公开(公告)号：US11864095B2

公开(公告)日：2024-01-02

申请号：US18046866

申请日：2022-10-14

Applicant: Amazon Technologies, Inc.

Inventor： Malik Bouchet ,  Chandan Talukdar ,  Christopher A. Stephens ,  Anna Viktorivna Druzkina ,  Richard M. Sears

IPC: H04W48/16 ,  H04W12/08 ,  H04W48/18 ,  H04W88/08 ,  H04W92/20 ,  H04L67/133 ,  G06F16/25

CPC classification number: H04W48/16 ,  H04L67/133 ,  H04W12/08 ,  H04W48/18 ,  H04W88/08 ,  H04W92/20

Abstract: Disclosed are system architectures and techniques for multiple access points for a data container. Control plane and data plane APIs are disclosed for generating access points and associating the access points with data containers, as well as for generating access point policies that specify permissions for the access points. More than one access point may be associated with a single data container. A storage service receives requests directed to the access points, and grants or denies the requests based on the permissions specified in the corresponding policies. Various types of use cases for using access policies are contemplated such as default, regional, or network-based (e.g., VPC-based) use-cases or the like. A system may implement layers of policies such as identity and access management policies, access point policies and data container policies.

公开(公告)号：US10908927B1

公开(公告)日：2021-02-02

申请号：US16586539

申请日：2019-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Timothy Lawrence Harris ,  Kevin C. Miller ,  Ramyanshu Datta ,  Chandan Talukdar

IPC: G06F9/44 ,  G06F9/445 ,  G06F13/16

Abstract: Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests. A function can implement a data manipulation, such as filtering out sensitive data before reading or writing the data. The functions can be applied prior to implementing a request method (e.g., GET or PUT) specified within the I/O request, such that the data to which the method is applied my not match the object specified within the request. For example, a user may request to obtain (e.g., GET) a data set. The data set may be passed to a function that filters sensitive data to the data set, and the GET request method may then be applied to the output of the function. In this manner, owners of objects on an object storage service are provided with greater control of objects stored or retrieved from the service.

公开(公告)号：US20230061347A1

公开(公告)日：2023-03-02

申请号：US18046866

申请日：2022-10-14

Applicant: Amazon Technologies, Inc.

Inventor： Malik Bouchet ,  Chandan Talukdar ,  Christopher A. Stephens ,  Anna Viktorivna Druzkina ,  Richard M. Sears

IPC: H04W48/16 ,  H04W12/08 ,  H04W48/18 ,  H04W88/08 ,  H04W92/20 ,  H04L67/133

Abstract: Disclosed are system architectures and techniques for multiple access points for a data container. Control plane and data plane APIs are disclosed for generating access points and associating the access points with data containers, as well as for generating access point policies that specify permissions for the access points. More than one access point may be associated with a single data container. A storage service receives requests directed to the access points, and grants or denies the requests based on the permissions specified in the corresponding policies. Various types of use cases for using access policies are contemplated such as default, regional, or network-based (e.g., VPC-based) use-cases or the like. A system may implement layers of policies such as identity and access management policies, access point policies and data container policies.

公开(公告)号：US11477725B2

公开(公告)日：2022-10-18

申请号：US16917507

申请日：2020-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Malik Bouchet ,  Chandan Talukdar ,  Christopher A. Stephens ,  Anna Viktorivna Druzkina ,  Richard M. Sears

IPC: H04W48/16 ,  H04W12/08 ,  H04W48/18 ,  H04W92/20 ,  H04W88/08 ,  H04L67/133 ,  G06F16/25

Abstract: Disclosed are system architectures and techniques for multiple access points for a data container. Control plane and data plane APIs are disclosed for generating access points and associating the access points with data containers, as well as for generating access point policies that specify permissions for the access points. More than one access point may be associated with a single data container. A storage service receives requests directed to the access points, and grants or denies the requests based on the permissions specified in the corresponding policies. Various types of use cases for using access policies are contemplated such as default, regional, or network-based (e.g., VPC-based) use-cases or the like. A system may implement layers of policies such as identity and access management policies, access point policies and data container policies.

公开(公告)号：US20210410051A1

公开(公告)日：2021-12-30

申请号：US16917507

申请日：2020-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Malik Bouchet ,  Chandan Talukdar ,  Christopher A. Stephens ,  Anna Viktorivna Druzkina ,  Richard M. Sears

IPC: H04W48/16 ,  H04W92/20 ,  H04W88/08 ,  H04W48/18 ,  H04W12/08 ,  H04L29/06

Abstract: Disclosed are system architectures and techniques for multiple access points for a data container. Control plane and data plane APIs are disclosed for generating access points and associating the access points with data containers, as well as for generating access point policies that specify permissions for the access points. More than one access point may be associated with a single data container. A storage service receives requests directed to the access points, and grants or denies the requests based on the permissions specified in the corresponding policies. Various types of use cases for using access policies are contemplated such as default, regional, or network-based (e.g., VPC-based) use-cases or the like. A system may implement layers of policies such as identity and access management policies, access point policies and data container policies.