{"Amazon Patents"}

Amazon Patents

As I was doing my regular work on patents and APIs I thought it would be a good idea to set aside all of the patents from Amazon that I had been reading--1,296 in total. I think that their patents provide an pretty interesting look on what their plans are for world domination. ;-)

Image caching system to support fast scrolling of images in a graphical user interface

Owner: Amazon Technologies, Inc.
Publication #: 09501415
Publication Date: 2016-11-22
Patent URL: View on USPTO Website

A system for image caching is described. The system may include a non-volatile memory to store encoded images, a volatile memory including an image cache, and a processing device to retrieve one or more of the encoded images from the non-volatile memory using a fetching thread, distribute the retrieved images to multiple decoding threads to decode the retrieved images, and store the decoded images in the image cache for use by a rendering application.


Log record management

Owner: Amazon Technologies, Inc.
Publication #: 09501501
Publication Date: 2016-11-22
Patent URL: View on USPTO Website

A database system may maintain a plurality of log records at a distributed storage system. Each of the plurality of log records may be associated with a respective change to a data page. The plurality of log records may be transformed (e.g., cropped, prune, reduce, fused, deleted, merged, added, etc.).


Securing results of privileged computing operations

Owner: Amazon Technologies, Inc.
Publication #: 09503268
Publication Date: 2016-11-22
Patent URL: View on USPTO Website

A formalized set of interfaces (e.g., application programming interfaces (APIs)) is described, that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order to secure the results of privileged operations on systems such as the operating system (OS) kernel and/or the hypervisor. The interface allows a public key to be included into a request to perform a privileged operation on a hypervisor and/or kernel. The kernel and/or hypervisor use the key included in the request to encrypt the results of the privileged operation. In some embodiments, the request itself can also be encrypted, such that any intermediate parties are not able to read the parameters and other information of the request.


Deployment feedback for system updates to resources in private networks

Owner: Amazon Technologies, Inc.
Publication #: 09503351
Publication Date: 2016-11-22
Patent URL: View on USPTO Website

Deployment feedback for updates to resources implemented in a private network may be implemented. Feedback codes may be generated and included in deployments sent to a private network for deployment at resources implemented in the private network. One or more of the included feedback codes may be selected based on the performance of the deployment and provided via a feedback communication channel that is disconnected and distinct from the private network. Once received, a current status of the deployment may be determined based on the one or more feedback codes provided via the feedback communication channel.


Compromised authentication information clearing house

Owner: Amazon Technologies, Inc.
Publication #: 09503451
Publication Date: 2016-11-22
Patent URL: View on USPTO Website

Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor.


Data volume placement techniques

Owner: Amazon Technologies, Inc.
Publication #: 09503517
Publication Date: 2016-11-22
Patent URL: View on USPTO Website

A storage management system monitors an indicator of whether data storage is capable of meeting a performance description as stored on a current implementation resource, such as a storage server. The indicator may be used to determine whether none, some or all of the data storage should be moved from the current implementation resource to an available implementation resource.


Techniques for mobile device charging using robotic devices

Owner: Amazon Technologies, Inc.
Publication #: 09492922
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

A method, apparatus, and/or system for providing an action with respect to a mobile device using a robotic device that tracks the user and that interacts with a charging management engine. In accordance with at least one embodiment, a request to perform an action with respect to an electronic device is received. Information may be sent to one or more robotic devices within a proximity of the electronic device. A robotic device of the one or more robotic devices may be selected to perform the action. An indication may be received from the robotic device that indicates that the user has interacted with the robotic device. Instructions may be sent to the robotic device to perform the action with respect to the electronic device.


Dynamic reconstruction of application state upon application re-launch

Owner: Amazon Technologies, Inc.
Publication #: 09495142
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

A service provider system may include an application fulfillment platform that delivers desktop applications on demand to desktops on physical computing devices or virtual desktop instances of end users. An application delivery agent installed on an end user's computing resource instance may store application state data (e.g., configuration data, runtime settings, or application templates) or scratch data that is generated by an application executing on the computing resource instance to a secure location on service provider storage resources. After a machine failure or change, or a rebuilding of a virtualized computing resource instance or virtual desktop instance, an application delivery agent installed on the new machine or instance may reinstall the application, retrieve the stored application state or scratch data from service provider resources, and restore the application to the last known persisted state. Upon request, the application delivery agent may restore the application to any earlier persisted state.


Dynamically migrating computer networks

Owner: Amazon Technologies, Inc.
Publication #: 09495219
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

Techniques are described for providing capabilities to dynamically migrate computing nodes between two or more computer networks while the computer networks are in use, such as to dynamically and incrementally migrate an entire originating first computer network to a destination second computer network at a remote location. For example, the first computer network may include one or more physically connected computer networks, while the second computer network may be a virtual computer network at a remote geographical location (e.g., under control of a network-accessible service available to remote users). The provided capabilities may further include facilitating the ongoing operations of the originating first computer network while a subset of the first computer network computing nodes have been migrated to the remote destination second computer network, such as by forwarding communications between the first and second computer networks in a manner that is transparent to the various computing nodes.


Precomputed redundancy code matrices for high-availability data storage

Owner: Amazon Technolgies, Inc.
Publication #: 09495249
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

Techniques described and suggested herein include systems and methods for precomputing regeneration information for data archives (“archives”) that have been processed and stored using redundancy coding techniques. For example, regeneration information, such as redundancy code-related matrices (such as inverted matrices based on, e.g., a generator matrix for the selected redundancy code) corresponding to subsets of the shards, is computed for each subset and, in some embodiments, stored for use in the event that one or more shards becomes unavailable, e.g., so as to more efficiently and/or quickly regenerate a replacement shard.


Cover display

Owner: Amazon Technologies, Inc.
Publication #: 09495322
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

A cover for an electronic device, such as a dedicated handheld electronic book (“eBook”) reader device, is described. The eBook cover has one or more integral displays, which are used to display various information that may or may not be related to the eBook that is being consumed on the eBook reader device.


Namespace management in distributed storage systems

Owner: Amazon Technologies, Inc.
Publication #: 09495478
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

A directed acyclic graph (DAG) is generated to represent a namespace of a directory. In response to a request to create a new object with a specified name, a hash value bit sequence is computed for the name. A plurality of levels of the DAG are navigated using successive subsequences of the bit sequence to identify a candidate node for storing a new entry corresponding to the specified name. If the candidate node meets a split criterion, the new entry and at least a selected subset of entries of the candidate node's list of entries are distributed among a plurality of DAG nodes, including at least one new DAG node, using respective bit sequences obtained by applying the hash function for each distributed entry.


Sharing digital libraries

Owner: Amazon Technologies, Inc.
Publication #: 09495551
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

In some implementations, a first user associated with a first user account may send a request to exchange digital libraries with a second user associated with a second user account. Upon acceptance, the second user receives first library information associated with the first user account that identifies content items that may be accessed by the second user due to the exchange. Similarly, the first user receives second library information associated with the second user account that identifies second content items that may be accessed by the first user. In other examples, a user may access the digital library of a selected person or entity, such as a historical figure, celebrity, author, friend, or organization. Additionally, in some cases, a user may view content of a content item that a selected person is currently reading, and which may include annotations made to the content item by the selected person.


Portable device charging system

Owner: Amazon Technologies, Inc.
Publication #: 09496736
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

An accessory device or rechargeable energy pack includes a rechargeable battery or other energy storage that is rechargeable by way of an external source. Energy stored within the accessory device may be used recharge one or more other load devices, such as portable computers, smart phones, or other apparatus. The accessory device may be configured to estimate operating times for such various load devices based on their own respective, stored energy levels, and to communicate those estimates to the load devices or other entities. The accessory device may control an amount of energy delivered to a load device based on estimated energy consumption for a future period of time. Operating times for respective load devices may be increased or managed by way of operations and resources of the accessory device.


Multiply-encrypted message for filtering

Owner: Amazon Technologies, Inc.
Publication #: 09497023
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

A multiple encryption mechanism is described. In an embodiment, an encrypted electronic message and a first decryption key of a public-private key group is received. The first decryption key is operable to decrypt a set of properties for the encrypted electronic message without decrypting the encrypted electronic message. The encrypted electronic message and the set of message properties are encrypted using one or more encryption keys of the public-private key group. The set of properties for the encrypted electronic message is decrypted using the first decryption key. Using the decrypted set of properties, it is determined whether the encrypted electronic message should be flagged as a specified type of electronic message.


Using virtual networking devices and routing information to initiate external actions

Owner: Amazon Technologies, Inc.
Publication #: 09497040
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices, and using included routing information to identify and initiate external actions whose effects are not related to how network communications between computing nodes of the managed computer network are configured to be routed or otherwise forwarded through the managed computer network, such as external actions that affect devices that are not part of the managed computer network, or other types of external actions.


Client-allocatable bandwidth pools

Owner: Amazon Technologies, Inc.
Publication #: 09497139
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

Methods and apparatus for client-allocatable bandwidth pools are disclosed. A system includes a plurality of resources of a provider network and a resource manager. In response to a determination to accept a bandwidth pool creation request from a client for a resource group, where the resource group comprises a plurality of resources allocated to the client, the resource manager stores an indication of a total network traffic rate limit of the resource group. In response to a bandwidth allocation request from the client to allocate a specified portion of the total network traffic rate limit to a particular resource of the resource group, the resource manager initiates one or more configuration changes to allow network transmissions within one or more network links of the provider network accessible from the particular resource at a rate up to the specified portion.


Application control translation

Owner: Amazon Technologies, Inc.
Publication #: 09497238
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

Disclosed are various embodiments that facilitate translation of application controls. An application is executed in a hosted environment that virtualizes a first input device for the application. A video signal generated by the application is encoded into a media stream, which is sent to another computing device. Input data that is generated in a second input device of the other computing device is obtained from the other computing device. A translated form of the input data is provided to the application through the first input device.


Content delivery

Owner: Amazon Technologies, Inc.
Publication #: 09497243
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

A technology for content delivery is provided. In one example, performance of a caching network, performance of a delivery network, and customer demand are modeled. Instructions are provided for a client device on how to request content based on the modeled performance of the caching network, the modeled performance of the delivery network and the modeled customer demand.


Techniques for video data encoding

Owner: Amazon Technologies, Inc.
Publication #: 09497487
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

The techniques for encoding video content are disclosed. In an online game environment, the techniques include obtaining information for a first and second successive frames of video content and information for a position of a virtual camera associated with each frame, determining virtual camera translation information based on the positions of the virtual camera, determining a projected movement between the frames of an object included in each frame, determining the portion of the first frame to be excluded from the second frame and a new portion of the second frame, and providing the determined encoded information for a reconstruction of the second frame based on the provided information.


