Robust data tagging

US 10,296,750 B1
Filed: 09/10/2014
Issued: 05/21/2019
Est. Priority Date: 09/10/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing computing resources in a multi-tenant web services platform, the method comprising:

receiving a request for data pertaining to computing resources of the multi-tenant web services platform;

determining an identity associated with the request and verifying that the identity is authorized to view tagged metadata associated with the data;

verifying integrity of the tagged metadata;

allowing the verified identity to view, add, or modify verified tagged metadata associated with the data;

applying a revision history, version control, and binding scheme to the added or modified tagged metadata, wherein the revision history, version control, and binding scheme maintain information regarding the access to the tagged metadata by authorized identities; and

allowing other identities to view, add, and modify the tagged metadata by verifying the other identities'"'"' authority to view, add, and modify the tagged metadata while maintaining the revision history, version control, and binding scheme to newly added or modified tagged metadata.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Users are authorized to access tagged metadata in a provider network. A revision control and binding mechanism may be applied to tagged metadata that is added or modified by the user. A recommendation pertaining to security and compliance for the computing resource may be determined based on an analysis of the computing resource, scoring criteria, and data pertaining to customer and system data.

Citations

20 Claims

1. A computer-implemented method for managing computing resources in a multi-tenant web services platform, the method comprising:
- receiving a request for data pertaining to computing resources of the multi-tenant web services platform;
  
  determining an identity associated with the request and verifying that the identity is authorized to view tagged metadata associated with the data;
  
  verifying integrity of the tagged metadata;
  
  allowing the verified identity to view, add, or modify verified tagged metadata associated with the data;
  
  applying a revision history, version control, and binding scheme to the added or modified tagged metadata, wherein the revision history, version control, and binding scheme maintain information regarding the access to the tagged metadata by authorized identities; and
  
  allowing other identities to view, add, and modify the tagged metadata by verifying the other identities'"'"' authority to view, add, and modify the tagged metadata while maintaining the revision history, version control, and binding scheme to newly added or modified tagged metadata.
- View Dependent Claims (2, 3)
- - 2. The method according to claim 1, wherein the metadata comprises security and compliance metadata.
  - 3. The method according to claim 1, wherein the tagged metadata includes predetermined schema indicative of compliance with one or more security and assurance frameworks.

4. A system configured to allocate computing resources to customers of a provider network, the system comprising:
- at least one memory having stored therein computer instructions that, upon execution by one or more processors of the system, at least cause the system to;
  
  verify that a process is authorized to access tagged metadata associated with computing resources of a provider network, wherein the tagged metadata is access restricted to authorized processes and wherein the tagged metadata is cryptographically bound;
  
  allowing the requesting process to access the tagged metadata; and
  
  applying a revision control mechanism to tagged metadata that is added or modified by the requesting process by maintaining revision control information regarding access to the tagged metadata by authorized processes.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 5. The system of claim 4, further comprising computer instructions that, upon execution by the one or more processors of the system, at least cause the system to allow other processes to view, add, and modify the tagged metadata by verifying the other processes'"'"' authority to view, add, and modify the tagged metadata.
  - 6. The system of claim 5, further comprising computer instructions that, upon execution by the one or more processors of the system, at least cause the system to maintain the revision control mechanism to newly added or modified tagged metadata.
  - 7. The system of claim 4, further comprising computer instructions that, upon execution by the one or more processors of the system, at least cause the system to restrict visibility of the tagged metadata to processes who are not authorized to access the tagged metadata.
  - 8. The system of claim 4, further comprising computer instructions that, upon execution by the one or more processors of the system, at least cause the system to form one or more content security groups based on the tagged metadata.
  - 9. The system of claim 4, further comprising computer instructions that, upon execution by the one or more processors of the system, at least cause the system to implement a security content management policy using the tagged metadata.
  - 10. The system of claim 6, further comprising computer instructions that, upon execution by the one or more processors of the system, at least cause the system to encrypt the tagged metadata.
  - 11. The system of claim 4, wherein the metadata comprises security and compliance metadata.
  - 12. The system of claim 4, wherein the tagged metadata includes predetermined schema indicative of compliance with one or more security and assurance frameworks.
  - 13. The system of claim 4, further comprising computer instructions that, upon execution by the one or more processors of the system, at least cause the system to implement an application programming interface configured to:
    - receive first electronic messages that encode identifiers indicative of the tagged metadata; and
      
      in response to receiving one of the first electronic messages, send second electronic messages indicative of information pertaining to the tagged metadata.
  - 14. The system of claim 4, wherein the tagged metadata includes predetermined schema imported from an external source.

15. A non-transitory computer-readable storage medium having stored thereon computer-readable instructions, the computer-readable storage medium comprising instructions that upon execution on one or more computing devices, at least cause the one or more computing devices to:
- verify an identity of a user of a provider network;
  
  verify that the user is authorized to access tagged metadata associated with the computing resources of the provider network, wherein the tagged metadata is access restricted to authorized users and wherein the tagged metadata is computationally bound;
  
  allowing the verified user to access the metadata; and
  
  applying a revision control and binding mechanism to metadata that is added or modified by the user by maintaining revision control information regarding access to the tagged metadata by verified users.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, further comprising instructions that upon execution on one or more computing devices, at least cause the one or more computing devices to allow other users to view, add, and modify the metadata by verifying the other users'"'"' authority to view, add, and modify the metadata.
  - 17. The non-transitory computer-readable medium of claim 15, further comprising instructions that upon execution on one or more computing devices, at least cause the one or more computing devices to encrypt the metadata.
  - 18. The non-transitory computer-readable medium of claim 17, further comprising instructions that upon execution on one or more computing devices, at least cause the one or more computing devices to decrypt the metadata for users who are authorized to access the metadata associated with the computing resources.
  - 19. The non-transitory computer-readable medium of claim 15, wherein the user interface is an application programming interface configured to:
    - receive first electronic messages that encode identifiers indicative of requested metadata; and
      
      in response to receiving one of the first electronic messages, send second electronic messages indicative of information pertaining to the requested metadata.
  - 20. The non-transitory computer-readable medium of claim 15, wherein the metadata includes predetermined schema indicative of compliance with one or more security and assurance frameworks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Rossman, Hart Matthew
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Debnath, Suman

Application Number

US14/482,680
Time in Patent Office

1,714 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2365   Ensuring data consistency a...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

Robust data tagging

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Robust data tagging

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links