-
21.发明授权公开(公告)号:US12081389B1
公开(公告)日:2024-09-03
申请号:US17937042
申请日:2022-09-30
Applicant: Amazon Technologies, Inc.
Inventor: Sandeep Kumar , Venkatesh Nagapudi
IPC: G06F11/14 , H04L41/0654 , H04L41/0894
CPC classification number: H04L41/0654 , H04L41/0894
Abstract: Provided is a system for facilitating recovery of deleted computing resources in a cloud network environment. A centralized resource recovery service may communicate with a plurality of resource management services that are each configured to create, modify, or delete their respective computing resources such as storage volumes, databases, and compute instances. The resource recovery service may allow configuration of resource group policies such that deletion of grouped resources can be managed more effectively and efficiently. For example, in the event that a deleted resources matches multiple resource retention rules, the resource retention rule that encompasses multiple resource types may be used to place the deleted resource in a recoverable state so that resources of such multiple resource types can be managed according to the same resource retention.
-
公开(公告)号:US12032450B1
公开(公告)日:2024-07-09
申请号:US17449629
申请日:2021-09-30
Applicant: Amazon Technologies, Inc.
Inventor: Sandeep Kumar , Anil Gathala , Venkatesh Nagapudi , Vaibhav Khunger
CPC classification number: G06F11/1464 , G06F11/1469 , G06F16/128
Abstract: Provided is a system for facilitating recovery of deleted computing resources in a cloud network environment. A centralized resource recovery service may be in network communication with a plurality of resource management services that are each configured to create, modify, or delete their respective computing resources such as data storage volumes, databases, compute instances, and the like. The resource recovery service may be configured to receive a delete request associated with a resource managed by one of the resource management services, and cause the resource to be retained in a recovery bin based on the resource satisfying one of a plurality of resource recovery conditions used to manage resource recovery across the resource management services.
-
公开(公告)号:US11662928B1
公开(公告)日:2023-05-30
申请号:US16698314
申请日:2019-11-27
Applicant: Amazon Technologies, Inc.
Inventor: Sandeep Kumar , Marc Stephen Olson
CPC classification number: G06F3/064 , G06F3/067 , G06F3/0622 , G06F3/0656 , G06F8/658 , G06F11/1458 , G06F21/6218 , G06F21/6236 , H04L9/0819 , H04L63/0464
Abstract: Systems and methods for efficient and secure management of encrypted “snapshots” for a remote provider substrate extension (“PSE”) of a cloud provider network substrate are provided. The PSE may request and obtain a snapshot from the cloud provider network substrate, restore a volume from the snapshot, make changes to data in the restored volume, and/or initiate the creation and storage of a new snapshot that includes incremental updates to the original snapshot to reflect the changes made to data in the volume. An encrypted snapshot stored within the cloud provider network substrate may be decrypted using a cloud provider key designed for internal use only, and then re-encrypted using a PSE-specific key before providing the snapshot to the PSE, thereby avoiding the sharing of the cloud provider internal use only key outside the cloud provider network substrate.
-
公开(公告)号:US11640484B1
公开(公告)日:2023-05-02
申请号:US17249634
申请日:2021-03-08
Applicant: Amazon Technologies, Inc.
Inventor: Sandeep Kumar
Abstract: Multi-envelope encryption provides redundancy for highly-available storage of encrypted data. Data, such as a “snapshot” representing values of every block of a block storage volume or device at a specific point in time, may be encrypted before storage to prevent unauthorized access to the data. To further protect the data and prevent unauthorized access to the data, additional security measures may be taken. Multiple copies of the data key that is to be used to decrypt the data may be encrypted and stored separately from the encrypted data as envelopes. The different envelopes may each be encrypted using envelope keys. If one envelope key is later lost or otherwise becomes unavailable, the encrypted data can still be accessed by using a different envelope key to recover the data key and decrypt the data.
-
公开(公告)号:US11502824B2
公开(公告)日:2022-11-15
申请号:US16909814
申请日:2020-06-23
Applicant: Amazon Technologies, Inc.
Inventor: Sandeep Kumar , Danny Wei , Lalit Jain , Varun Verma , Oscar Allen Grim Courchaine , Kristina Kraemer Brenneman , Sriram Venugopal , Arvind Chandrasekar
Abstract: Generally described, one or more aspects of the present application correspond to techniques for creating encrypted block store volumes of data from unencrypted object storage snapshots of the volumes. These encryption techniques use a special pool of servers for performing the encryption. These encryption servers are not accessible to users, and they perform encryption and pass encrypted volumes to other block store servers for user access. The encryption context for the volumes can be persisted on the encryption severs for as long as needed for encryption and not shared with the user-facing servers in order to prevent user access to encryption context.
