公开(公告)号：US10826832B2

公开(公告)日：2020-11-03

申请号：US16219811

申请日：2018-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Anton Stephen Radlein ,  Harvo Reyzell Jones ,  Hardeep Singh Uppal ,  Dennis Marinus ,  Dhiraj Gupta

IPC: H04L12/24 ,  H04L12/803 ,  H04L12/747 ,  H04L29/12 ,  H04L12/801 ,  H04L12/851 ,  H04L12/721 ,  H04L12/715 ,  H04L12/741 ,  H04L12/46 ,  H04W28/02 ,  H04W28/08 ,  H04W36/00 ,  H04W36/08

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. On receiving a request to access a network-accessible service, a global access point can select an endpoint for the service from among a number of data centers, based on a desired distribution of traffic among the data centers. The access point is responsive to scaling that might occur at endpoints by periodically retrieving updated configuration information for the endpoints, enabling the access point to nimbly respond to changes in endpoints for the service.

公开(公告)号：US20200162322A1

公开(公告)日：2020-05-21

申请号：US16219811

申请日：2018-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Anton Stephen Radlein ,  Harvo Reyzell Jones ,  Hardeep Singh Uppal ,  Dennis Marinus ,  Dhiraj Gupta

IPC: H04L12/24 ,  H04L12/803 ,  H04L12/741 ,  H04L12/721 ,  H04L12/801 ,  H04L29/12

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. On receiving a request to access a network-accessible service, a global access point can select an endpoint for the service from among a number of data centers, based on a desired distribution of traffic among the data centers. The access point is responsive to scaling that might occur at endpoints by periodically retrieving updated configuration information for the endpoints, enabling the access point to nimbly respond to changes in endpoints for the service.

公开(公告)号：US09081978B1

公开(公告)日：2015-07-14

申请号：US13905815

申请日：2013-05-30

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Jeremiah John Connolly ,  Dennis Marinus

IPC: G06F21/00 ,  G06F21/62 ,  G06F21/10 ,  H04L29/06

CPC classification number: G06F21/62 ,  G06F21/10 ,  G06F21/6227 ,  G06F21/6254 ,  H04L63/0428

Abstract: Techniques are described for tokenizing information to be stored in an untrusted environment. During tokenization, one or more strings in a file or data stream are replaced with a token. The token may be generated as a random number or a counter, such that the replaced string may not be derived based on the token. Token-to-string mapping data may be stored in a trusted environment, and the tokenized information may be stored in the untrusted environment. Users may search the tokenized information based on non-sensitive search terms present in a whitelist that is accessible from the untrusted environment, the whitelist providing a token-to-string mapping for the non-sensitive terms. The search results may be provided as redacted information, in which the non-sensitive strings have been detokenized based on the whitelist while the sensitive strings remain tokenized.

Abstract translation: 描述了将信息标记化以存储在不可信环境中的技术。 在标记化期间，文件或数据流中的一个或多个字符串将被替换为令牌。 令牌可以被生成为随机数或计数器，使得可以不基于令牌导出替换的字符串。 令牌到串映射数据可以存储在可信环境中，并且令牌化信息可以存储在不可信环境中。 用户可以根据白名单中存在的非敏感搜索词来搜索令牌化信息，该条目可从不受信任的环境访问，白名单为非敏感词提供令牌到字符串映射。 搜索结果可以作为编辑的信息提供，其中非敏感字符串已经基于白名单而被削减，而敏感字符串保持标记化。

公开(公告)号：US10924411B2

公开(公告)日：2021-02-16

申请号：US16219770

申请日：2018-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Anton Stephen Radlein ,  Harvo Reyzell Jones ,  Hardeep Singh Uppal ,  Dennis Marinus ,  Dhiraj Gupta

IPC: G06F15/173 ,  H04L12/803 ,  H04L12/747 ,  H04L29/12 ,  H04L12/801 ,  H04L12/851 ,  H04L12/721 ,  H04L12/715 ,  H04L12/741 ,  H04L12/24 ,  H04L12/46 ,  H04W28/02 ,  H04W28/08 ,  H04W36/00 ,  H04W36/08 ,  H04L29/08 ,  H04L12/26

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. On receiving a request to access a network-accessible service, a global access point can select an endpoint for the service from among a number of data centers, based on a desired distribution of traffic among the data centers. The access point then forwards the traffic to the selected endpoint. In one embodiment, the access point applies network address translation to enable the traffic to be routed to the endpoint without terminating a connection at the endpoint. The access point may use a variety of techniques to ensure resiliency of the network and knowledge of available endpoints.

