公开(公告)号：US10341281B2

公开(公告)日：2019-07-02

申请号：US13747261

申请日：2013-01-22

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Peter Nicholas DeSantis ,  Léon Thrane

IPC: H04L12/58

Abstract: Approaches are described for security and access control for computing resources. Various embodiments utilize metadata, e.g., tags that can be applied to one or more computing resources (e.g., virtual machines, host computing devices, applications, databases, etc.) to control access to these and/or other computing resources. In various embodiments, the tags and access control policies described herein can be utilized in a multitenant shared resource environment.

公开(公告)号：US09053343B1

公开(公告)日：2015-06-09

申请号：US13677212

申请日：2012-11-14

Applicant: Amazon Technologies, Inc.

Inventor： Erik James Fuller ,  David Everard Brown ,  James Alfred Gordon Greenfield ,  Peter Nicholas DeSantis

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/62 ,  H04W12/04 ,  H04W12/06

CPC classification number: G06F21/6227 ,  G06F21/604 ,  G06F21/6263 ,  G06F2221/0711 ,  G06F2221/2101 ,  G06F2221/2153

Abstract: Methods and systems for allowing system administrators to effectively debug access control issues experience by users without comprising security. In some embodiment, when a user's request to access services provided by a service provider is denied, the user may be issued a token that encodes some of debugging information useful for determining the cause of the denial of access. The debugging information may be encoded such that it is inaccessible to the user. Subsequently, the user may give the token to an administrator. The administrator may submit the token to the service provider, which may decode the token and provide the administrator access to debugging information that is useful for debugging access control policies causing the denial of access.

Abstract translation: 允许系统管理员有效地调试用户的访问控制问题体验的方法和系统，而不包括安全性。 在一些实施例中，当用户访问由服务提供商提供的服务的请求被拒绝时，可以向用户发出令牌，该令牌对一些调试信息进行编码，这些调试信息有助于确定拒绝访问的原因。 可以对调试信息进行编码，使得用户不可访问调试信息。 随后，用户可以将令牌给予管理员。 管理员可以将令牌提交给服务提供商，该服务提供商可以对令牌进行解码，并向管理员提供访问对调试访问控制策略造成拒绝访问有用的调试信息。

公开(公告)号：US20140208414A1

公开(公告)日：2014-07-24

申请号：US13747224

申请日：2013-01-22

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Peter Nicholas DeSantis ,  Léon Thrane

IPC: G06F21/62

CPC classification number: G06F21/6218 ,  G06F2221/2149

Abstract: Approaches are described for security and access control for computing resources. Various embodiments utilize metadata, e.g., tags that can be applied to one or more computing resources (e.g., virtual machines, host computing devices, applications, databases, etc.) to control access to these and/or other computing resources. In various embodiments, the tags and access control policies described herein can be utilized in a multitenant shared resource environment.

Abstract translation: 描述了用于计算资源的安全和访问控制的方法。 各种实施例利用元数据，例如可以应用于一个或多个计算资源（例如，虚拟机，主机计算设备，应用程序，数据库等）的标签来控制对这些和​​/或其他计算资源的访问。 在各种实施例中，本文描述的标签和访问控制策略可以在多租户共享资源环境中使用。

公开(公告)号：US12218841B1

公开(公告)日：2025-02-04

申请号：US16712589

申请日：2019-12-12

Applicant: Amazon Technologies, Inc.

Inventor： Leah Shalev ,  Georgy Zorik Machulsky ,  Peter Nicholas DeSantis ,  Nafea Bshara ,  Omer Ilany

IPC: H04L47/10 ,  H04L41/0816 ,  H04L43/0829 ,  H04L69/16 ,  H04L69/163

Abstract: Methods and apparatuses for improving network packet transmission performance in terms of latency with reduced packet retransmission times and fewer packet drops in congested networks are provided. Packet-switched networks can experience long delays while waiting for out-of-order packets or re-transmissions of lost packets. In addition, network faults such as transmission path failures can result in excessive delay while attempting to find a new route over which to transmit packets. To improve packet transmission performance, application data may be encapsulated into first network packets by a first transport protocol having an interface exposed to the application, in the first network packets may be encapsulated into second network packets according to a second transport protocol. The second transport protocol can enable the second network packets of a same packet flow to be transmitted across multiple paths over the network.

