公开(公告)号：US10706166B1

公开(公告)日：2020-07-07

申请号：US15475020

申请日：2017-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Srikanth Mandadi ,  Mahendra Manshi Chheda ,  Alazel Acheson ,  Daniel Stephen Popick ,  James Robert Englert

IPC: G06F7/04 ,  G06F21/62 ,  G06F16/22 ,  G06F16/23 ,  H04L29/08

Abstract: A schema for a hierarchical data structure may include application specific extensions to the schema applied to a hierarchical data structure. Class may be added to the schema by individual applications granted access to a hierarchical data structure. When an access request for an object of the hierarchical data structure is received, the class may be identified in the schema and applied to process the access request to the object. Different classes may be added by different applications without disrupting the utilization of the schema for accessing the hierarchical data structure of other applications.

公开(公告)号：US09418213B1

公开(公告)日：2016-08-16

申请号：US13760738

申请日：2013-02-06

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Daniel Stephen Popick ,  Bradley Jeffery Behm

IPC: G06F21/31

CPC classification number: H04L63/105 ,  G06F21/31 ,  G06F21/335 ,  G06F21/6218 ,  G06Q20/06 ,  G06Q2220/00 ,  H04L63/08

Abstract: Permissions can be delegated to enable access to resources associated with one or more different accounts, which might be associated with one or more different entities. Delegation profiles are established that are associated with at least one secured account of at least one customer. Each delegation profile includes information such as a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once a delegation profile is created, the profile can be available for external principals or services that provide a user credential delegated access under the account, where that credential is provided by a trusted identity service. Access can be provided across accounts using the user credential.

Abstract translation: 可以委派权限来访问与一个或多个不同帐户相关联的资源，这些帐户可能与一个或多个不同的实体相关联。 建立与至少一个客户的至少一个安全帐户相关联的授权配置文件。 每个委托简档都包括信息，例如一个名称，一个验证策略，它指定可能在该帐户外部的主体，以及哪些被允许承担该委托简档的授权策略，以及一个授权策略，指示帐户中允许的行为， 在代理简介中行事。 一旦创建了一个授权配置文件，该配置文件可用于在该帐户下提供用户凭据委派访问的外部主体或服务，该凭证由受信任的身份服务提供。 可以使用用户凭据在各个帐户之间提供访问。

公开(公告)号：US11550763B2

公开(公告)日：2023-01-10

申请号：US17112744

申请日：2020-12-04

Applicant: Amazon Technologies, Inc.

Inventor： Mahendra Manshi Chheda ,  James Robert Englert ,  Srikanth Mandadi ,  Alazel Acheson ,  Daniel Stephen Popick

IPC: G06F16/21 ,  G06F16/22 ,  G06F16/23

Abstract: Versions of a schema may be maintained for application to hierarchical data structures. Updates to include in a new version of a schema may be received. The updates may be evaluated for compatibility with a current version of the schema. Compatible updates may be included in the new version of the schema. Incompatible updates may not be included in the new version of the schema. The new version of the schema may be made available for application to hierarchical data structures inclusive of the compatible updates to the schema.

公开(公告)号：US11361063B2

公开(公告)日：2022-06-14

申请号：US16406758

申请日：2019-05-08

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Daniel Stephen Popick ,  Derek Avery Lyon ,  John Michael Morkel ,  Graeme David Baer ,  Ajith Harshana Ranabahu ,  Khaled Salah Sedky

IPC: G06F21/33 ,  H04L43/55 ,  H04L9/40 ,  G06F21/62 ,  G06F21/60 ,  G06F16/93 ,  G06F21/52 ,  G06F21/31 ,  G06F3/06 ,  G06F21/12 ,  G06F21/57

Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.

公开(公告)号：US11100129B1

公开(公告)日：2021-08-24

申请号：US15967446

申请日：2018-04-30

Applicant: Amazon Technologies, Inc.

