公开(公告)号：US11003783B1

公开(公告)日：2021-05-11

申请号：US16137987

申请日：2018-09-21

Applicant: Amazon Technologies, Inc.

Inventor： Cristi Ursachi ,  Amanda Gray ,  Priti Marappan ,  Dan Mutescu

IPC: G06F21/60 ,  H04L9/30 ,  G06F21/62 ,  G06F16/22

Abstract: Disclosed are various embodiments for searchable encrypted data stores. A plurality of rows in a data table that have a cell in a column of the row that matches a value are identified. A bitmap that represents the plurality of rows is generated. The bitmap is encrypted. A key is then generated for a key-value pair. The key can be represented by a message authentication code (MAC) based at least in part on a tuple of a name of the data table, an identifier of the column, and the value. The key-value pair with the key and the encrypted bitmap is then sent to a remote computing device for storage.

公开(公告)号：US11494499B1

公开(公告)日：2022-11-08

申请号：US17182930

申请日：2021-02-23

Applicant: Amazon Technologies, Inc.

Inventor： Cristi Ursachi ,  Amanda Gray ,  Priti Marappan ,  Dan Mutescu

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/30 ,  G06F16/22

Abstract: Disclosed are various embodiments for searching encrypted data stores. A first computing device can send a message authentication code (MAC) to a second computing device the MAC representing a tuple of a name of a data table, an identifier of a column of the data table, and a valid value for the column. Then, an encrypted bitmap can be received from the second computing device and decrypted to generate a decrypted bitmap. Bitwise operations can be performed on the decrypted bitmap to identify a plurality of encrypted rows of the data table containing a cell that comprises the valid value. Then, at least the plurality of at least partially encrypted rows of the data table can be requested from the second computing device and decrypted to generate a respective plurality of decrypted rows.

公开(公告)号：US10574702B1

公开(公告)日：2020-02-25

申请号：US15861569

申请日：2018-01-03

Applicant: Amazon Technologies, Inc.

Inventor： Jacob Edward Rickerd ,  Amanda Gray ,  Tushaar Sethi ,  Pujun Wu

IPC: H04L9/00 ,  H04L29/06 ,  H04L9/14

Abstract: A system assesses a security configuration proposed for production on a target computer system. The system may receive the security configuration proposed for production and obtain telemetry metrics generated based on security configurations implemented on one or more computer systems of the service provider. The system may assess a security configuration proposed for deployment based on telemetry metrics and generate status information based on the assessment. An authorization recommendation may be provided based whether the status information indicates that the proposed security configuration satisfies one or more conditions.