Personalized content insertion into media assets at the network edge

Owner: Amazon Technologies, Inc.
Publication #: 09497496
Publication Date: 2016-11-15
Patent URL: View on USPTO Website

Techniques for inserting advertising content and other personalized information into media assets are described. The techniques involve inserting personalized ads and other content into media assets as a server at the content delivery network (CDN) point-of-presence (POP) is performing the individualized encoding of the file on-the-fly. The ads and other content can be personalized based on the user's purchasing habits, user's location (geographic, GPS, IP location, etc.), the content in the media file and the like. In addition, the ads can be inserted into specific parts of the video (i.e. key frames, key slices, etc.) because the CDN node is actually transcoding the content and thus can insert the ads into the content in its own native format. For example, ads can appear as part of the video itself, different language subtitles can be integrated into the video based on the location of the user, and the like.


Tag-based deployment

Owner: Amazon Technologies, Inc.
Publication #: 09489188
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

Methods and systems for deploying upgrades are provided. In an example, a release package containing upgrade for software application, operating system, firmware and the like may be tagged with one or more package tags. Each of the package tags may be associated with a tag category comprising one or more tag values which may form a tag hierarchy. In an example, a target host for a upgrade release may be tagged with one or more host tags similar to the package tags. In an embodiment, a release package may be selected from a plurality of release packages to be deployed to a host by matching the package tags associated with the release package to the host tags associated with the host. The package tags, host tags and associated tag categories may be arbitrarily defined and/or extended.


Message processing engine

Owner: Amazon Technologies, Inc.
Publication #: 09489190
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

Techniques are described for updating applications installed on devices. The applications may include native applications having a web view component to handle interpreted language instructions. The applications may also include web applications executable within a browser. A message may be sent to a computing device, the message including update information specifying one or more updates to the state or the features of an application. The update information may be described using interpreted language instructions. To handle the updates to an application in instances when the application is inactive, a stand-alone interpreter engine may be employed instead of the web view component or instead of the interpreter engine included in a browser. Use of the stand-alone interpreter engine may mitigate possible performance effects or intrusive user interface elements from launching the web view component or the browser-based interpreter engine to perform update operations.


Dynamic tree determination for data processing

Owner: Amazon Technologies, Inc.
Publication #: 09489237
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

Data can be processed in parallel across a cluster of nodes using a parallel processing framework. Using Web services calls between components allows the number of nodes to be scaled as necessary, and allows developers to build applications on the framework using a Web services interface. A job scheduler works together with a queuing service to distribute jobs to nodes as the nodes have capacity, such that jobs can be performed in parallel as quickly as the nodes are able to process the jobs. Data can be loaded efficiently across the cluster, and levels of nodes can be determined dynamically to process queries and other requests on the system.


Context sensitive framework for providing data from relevant applications

Owner: Amazon Technologies, Inc.
Publication #: 09489247
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

Functionality is disclosed herein for using a context sensitive framework to identify relevant applications to a current context and to provide data received from the relevant applications to a user. Instead of a user having to manually locate and launch an application, relevant applications determined by a contextual service may provide data in response to receiving the context data. The applications that are identified as relevant to the context determine the application data to provide to the contextual service. The contextual service selects at least a portion of the application data to provide for display within a user interface. In some configurations, the selected application data is displayed within a user interface that maintains a same look and feel regardless of the application data that is displayed.


Structured document customizable comparison systems and methods

Owner: Amazon Technologies, Inc.
Publication #: 09489381
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

Multiple structured documents can be compared with one another utilizing user-specified custom configurations. For example, a traversal of at least two of the documents may identify one or more potential matches in the documents. A user-defined rule may be obtained that specifies differences that are expected within the documents. Additionally, a determination may be made regarding when differences between potential matches are significant based in part on user-defined rule. In some examples, significant differences may be determined to be significant as a result of being differences, other than expected differences, that vary from the expected differences. Any significant differences can be logged, reported on or added to statistics for the new service being tested.


Query data acquisition and analysis

Owner: Amazon Technologies, Inc.
Publication #: 09489423
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

Described in this disclosure are systems and techniques for acquiring query data which includes an execution plan descriptive of how queries used to access a database are processed. In one implementation, an inquiry analysis system uses a copy of a production system to generate execution plan information. The copy includes tables, relationships, metadata, and so forth, but may omit data in the tables, allowing for a compact installation. By analyzing the query data, usage trends, inefficient queries, unused fields, and so forth may be determined and used for maintenance or performance improvements.


System and method for replication log branching avoidance using post-failover rejoin

Owner: Amazon Technologies, Inc.
Publication #: 09489434
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

A system that implements a data storage service may store data on behalf of clients in multiple replicas stored on respective computing nodes. The system may employ a single master failover protocol, usable when a replica attempts to become the master replica for its replica group. Attempting to become the master replica may include acquiring a lock associated with the replica group, and gathering state information from other replicas in the group. The state information may indicate whether another replica supports the attempt (in which case it is included in a failover quorum) or stores more recent data or metadata than the replica attempting to become the master (in which case it is removed from the replica group). If replicas are removed from the group, they may re-join later or new replicas may be added. If the failover quorum includes enough replicas, the replica assumes mastership for the group.


Scheduling of splits and moves of database partitions

Owner: Amazon Technologies, Inc.
Publication #: 09489443
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

A system that implements a data storage service may store data in multiple replicated partitions on respective computing nodes on behalf of clients. A storage node may, based on the amount of provisioned resources on a given storage device or logical volume, identify candidate partition management operations to be performed, and may send information about the operations to a central partition management scheduler. The scheduler may apply a global prioritization scheme to determine an order in which to perform the candidate operations. The order may be based on whether the operations include partition splits or partition moves, whether they aim to reduce provisioned storage capacity or reduce throughput capacity on a storage device or logical volume, whether they conflict with each other, whether the total number of partitions (or replicas thereof) involved in partition management at any given time exceeds a pre-determined limit, or whether they were requested by clients.


Managing communications involving external nodes of provided computer networks

Owner: Amazon Technologies, Inc.
Publication #: 09491002
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

Techniques are described for managing communications for a managed virtual computer network overlaid on a distinct substrate computer network, including for communications involving computing nodes of the managed virtual computer network connected to the substrate network and/or other external nodes of the managed virtual computer network that are not connected to the substrate network. The managed virtual computer network may have multiple associated virtual network addresses, and the managing of the communications may further include using one or more edge modules to direct all communication that have a destination virtual network address within a range or other group of multiple virtual network addresses assigned to one or more external nodes to be forwarded over the substrate network to an edge module associated with the one or more external nodes, including to route communications between different external nodes via the substrate network.


Securing service control on third party hardware

Owner: Amazon Technologies, Inc.
Publication #: 09491111
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

Techniques for securely instantiating control plane components of provider services, at least a portion of which are instantiated within secure execution environments, are described herein. A request to instantiate the control plane of a service provided by a computing resource service provider is fulfilled by selecting a target computer system. The target computer system is selected based at least in part on the hardware capabilities of the target computer system. The control plane is then instantiated within a secure execution environment operating on the target computer system.


Providing service using run local daemon

Owner: Amazon Technologies, Inc.
Publication #: 09491115
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

A requestor seeks support to perform a particular service using a local daemon. A daemon of a responder provides a resource profile identifying resources to perform the service and information about their use. The resources, such as program code or libraries, are acquired from the responder daemon, or from another source or entity. The local daemon implements the one or more resources in accordance with the resource profile, and performs the particular service. Updated resources may be provided from time to time to the local daemon with respect to the particular service.


Account generation based on external credentials

Owner: Amazon Technologies, Inc.
Publication #: 09491155
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

Techniques are described for using a credential, such as a user identifier associated with an account on a first service, to create a reusable account on a second service. The account may be initially activated based on the receipt of a passcode sent to the account on the first service. The account may be created with access to a subset of features on the second service. On receiving a password for the account, the account may be modified to access a broader feature set. The account may be reusable via a cookie or other token placed on a user device, and reusability may be disabled on detecting possible security risk conditions associated with the user identifier.


Geographic location-based policy

Owner: Amazon Technologies, Inc.
Publication #: 09491183
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

In a computing environment a request is received from a computing device associated with a user, requesting access to one or more computing resources. An approximate geographic location of the computing device is determined based on geographic information associated with the computing device. Access to the requested one or more computing resources is allowed based on the approximate geographic location of the computing device and geographic policy information for the user.


Latency-based detection of covert routing

Owner: Amazon Technologies, Inc.
Publication #: 09491188
Publication Date: 2016-11-08
Patent URL: View on USPTO Website

A method and apparatus for detecting covert routing is disclosed. In the method and apparatus, a plurality of first data portions addressed to a remote computer system are forwarded over a first network path, whereby each first data portion of the plurality of first data portions is associated with a computer system of a plurality of computer systems. Further, a plurality of first network performance metrics are obtained, whereby each first network performance metric of the plurality of first network performance metrics is associated with a routing of a first data portion of the plurality of first data portions over the first network path. A likelihood of covert routing is determined based at least in part on the plurality of first network performance metrics.


Providing user input to a computing device with an eye closure

Owner: Amazon Technologies, Inc.
Publication #: 09483113
Publication Date: 2016-11-01
Patent URL: View on USPTO Website

Various embodiments enable additional content or features to be displayed to a user in response to detecting one eye of the user being closed either as a wink or for a duration of time. In one example, the additional content is graphical overlay, such as a menu containing selectable graphical elements to perform functions related to an application, game, or content, of global navigational features of the computing device in general, or to alternate views, features, or supplemental content for an application or game currently being displayed on a computing device. In one example, the overlay may be displayed only as long as the user keeps one eye closed or, alternatively, the user could wink to display the overlay and provide some other input to remove the overlay.


Virtual media changers

Owner: Amazon Technologies, Inc.
Publication #: 09483213
Publication Date: 2016-11-01
Patent URL: View on USPTO Website

A virtual tape system utilizes multiple virtual tape libraries. Some virtual elements of the virtual tape libraries are connected elements, such as virtual import/export slots, that logically connect two or more virtual tape libraries. Virtual media changers of the virtual tape libraries can be commanded, as if physical media changers, to virtually move virtual media, such as virtual tapes, within and among the virtual tape libraries. By moving a virtual medium to a connected element, the virtual medium can be virtually moved from one virtual tape library to another.


Processing event messages for user requests to execute program code

Owner: Amazon Technologies, Inc.
Publication #: 09483335
Publication Date: 2016-11-01
Patent URL: View on USPTO Website

A service manages a plurality of virtual machine instances for low latency execution of user codes. The service can provide the capability to execute user code in response to events triggered on an auxiliary service to provide implicit and automatic rate matching and scaling between events being triggered on the auxiliary service and the corresponding execution of user code on various virtual machine instances. An auxiliary service may be configured as an event triggering service to detect events and generate event messages for execution of the user codes. The service can request, receive, or poll for event messages directly from the auxiliary service or via an intermediary message service. Event messages can be rapidly converted to requests to execute user code on the service. The time from processing the event message to initiating a request to begin code execution is less than a predetermined duration, for example, 100 ms.