公开(公告)号：US09576141B2

公开(公告)日：2017-02-21

申请号：US13747239

申请日：2013-01-22

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Peter Nicholas DeSantis ,  Léon Thrane

IPC: G06F17/30 ,  G06F15/173 ,  G06F21/62

CPC classification number: G06F21/6209

Abstract: Approaches are described for security and access control for computing resources. Various embodiments utilize metadata, e.g., tags that can be applied to one or more computing resources (e.g., virtual machines, host computing devices, applications, databases, etc.) to control access to these and/or other computing resources. In various embodiments, the tags and access control policies described herein can be utilized in a multitenant shared resource environment.

Abstract translation: 描述了用于计算资源的安全和访问控制的方法。 各种实施例利用元数据，例如可以应用于一个或多个计算资源（例如，虚拟机，主机计算设备，应用程序，数据库等）的标签来控制对这些和​​/或其他计算资源的访问。 在各种实施例中，本文描述的标签和访问控制策略可以在多租户共享资源环境中使用。

公开(公告)号：US09530020B2

公开(公告)日：2016-12-27

申请号：US13747224

申请日：2013-01-22

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Peter Nicholas DeSantis ,  Léon Thrane

IPC: G06F7/04 ,  G06F21/62

CPC classification number: G06F21/6218 ,  G06F2221/2149

Abstract: Approaches are described for security and access control for computing resources. Various embodiments utilize metadata, e.g., tags that can be applied to one or more computing resources (e.g., virtual machines, host computing devices, applications, databases, etc.) to control access to these and/or other computing resources. In various embodiments, the tags and access control policies described herein can be utilized in a multitenant shared resource environment.

Abstract translation: 描述了用于计算资源的安全和访问控制的方法。 各种实施例利用元数据，例如可以应用于一个或多个计算资源（例如，虚拟机，主机计算设备，应用程序，数据库等）的标签来控制对这些和​​/或其他计算资源的访问。 在各种实施例中，本文描述的标签和访问控制策略可以在多租户共享资源环境中使用。

公开(公告)号：US20140207861A1

公开(公告)日：2014-07-24

申请号：US13747261

申请日：2013-01-22

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Peter Nicholas DeSantis ,  Léon Thrane

IPC: H04L12/58

CPC classification number: H04L51/32

Abstract: Approaches are described for security and access control for computing resources. Various embodiments utilize metadata, e.g., tags that can be applied to one or more computing resources (e.g., virtual machines, host computing devices, applications, databases, etc.) to control access to these and/or other computing resources. In various embodiments, the tags and access control policies described herein can be utilized in a multitenant shared resource environment.

Abstract translation: 描述了用于计算资源的安全和访问控制的方法。 各种实施例利用元数据，例如可以应用于一个或多个计算资源（例如，虚拟机，主机计算设备，应用程序，数据库等）的标签来控制对这些和​​/或其他计算资源的访问。 在各种实施例中，本文描述的标签和访问控制策略可以在多租户共享资源环境中使用。

公开(公告)号：US20140207824A1

公开(公告)日：2014-07-24

申请号：US13747239

申请日：2013-01-22

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Peter Nicholas DeSantis ,  Léon Thrane

IPC: G06F17/30

CPC classification number: G06F21/6209

Abstract: Approaches are described for security and access control for computing resources. Various embodiments utilize metadata, e.g., tags that can be applied to one or more computing resources (e.g., virtual machines, host computing devices, applications, databases, etc.) to control access to these and/or other computing resources. In various embodiments, the tags and access control policies described herein can be utilized in a multitenant shared resource environment.

Abstract translation: 描述了用于计算资源的安全和访问控制的方法。 各种实施例利用元数据，例如可以应用于一个或多个计算资源（例如，虚拟机，主机计算设备，应用程序，数据库等）的标签来控制对这些和​​/或其他计算资源的访问。 在各种实施例中，本文描述的标签和访问控制策略可以在多租户共享资源环境中使用。