Inventor： Daniel Stephen Popick ,  Alazel Acheson ,  Jasmeet Chhabra ,  Luke Edward Kennedy ,  Meng Li

IPC: G06F16/00 ,  G06F16/27 ,  G06F16/23

Abstract: A consistent view of associations between independently replicated data objects may be provided. Data objects may be stored in separate data stores. Copies of the data stores may also store the data objects. The copies of the data stores may independently receive the data objects to be stored as part of independently replicating data stores to one or more copies of the data stores. An association can be created between objects in the different data store. If when the association is created it is determined that a referenced object is not yet stored in a copy of a data store, then both the association and the referenced object may be stored in the same data store so that the association and the referenced object are replicated together to a copy of the same data store.

公开(公告)号：US20210109907A1

公开(公告)日：2021-04-15

申请号：US17112744

申请日：2020-12-04

Applicant: Amazon Technologies, Inc.

Inventor： Mahendra Manshi Chheda ,  James Robert Englert ,  Srikanth Mandadi ,  Alazel Acheson ,  Daniel Stephen Popick

IPC: G06F16/21 ,  G06F16/22 ,  G06F16/23

Abstract: Versions of a schema may be maintained for application to hierarchical data structures. Updates to include in a new version of a schema may be received. The updates may be evaluated for compatibility with a current version of the schema. Compatible updates may be included in the new version of the schema. Incompatible updates may not be included in the new version of the schema. The new version of the schema may be made available for application to hierarchical data structures inclusive of the compatible updates to the schema.

公开(公告)号：US10785199B1

公开(公告)日：2020-09-22

申请号：US15823236

申请日：2017-11-27

Applicant: Amazon Technologies, Inc.

Inventor： Jasmeet Chhabra ,  Daniel Stephen Popick ,  Luke Edward Kennedy

IPC: H04L29/06

Abstract: A key distribution host determines a trust level of a user authentication server, wherein the trust level is based, at least in part, on one or more attributes of the user authentication server and provides one or more authentication keys to the user authentication server only if the trust level of the user authentication server is above a threshold value.

公开(公告)号：US10715458B1

公开(公告)日：2020-07-14

申请号：US15836565

申请日：2017-12-08

Applicant: Amazon Technologies, Inc.

Inventor： Conor Patrick Cahill ,  Jasmeet Chhabra ,  Daniel Stephen Popick

IPC: H04L12/911 ,  H04L29/06 ,  H04L29/08 ,  G06F21/45 ,  G06Q10/00 ,  G06F21/31

Abstract: User identities can managed at an organization level, instead of across multiple individual resource accounts. In a resource provider environment, access to various resources and services may require users to have identities with specific resource accounts. Users can instead be associated with organization accounts, or virtual accounts that are not associated with specific resources or services. The organization accounts are attached at the appropriate location(s) in an organizational hierarchy. A user having an organization account can project the identity in any sub-account in the organization hierarchy. This can include any lower-level resource account, or can child accounts under a relevant branch of the hierarchy. A user can validate against the organization account, and receive access to the relevant service or resources using the identity projected in the corresponding resource account.

公开(公告)号：US10320624B1

公开(公告)日：2019-06-11

申请号：US14042277

申请日：2013-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Daniel Stephen Popick ,  Derek Avery Lyon ,  John Michael Morkel ,  Graeme David Baer ,  Ajith Harshana Ranabahu ,  Khaled Salah Sedky

IPC: G06F15/173 ,  H04L12/24 ,  H04L29/06 ,  G06F21/62 ,  G06F21/52

Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.

公开(公告)号：US10225152B1

公开(公告)日：2019-03-05

申请号：US14042233

申请日：2013-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Daniel Stephen Popick ,  Derek Avery Lyon ,  John Michael Morkel ,  Graeme David Baer ,  Ajith Harshana Ranabahu ,  Khaled Salah Sedky

IPC: G06F15/173 ,  H04L12/24 ,  H04L29/06 ,  G06F21/62

Abstract: A method and apparatus for the evaluation and remediation of an access control policy is disclosed. In the method and apparatus, an intermediary service may make access request, on behalf of a customer, to one or more computing resources and the access control policy is evaluation to determine whether the request is authorized. Further, remediation options for the access control policy are offered for the request to be authorized.