公开(公告)号：US10528536B1

公开(公告)日：2020-01-07

申请号：US14281785

申请日：2014-05-19

Applicant: Amazon Technologies, Inc.

Inventor： Praveen Kumar Gattu ,  Aykud Gonen ,  Jonathan Jorge Nadal ,  Abhilasha Seth ,  Huan Sun ,  Derek Ernest Denny-Brown, II

IPC: G06F16/00 ,  G06F16/21

Abstract: A method and apparatus for managing keys pertaining to data objects are disclosed. In the method and apparatus, a plurality of keys that are associated with a plurality of data objects are retained, whereby the plurality of keys are capable of being listed in accordance with an ordering scheme. The ordering scheme is used to inspect the plurality of keys to determine whether a data object associated with a key of the plurality of keys satisfies a criterion. One or more actions are taken on the key or associated data object based at least in part on determining that the criterion is satisfied, whereby an order of taking the one or more actions is a reverse of an order by which the key is listed in accordance with the ordering scheme.

公开(公告)号：US20170093913A1

公开(公告)日：2017-03-30

申请号：US14863804

申请日：2015-09-24

Applicant: Amazon Technologies, Inc.

Inventor： Carl Wesley Summers ,  Jonathan Jorge Nadal ,  Praveen Kumar Gattu ,  Syed Omair Zafar Gillani

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/20 ,  G06F21/604 ,  G06F21/6236 ,  G06F2221/2101 ,  G06F2221/2107 ,  G06F2221/2115 ,  G06F2221/2141 ,  H04L63/08 ,  H04L63/0846 ,  H04L63/105 ,  H04L67/10

Abstract: A customer of a resource provider environment can apply policies at the data object level that will live with a data object during its lifecycle, even as the object moves across trusted boundaries. A customer can classify data, causing tags and/or predicates to be applied to the corresponding data object. Each tag corresponds to a policy, with predicates relating to various actions that can be performed on the data. A chain of custody is maintained for each data object, such that any changes to the object, tags, or policies for the data can be determined, as may be required for various audit processes. The support of such policies also enables the resource provider environment to function as an intermediary, whereby a third party can receive the data along with the tags, policies, and chain of custody as long as the environment trusts the third party to receive the data object.

公开(公告)号：US11531658B2

公开(公告)日：2022-12-20

申请号：US16707790

申请日：2019-12-09

Applicant: Amazon Technologies, Inc.

Inventor： Praveen Kumar Gattu ,  Aykud Gonen ,  Jonathan Jorge Nadal ,  Abhilasha Seth ,  Joseph Thomas Selman

IPC: G06F7/00 ,  G06F16/21 ,  G06F16/11

Abstract: A method and apparatus for criterion-based retention of data object versions are disclosed. In the method and apparatus, a plurality of keys are sorted in accordance with an ordering scheme, whereby a key of the plurality of keys has an associated version of a data object and a timestamp. The key is inspected in accordance with the ordering scheme to determine based at least in part on the timestamp whether a criterion for performing an action on the associated version of the data object is satisfied. If the criterion is satisfied, a marker key is added to the plurality of keys, whereby the marker key precedes the inspected key according to the ordering scheme and indicates that the criterion is satisfied.

公开(公告)号：US11386041B1

公开(公告)日：2022-07-12

申请号：US14962746

申请日：2015-12-08

Applicant: Amazon Technologies, Inc.

Inventor： Syed Omair Zafar Gillani ,  Carl Wesley Summers ,  Jonathan Jorge Nadal

IPC: G06F16/11 ,  G06F16/176 ,  G06F16/2455 ,  G06F16/2457

Abstract: Data tags, such as may be used to classify data, can be automatically applied at appropriate times in a resource environment. A customer can provide an auto-tagging configuration file that can be used to determine tags to be applied to specific data objects based upon properties of those objects. The customer can also provide policies that indicate which actions can be performed for those objects based at least in part upon the applied tags. The tags can be automatically applied at any appropriate time, such as upon storage into the environment, upon modification of the auto-tagging configuration, or upon modification or the data object. In some embodiments, an auto-tagging process can also be performed in response to a request for access to the data object in order to ensure that the correct tags are applied before determining the permitted actions.