Tree comparison functionality for services

Owner: Amazon Technologies, Inc.
Publication #: 09483387
Publication Date: 2016-11-01
Patent URL: View on USPTO Website

The techniques described herein provide for comparison of tree structures. In some examples, a system according to this disclosure may receive at least a first item including a first tree structure and a second item including a second tree structure. The system may compare the first item and the second item. In particular, in performing the comparison, the system may detect a sub-tree structure type in the first tree structure and in the second tree structure. In some examples, the sub-tree structure type is one of one or more sub-tree structure types that have corresponding matching processes. Once determined, the system described herein may perform the corresponding matching process of the detected sub-tree structure type for the first tree structure and the second tree structure.


Discovering optimized experience configurations for a software application

Owner: Amazon Technologies, Inc.
Publication #: 09483393
Publication Date: 2016-11-01
Patent URL: View on USPTO Website

Technologies are described herein for performing experiments on a software application and identifying optimized experience configurations for the software application. An application experiment system receives an experiment configuration from a developer of the software application. Based on the experiment configuration, the application experiment system determines an experiment strategy and generates a set of experience configurations for testing. Users available to participate in the experiment are identified, and the set of experience configurations are allocated to user computing devices associated with the available users to configure instances of the software application executing on the user computing devices. Experiment data related to the execution of the instances of the software application are collected and analyzed by the application experiment system to identify the optimized experience configuration for the software application.


Speculative reads

Owner: Amazon Technologies, Inc.
Publication #: 09483407
Publication Date: 2016-11-01
Patent URL: View on USPTO Website

Patterns of access and/or behavior can be analyzed and persisted for use in pre-fetching data from a physical storage device. In at least some embodiments, data can be aggregated across volumes, instances, users, applications, or other such entities, and that data can be analyzed to attempt to determine patterns for any of those entities. The patterns and/or analysis can be persisted such that the information is not lost in the event of a reboot or other such occurrence. Further, aspects such as load and availability across the network can be analyzed to determine where to send and/or store data that is pre-fetched from disk or other such storage in order to reduce latency while preventing bottlenecks or other such issues with resource availability.


Label placement for line features

Owner: Amazon Technologies, Inc.
Publication #: 09483496
Publication Date: 2016-11-01
Patent URL: View on USPTO Website

A computing device can identify, for a placement of a label, a first and second character of the label that have a shortest distance from one another. The placement for the label can define a position at which the label is to be placed in an interactive geographic map and a formatting for that label. The computing device can determine that the first and second identified characters do not overlap. In response to determining that the first and second characters do not overlap, the computing device can select the placement of the label for display in the interactive geographic map.


Intelligent traffic analysis to detect malicious activity

Owner: Amazon Technologies, Inc.
Publication #: 09483742
Publication Date: 2016-11-01
Patent URL: View on USPTO Website

Techniques comprise identifying and/or classifying malicious activity in a web services platform using machine learning techniques. Systems, methods, and computer readable mediums may cause one or more computing nodes to monitor first network traffic, generate network information based on the monitored first network traffic, train a machine learning algorithm based on at least a first portion of the generated network information, test the machine learning algorithm based on at least a second portion of the generated network information, generate a predictor using the trained and tested machine learning algorithm, and identify second network traffic as one or more of malicious activity and benign activity using the predictor.


Utilizing excess resource capacity for transcoding media

Owner: Amazon Technologies, Inc.
Publication #: 09483785
Publication Date: 2016-11-01
Patent URL: View on USPTO Website

A transcoding service is described that is capable of utilizing the excess capacity of the computing resources of a service provider. The customer of the transcoding service can submit a bid price for completing the transcodes. As long as the specified price exceeds the fluctuating price of the unused resource instances, the transcoding service will execute the job on the unused instance(s). If the price of the unused resource instances exceeds the customer's bid, the transcoding process stops. The transcoding service may pause the transcoding when the dynamically fluctuating price of the unused resource exceeds the customer's bid and then resume when the price falls back down. Users can specify constraints for transcoding, such as timeframes during which the transcode must be completed, a total price for completing transcoding or priorities of the media files. The system can automatically optimize the utilization of the resource instances according to the constraints.


Provisioning digital certificates in a network environment

Owner: Amazon Technologies, Inc.
Publication #: 09485101
Publication Date: 2016-11-01
Patent URL: View on USPTO Website

A method for provisioning digital certificates in a compute service environment may include authorizing a customer entity for using and/or controlling a network resource in the compute service environment. Upon completing the authorization, a digital certificate may be issued to the customer entity. The digital certificate may be associated with the network resource and may be issued for a limited duration period. The use and/or control of the network resource by the customer entity may be monitored. Reissuance of the digital certificate may be conditioned on whether the customer entity is still using and/or controlling the network resource in the compute service environment. If the customer entity is still using and/or controlling the network resource in the multi-tenant environment, the digital certificate may be automatically reissued for another limited duration period. The automatically reissuing may take place without receiving a certificate reissue request from the customer entity.


Virtualized endpoints in a multi-tenant environment

Owner: Amazon Technologies, Inc.
Publication #: 09485234
Publication Date: 2016-11-01
Patent URL: View on USPTO Website

Customers accessing resources or services in a multi-tenant environment can obtain assurance that a provider of that environment will honor only requests associated with the customer and will reject any requests that might have been tampered with or otherwise falsely generated. Various endpoints or interfaces can be used, which can be located in the multi-tenant environment, in a customer environment, or in a separate location. These endpoints or interfaces can sign unsigned requests, or otherwise increase the credentials of a signed request, on behalf of a customer. In some embodiments, additional metadata can be added that can increase the authentication level of the requests. Such an approach can enable a customer to provide or delegate access to the resources without exposing the credentials outside a secure environment.


Managing pooled client-premise resources via provider-defined interfaces

Owner: Amazon Technologies, Inc.
Publication #: 09485323
Publication Date: 2016-11-01
Patent URL: View on USPTO Website

Methods and apparatus for managing pooled client-premise resources via provider-defined interfaces are described. A pool management request is received from a client via a programmatic interface implemented at a provider network, indicating at least one resource located at a data center external to the provider network. An activation status of the resource within a pool is to be managed by a service of the provider network. A network connection between an administrative resource of the service, located within the provider network, and a control module instantiated on behalf of the service at the external data center is established. A command is transmitted from the administrative resource to the control module to activate the particular resource.


Systems and methods for acquiring location data

Owner: Amazon Technologies, Inc.
Publication #: 09485747
Publication Date: 2016-11-01
Patent URL: View on USPTO Website

Positioning systems may be used to determine the location of computing devices in space. Described herein are systems, methods, and computer readable mediums for storing information determined to be reliable that is used to determine the location of a computing device. In some implementations, the system determines that a scan list is reliable based on factors such as characteristics associated with the type of device that generated the scan list, or based on the amount of times that the information in the scan list was detected over a period of time.


Integrating content-item corrections

Owner: Amazon Technologies, Inc.
Publication #: 09477637
Publication Date: 2016-10-25
Patent URL: View on USPTO Website

Techniques for enhancing content being rendered on an electronic device are described herein. In some instances, the techniques include monitoring interactions between a user and a content item that the user consumes on an electronic device. The content items may include electronic books, songs, videos, documents, or the like. In response to detecting an interaction between the user and the content item, the techniques may publish an event indicative of the interaction to an application platform that hosts one or more applications. The applications may be designed to enhance the content that the user consumes in one or more specified ways.


Secure key provisioning

Owner: Amazon Technologies, Inc.
Publication #: 09479328
Publication Date: 2016-10-25
Patent URL: View on USPTO Website

Some examples include provisioning secret material onto an electronic device. For instance, an electronic device may be provided with a provisioning key that can be used for provisioning other secret material on the electronic device. The provisioning key may be encrypted at a secure location using an on-chip key that is also sent to a processor manufacturer. The encrypted provisioning key may subsequently be decrypted by an electronic device having a processor installed that includes the on-chip key. The provisioning key is saved to the device and may then be used for securely provisioning other secret material onto the electronic device, such as one or more keys, one or more digital certificates, or other digital rights management information. Accordingly, the provisioning key provides the device manufacture with the ability to securely install secret material to the electronic device using a key that is never shared outside of a secure environment.


Execution plan generation and scheduling for network-accessible resources

Owner: Amazon Technologies, Inc.
Publication #: 09479382
Publication Date: 2016-10-25
Patent URL: View on USPTO Website

Methods and apparatus for deadline-based pricing and scheduling of network-accessible resources are disclosed. A system includes resources organized into a plurality of pools, and a resource manager. The resource manager receives a task execution query comprising a specification of a task to be performed for the client. The specification includes the task's deadline and a budget constraint. In response, the resource manager generates a task execution plan comprising using a resource from a selected pool to perform at least part of the task, where the pool is selected based at least partly on a pricing policy of the pool. In response to an implementation request for the task, the resource manager schedules at least a part of the task using a particular resource from the selected pool.


Authored injections of context that are resolved at authentication time

Owner: Amazon Technologies, Inc.
Publication #: 09479492
Publication Date: 2016-10-25
Patent URL: View on USPTO Website

Techniques are described for enabling principals to inject context information into a credential (e.g. session credential). Once the credential has been issued, any arbitrary principal is allowed to inject context information into the existing credential. The injected context is scoped to the principal that made the injection. Subsequently, at authentication time, when the credential is used to request access to a particular resource, the system can verify whether the principal that made the injection is trusted and if the principal is deemed trusted, the context information can be applied to a policy that controls access to one or more resources, or can alternatively be translated into some context residing in a different namespace which can then be applied to the policy. In addition, the system enables arbitrary users to insert additional deny statements into an existing credential, which further restrict the scope of permissions granted by the credential.


Providing user-supplied items to a user device

Owner: Amazon Technologies, Inc.
Publication #: 09479591
Publication Date: 2016-10-25
Patent URL: View on USPTO Website

An item-providing system supplies items to a user device for consumption at the user device via communication infrastructure. The device may correspond to a book reader device or other type of device. In one illustrative case, the item-providing system delivers user-supplied items to the user device based on a protocol.


Location and time based application management

Owner: Amazon Technologies, Inc.
Publication #: 09479630
Publication Date: 2016-10-25
Patent URL: View on USPTO Website

An application manager on a user device determines a current location of the user device and determines that the current location is a recognized location where the user device has previously been used to access one or more applications. The application manager identifies previous state information for the user device corresponding to a previous state of the user device at the recognized location and restores a current state of the user device to the previous state based at least in part on the previous state information.


Updating code within an application

Owner: Amazon Technologies, Inc.
Publication #: 09471299
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

Disclosed are various embodiments for providing updateable code to a software library executed in a client device. Updateable code includes scripting language code and potentially other content employed by a software library invoked by an application executed by a client device. Updateable code can be updated upon launch of the application and/or upon invocation of a call associated with the software library.


