公开(公告)号：US10567388B1

公开(公告)日：2020-02-18

申请号：US15087007

申请日：2016-03-31

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Jeffrey John Wierer ,  Nima Sharifi Mehr ,  Ashish Rangole ,  Kunal Chadha ,  Bharath Mukkati Prakash ,  Radu Mihai Berciu ,  Kai Zhao ,  Hardik Nagda ,  Chenxi Zhang

IPC: G06F17/00 ,  H04L29/06

Abstract: A policy/resource decommissioning service determines whether a resource has been inactive for a period of time greater than at least one period of time threshold for decommissioning. If the resource has been inactive greater than a first period of time threshold, the service disables the resource such that requests to access the resource are denied. If the resource has been inactive for a period of time greater than a second threshold, longer than the first period of time threshold, the service archives the resource. The service deletes the resource if the inactivity period of the resource is greater than a third period of time threshold, where the third period of time threshold is longer than the first and the second period of time thresholds.

公开(公告)号：US10397236B1

公开(公告)日：2019-08-27

申请号：US15376335

申请日：2016-12-12

Applicant: Amazon Technologies, Inc.

Inventor： Kunal Chadha ,  Zaher Dannawi ,  Bharath Mukkati Prakash ,  Hardik Nagda ,  Anirudh Mattur Radhakrishna ,  Ashish Rangole ,  Chenxi Zhang

IPC: H04L29/06 ,  G06F11/30 ,  G06F11/34

Abstract: A customer's resources are protected from malicious or accidental deletion or termination. In some embodiments anomaly detection is used for identifying suspicious activities, which is combined with options to restore previously deleted resources. To define and detect anomalies, resource profiles are generated indicative of how resources are being used, and user profiles of how users use resources of the compute service provider. Instead of immediately deleting a resource, a temporary marker can be placed on the resource. The temporary marker blocks attempts to access the resource just as if the resource was deleted. However, the resource can easily be recovered by simply removing the marker. When a deletion event is identified as anomalous, an alert is generated to the customer. Upon receiving the alert, customers can opt to restore the resource that has been deleted, which will remove the marker.

公开(公告)号：US20180234462A1

公开(公告)日：2018-08-16

申请号：US15953262

申请日：2018-04-13

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Bharath Mukkati Prakash ,  Ashish Rangole ,  Nima Sharifi Mehr ,  Jeffrey John Wierer ,  Kunal Chadha ,  Chenxi Zhang ,  Hardik Nagda ,  Kai Zhao

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/10

Abstract: A computing resource service receives a request to access the service and perform various actions. In response to the request, the computing resource service obtains a set of active policies that are applicable to the request. As a result of the service determining that the set of active policies fail to provide sufficient permissions for fulfillment of the request, the service determines if an enforcement policy is available that is applicable to the request. The service evaluates the request using the enforcement policy such that if the enforcement policy includes permissions sufficient for fulfillment of the request, the request is fulfilled.

公开(公告)号：US09948681B1

公开(公告)日：2018-04-17

申请号：US15087014

申请日：2016-03-31

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Bharath Mukkati Prakash ,  Ashish Rangole ,  Nima Sharifi Mehr ,  Jeffrey John Wierer ,  Kunal Chadha ,  Chenxi Zhang ,  Hardik Nagda ,  Kai Zhao

IPC: H04L9/00 ,  H04L29/06

CPC classification number: H04L63/20 ,  H04L63/10

Abstract: A computing resource service receives a request to access the service and perform various actions. In response to the request, the computing resource service obtains a set of active policies that are applicable to the request. As a result of the service determining that the set of active policies fail to provide sufficient permissions for fulfillment of the request, the service determines if an enforcement policy is available that is applicable to the request. The service evaluates the request using the enforcement policy such that if the enforcement policy includes permissions sufficient for fulfillment of the request, the request is fulfilled.

公开(公告)号：US10581919B2

公开(公告)日：2020-03-03

申请号：US15953262

申请日：2018-04-13

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Bharath Mukkati Prakash ,  Ashish Rangole ,  Nima Sharifi Mehr ,  Jeffrey John Wierer ,  Kunal Chadha ,  Chenxi Zhang ,  Hardik Nagda ,  Kai Zhao

IPC: H04L9/32 ,  H04L29/06

Abstract: A computing resource service receives a request to access the service and perform various actions. In response to the request, the computing resource service obtains a set of active policies that are applicable to the request. As a result of the service determining that the set of active policies fail to provide sufficient permissions for fulfillment of the request, the service determines if an enforcement policy is available that is applicable to the request. The service evaluates the request using the enforcement policy such that if the enforcement policy includes permissions sufficient for fulfillment of the request, the request is fulfilled.

公开(公告)号：US09946895B1

公开(公告)日：2018-04-17

申请号：US14969686

申请日：2015-12-15

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Matthew John Campagna ,  Nima Sharifi Mehr ,  Hardik Nagda ,  Radu Berciu ,  Gergory Branchek Roth

IPC: G06F21/62

CPC classification number: G06F21/6245 ,  G06F21/6227 ,  G06F21/6263

Abstract: Sensitive data can be obfuscated before being provided for processing (i.e., aggregating, sorting, grouping, or transforming) using a pair of keys to generate a token that contains the sensitive data. The token can include a synthetic initialization vector, generated using a first key, and a ciphertext portion including the sensitive data encrypted under a second key. This tokenization can be performed by a data service or by an intermediate service that acts as an overlay or proxy for the underlying data service. The tokenized data can be provided for processing, and can remain tokenized until being received by an entity or system having access to at least the second key. A receiving entity with access to the second key can decrypt the ciphertext to obtain the plaintext, and if the first key is available the entity can perform a further integrity check on the tokenized data.