-
Patent Agency Ranking
公开(公告)号:US10936729B2
公开(公告)日:2021-03-02
申请号:US15889053
申请日:2018-02-05
Applicant: Amazon Technologies, Inc.
Inventor: Sandeep Kumar , Gregory Branchek Roth , Gregory Alan Rubin , Mark Christopher Seigle , Kamran Tirdad
Abstract: A data storage service redundantly stores data and keys used to encrypt the data. Data objects are encrypted with first cryptographic keys. The first cryptographic keys are encrypted by second cryptographic keys. The first cryptographic keys and second cryptographic keys are redundantly stored in a data storage system to enable access of the data objects, such as to respond to requests to retrieve the data objects. The second cryptographic keys may be encrypted by third keys and redundantly stored in the event access to a second cryptographic key is lost.
-
公开(公告)号:US20200322138A1
公开(公告)日:2020-10-08
申请号:US16909814
申请日:2020-06-23
Applicant: Amazon Technologies, Inc.
Inventor: Sandeep Kumar , Danny Wei , Lalit Jain , Varun Verma , Oscar Allen Grim Courchaine , Kristina Kraemer Brenneman , Sriram Venugopal , Arvind Chandrasekar
Abstract: Generally described, one or more aspects of the present application correspond to techniques for creating encrypted block store volumes of data from unencrypted object storage snapshots of the volumes. These encryption techniques use a special pool of servers for performing the encryption. These encryption servers are not accessible to users, and they perform encryption and pass encrypted volumes to other block store servers for user access. The encryption context for the volumes can be persisted on the encryption severs for as long as needed for encryption and not shared with the user-facing servers in order to prevent user access to encryption context.
-
公开(公告)号:US10452453B1
公开(公告)日:2019-10-22
申请号:US15902950
申请日:2018-02-22
Applicant: Amazon Technologies, Inc.
Inventor: Sandeep Kumar , Ankit Singh , Varun Verma
IPC: G06F15/173 , G06F9/50 , G06F11/07 , G06F3/06
Abstract: A router of a block-level data storage service receives a request to generate a snapshot of a block device. The router, based on routing metadata for the block-level data storage service, identifies active metadata that indicates a first cell that may maintain the block device and alternate metadata that indicates a second cell that may maintain the block device. Based on a first state of the block device in the first cell, a second state of the block device in the second cell, and a predetermined set of rules defining operations corresponding to outcomes associated with the first state and the second state, the router determines which of the first cell and the second cell authoritatively maintains the block device. The router transmits the request to the appropriate cell in accordance with the predetermined set of rules.
-
公开(公告)号:US20180157853A1
公开(公告)日:2018-06-07
申请号:US15889053
申请日:2018-02-05
Applicant: Amazon Technologies, Inc.
Inventor: Sandeep Kumar , Gregory Branchek Roth , Gregory Alan Rubin , Mark Christopher Seigle , Kamran Tirdad
Abstract: A data storage service redundantly stores data and keys used to encrypt the data. Data objects are encrypted with first cryptographic keys. The first cryptographic keys are encrypted by second cryptographic keys. The first cryptographic keys and second cryptographic keys are redundantly stored in a data storage system to enable access of the data objects, such as to respond to requests to retrieve the data objects. The second cryptographic keys may be encrypted by third keys and redundantly stored in the event access to a second cryptographic key is lost.
-
公开(公告)号:US12032516B1
公开(公告)日:2024-07-09
申请号:US17217957
申请日:2021-03-30
Applicant: Amazon Technologies, Inc.
Inventor: Anil Gathala , Sandeep Kumar , Kiran Shantaram Dalvi , Chakravarthi Kalyana Valicherla , Shailendra Verma , Adonijah Park
IPC: G06F16/11 , G06F11/14 , G06F16/172 , G06F9/54
CPC classification number: G06F16/128 , G06F9/541 , G06F11/1451 , G06F16/172 , G06F2201/80 , G06F2201/84
Abstract: A file-level snapshot access service provides direct access to individual files included in a snapshot for virtual volume of a block-storage service without requiring a volume to be re-created from the snapshot, attached to a computing device, or mounted in a file system. For example, a user/client may directly retrieve individual files from specified snapshots via a user interface/API of the file-level snapshot access service. Additionally, the file-level snapshot access service is configured to provide a listing of files included in a given snapshot. In some embodiments, a file-level snapshot access service may provide direct access to individual files included in snapshots generated for other types of storage systems, such as an object-based storage system.
-
-
-
-
-
-
-
-
-
Search Results
40
records
(took 0.024 seconds)