Isolating tenants executing in multi-tenant software containers

Owner: Amazon Technologies, Inc.
Publication #: 09471353
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

Technologies are described herein for isolating tenants executing in a multi-tenant software container. Mechanisms for resource isolation allow tenants executing in a multi-tenant software container to be isolated in order to prevent resource starvation by one or more of the tenants. Mechanisms for dependency isolation may be utilized to prevent one tenant executing in a multi-tenant software container from using another tenant in the same container in a manner that requires co-tenancy. Mechanisms for security isolation may be utilized to prevent one tenant in a multi-tenant software container from accessing protected data or functionality of another tenant. Mechanisms for fault isolation may be utilized to prevent tenants in a multi-tenant software container from causing faults or other types of errors that affect other tenants executing in the same software container.


Determining provenance of virtual machine images

Owner: Amazon Technologies, Inc.
Publication #: 09471354
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

A virtual computer system service determines, for a selected virtual machine image, information that is generated based at least in part on the contents of the selected virtual machine image. The virtual computer system service may compare this information to other information obtained from other virtual machine images to determine a similarity score for each of these other virtual machine images. Based at least in part on these similarity scores, the virtual computer system service determines a provenance for the selected virtual machine image, which is provided to an administrator, customer or other entity.


Defenses against use of tainted cache

Owner: Amazon Technologies, Inc.
Publication #: 09471533
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

Systems, methods, and computer readable media are described for validating objects stored in a web cache. In one embodiment, a computing device caches objects received while accessing networked content over a network. The computing device generates a description of conditions associated with the caching of the objects. When the computing device accesses networked content via a second network, the computing device or a remote server connected thereto utilizes the description to determine whether an object in the cache is trusted or untrusted. The server manages a policy that defines rules for making the determination. The policy can be generated based on descriptions received from a plurality of devices.


Automated firmware settings management

Owner: Amazon Technologies, Inc.
Publication #: 09471536
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

Systems and methods are described for managing computing resources. In one embodiment, groupings of computer resources having common firmware settings are maintained based on an abstraction firmware framework representing associations between vendor-specific firmware settings and abstracted firmware settings that provide a degree of independence from specific vendor-specific firmware settings. In response to a request for a computer resource with a specified abstracted firmware configuration, it is determined which of the groupings can support the specified abstracted firmware configuration based on at least one criterion for managing the computer resources in accordance with the abstraction firmware framework.


Decentralized de-duplication techniques for largescale data streams

Owner: Amazon Technologies, Inc.
Publication #: 09471585
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

A local de-duplication table for at least a particular partition of a data stream is instantiated at a particular ingestion node of a multi-tenant stream management service. A submission request indicating a data record of the partition is received at the ingestion node. In response to a determination that (a) the submission request was received within a de-duplication time window corresponding to the particular partition, and (b) the local de-duplication table does not indicate that the data record is a duplicate, a write operation to store the data record at one or more storage locations of the stream management system is initiated.


Scale-out of data that supports roll back

Owner: Amazon Technologies, Inc.
Publication #: 09471610
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

A computing resource monitoring service receives metrics data from customer applications and resources provided by a computing resource service provider. The metrics data is stored in observation journals within an observation journal logical data container. A map reduce processor is configured to obtain a current index file, the index file comprising a mapping of the metrics data stored within a metric store and a manifest comprising a listing of all processed observation journals. The map reduce processor may process the unprocessed observation journals to separate, sort and aggregate metrics data stored therein. This process generates index artifacts that may be merged with the index file, in an append-only process, to generate a new index file. An index pointer may be modified such that the map reduce processor refers to a different version of the index file in order to support roll back of metrics data.


Range query capacity allocation

Owner: Amazon Technologies, Inc.
Publication #: 09471657
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

Distributed database management systems may perform range queries over the leading portion of a primary key. Non-random distribution of data may improve performance related to the processing of range queries, but may tend to cause workload to be concentrated on particular partitions. Groups of partitions may be expanded and collapsed based on detection of disproportionate workload. Disproportionate write workload may be distributed among a group of partitions that can subsequently be queried using a federated approach. Disproportionate read workload may be distributed among a group of read-only replicated partitions.


Security protocols for low latency execution of program code

Owner: Amazon Technologies, Inc.
Publication #: 09471775
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

A system for providing security mechanisms for secure execution of program code is described. The system may be configured to maintain a plurality of virtual machine instances. The system may be further configured to receive a request to execute a program code and allocate computing resources for executing the program code on one of the virtual machine instances. One mechanism involves executing program code according to a user-specified security policy. Another mechanism involves executing program code that may be configured to communicate or interface with an auxiliary service. Another mechanism involves splitting and executing program code in a plurality of portions, where some portions of the program code are executed in association with a first level of trust and some portions of the program code are executed with different levels of trust.


Automated firmware settings verification

Owner: Amazon Technologies, Inc.
Publication #: 09471784
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

Systems and methods are described for managing computing resources. In one embodiment, data representative of an abstracted firmware framework is maintained. The data may comprise computing firmware settings and determined based on standardized associations between vendor-specific firmware settings and abstracted firmware settings that are independent of the vendor-specific firmware settings. In response to receiving a request for a computing firmware setting, the requested computing firmware setting is translated to one or more vendor-specific firmware settings based on the data. A computing resource capable of implementing the one or more vendor-specific firmware settings is identified.


Image composition based on remote object data

Owner: Amazon Technologies, Inc.
Publication #: 09471997
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

When a scene is generated, a content item may identify graphics object service requests associated with the scene. Each scene may have any number of associated graphics object service requests that may be sent to any number of different graphics object services. The graphics object services may be accessible over a network such as the Internet. By requesting object data from graphics object services, a content item may, for example, reduce at least part of the computational burden on a graphics processing unit of a client device.


Dynamic throttle of network traffic

Owner: Amazon Technologies, Inc.
Publication #: 09473413
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

Techniques for dynamically throttling network traffic may be provided. For example, a first threshold specific to a first client may be determined and may be dynamically adjusted over time. A volume of network traffic of the first client may be compared to the first threshold and, if is in excess, a throttling operation may be performed. The throttling operation may include throttling the network traffic of the first client, throttling the traffic of a second client, or comparing the volume of network traffic to a second threshold. If the second threshold is exceeded, a connection with the first client or the second client may be terminated.


Latency reduction in streamed content consumption

Owner: Amazon Technologies, Inc.
Publication #: 09473548
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

Described herein are systems and methods for determining and distributing pre-fetch data associated with streaming of content to a media device. Transport control data associated with user navigation within the content during consumption of the content is acquired. The transport control data is processed to determine one or more points of interest in the content. Pre-fetch content associated with these one or more points of interest may be delivered to the media device. Presentation is expedited with low or no latency during navigation to one of the points of interest having the pre-fetched content, which may be presented while the content is being made available.


Resource data query processing

Owner: Amazon Technologies, Inc.
Publication #: 09473799
Publication Date: 2016-10-18
Patent URL: View on USPTO Website

A distributed execution environment provides resources such as computing resources, hardware resources, and software resources. One or more resource data providers might also operate in conjunction with the distributed execution environment to provide resource data describing various aspects of the resources in the distributed execution environment. A query service may obtain resource data provided by the resource data providers in order to generate responses to queries. In order to obtain the resource data from the resource data providers, the query service may utilize various “pull” and “push” mechanisms. Using a push mechanism, the resource data providers push resource data to the query service. Utilizing a pull mechanism, the query service pulls the resource data from the resource data providers. The query service might also store resource data received from the resource data providers in a cache and utilize the cached resource data when responding to queries for resource data.


Write horizon data management

Owner: Amazon Technologies, Inc.
Publication #: 09465551
Publication Date: 2016-10-11
Patent URL: View on USPTO Website

Conditions are enforced to prevent unintended deletion of data stored by a data storage system. For example, to delete a collection of data, a condition on the collection of data's size may be enforced. The collection may be required to be empty, for example. In addition, a condition that there not exist a pending data processing operation that can affect fulfillment of the condition on the collection of data's size is also enforced.


Injection of supplemental computer instructions

Owner: Amazon Technologies, Inc.
Publication #: 09465592
Publication Date: 2016-10-11
Patent URL: View on USPTO Website

Application computer instructions can be provided to a publishing server. The publishing service can parse the application computer instructions to identify one or more locations where supplemental computer instructions can be inserted. Metadata about purchasable items can be obtained and the supplemental computer instructions can be written based on the item metadata. The supplemental computer instructions can be inserted into the application computer instructions. A publishable application can be created by compiling the application computer instructions with the inserted supplemental computer instructions.


Managing backlogged tasks

Owner: Amazon Technologies, Inc.
Publication #: 09465645
Publication Date: 2016-10-11
Patent URL: View on USPTO Website

A method and apparatus for managing backlogged tasks are disclosed. In the method and apparatus, upon receiving a task pertaining to a requestor group, a number of outstanding tasks associated with the requestor group is determined and the task is submitted for processing if the number of outstanding tasks is within an allowable range. If the number of outstanding tasks is outside of the allowable range, take one or more actions may be taken, which may include rejecting the request.


Self-describing data blocks of a minimum atomic write size for a data store

Owner: Amazon Technologies, Inc.
Publication #: 09465693
Publication Date: 2016-10-11
Patent URL: View on USPTO Website

Self-describing data blocks of a minimum atomic write size may be stored for a data store. Data may be received for storage in a data block of a plurality of data blocks at a persistent storage device that are equivalent to a minimum atomic write size for the persistent storage device. Metadata may be generated for the data that includes an error detection code which is generated for the data and the metadata together. The data and the metadata are sent to the persistent storage device to store together in the data block. An individual atomic write operation may write together the data and the metadata in the data block. When accessed, the error detection code is applicable to detect errors. The metadata may also be applicable to determine whether the data is stored for a currently assigned purpose or a previously assigned purpose of the data block.


Data storage integrity validation

Owner: Amazon Technologies, Inc.
Publication #: 09465821
Publication Date: 2016-10-11
Patent URL: View on USPTO Website

Embodiments of the present disclosure are directed to, among other things, validating the integrity of received and/or stored data payloads. In some examples, a storage service may perform a first partitioning of a data object into first partitions based at least in part on a first operation. The storage service may also verify the data object, by utilizing a verification algorithm, to generate a first verification value. In some cases, the storage service may additionally perform a second partitioning of the data object into second partitions based at least in part on a second operation. The second partitions may be different from the first partitions. Additionally, the archival data storage service may verify the data object using the verification algorithm to generate a second verification value. Further, the storage service may determine whether the second verification value equals the first verification value.


Automated reconfiguration of shared network resources

Owner: Amazon Technologies, Inc.
Publication #: 09466036
Publication Date: 2016-10-11
Patent URL: View on USPTO Website

A resource manager can adjust the amount of capacity in each of a plurality of resource pools using a combination of proactive and reactive approaches. Targets such as an amount of total capacity and an amount of free capacity can be forecast and periodically compared against actual capacity and usage of the pools. A pool balancing algorithm can be used to shift capacity among pools as needed, in order to provide the targeted amount of capacity for each pool before the capacity is needed. When actual usage varies sufficiently from the forecasted usage on which the targets are based, the resource manager can react by reconfiguring resources as needed.


