公开(公告)号：US20210096882A1

公开(公告)日：2021-04-01

申请号：US16586619

申请日：2019-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Kevin C. Miller ,  Ramyanshu Datta ,  Timothy Lawrence Harris

IPC: G06F9/445 ,  H04L29/06 ,  G06F9/50 ,  G06F16/188

Abstract: Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests. A function can implement a data manipulation, such as filtering out sensitive data before reading or writing the data. The functions can be applied prior to implementing a request method (e.g., GET or PUT) specified within the I/O request, such that the data to which the method is applied my not match the object specified within the request. For example, a user may request to obtain (e.g., GET) a data set. The data set may be passed to a function that filters sensitive data to the data set, and the GET request method may then be applied to the output of the function. In this manner, owners of objects on an object storage service are provided with greater control of objects stored or retrieved from the service.

公开(公告)号：US11656892B1

公开(公告)日：2023-05-23

申请号：US16586694

申请日：2019-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Timothy Lawrence Harris ,  Ramyanshu Datta ,  Kevin C. Miller

IPC: G06F9/455 ,  G06F9/48 ,  G06F16/22 ,  G06F16/245 ,  G06F9/38

CPC classification number: G06F9/45558 ,  G06F9/3897 ,  G06F9/4806 ,  G06F16/221 ,  G06F16/245 ,  G06F2009/4557

Abstract: Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing any combination of and any number of owner-specified functions and native functions. A function can implement a data manipulation. The functions can be applied prior to implementing a request method (e.g., GET, PUT, LIST, etc.) specified within the I/O request, such that the data to which the method is applied may not match the object specified within the request. For example, a user may request to obtain a data set. The data set may be passed to a native function that filters sensitive data to the data set, the output of the native function may be passed to an owner-specified function that redacts data from the filtered data set, and the request method may then be applied to the output of the owner-specified function.

公开(公告)号：US20230038409A1

公开(公告)日：2023-02-09

申请号：US17811534

申请日：2022-07-08

Applicant: Amazon Technologies, Inc.

Inventor： Ramyanshu Datta ,  Timothy Lawrence Harris ,  Kevin C. Miller

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/08

Abstract: Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests. A function can implement a data manipulation, such as filtering out sensitive data before reading or writing the data. The functions can be applied prior to implementing a request method (e.g., GET or PUT) specified within the I/O request, such that the data to which the method is applied my not match the object specified within the request. For example, a user may request to obtain (e.g., GET) a data set. The data set may be passed to a function that filters sensitive data to the data set, and the GET request method may then be applied to the output of the function. In this manner, owners of objects on an object storage service are provided with greater control of objects stored or retrieved from the service

公开(公告)号：US11055112B2

公开(公告)日：2021-07-06

申请号：US16586704

申请日：2019-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Kevin C. Miller ,  Ramyanshu Datta ,  Timothy Lawrence Harris

IPC: G06F9/445 ,  G06F9/54 ,  G06F13/16

Abstract: Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests. A function can implement a data manipulation, such as filtering out sensitive data before reading or writing the data. The functions can be applied prior to implementing a request method (e.g., GET or PUT) specified within the I/O request, such that the data to which the method is applied my not match the object specified within the request. For example, a user may request to obtain (e.g., GET) a data set. The data set may be passed to a function that filters sensitive data to the data set, and the GET request method may then be applied to the output of the function. In this manner, owners of objects on an object storage service are provided with greater control of objects stored or retrieved from the service.

公开(公告)号：US20210097024A1

公开(公告)日：2021-04-01

申请号：US16586647

申请日：2019-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Kevin C. Miller ,  Timothy Lawrence Harris ,  Ramyanshu Datta

IPC: G06F16/14 ,  G06F16/182 ,  G06F21/62

Abstract: Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests. A function can implement data access control, such as controlling which users are provided access to which portions of an object collection maintained by the object storage service. For example, data access control functions can be applied prior to implementing a request method (e.g., GET or PUT) specified within the I/O request, and may grant or deny access based on a variety of factors such as user identity, time window, prior access, keywords, geographical region, etc. In this manner, owners of the object collection are provided with greater control over how the object collection is accessed.

公开(公告)号：US10007797B1

公开(公告)日：2018-06-26

申请号：US14808988

申请日：2015-07-24

Applicant: Amazon Technologies, Inc.

