公开(公告)号：US11762970B2

公开(公告)日：2023-09-19

申请号：US15431708

申请日：2017-02-13

Applicant: Amazon Technologies, Inc.

Inventor： David Craig Yanacek ,  Prashant Pandey

IPC: G06F16/176 ,  G06F21/33 ,  G06F21/62 ,  H04L9/40

CPC classification number: G06F21/335 ,  G06F16/1767 ,  G06F16/1774 ,  G06F21/6218 ,  H04L63/0815

Abstract: A structured data store service, such as a database service, may implement fine-grained access to data maintained at the database service using federated identity. Fine grained access requests may be received at a database service for specified data maintained for an application provider from a client of the application provider. An access credential may be also be received. Verification of the access credential may be obtained, and the database service may evaluate the fine-grained access request according to a delegation policy corresponding to the access credential to determine whether the fine-grained request is authorized. If authorized, the fine-grained access request may be service. If not authorized, the fine-grained access request may be denied. In some embodiments, multiple application clients may have the same authorization for data, such as read authorization, while another one or more application clients may have different authorization for the data, such as write authorization.

公开(公告)号：US10860604B1

公开(公告)日：2020-12-08

申请号：US14566447

申请日：2014-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Prashant Pandey ,  Benjamin Aldouby Schwartz ,  Swaminathan Sivasubramanian ,  Khawaja Salman Shams

IPC: G06F16/27 ,  G06F11/14 ,  G06F16/22 ,  G06F16/23

Abstract: A database client may implement scalable tracking for database updates according to a secondary index. As update requests are generated and sent to a database, tracking attributes may be included in the update requests in order to be inserted into the database with respect to a portion of the database for which the requested update is performed. Tracking attributes may include a sequence number which may be used to determine an order in which the updates are performed at the database. Tracking attributes may also include a bucket identifier, which may categorize or label the portion of data updated as part of an update. These tracking attributes may be replicated to a secondary index maintained for the database. Queries to the secondary index based on the tracking attributes may identify updates performed to the database. Notifications of the identified updates may then be provided.

公开(公告)号：US20170308559A1

公开(公告)日：2017-10-26

申请号：US15645900

申请日：2017-07-10

Applicant: Amazon Technologies, Inc.

Inventor： Khawaja Salman Shams ,  Prashant Pandey ,  Swaminathan Sivasubramanian ,  Omer Ahmed Zaki ,  David Craig Yanacek ,  Johanna S. Olson ,  Hendrik de Kock ,  Johnny Ying Wu

IPC: G06F17/30

CPC classification number: G06F17/30578 ,  G06F17/30569

Abstract: A remote distributed data store may be configured to process data updates received through invocation of a common API with reference to a common schema. A local data store may also be configured to process updates through the common API with reference to the common schema. Updates to the local data store may be mapped from the local data store schema to the common schema, and applied to the distributed data store. Updates to the distributed data store may be mapped from the common schema to the local data store schema. User identity may be verified to limit data synchronization to authorized users.

公开(公告)号：US10242084B2

公开(公告)日：2019-03-26

申请号：US15645897

申请日：2017-07-10

Applicant: Amazon Technologies, Inc.

Inventor： Khawaja Salman Shams ,  Prashant Pandey ,  Swaminathan Sivasubramanian ,  Omer Ahmed Zaki ,  David Craig Yanacek ,  Johanna S Olson ,  Hendrik de Kock ,  Johnny Ying Wu

IPC: G06F17/00 ,  G06F17/30

Abstract: A remote distributed data store may be configured to process data updates received through invocation of a common API with reference to a common schema. A local data store may also be configured to process updates through the common API with reference to the common schema. Updates to the local data store may be mapped from the local data store schema to the common schema, and applied to the distributed data store. Updates to the distributed data store may be mapped from the common schema to the local data store schema. User identity may be verified to limit data synchronization to authorized users.

公开(公告)号：US20170308558A1

公开(公告)日：2017-10-26

申请号：US15645897

申请日：2017-07-10

Applicant: Amazon Technologies, Inc.

Inventor： Khawaja Salman Shams ,  Prashant Pandey ,  Swaminathan Sivasubramanian ,  Omer Ahmed Zaki ,  David Craig Yanacek ,  Johanna S. Olson ,  Hendrik de Kock ,  Johnny Ying Wu

IPC: G06F17/30

CPC classification number: G06F17/30578 ,  G06F17/30569

Abstract: A remote distributed data store may be configured to process data updates received through invocation of a common API with reference to a common schema. A local data store may also be configured to process updates through the common API with reference to the common schema. Updates to the local data store may be mapped from the local data store schema to the common schema, and applied to the distributed data store. Updates to the distributed data store may be mapped from the common schema to the local data store schema. User identity may be verified to limit data synchronization to authorized users.

公开(公告)号：US20170155686A1

公开(公告)日：2017-06-01

申请号：US15431708

申请日：2017-02-13

Applicant: Amazon Technologies, Inc.