Using virtual networking devices to connect managed computer networks

Owner: Amazon Technologies, Inc.
Publication #: 09467398
Publication Date: 2016-10-11
Patent URL: View on USPTO Website

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage data communications between computing nodes of the inter-connected managed computer networks in accordance with client-specified configuration information.


Human interaction with unmanned aerial vehicles

Owner: Amazon Technologies, Inc.
Publication #: 09459620
Publication Date: 2016-10-04
Patent URL: View on USPTO Website

In some examples, an unmanned aerial vehicle is provided. The unmanned aerial vehicle may include a propulsion device, a sensor device, and a management system. In some examples, the management system may be configured to receive human gestures via the sensor device and, in response, instruct the propulsion device to affect an adjustment to the behavior of the unmanned aerial vehicle. Human gestures may include visible gestures, audible gestures, and other gestures capable of recognition by the unmanned vehicle.


Backup of volatile memory to persistent storage

Owner: Amazon Technologies, Inc.
Publication #: 09459805
Publication Date: 2016-10-04
Patent URL: View on USPTO Website

Approaches for automatically backing up data from volatile memory to persistent storage in the event of a power outage, blackout or other such failure are described. The approaches can be implemented on a computing device that includes a motherboard, central processing unit (CPU) a main power source, volatile memory (e.g., random access memory (RAM)), an alternate power source and circuitry (e.g., a specialized application-specific integrated circuit (ASIC)) for performing the backup of volatile memory to a persistent storage device. In the event of a power failure of the main power source, the alternate power source is configured to supply power to the specialized ASIC for backing up the data in the volatile memory. For example, when power failure is detected, the ASIC can read the data from the DIMM socket using power supplied from the alternate power source and write that data to a persistent storage device.


Failure-decoupled volume-level redundancy coding techniques

Owner: Amazon Technologies, Inc.
Publication #: 09459959
Publication Date: 2016-10-04
Patent URL: View on USPTO Website

Techniques described and suggested herein include systems and methods for storing, indexing, and retrieving original data of data archives on data storage systems using redundancy coding techniques. For example, redundancy codes, such as erasure codes, may be applied to archives (such as those received from a customer of a computing resource service provider) so as allow the storage of original data of the individual archives available on a minimum of volumes, such as those of a data storage system, while retaining availability, durability, and other guarantees imparted by the application of the redundancy code. Sparse indexing techniques may be implemented so as to reduce the footprint of indexes used to locate the original data, once stored. The volumes may be apportioned into failure-decorrelated subsets, and archives stored thereto may be apportioned to such subsets.


Efficient garbage collection for a log-structured data store

Owner: Amazon Technologies, Inc.
Publication #: 09460008
Publication Date: 2016-10-04
Patent URL: View on USPTO Website

A log-structured data store may implement efficient garbage collection. Log records may be maintained in data blocks according to a log record sequence. Based, at least in part, on a log reclamation point, the log records may be evaluated to identify data blocks to reclaim that have log records in the log sequence prior to the log reclamation point. New versions of data pages updated by log records in the identified data blocks may be generated and stored in base page storage for the log structured data store. The identified data blocks may then be reclaimed for storing new data.


Dynamic selection of storage tiers

Owner: Amazon Technologies, Inc.
Publication #: 09460099
Publication Date: 2016-10-04
Patent URL: View on USPTO Website

An operating system is configured to receive a request to store an object that does not specify the location at which the object should be stored. The request might also include an optimization factor and one or more object location factors. The operating system might also generate object location factors or retrieve object location factors from one or more external locations. Object location factors might also be utilized that are based upon properties of the object to be stored. Utilizing the object location factors, and the optimization factor if provided, the operating system dynamically selects an appropriate storage tier for storing the object. The tiers might include a local storage tier, a local network storage tier, a remote network storage tier, and other types of storage tiers. The object is then stored on the selected storage tier. The object may be retrieved from the storage tier at a later time.


Rotational maintenance of database partitions

Owner: Amazon Technologies, Inc.
Publication #: 09460126
Publication Date: 2016-10-04
Patent URL: View on USPTO Website

A distributed database management system may comprise a group of partitions that includes a master writeable partition and one or more additional partitions that act as read-only replicas of the master. A rotational mechanism for performing maintenance operations on non-master partitions may be employed to transition a second partition, selected for undergoing maintenance, into a role as the new master following performance of the maintenance operation.


Configurable extractions in social media

Owner: Amazon Technologies, Inc.
Publication #: 09460163
Publication Date: 2016-10-04
Patent URL: View on USPTO Website

Disclosed are various embodiments for accessing and processing social media content. An extraction configuration comprising definitions for keywords, social networks, extraction times, and/or actions to be initiated upon a detection of a condition may be defined by a user of a site monitoring system. The defined social networks may be accessed at the defined extraction times to obtain data from a post comprising the defined keyword. The presence of some data in association with the post may initiate an action defined by the user.


Storage device selection for database partition replicas

Owner: Amazon Technologies, Inc.
Publication #: 09460185
Publication Date: 2016-10-04
Patent URL: View on USPTO Website

A system that implements a data storage service may store data in multiple replicated partitions on respective storage nodes. The selection of the storage nodes (or storage devices thereof) on which to store the partition replicas may be performed by administrative components that are responsible for partition management and resource allocation for respective groups of storage nodes (e.g., based on a global view of resource capacity or usage), or the selection of particular storage devices of a storage node may be determined by the storage node itself (e.g., based on a local view of resource capacity or usage). Placement policies applied at the administrative layer or storage layer may be based on the percentage or amount of provisioned, reserved, or available storage or IOPS capacity on each storage device, and particular placements (or subsequent operations to move partition replicas) may result in an overall resource utilization that is well balanced.


System for collecting and exposing usage metrics associated with mobile device applications

Owner: Amazon Technologies, Inc.
Publication #: 09460461
Publication Date: 2016-10-04
Patent URL: View on USPTO Website

Metrics data is generated and gathered based on users' use of mobile device applications. The metrics data may be cached by a mobile app store client on the users' mobile devices before being transmitted to a network application system which may be associated with an electronic catalog through which users can download mobile applications. The network application system may store user metrics information, aggregate that information, and perform analysis of the information. Resulting data may be displayed to users visiting product detail pages for mobile applications. The system may also generate reports to application developers based on how the users of their applications are interacting with the applications.


Incident light sensor on autonomous vehicle

Owner: Amazon Technologies, Inc.
Publication #: 09454154
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

An incident light meter on an autonomous vehicle receives ambient light and outputs an incident light measurement in response the ambient light. One or more image sensors of the autonomous vehicle image the environment of the autonomous vehicle. An exposure setting is generated at least in part on the incident light measurement. The one or more image sensors capture a digital image at the exposure setting.


Sending application input commands over a network

Owner: Amazon Technologies, Inc.
Publication #: 09454282
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

Disclosed are various embodiments that facilitate sending input commands to an application over a network that may have variable latency characteristics. An input command may be obtained from a client over a network. The obtained input command is then provided to the application that is executed in a hosted environment. When a delay is determined to be necessary based at least in part on latency characteristic, the input command is provided to the application after the delay.


Continuous deployment system for software development

Owner: Amazon Technologies, Inc.
Publication #: 09454351
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

Examples of a continuous deployment system are provided that manage and track releases of software code, where some or all of the steps between check-in and deployment to production can be automated. Such systems can reduce the amount of developer effort needed to deploy a package, as developers may not have to be responsible for scheduling package builds, clicking deployment buttons, or manually running tests. The system can take care of all or some of that work.


Content browser system using graphics commands and native text intelligence

Owner: Amazon Technologies, Inc.
Publication #: 09454515
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

Server systems are disclosed that receive content requests and respond with hardware-independent graphics commands instead of, or in addition to, unprocessed content items. The server systems can also generate text information regarding text in the requested content items, and provide the text information to user devices so that the user devices can have knowledge of the text in the content item. The user device can use the text information to handle user interactions with the content item, including copy, paste and search commands and other similar commands. Accordingly, the hardware-independent graphics commands-based representation may provide text interactivity and effects not otherwise available to content representations based on graphics commands or images of content.


Identifying relationships between applications

Owner: Amazon Technologies, Inc.
Publication #: 09454565
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

In various embodiments, static, dynamic, and behavioral analysis may be performed on an application. A set of software libraries or code fragments employed by the application may be determined. A set of device resources employed by the application may be determined. An application fingerprint is generated for the application. The application fingerprint encodes identifiers for the set of software libraries or code fragments and identifiers for the set of device resources.


Assisted shopping

Owner: Amazon Technologies, Inc.
Publication #: 09454779
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

Disclosed are various embodiments for facilitating an assisted shopping experience. A speech input can be captured and transcribed. The transcribed speech input can be transmitted to a customer service agent in a data session that is contemporaneous with a voice session. The customer service agent can then facilitate an assisted shopping experience via the voice session and data session.


Best practice analysis, migration advisor

Owner: Amazon Technologies, Inc.
Publication #: 09455871
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

Embodiments of the present disclosure are directed to, among other things, providing resource allocation advice, configuration recommendations, and/or migration advice regarding data storage, access, placement, and/or related web services. In some examples, a web service may utilize or otherwise control a client instance to control, access, or otherwise manage resources of a distributed system. Based at least in part on one or more resource usage checks and/or configuration checks, resource usage information and/or configuration information of an account utilizing a web service, and/or user preferences and/or settings, resource allocation advice, system configuration recommendations, and/or migration advice may be provided to a user of an account. Additionally, in some examples, one or more remediation operations may be performed automatically.


Validating changes to attributes for computing resources

Owner: Amazon Technologies, Inc.
Publication #: 09455879
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

Requests to change attributes of servers or other computing resources can be validated by a veto service. For example, the veto service can receive requests to register for notification of changes to an attribute for a server, send a notification of a pending change to the attribute to each of a plurality of services, determine a response to the notification for each service, and based on the responses decide whether to allow or deny the pending change to the attribute. The responses from the notified services can be received responses or default responses.


Distributed performance evaluation framework

Owner: Amazon Technologies, Inc.
Publication #: 09455887
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

A distributed performance evaluation framework provides functionality for evaluating the availability, reliability, and scalability of a network-based service. The framework includes a control and reporting tier and a load-generating tier. The control and reporting tier provides a control interface through which a request to evaluate the performance of a service may be received. In response to receiving such a request, the control and reporting tier creates a load-generating job for use by the load-generating tier. Load-generating instances in the load-generating tier are configured to perform the load-generating job by executing instances of a load-generating plug-in configured to generate requests to the service. The load-generating instances also periodically provide data regarding the status of each load-generating job to the control and reporting tier.


