公开(公告)号：US11582025B2

公开(公告)日：2023-02-14

申请号：US17037369

申请日：2020-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Marc Brooker ,  Derek Manwaring ,  Osman Surkatty ,  Mikhail Danilov ,  Peter Martin McDonnell ,  Stefan Schneider

IPC: G06F21/00 ,  H04L29/06 ,  H04L9/06 ,  H04L9/08

Abstract: Systems and methods are described for providing secure storage of data sets while enabling efficient deduplication of data. Each data set can be divided into fixed-length blocks. The plaintext of each block can be convergently encrypted, such as by using a hash of the plaintext as an encryption key, to result in block-level ciphertext that can be stored. If two data sets share blocks, the resulting block-level ciphertext can be expected to overlap, and thus duplicative block-level ciphertexts need not be stored. A manifest can be created to facilitate re-creation of the data set, which manifest identifies the block-level ciphertexts of the data set and a key by which each block-level ciphertext was encrypted. By use of block-level encryption, nearly identical data sets can be largely deduplicated, even if they are not perfectly identical.

公开(公告)号：US11329803B2

公开(公告)日：2022-05-10

申请号：US17037427

申请日：2020-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Marc Brooker ,  Osman Surkatty ,  Derek Manwaring ,  Mikhail Danilov ,  Peter Martin McDonnell ,  Stefan Schneider

IPC: H04L29/06 ,  H04L9/06 ,  H04L9/08

Abstract: Systems and methods are described for providing storage of encrypted data sets, deduplication of such data sets, and control of the redundancy of those data sets. A form of modified convergent encryption can be employed, whereby an encryption key for a data set is selected based on a combination of the plaintext of the data set and a salt value, with the salt value being selected from a number of permutations corresponding to a desired redundancy of the data set in a storage system. Accordingly, a given data set can result in a number of ciphertexts equal to the desired redundancy, and deduplication can occur by removing duplicative instances of individual ciphertexts. Salt values can be selected according to a variety of criteria, including user-based, time-based, and location-based criteria.

公开(公告)号：US20220103338A1

公开(公告)日：2022-03-31

申请号：US17037369

申请日：2020-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Marc Brooker ,  Derek Manwaring ,  Osman Surkatty ,  Mikhail Danilov ,  Peter Martin McDonnell ,  Stefan Schneider

IPC: H04L9/06 ,  H04L9/08

Abstract: Systems and methods are described for providing secure storage of data sets while enabling efficient deduplication of data. Each data set can be divided into fixed-length blocks. The plaintext of each block can be convergently encrypted, such as by using a hash of the plaintext as an encryption key, to result in block-level ciphertext that can be stored. If two data sets share blocks, the resulting block-level ciphertext can be expected to overlap, and thus duplicative block-level ciphertexts need not be stored. A manifest can be created to facilitate re-creation of the data set, which manifest identifies the block-level ciphertexts of the data set and a key by which each block-level ciphertext was encrypted. By use of block-level encryption, nearly identical data sets can be largely deduplicated, even if they are not perfectly identical.

公开(公告)号：US11900152B1

公开(公告)日：2024-02-13

申请号：US17218015

申请日：2021-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Marc Brooker ,  David Nasi ,  Trishika Pattabiraman ,  Holly Mesrobian ,  Mikhail Danilov ,  Peter Barry ,  Peter Martin McDonnell

IPC: G06F3/00 ,  G06F9/48 ,  G06F8/71 ,  G06F11/34 ,  G06F16/18 ,  G06F11/30 ,  G06F8/65

CPC classification number: G06F9/4843 ,  G06F8/65 ,  G06F8/71 ,  G06F11/3034 ,  G06F11/3409 ,  G06F16/1873

Abstract: Systems and methods are described for providing updating of disk images supporting serverless code execution and controlled deployment of updated disk images. A disk image can be defined as a set of layers that represent a file system include code of a serverless function and other data used by the code. A function owner can designate one layer as containing software or other data subject to update. When a new version of the layer is obtained at a serverless compute system, the system can generate a new disk image containing the updated layer. The system can then gradually transition the function to the new disk image, by dividing calls to the function among two versions of the function—one using the prior disk image, and one using the new disk image. Performance data gained from the new version of the function can be used to control the gradual transition.

公开(公告)号：US20220103339A1

公开(公告)日：2022-03-31

申请号：US17037427

申请日：2020-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Marc Brooker ,  Osman Surkatty ,  Derek Manwaring ,  Mikhail Danilov ,  Peter Martin McDonnell ,  Stefan Schneider

IPC: H04L9/06 ,  H04L9/08

Abstract: Systems and methods are described for providing storage of encrypted data sets, deduplication of such data sets, and control of the redundancy of those data sets. A form of modified convergent encryption can be employed, whereby an encryption key for a data set is selected based on a combination of the plaintext of the data set and a salt value, with the salt value being selected from a number of permutations corresponding to a desired redundancy of the data set in a storage system. Accordingly, a given data set can result in a number of ciphertexts equal to the desired redundancy, and deduplication can occur by removing duplicative instances of individual ciphertexts. Salt values can be selected according to a variety of criteria, including user-based, time-based, and location-based criteria.