公开(公告)号：US20200228574A1

公开(公告)日：2020-07-16

申请号：US16835925

申请日：2020-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Carl Wesley Summers ,  Jonathan Jorge Nadal ,  Praveen Kumar Gattu ,  Syed Omair Zafar Gillani

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/60 ,  G06F21/62

Abstract: A customer of a resource provider environment can apply policies at the data object level that will live with a data object during its lifecycle, even as the object moves across trusted boundaries. A customer can classify data, causing tags and/or predicates to be applied to the corresponding data object. Each tag corresponds to a policy, with predicates relating to various actions that can be performed on the data. A chain of custody is maintained for each data object, such that any changes to the object, tags, or policies for the data can be determined, as may be required for various audit processes. The support of such policies also enables the resource provider environment to function as an intermediary, whereby a third party can receive the data along with the tags, policies, and chain of custody as long as the environment trusts the third party to receive the data object.

公开(公告)号：US10594730B1

公开(公告)日：2020-03-17

申请号：US14962762

申请日：2015-12-08

Applicant: Amazon Technologies, Inc.

Inventor： Carl Wesley Summers ,  Syed Omair Zafar Gillani ,  Jonathan Jorge Nadal

IPC: G06F17/00 ,  H04L29/06

Abstract: Data tags, such as may be used to classify data, can be automatically applied at appropriate times in a resource environment. A customer can provide an auto-tagging configuration file that can be used to determine tags to be applied to specific data objects based upon properties of those objects. The customer can also provide policies that indicate which actions can be performed for those objects based at least in part upon the applied tags. The tags can be automatically applied at any appropriate time, such as upon storage into the environment, upon modification of the auto-tagging configuration, or upon modification or the data object. In some embodiments, an auto-tagging process can also be performed in response to a request for access to the data object in order to ensure that the correct tags are applied before determining the permitted actions.

公开(公告)号：US10826844B2

公开(公告)日：2020-11-03

申请号：US14870627

申请日：2015-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Carl Wesley Summers ,  Syed Omair Zafar Gillani ,  Jonathan Jorge Nadal

IPC: H04L12/927 ,  G06F21/62 ,  H04L12/911 ,  H04L29/08 ,  H04L29/06

Abstract: Information for a data object can be prevented from loss for import and export operations across a trust boundary, such as may exist between environments under control of different legal entities. A set of dependencies, including information such as data tags and identifiers for applicable policies, can be embedded in a data object, such as directly in a header or in a digest or token of the data object. When the data object is transmitted across a trust boundary, such as to a destination bucket, the destination bucket can ensure that all dependencies are available and able to be enforced in the destination environment. If not, the request can be denied or the destination environment can contact the source environment to attempt to obtain and enforce the missing dependencies. At least some of the dependencies may also need to be transformed in the second environment.

公开(公告)号：US20170093753A1

公开(公告)日：2017-03-30

申请号：US14870627

申请日：2015-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Carl Wesley Summers ,  Syed Omair Zafar Gillani ,  Jonathan Jorge Nadal

IPC: H04L12/927 ,  H04L12/911 ,  H04L29/08 ,  H04L29/06

Abstract: Information for a data object can be prevented from loss for import and export operations across a trust boundary, such as may exist between environments under control of different legal entities. A set of dependencies, including information such as data tags and identifiers for applicable policies, can be embedded in a data object, such as directly in a header or in a digest or token of the data object. When the data object is transmitted across a trust boundary, such as to a destination bucket, the destination bucket can ensure that all dependencies are available and able to be enforced in the destination environment. If not, the request can be denied or the destination environment can contact the source environment to attempt to obtain and enforce the missing dependencies. At least some of the dependencies may also need to be transformed in the second environment.