Balancing a load on a multiple consumer queue

Owner: Amazon Technologies, Inc.
Publication #: 09455928
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

Disclosed are various embodiments for balancing a load on a queue among multiple consumers. A target polling hit rate is derived for at least one queue from a consumer load. The consumer load on the at least one queue is adjusted responsive to a change in an observed polling hit rate for the at least one queue.


Load balancing between processors

Owner: Amazon Technologies, Inc.
Publication #: 09455931
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

Disclosed are various embodiments for facilitating load balancing between a first processor and a second processor in at least one computing device. A request is obtained to execute a first application in the at least one computing device. In one embodiment, a second application associated with the first application is assigned to be executed in the second processor instead of the first processor when a resource usage profile associated with the first application indicates that the first application imposes a greater load on the first processor than the second processor. Conversely, the second application is assigned to be executed in the first processor instead of the second processor when the resource usage profile indicates that the first application imposes a greater load on the second processor than the first processor.


Long term encrypted storage and key management

Owner: Amazon Technologies, Inc.
Publication #: 09455963
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

An encryption key not accessible outside a data storage device can be used to encrypt data stored in that device. The received data may have been encrypted under an external key, such as a key associated with a customer of a data storage service. Upon receiving the data encrypted under the external key, the data can be decrypted using a copy of the external key and then re-encrypted, inside the data storage device, using the internal key. If the external key is to be rotated, the stored data does not need to be modified as the data can be decrypted using the internal key and then re-encrypted using the new external key in response to an authorized request for the data after the change to the new external key. Such an approach provides near instant key rotation while not having to re-encrypt data under the new key unless requested.


Providing enhanced access to remote services

Owner: Amazon Technologies, Inc.
Publication #: 09455969
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

Techniques are described for providing client computing nodes with enhanced access to remote network-accessible services, such as by providing local capabilities specific to the remote services. In at least some situations, access to remote services by a client computing node may be enhanced by automatically locally performing some activities of the remote services, such as to improve the efficiency of communications that are sent between the client computing node and the remote service and/or to improve the efficiency by the remote service of processing communications from the client computing node. As one example, a node manager system local to a client computing node may perform authentication of communications sent by the client computing node to a remote service and/or may perform other activities specific to the remote service, so that the remote service does not need to perform the authentication and/or other performed activities for the communications.


Techniques for managing credentials in a distributed computing environment

Owner: Amazon Technologies, Inc.
Publication #: 09455975
Publication Date: 2016-09-27
Patent URL: View on USPTO Website

Systems and methods for managing credentials distribute the credentials to subsets of a set of collectively managed computing resources. The collectively managed computing resources may include one or more virtual machine instances. The credentials distributed to the computing resources may be used by the computing resources to perform one or more actions. Actions may include performing one or more functions in connection with configuration, management, and/or operation of the one or more resources, and/or access of other computing resources. The ability to use credentials may be changed based at least in part on the occurrence of one or more events.


Preemptive event notification for media experience

Owner: Amazon Technologies, Inc.
Publication #: 09448685
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

A notification manager receives a request for an application to execute an action. The notification manager determines whether an event is scheduled to occur during a time that the application is executing the action. If so, the notification manager presents a notification of the event prior to the application executing the action, so as not to interrupt the execution of the action when it comes time for the event to occur.


Synchronizing source code objects and software development workflow objects

Owner: Amazon Technologies, Inc.
Publication #: 09448791
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

Technologies are described herein for synchronization of source code objects and software development workflow objects. Software development workflow objects are identified that are related to source code objects to be synchronized to a development device. The identified software development workflow objects are then stored in a copy of a source control object store that also includes the source code objects to be synchronized. The copy of the source control object store may then be transmitted to the development device for offline use. Tools might also be provided on the development device for utilizing the software development workflow objects stored in the copy of the source control object store maintained by the development device. The copy of a source control object store containing modified source code objects and modified software development workflow objects might also be utilized to synchronize the changes to the objects to an appropriate object store.


Constraint verification for distributed applications

Owner: Amazon Technologies, Inc.
Publication #: 09448820
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

Systems and methods are described for analyzing and verifying distributed applications. In one embodiment, an application program is executed as independently executable components. During execution, redundant portions of application program data are aggregated. A property of the application program is verified using the aggregated application program data to represent code execution paths.


Capacity availability aware auto scaling

Owner: Amazon Technologies, Inc.
Publication #: 09448824
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

Technologies are described herein for capacity availability aware auto scaling. Capacity event auto scaling rules can be defined that specify how computing resources are to be scaled during a capacity event. The capacity event auto scaling rules can be defined to allow utilization of the computing resources to increase during a capacity event. A probability that capacity will be available for providing computing resources during a capacity event can also be computed. Standard auto scaling rules utilized by an auto scaling component can then be modified based upon the computed probability. Other types of actions might also be taken based upon the computed probability, such as reserving instances of computing resources.


Stub domain for request servicing

Owner: Amazon Technologies, Inc.
Publication #: 09448827
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

Techniques for reclaiming resources from guest computing systems while those systems are waiting for responses to requests in virtualized and/or distributed computer systems are described herein. At a time after issuing a request and determining that the response will take longer than a threshold length of time, one or more computer system entities within a computer system invoke one or more computer system capabilities to at least instantiate a listener object, transfer the listener object to another system domain, suspend the guest computing system and reclaim resources from the suspended guest computing system. When the response is returned to the listener object, the guest computer system is restored and the response is forwarded to the restored guest. While the guest computing system is suspended, the reclaimed resources are made available to other computer system entities.


Techniques for translating content

Owner: Amazon Technologies, Inc.
Publication #: 09448997
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

Techniques, including systems and methods, for providing translated content are described and suggested herein. In an embodiment, translations for instances of content are received and reviewers provide votes regarding the translations' quality. Votes received for translations are utilized in order to determine scores for the translations. Reviewers and translators may be scored as well. Scores for translations are used in various processes for providing appropriate content to users.


Consistent object renaming in distributed systems

Owner: Amazon Technologies, Inc.
Publication #: 09449008
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

In response to a rename request to change a file name at a storage service from a first name to a second name, a workflow comprising at least two atomic operations is initiated. In the first atomic operation, a lock is obtained on a first directory entry for the first name, and an intent record for the rename workflow is stored. In a second atomic operation, a pointer of a second directory entry for the second name is modified, and an indication of the pointer modification is stored. In a third set of operations, the intent record is deleted, the lock is released, and the first directory entry is deleted.


Streaming restore of a database from a backup system

Owner: Amazon Technologies, Inc.
Publication #: 09449038
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

A distributed data warehouse system may maintain data blocks on behalf of clients in multiple clusters in a data store. Each cluster may include a single leader node and multiple compute nodes, each including multiple disks storing data. The warehouse system may store primary and secondary copies of each data block on different disks or nodes in a cluster. Each node may include a data structure that maintains metadata about each data block stored on the node, including its unique identifier. The warehouse system may back up data blocks in a remote key-value backup storage system with high durability. A streaming restore operation may be used to retrieve data blocks from backup storage using their unique identifiers as keys. The warehouse system may service incoming queries (and may satisfy some queries by retrieving data from backup storage on an as-needed basis) prior to completion of the restore operation.


Automatic repair of corrupted blocks in a database

Owner: Amazon Technologies, Inc.
Publication #: 09449039
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

A distributed data warehouse system maintains data blocks on behalf of clients, and stores primary and secondary copies of data blocks on different disks or nodes in a cluster. The data warehouse system may back up data blocks in a key-value backup storage system. In response to a query targeting a data block previously stored in the cluster, the data warehouse system may determine whether a consistent, uncorrupted copy of the data block is available in the cluster (e.g., by applying a consistency check). If not (e.g., if a disk or node failed), the data warehouse system may automatically initiate an operation to restore the data block from the backup storage system, using a unique identifier of the data block to access a backup copy. The target data may be returned in a query response prior to restoring primary and secondary copies of the data block in the cluster.


Block restore ordering in a streaming restore system

Owner: Amazon Technologies, Inc.
Publication #: 09449040
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

A distributed data warehouse system may maintain data blocks on behalf of clients, and may store primary and secondary copies of each data block on different disks or nodes in a cluster. The warehouse system may back up data blocks in a remote key-value backup storage system. A restore operation may retrieve data blocks from backup storage using their unique identifiers as keys (while incoming queries are serviced) in response to a failure or a query targeting data that was lost or corrupted. The order in which data blocks are restored may be dependent on the relative likelihood that they will be accessed in the near future (e.g., based on how recently or frequently they were accessed, written, or backed up; the values of one or more access counters associated with each data block; or how recently a database table containing data in each data block was loaded).


Recommending improvements to and detecting defects within applications

Owner: Amazon Technologies, Inc.
Publication #: 09449042
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

In various embodiments, static, dynamic, and behavioral analyzes may be performed on an application. A set of software libraries employed by the application may be determined. A set of device resources employed by the application may be determined. An application fingerprint is generated for the application. The application fingerprint encodes identifiers for the set of software libraries and identifiers for the set of device resources. Improvements can be recommended based upon an analysis of the application fingerprint.


Data replication framework

Owner: Amazon Technologies, Inc.
Publication #: 09449065
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

Generally described, the present disclosure is directed to an eventually consistent replicated data store that uses, for its underlying storage, a computer software library that provides a high-performance embedded database for data. The replicated data store employs a plurality of hosts interconnected to one another, allowing for writes to any host and full awareness of membership across all hosts. With the data replication framework disclosed herein, various modes are allowed to be built up on top of the core system.


Access control for a document management and collaboration system

Owner: Amazon Technologies, Inc.
Publication #: 09449182
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

A method and apparatus for controlling access to documents retained by a document management and collaboration system is disclosed. The document management and collaboration system may generate one or more suggested privileges associated with one or more users. An access control policy may specify whether system-generated user privileges may be enforced. If they are enforced, access to one or more document may be made subject to the generated privileges.


Efficient network fleet monitoring

Owner: Amazon Technologies, Inc.
Publication #: 09450700
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

Methods and apparatus for efficient monitoring of network fleets are described. A list of network addresses of a set of hosts at which resources are to be monitored from a monitoring server of a provider network may be received at the monitoring server. The monitoring server may initiate establishment of a persistent network connection to a monitoring agent installed at a monitored host. A plurality of health messages from the monitoring agent may be obtained via the connection, including a host status entry for the monitored host and a resource status entry for at least one resource configured at the monitored host. A representation of the health messages may be saved in a repository for analysis.


Virtual requests

Owner: Amazon Technologies, Inc.
Publication #: 09450758
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/or authentication service to translate the virtual request components over the first protocol to one or more second requests using the second protocol. Virtual request components may prove the authenticity of the virtual request received by the servicer to an authentication service. Once satisfied the virtual request is valid, the authentication service may issue a credential to the servicer to send the one or more second requests to an independent service. Virtual requests may be included in various protocols, including credential-based protocols and certificate exchange-based protocols.