公开(公告)号：US20200162959A1

公开(公告)日：2020-05-21

申请号：US16219797

申请日：2018-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Anton Stephen Radlein ,  Harvo Reyzell Jones ,  Hardeep Singh Uppal ,  Dennis Marinus ,  Dhiraj Gupta

IPC: H04W28/02 ,  H04W28/08 ,  H04W36/08 ,  H04W36/00 ,  H04L12/46

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. The access points enable rapid use of connection-oriented communication sessions by conducting an initialization phase of the sessions locally on the access point. Session context information is then handed off to an endpoint for the service, which can provide the service through the already-established sessions. To avoid breaking sessions due to changes in network routing, each access point can apply a uniform selection criteria for endpoints, such that if client traffic is routed to a different access point, that access point redirects the traffic to the same endpoint previously servicing the traffic via an established session.

公开(公告)号：US20230246943A1

公开(公告)日：2023-08-03

申请号：US17590285

申请日：2022-02-01

Applicant: Amazon Technologies, Inc.

Inventor： Bradford Sachin Chatterjee ,  Thomas Bradley Scholl ,  Michael W. Palladino ,  Cheng-Jia Lai ,  Christopher Jason Brown ,  Yao Liu ,  Sasha Robbins ,  Blake Hoelzel ,  Eric Charles Briffa ,  Madhura Kale ,  Dennis Marinus ,  Matt Chung ,  Ibn Wendell Archer

IPC: H04L45/00 ,  H04L45/74 ,  H04L45/02

CPC classification number: H04L45/04 ,  H04L45/02 ,  H04L45/74

Abstract: A system can determine by which path/tunnel an Internet destination can be best reached for a user with an IP address from a static BGP range. The system looks up the destination address in an egress map. This map can either specify a tunnel that should be used for encapsulation for static BGP, or (when tunnel is not present) cause the system to send out unencapsulated traffic, in which the traffic follows normal BGP routing on a border network.

公开(公告)号：US20200162386A1

公开(公告)日：2020-05-21

申请号：US16219770

申请日：2018-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Anton Stephen Radlein ,  Harvo Reyzell Jones ,  Hardeep Singh Uppal ,  Dennis Marinus ,  Dhiraj Gupta

IPC: H04L12/803 ,  H04L12/747 ,  H04L12/721 ,  H04L12/801 ,  H04L12/851 ,  H04L29/12

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. On receiving a request to access a network-accessible service, a global access point can select an endpoint for the service from among a number of data centers, based on a desired distribution of traffic among the data centers. The access point then forwards the traffic to the selected endpoint. In one embodiment, the access point applies network address translation to enable the traffic to be routed to the endpoint without terminating a connection at the endpoint. The access point may use a variety of techniques to ensure resiliency of the network and knowledge of available endpoints.

公开(公告)号：US11968226B1

公开(公告)日：2024-04-23

申请号：US15461051

申请日：2017-03-16

Applicant: Amazon Technologies, Inc.

Inventor： Payam Tarverdyan Chychi ,  Dennis Marinus ,  Shawn Joseph Marck ,  Stephen Roderick O'Dor

IPC: H04L9/40 ,  H04L43/0888 ,  H04L45/00 ,  H04L47/127 ,  H04L61/5007

CPC classification number: H04L63/1441 ,  H04L43/0888 ,  H04L45/22 ,  H04L47/127 ,  H04L61/5007 ,  H04L63/0236 ,  H04L63/1416 ,  H04L2463/141

Abstract: Remote Triggered Black Holes (RTBHs) can be precisely placed on networks that are not directly physically connected to a target of an attack. A network source of a potential attack can be determined. A path between the network source and the target can be identified, and a determination can be made as to which networks along that path subscribe to an attack mitigation service. From multiple identified subscriber networks, a subscriber network can be identified that is determined to be appropriate for placement of a black hole to mitigate the attack. Once selected, the identified network can receive attack information and acknowledge placement of the black hole. The subscriber network can then begin discarding traffic for the attack target. A subscriber-owned list of network prefixes can be reviewed before allowing RTBH injection for a corresponding address space.

公开(公告)号：US20200162387A1

公开(公告)日：2020-05-21

申请号：US16219807

申请日：2018-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Anton Stephen Radlein ,  Harvo Reyzell Jones ,  Hardeep Singh Uppal ,  Dennis Marinus ,  Dhiraj Gupta

IPC: H04L12/803 ,  H04L12/801 ,  H04L12/715 ,  H04L12/741 ,  H04L29/12

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. Globalized network addresses can be divided among different pools, and each service can be associated with addresses of more than one pool. To increase resiliency, access points can advertise different pools of addresses to different neighboring devices, creating different pathways to reach the access point. If an error occurs on a neighboring network, a client can try to access the service via an address of a different pool, which can be expected to be routed through a different neighboring network, thus enabling the client to reach the access point.