Inventor： David Craig Yanacek ,  Prashant Pandey

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/205 ,  G06F21/335 ,  G06F21/6218 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/12

Abstract: A structured data store service, such as a database service, may implement fine-grained access to data maintained at the database service using federated identity. Fine grained access requests may be received at a database service for specified data maintained for an application provider from a client of the application provider. An access credential may be also be received. Verification of the access credential may be obtained, and the database service may evaluate the fine-grained access request according to a delegation policy corresponding to the access credential to determine whether the fine-grained request is authorized. If authorized, the fine-grained access request may be service. If not authorized, the fine-grained access request may be denied. In some embodiments, multiple application clients may have the same authorization for data, such as read authorization, while another one or more application clients may have different authorization for the data, such as write authorization.

公开(公告)号：US09330271B1

公开(公告)日：2016-05-03

申请号：US14054767

申请日：2013-10-15

Applicant: Amazon Technologies, Inc.

Inventor： Khawaja Salman Shams ,  Prashant Pandey ,  Swaminathan Sivasubramanian ,  Omer Ahmed Zaki

IPC: G06F7/04 ,  G06F17/30 ,  G06F21/60 ,  H04L29/06

CPC classification number: G06F21/606 ,  G06F17/30575 ,  G06F21/629 ,  G06F2221/2141 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/10

Abstract: A remote distributed data store may be configured to process data updates received through invocation of a common API with reference to a common schema. Local data stores may also be configured to process updates using a common API and schema. Data for multiple users may be stored in a common collection of items maintained by a remote distributed data store. User identity may be verified through a public identity service. User identity and access permissions may be associated with items stored in a remote distributed data store.

Abstract translation: 远程分布式数据存储可以被配置为通过参考公共模式来处理通过调用公共API而接收到的数据更新。 本地数据存储还可以配置为使用通用API和模式来处理更新。 用于多个用户的数据可以存储在由远程分布式数据存储器维护的项目的公共集合中。 可以通过公共身份服务验证用户身份。 用户身份和访问权限可以与存储在远程分布式数据存储中的项目相关联。

公开(公告)号：US10176242B2

公开(公告)日：2019-01-08

申请号：US15645900

申请日：2017-07-10

Applicant: Amazon Technologies, Inc.

Inventor： Khawaja Salman Shams ,  Prashant Pandey ,  Swaminathan Sivasubramanian ,  Omer Ahmed Zaki ,  David Craig Yanacek ,  Johanna S Olson ,  Hendrik de Kock ,  Johnny Ying Wu

IPC: G06F17/00 ,  G06F17/30

Abstract: A remote distributed data store may be configured to process data updates received through invocation of a common API with reference to a common schema. A local data store may also be configured to process updates through the common API with reference to the common schema. Updates to the local data store may be mapped from the local data store schema to the common schema, and applied to the distributed data store. Updates to the distributed data store may be mapped from the common schema to the local data store schema. User identity may be verified to limit data synchronization to authorized users.

公开(公告)号：US09703814B1

公开(公告)日：2017-07-11

申请号：US14054760

申请日：2013-10-15

Applicant: Amazon Technologies, Inc.

Inventor： Khawaja Salman Shams ,  Prashant Pandey ,  Swaminathan Sivasubramanian ,  Omer Ahmed Zaki ,  David Craig Yanacek ,  Johanna S Olson ,  Hendrik Jacobus de Kock ,  Johnny Ying Wu

IPC: G06F17/00 ,  G06F17/30

CPC classification number: G06F17/30578 ,  G06F17/30569

Abstract: A remote distributed data store may be configured to process data updates received through invocation of a common API with reference to a common schema. A local data store may also be configured to process updates through the common API with reference to the common schema. Updates to the local data store may be mapped from the local data store schema to the common schema, and applied to the distributed data store. Updates to the distributed data store may be mapped from the common schema to the local data store schema. User identity may be verified to limit data synchronization to authorized users.

公开(公告)号：US09569634B1

公开(公告)日：2017-02-14

申请号：US14108247

申请日：2013-12-16

Applicant: Amazon Technologies, Inc.

Inventor： David Craig Yanacek ,  Prashant Pandey

IPC: G06F17/30 ,  G06F7/00 ,  G06F21/62

CPC classification number: H04L63/205 ,  G06F21/335 ,  G06F21/6218 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/12

Abstract: A structured data store service, such as a database service, may implement fine-grained access to data maintained at the database service using federated identity. Fine grained access requests may be received at a database service for specified data maintained for an application provider from a client of the application provider. An access credential may be also be received. Verification of the access credential may be obtained, and the database service may evaluate the fine-grained access request according to a delegation policy corresponding to the access credential to determine whether the fine-grained request is authorized. If authorized, the fine-grained access request may be service. If not authorized, the fine-grained access request may be denied. In some embodiments, multiple application clients may have the same authorization for data, such as read authorization, while another one or more application clients may have different authorization for the data, such as write authorization.

Abstract translation: 诸如数据库服务的结构化数据存储服务可以使用联合身份来实现对在数据库服务维护的数据的细粒度访问。 可以在数据库服务处接收从应用程序提供者的客户端为应用程序提供者维护的指定数据的细粒度访问请求。 还可以接收访问凭证。 可以获得访问凭证的验证，并且数据库服务可以根据与访问凭证相对应的委托策略来评估细粒度访问请求，以确定细粒度请求是否被授权。 如果授权，细粒度访问请求可能是服务。 如果未经授权，则可能会拒绝细粒度访问请求。 在一些实施例中，多个应用客户端可以对数据具有相同的授权，诸如读取授权，而另一个或多个应用客户端可能对数据具有不同的授权，例如写授权。