Trace backtracking in distributed systems

Owner: Amazon Technologies, Inc.
Publication #: 09450849
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

Methods and systems for trace backtracking are disclosed. In response to receiving a request from an upstream component at a downstream component, a trace is initiated at the downstream component. A response to the request is sent from the downstream component to the upstream component. The response comprises trace metadata. Trace data is generated at the upstream component in response to receiving the trace metadata at the upstream component. The trace data describes an interaction between the upstream component and the downstream component. A call graph is generated based on the trace data. The call graph comprises a call path between the upstream component and the downstream component.


Wear leveling and management in an electronic environment

Owner: Amazon Technologies, Inc.
Publication #: 09450876
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

Workloads can be intelligently placed across a group of resources in order to attempt to balance or otherwise manage the level of wear among various components of those resources. Devices such as solid state drives or other NAND-type devices can have a limited number of operations that can be performed before those devices become unreliable, such that it can be desirable to monitor the wear level of each of these devices. As it can be easier to manage resources with similar wear levels for large groups of resources, it can be desirable to attempt to level the relative amount of wear among at least groups of these resources. Attempts can be made to level across a fleet or resources, within pools of resources, and/or within the resources themselves, such as where a server includes multiple devices with potentially different wear levels, such as multiple NAND-type devices.


Intelligent network service provisioning and maintenance

Owner: Amazon Technologies, Inc.
Publication #: 09450967
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.


Providing instance availability information

Owner: Amazon Technologies, Inc.
Publication #: 09451013
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

A distributed execution environment provides instances of computing resources for customer use, such as instances of data processing resources, data storage resources, database resources, and networking resources. Data is collected from systems internal to and external to the distributed execution environment. Some or all of the data is utilized to compute instance availability information for instances of computing resources provided by the distributed execution environment. The instance availability information might then be provided to customers and other users of the distributed execution environment. Various types of actions might be taken in a manual or automated way based upon the computed instance availability information.


Managing interaction with hosted services

Owner: Amazon Technologies, Inc.
Publication #: 09451034
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

Systems and methods are disclosed which facilitate managing interaction with instances corresponding to hosted services. Customers may implement services on a hosted computing environment. Further, the customer may allow limited interaction with the hosted service to a third party (e.g., in connection with a secondary service). For example, the third party may interact with a temporary copy of the hosted service. Thereafter, the customer may, given the consent of the third party, view details of the third party's interaction with the copy, and may be enabled to merge any alterations with the initial hosted service. In addition, a customer may monitor their own interactions with a hosted service or copies of a hosted service, and view details of the differences between multiple versions of the hosted service.


Automated multi-party cloud connectivity provisioning

Owner: Amazon Technologies, Inc.
Publication #: 09451393
Publication Date: 2016-09-20
Patent URL: View on USPTO Website

Methods and apparatus for automated multi-party cloud connectivity provisioning are disclosed. A system includes resources of a provider network, and a connectivity coordinator. The coordinator collects network service offering metadata of a plurality of connectivity providers using a first set of programmatic interfaces. In response to a connectivity query specifying connectivity parameters, the coordinator identifies, using at least a portion of the metadata, a collection of one or more connectivity providers of the plurality of connectivity providers capable of providing connectivity between a client network and a provider network endpoint in accordance with the connectivity parameters. In response to a connectivity establishment request, the coordinator initiates, using another programmatic interface, an activation of a network connection between the client network and a selected provider network endpoint.


Device charging system

Owner: Amazon Technologies, Inc.
Publication #: 09442548
Publication Date: 2016-09-13
Patent URL: View on USPTO Website

A computing device monitors the energy level of a rechargeable battery, from which the device draws operating power. Historic usage data is used to estimate the time remaining in a present operating period, such as a workday, as well as to estimate the battery level required to provide power during that period of time. A user is then presented with information regarding the status of the battery, as well as charging time and required battery level estimates. Information regarding charging stations within publically or otherwise user-accessible venues near to the present location of the computing device is accessed and presented to the user. Reservations may be made for a charging port within a selected venue, an order may be placed for goods or services available at that venue, or other actions may be performed.


Virtual secure execution environments

Owner: Amazon Technologies, Inc.
Publication #: 09442752
Publication Date: 2016-09-13
Patent URL: View on USPTO Website

A method and system for running an additional execution environment associated with a primary execution environment, receiving a request from the primary execution environment to create the additional execution environment, and, in response to the request, creating the additional execution environment such that entities other than the primary execution environment have insufficient privileges to access the additional execution environment.


Techniques for attesting to information

Owner: Amazon Technologies, Inc.
Publication #: 09443074
Publication Date: 2016-09-13
Patent URL: View on USPTO Website

Systems and methods for attesting to information about a computing resource involve electronically signed documents. For a computing resource, a document containing information about the resource is generated and electronically signed. The document may be provided to one or more entities as an attestation to at least some of the information contained in the document. Attestation to information in the document may be a prerequisite for performance of one or more actions that may be taken in connection with the computing resource.


Policy enforcement delays

Owner: Amazon Technologies, Inc.
Publication #: 09443093
Publication Date: 2016-09-13
Patent URL: View on USPTO Website

Policies are used to control access to resources. Requests to change a set of policies may be fulfillable, at least in some circumstances, only if the requests are submitted such that the requested changes would become effective at a time in the future that is in compliance with a requirement for delayed enforcement. The requirement for delayed enforcement may be encoded in a policy in the set of policies.


Secure timestamping

Owner: Amazon Technologies, Inc.
Publication #: 09443108
Publication Date: 2016-09-13
Patent URL: View on USPTO Website

A method and system for retrieving a current and previous timestamp value, retrieving a previous accumulator value reflecting a previous state of the accumulator, retrieving information representing digests collected during an interval window, and generating a new accumulator value based on the retrieved values, and a storage medium with executable code for retrieving a first and second timestamp, a first and second accumulator value, information representing digests, and for validating data by comparing the second accumulator value with a hash of the first timestamp, the first accumulator value, and the information.


Method, system, and computer readable medium for selection of catalog items for inclusion on a network page

Owner: Amazon Technologies, Inc.
Publication #: 09443265
Publication Date: 2016-09-13
Patent URL: View on USPTO Website

Disclosed are various embodiments for selecting catalog items for display on a network page. The catalog items have corresponding catalog item identifiers and catalog item representations. In response to a network request, a response is received. The response includes catalog item object identifiers but excludes the corresponding catalog item object representations. At least one of the catalog item object representations is requested using the corresponding catalog object identifier. At least one of the catalog items is selected for inclusion on a network page. The selection is based on an attribute in the catalog item object representation. The network page is displayed to a user.


Test generation service

Owner: Amazon Technologies, Inc.
Publication #: 09444717
Publication Date: 2016-09-13
Patent URL: View on USPTO Website

Systems and methods are described for testing computing resources. In one embodiment, a request is received for testing a computing configuration. A set of computing settings that can be implemented on one or more computing devices is searched. An initial test population for testing the computing configuration is determined. The initial test population is iteratively updated based on test results and a fitness function.


Optimizing communication among collections of computing resources

Owner: Amazon Technologies, Inc.
Publication #: 09444763
Publication Date: 2016-09-13
Patent URL: View on USPTO Website

Techniques for provisioning computing resources utilize colorings of collections of resources. The collections may be networks of resources hosted by a computing resource provider that are operated under the direction of one or more customers of the resource provider. Colors may be applied to the collections of resources, such as by a customer of the resource provider. The same customer or another customer may request that resources be provisioned according to at least one relationship with one or more collections of resources having one or more colors. Resources may then be provisioned according to the request.


Robot mitigation

Owner: Amazon Technologies, Inc.
Publication #: 09444795
Publication Date: 2016-09-13
Patent URL: View on USPTO Website

Computer systems, such as a client and a server operably interconnected via a network, are subject to stress on computational resources due to an abundance of automated-user traffic. To improve resource functionalities and control the resources available to automated-agents, value information of valuable assets is encrypted such that a client must perform an algorithm for calculating a decryption key in order to view the unencrypted content. Wherein the encryption is tuned in such a way that any computational delay caused by the encryption is imperceptible to a human-user and largely perceptible to an automated-agent such that the need to determine if a user is an automated-user or a human-user is irrelevant.


Virtual communication endpoint services

Owner: Amazon Technologies, Inc.
Publication #: 09444800
Publication Date: 2016-09-13
Patent URL: View on USPTO Website

Customers can utilize resources of a multi-tenant environment to provide one or more services available to various users. In order to simplify the process for these customers, the multi-tenant environment can include an infrastructure wherein a portion of the resources provide an authentication and/or authorization service that can be leveraged by the customer services. These resources can logically sit in front of the resources used to provide the customer services, such that a user request must pass through the authorization and authentication service before being directed to the customer service. Such resources can provide other functionality as well, such as load balancing and metering.


Distributed computing environment software configuration

Owner: Amazon Technologies, Inc.
Publication #: 09436493
Publication Date: 2016-09-06
Patent URL: View on USPTO Website

Certain embodiments herein relate to configuring software in a virtual machine instance (“instance”) to optimally utilize computing resources that are available for implementation of the software. The software, such as operating systems and software applications, may be configured based on resource parameters associated with the instance. Such resource parameters may include information associated with capacities of the available computing resources.


Provisioning virtual resource on a server based on label associated with virtual resource and servers

Owner: Amazon Technologies, Inc.
Publication #: 09436508
Publication Date: 2016-09-06
Patent URL: View on USPTO Website

Virtual resource provisioning may be enhanced by coloring virtual resource instances and/or underlying implementation resources. Particular resource colors may be associated with particular treatments during allocation of implementation resources to virtual resources. There may be different types of colors corresponding to different types of allocation treatment. Exclusory colors may be utilized to reduce clustering of virtual resources with respect to implementation resources. Assignment of exclusory colors to virtual resources can help strike a balance between lower costs through efficient implementation resource utilization and higher fault tolerance through spreading across an available implementation resource pool. Inclusive colors may be utilized to require and/or prefer allocation of virtual resources to implementation resources painted with the inclusive color. Proximity colors may be utilized to enhance a computational performance of a set of virtual resources. Proximity colors may be associated with proximity specifications that define proximity in implementation resource networks.


Live data center test framework

Owner: Amazon Technologies, Inc.
Publication #: 09436725
Publication Date: 2016-09-06
Patent URL: View on USPTO Website

Systems and methods are described for testing computing resources. In one embodiment, a search space of computing settings is analyzed in accordance with weighted data that maps computing performance parameters with the computing settings. A subset of the computing settings is selected to generate a test population to optimize at least one computing performance parameter. One or more computing devices in a computing environment are configured in accordance with the test population, and the test conditions are iteratively updated based on test results in accordance with the test population and a fitness function.


