579B1

公开(公告)日：2022-02-08

申请号：US16700999

申请日：2019-12-02

Applicant: Amazon Technologies, Inc.

Inventor： Juan Antonio Sanchez ,  David Craig Yanacek ,  Antony Didier Maurice Passemard

IPC: H04L12/24 ,  H04L29/08

Abstract: Technology is described for providing preconfigured device representations in a service provider environment. A plurality of device representation parameters may be received for a device via a user account. A preconfigured device representation may be created for the device using the plurality of device representation parameters. The preconfigured device representation may be associated with the user account. The device may be registered with the service provider environment. A registration of the device may be performed when the device initially connects to the service provider environment. The registration may assign a device identifier to the device and may associate the user account with the device. The preconfigured device representation may be provided to the device after the registration of the device is completed.

公开(公告)号：US20210185740A1

公开(公告)日：2021-06-17

申请号：US17182004

申请日：2021-02-22

Applicant: Amazon Technologies, Inc.

Inventor： Kyle Michael Roche ,  David Craig Yanacek

IPC: H04W76/10 ,  H04W4/14 ,  H04L29/06 ,  H04W4/12 ,  H04L29/08

Abstract: A network-connected device service receives a request to establish a communications session with a network-connected device. In response to the request, the service transmits a set of electronic messages to the network-connected device through an access point of the network-connected device to establish the communications session. The network-connected device service receives a notification from the network-connected device indicating whether the communications session has been established. If so, the service provides an indication to a controlling device that the session has been established. This enables the controlling device to submit commands executable by the network-connected device to the service, which provides the commands to the network-connected device through the access point.

公开(公告)号：US20190306255A1

公开(公告)日：2019-10-03

申请号：US16377078

申请日：2019-04-05

Applicant: Amazon Technologies, Inc.

Inventor： Wei Xiao ,  David Alan Lutz ,  Timothy Andrew Rath ,  Maximiliano Maccanti ,  Miguel Mascarenhas Filipe ,  David Craig Yanacek

IPC: H04L29/08 ,  G06F11/34 ,  G06F9/50 ,  H04L29/06

Abstract: A system that provides services to clients may receive and service requests, various ones of which may require different amounts of work. The system may determine whether it is operating in an overloaded or underloaded state based on a current work throughput rate, a target work throughput rate, a maximum request rate, or an actual request rate, and may dynamically adjust the maximum request rate in response. For example, if the maximum request rate is being exceeded, the maximum request rate may be raised or lowered, dependent on the current work throughput rate. If the target or committed work throughput rate is being exceeded, but the maximum request rate is not being exceeded, a lower maximum request rate may be proposed. Adjustments to the maximum request rate may be made using multiple incremental adjustments. Service request tokens may be added to a leaky token bucket at the maximum request rate.

公开(公告)号：US20190306204A1

公开(公告)日：2019-10-03

申请号：US16377031

申请日：2019-04-05

Applicant: Amazon Technologies, Inc.

Inventor： Kyle Michael Roche ,  David Craig Yanacek

IPC: H04L29/06 ,  H04W76/10 ,  H04W4/14

Abstract: A network-connected device service receives a request to establish a communications session with a network-connected device. In response to the request, the service transmits a set of electronic messages to the network-connected device through an access point of the network-connected device to establish the communications session. The network-connected device service receives a notification from the network-connected device indicating whether the communications session has been established. If so, the service provides an indication to a controlling device that the session has been established. This enables the controlling device to submit commands executable by the network-connected device to the service, which provides the commands to the network-connected device through the access point.

公开(公告)号：US09900301B2

公开(公告)日：2018-02-20

申请号：US14968697

申请日：2015-12-14

Applicant: Amazon Technologies, Inc.

Inventor： David Craig Yanacek ,  Rameez Loladia

IPC: H04L29/06 ,  H04L12/46 ,  H04L29/08 ,  H04L12/28 ,  H04W4/00 ,  H04W12/08

CPC classification number: H04L63/08 ,  H04L12/2818 ,  H04L12/4633 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/029 ,  H04L63/0876 ,  H04L63/101 ,  H04L63/105 ,  H04L63/166 ,  H04L67/28 ,  H04W4/70 ,  H04W12/08

Abstract: A device management service provide a centralized credential provisioning system which can instantiate a proxy device that facilitates remote connections between various computing devices and various client devices. The device management service can manage instances of proxy devices in a resource provider environment that are associated with various computing devices. When a client device requests to access a computing device, the device management service can identify an instance of a proxy device associated with the computing device. The instance of the proxy device and the computing device can be configured to securely connect using credentials exchanged through, and managed by, the device management service. The computing device can be instructed to connect to the instance of the proxy device, and the client device can be provided with access information for the instance of the proxy device.