Inventor： Kevin C. Miller

IPC: G06F21/62 ,  H04L9/08 ,  H04L29/06 ,  H04L9/14

CPC classification number: G06F21/6209 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/085 ,  H04L9/088 ,  H04L9/14 ,  H04L63/0428 ,  H04L63/045 ,  H04L63/06

Abstract: In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user's private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data. When the content site receives a request for the private data from the user or optionally from other users (such as social networking friends), the server can send the encrypted user data to a client associated with the requesting user. This client, if operated by an authorized user, can decrypt the private data and present it to the authorized user.

公开(公告)号：US11860879B2

公开(公告)日：2024-01-02

申请号：US17652365

申请日：2022-02-24

Applicant: Amazon Technologies, Inc.

Inventor： Timothy Lawrence Harris ,  Kevin C. Miller ,  Ramyanshu Datta

IPC: G06F7/00 ,  G06F16/2457 ,  G06F16/2455 ,  G06F16/9035 ,  G06F16/2452 ,  G06F16/23

CPC classification number: G06F16/24575 ,  G06F16/2329 ,  G06F16/24524 ,  G06F16/24552 ,  G06F16/9035

Abstract: Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests. A function can implement a data manipulation, such as filtering out sensitive data before reading or writing the data. The functions can be applied prior to implementing a request method (e.g., GET or PUT) specified within the I/O request, such that the data to which the method is applied may not match the object specified within the request. For example, a user may request to obtain (e.g., GET) a data set. The data set may be passed to a function that filters sensitive data to the data set, and the GET request method may then be applied to the output of the function. In this manner, owners of objects on an object storage service are provided with greater control of objects stored or retrieved from the service.

公开(公告)号：US11262944B1

公开(公告)日：2022-03-01

申请号：US16587854

申请日：2019-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Kevin C. Miller ,  James C. Kirschner ,  Robert J. Czarnecki ,  Paul D. Franklin ,  Rishabh Animesh

IPC: G06F3/06 ,  B65G1/137 ,  H04L29/08 ,  H04L67/1097 ,  H04L67/02

Abstract: Systems and methods are provided for utilizing rules for placement of objects in storage in a manner that improves retrieval times relative to a default ordering utilized by an object storage system. For example, a request to store an object in a persistent storage of a data storage system may be received, metadata associated with the request may then be parsed to identify a signal for placement of the object within the persistent storage, and a rule may be identified for placement of objects associated with that signal, such as by indicating a desired grouping or ordering of objects associated with the signal. A particular storage location for the object may then be determined within the persistent storage based at least in part on the signal, the rule, and previously determined storage locations of one or more other data objects associated with the signal.

公开(公告)号：US11023416B2

公开(公告)日：2021-06-01

申请号：US16586647

申请日：2019-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Kevin C. Miller ,  Timothy Lawrence Harris ,  Ramyanshu Datta

IPC: G06F16/00 ,  G06F16/14 ,  G06F21/62 ,  G06F16/182

Abstract: Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests. A function can implement data access control, such as controlling which users are provided access to which portions of an object collection maintained by the object storage service. For example, data access control functions can be applied prior to implementing a request method (e.g., GET or PUT) specified within the I/O request, and may grant or deny access based on a variety of factors such as user identity, time window, prior access, keywords, geographical region, etc. In this manner, owners of the object collection are provided with greater control over how the object collection is accessed.

公开(公告)号：US10996961B2

公开(公告)日：2021-05-04

申请号：US16586818

申请日：2019-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Kevin C. Miller ,  Ramyanshu Datta ,  Robert Devers Wilson ,  Timothy Lawrence Harris

IPC: G06F9/44 ,  G06F9/445 ,  G06F16/22 ,  G06F13/16

Abstract: Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests. A function can implement a data manipulation, such as filtering out sensitive data before reading or writing the data. The functions can be applied prior to implementing a request method (e.g., GET or PUT) specified within the I/O request, such that the data to which the method is applied may not match the object specified within the request. For example, a user may request to obtain (e.g., GET) a data set. The data set may be passed to a function that filters sensitive data to the data set, and the GET request method may then be applied to the output of the function. In this manner, owners of objects on an object storage service are provided with greater control of objects stored or retrieved from the service.