公开(公告)号：US10284670B1

公开(公告)日：2019-05-07

申请号：US15176097

申请日：2016-06-07

Applicant: Amazon Technologies, Inc.

Inventor： Kyle Michael Roche ,  David Craig Yanacek

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06

Abstract: A network-connected device service receives a request to establish a communications session with a network-connected device. In response to the request, the service transmits a second request to a container service to invoke a software container instance that can be used to establish the communications session with the network-connected device. The network-connected device service receives a notification from the container instance indicating whether the communications session has been established. If so, the service provides an indication to a controlling device that the session has been established. This enables the controlling device to submit commands executable by the network-connected device to the service, which provides the commands to the container instance and, hence, to the network-connected device.

公开(公告)号：US10257288B2

公开(公告)日：2019-04-09

申请号：US14570900

申请日：2014-12-15

Applicant: Amazon Technologies, Inc.

Inventor： Wei Xiao ,  David Alan Lutz ,  Timothy Andrew Rath ,  Maximiliano Maccanti ,  Miguel Mascarenhas Filipe ,  David Craig Yanacek

IPC: H04L29/08 ,  H04L29/06 ,  G06F11/34 ,  G06F9/50

Abstract: A system that provides services to clients may receive and service requests, various ones of which may require different amounts of work. The system may determine whether it is operating in an overloaded or underloaded state based on a current work throughput rate, a target work throughput rate, a maximum request rate, or an actual request rate, and may dynamically adjust the maximum request rate in response. For example, if the maximum request rate is being exceeded, the maximum request rate may be raised or lowered, dependent on the current work throughput rate. If the target or committed work throughput rate is being exceeded, but the maximum request rate is not being exceeded, a lower maximum request rate may be proposed. Adjustments to the maximum request rate may be made using multiple incremental adjustments. Service request tokens may be added to a leaky token bucket at the maximum request rate.

公开(公告)号：US09817703B1

公开(公告)日：2017-11-14

申请号：US14096948

申请日：2013-12-04

Applicant: Amazon Technologies, Inc.

Inventor： Mark Ryland ,  Alexander Slutsker ,  David Craig Yanacek

IPC: G06F12/00 ,  G06F12/14 ,  G06F17/00 ,  G06F7/00 ,  G06F9/52

CPC classification number: G06F9/52

Abstract: A compute cluster including multiple compute nodes may implement distributed lock management using conditional updates to a distributed key value data store. It may be determined, at one or more compute nodes of a compute cluster, that particular lock is available based on a respective lock entry for the particular lock maintained in a lock manager table at a key value data store. The key value data store may be configured to perform conditional write requests for updates to data store at the key value, and may maintain data according to a distributed durability scheme. Compute nodes that determine that a lock is available may send a conditional write request to the key value data store in order to acquire the particular lock. The compute node that acquired the particular lock may be identified based on the successfully completed conditional write request to the respective lock entry.

公开(公告)号：US20170308559A1

公开(公告)日：2017-10-26

申请号：US15645900

申请日：2017-07-10

Applicant: Amazon Technologies, Inc.

Inventor： Khawaja Salman Shams ,  Prashant Pandey ,  Swaminathan Sivasubramanian ,  Omer Ahmed Zaki ,  David Craig Yanacek ,  Johanna S. Olson ,  Hendrik de Kock ,  Johnny Ying Wu

IPC: G06F17/30

CPC classification number: G06F17/30578 ,  G06F17/30569

Abstract: A remote distributed data store may be configured to process data updates received through invocation of a common API with reference to a common schema. A local data store may also be configured to process updates through the common API with reference to the common schema. Updates to the local data store may be mapped from the local data store schema to the common schema, and applied to the distributed data store. Updates to the distributed data store may be mapped from the common schema to the local data store schema. User identity may be verified to limit data synchronization to authorized users.