Supporting a fixed transaction rate with a variably-backed logical cryptographic key

Owner: Amazon Technologies, Inc.
Publication #: 09438421
Publication Date: 2016-09-06
Patent URL: View on USPTO Website

A system and method for receiving requests for performing cryptographic operations with a virtual key having a plurality of actual keys associated with the virtual key, determining which actual key of the plurality of actual keys to use for the cryptographic operation, performing the cryptographic operation using the actual key, and providing the result of performing the cryptographic operation.


Visualization of resources in a data center

Owner: Amazon Technologies, Inc.
Publication #: 09438495
Publication Date: 2016-09-06
Patent URL: View on USPTO Website

A system and method are disclosed for monitoring usage of resources (e.g., hosts, instances, applications, etc.) in a datacenter. Customers, developers and system administrators can collect and track metrics, gain insight, and react to keep applications and businesses running smoothly by providing system-wide visibility into resource utilization, application performance, and operational health. Users can programmatically retrieve monitoring data and view heat maps to assist in troubleshooting, spotting trends, and taking automated action based on the state of a cloud environment. Users can further monitor resources in real-time, so that metrics such as CPU utilization, latency, memory usage, transaction volumes, error rates, etc. can be visualized.


Identity and access management-based access control in virtual networks

Owner: Amazon Technologies, Inc.
Publication #: 09438506
Publication Date: 2016-09-06
Patent URL: View on USPTO Website

Methods and apparatus for providing identity and access management-based access control for connections between entities in virtual (overlay) network environments. At the encapsulation layer of the overlay network, an out-of-band connection creation process may be leveraged to enforce access control and thus allow or deny overlay network connections between sources and targets according to policies. For example, resources may be given identities, identified resources may assume roles, and policies may be defined for the roles that include permissions regarding establishing connections to other resources. When a given resource (the source) attempts to establish a connection to another resource (the target), role(s) may be determined, policies for the role(s) may be identified, and permission(s) checked to determine if a connection from the source to the target over the overlay network is to be allowed or denied.


Flexibly configurable remote network identities

Owner: Amazon Technologies, Inc
Publication #: 09438556
Publication Date: 2016-09-06
Patent URL: View on USPTO Website

A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.


Approaches for deployment approval

Owner: Amazon Technologies, Inc.
Publication #: 09438599
Publication Date: 2016-09-06
Patent URL: View on USPTO Website

A deployment approval system receives, from a deployment tool, a deployment request for performing a deployment to a particular resource. The deployment approval system can identify at least one rule for approving or rejecting the deployment request based on one or more criteria. The deployment approval system can determine whether the deployment request satisfies the one or more criteria in the at least one rule to approve or reject the request. If the deployment request is approved, the deployment approval system sends an approval to the deployment tool to perform the deployment. The deployment tool can then perform the deployment and, once the deployment is complete, the deployment approval system can receive a confirmation of the deployment. The deployment approval system can then store data describing the deployment in an audit repository.


Threat detection and mitigation through run-time introspection and instrumentation

Owner: Amazon Technologies, Inc.
Publication #: 09438618
Publication Date: 2016-09-06
Patent URL: View on USPTO Website

A system and method for threat detection and mitigation through run-time introspection. The system and method comprising receiving a request to monitor a computing environment. Based on the received request, the system and method further includes determining a set of introspection points for monitoring the computing environment. receive a request to monitor a computing environment, measuring at individual introspection points of the set of introspection points to obtain a set of measurements, generating a graph of a set of resources in the computing environment, wherein the graph correlates individual resources in the set of resources to other resources based on at based at least in part on the set of measurements, and determining whether to perform a security action based at least in part on whether an evaluation of the graph indicates a threat to the computing environment.


Scheduling and tracking control plane operations for distributed storage systems

Owner: Amazon Technologies, Inc.
Publication #: 09438665
Publication Date: 2016-09-06
Patent URL: View on USPTO Website

A system that implements distributed storage may schedule and track control plane operations for performance at the distributed storage service. Information may be maintained for control plane events detected at a distributed storage system. Resource utilization for currently performing control plane operations and currently scheduled control plane operations of the distributed storage system may be determined. The information about detected control plane events may be analyzed to schedule control plane operations to be performed in response to detecting the control plane events. As part of scheduling control plane operations, resource constraints may be applied to the determine resource utilization for the distributed storage system.


Storyline presentation of content

Owner: Amazon Technologies, Inc.
Publication #: 09430115
Publication Date: 2016-08-30
Patent URL: View on USPTO Website

Described herein are systems and methods for generating one or more storylines of content. Tags descriptive of events in the content are generated. Based at least in part on the tags, a storyline is generated from the tags describing the related events throughout the content. Some storylines may comprise multiple tags. A user may select one or more storylines for presentation.


Task timeouts based on input data characteristics

Owner: Amazon Technologies, Inc.
Publication #: 09430280
Publication Date: 2016-08-30
Patent URL: View on USPTO Website

Methods and systems for task timeouts as a function of input data size are disclosed. A definition of a task is received. The definition of the task indicates a set of input data for the task. A timeout duration for the task is determined based on the set of input data. The timeout duration varies with one or more characteristics of the set of input data. The execution of the task is initiated. The execution of the task is stopped if the execution of the task exceeds the timeout duration.


Importance-based data storage verification

Owner: Amazon Technologies, Inc.
Publication #: 09430320
Publication Date: 2016-08-30
Patent URL: View on USPTO Website

Methods and systems for detecting error in data storage entities based at least in part on importance of data stored in the data storage entities. In an embodiment, multiple verification passes may be performed on a data storage entity comprising one or more data blocks. Each data block may be associated with a probability indicating the likelihood that the data block is to be selected for verification. During each verification pass, a subset of the data blocks may be selected based at least in part on the probabilities associated with the data blocks. The probabilities may be adjusted, for example, at the end of a verification pass, based on importance factors such as usage and verification information associated with the data blocks. The probabilities may be updated to facilitate timely detection of important data blocks. Additionally, error mitigation and/or correction routines may be performed in light of detected errors.


Identifying and resolving software issues

Owner: Amazon Technologies, Inc.
Publication #: 09430359
Publication Date: 2016-08-30
Patent URL: View on USPTO Website

Technologies are described herein for use in identifying and resolving software issues. One or more corrective actions may be identified and taken that are based upon the similarity between an unresolved issue and one or more resolved issues and/or upon the similarity between code changes made to resolve similar previously resolved issues. A version control graph might also be utilized to determine if a change made to resolve an issue in one branch of a software component is applicable to another branch of the software component. The version control graph might also be utilized to compute the relevance of an entry in an issue tracking system for an issue at a point in time after the entry is created in the issue tracking system.


Transition testing model for heterogeneous client environments

Owner: Amazon Technologies, Inc.
Publication #: 09430361
Publication Date: 2016-08-30
Patent URL: View on USPTO Website

A testing model for heterogeneous client environments is enabled. A test of a computer system state transition may be specified. The test specification may include elements corresponding to test actions that cause the computer system state transition and elements corresponding to test conditions that are evaluated to generate the test results. A collection of pre-assembled executable components suitable for implementing specified tests at a wide variety of clients may be maintained, and particular test specifications may be mapped to a corresponding and optimal implementation subset of the collection. Test results may be determined based on one or more outputs of the implementation subset of executable components. A vendor and version independent browser driver may include code capable of identifying an operational set of browser capabilities among the superset of considered browser capabilities independent of vendor or version identification by a browser under test.


Locking metadata associated with catalog items

Owner: Amazon Technologies, Inc.
Publication #: 09430514
Publication Date: 2016-08-30
Patent URL: View on USPTO Website

Disclosed are various embodiments for locking metadata associated with catalog items. An identifier of an item in the item catalog and update metadata associated with the item are received. Responsive to the receipt, it is determined whether a lock against modification is associated with the identified item. Responsive at least in part to the determination that the identified item is associated with a lock, the identified item is left unmodified in the item catalog rather than modifying the identified item in accordance with the update metadata.


Dynamic cartography mapping system

Owner: Amazon Technologies, Inc.
Publication #: 09430858
Publication Date: 2016-08-30
Patent URL: View on USPTO Website

Theme-differentiated maps are generated from conventional two and three-dimensional mapping data. Dynamic cartography models are applied to the data to deliver maps with stylized topographies. In response to a search request from a client device for a map, points-of-interest within a geographic area resulting from the search are identified. Renderable representations of the points-of-interest are altered to differentiate the search results from other features in the geographic area. The resulting renderable representations are then transmitted to the client device for rendering.


Connection redistribution in load-balanced systems

Owner: Amazon Technologies, Inc.
Publication #: 09432305
Publication Date: 2016-08-30
Patent URL: View on USPTO Website

Methods and apparatus for connection redistribution in load-balanced systems that include multiple load balancers each serving multiple nodes. In the connection redistribution method, each node estimates a connection close rate, which may be based on an estimation of the percentage of the overall client traffic received by the respective load balancer that is being handled by the node. The node generates close requests for connections between the respective load balancer and clients according to the connection close rate. The node sends the close requests to its load balancer, which forwards the close requests to the appropriate clients. Upon receiving a close request, a client may close the connection(s) indicated by the request, obtain a public IP address for a load balancer, and initiate new connection(s) to the respective load balancer via the public IP address.


Host identity bootstrapping

Owner: Amazon Technologies, Inc.
Publication #: 09432356
Publication Date: 2016-08-30
Patent URL: View on USPTO Website

Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.


Data locker synchronization

Owner: Amazon Technologies, Inc.
Publication #: 09432438
Publication Date: 2016-08-30
Patent URL: View on USPTO Website

Disclosed are various embodiments enabling a saved state of an application to be stored at a central location and to be retrieved by multiple computing devices executing the application. Accordingly, saved states of applications and interfaces are also enabled to follow a user from one personal computing device to the next.


System and method for implementing a scalable data storage service

Owner: Amazon Technologies, Inc.
Publication #: 09432459
Publication Date: 2016-08-30
Patent URL: View on USPTO Website

A system that implements a scalable data storage service may maintain tables in a non-relational data store on behalf of clients. The system may provide a Web services interface through which service requests are received, and an API usable to request that a table be created, deleted, or described; that an item be stored, retrieved, deleted, or its attributes modified; or that a table be queried (or scanned) with filtered items and/or their attributes returned. An asynchronous workflow may be invoked to create or delete a table. Items stored in tables may be partitioned and indexed using a simple or composite primary key. The system may not impose pre-defined limits on table size, and may employ a flexible schema. The service may provide a best-effort or committed throughput model. The system may automatically scale and/or re-partition tables in response to detecting workload changes, node failures, or other conditions or anomalies.


Systems, methods, and computer-readable media for determining excessive use of a cellular network

Owner: Amazon Technologies, Inc.
Publication #: 09432521
Publication Date: 2016-08-30
Patent URL: View on USPTO Website

Systems, methods, and computer-readable media for analysis of call detail records to determine unauthorized use of a cellular network are provided. The transferred data amounts from call detail records may be compared to categorized data usage associated with a portable user device to determine uncategorized data usage by the portable user device. The uncategorized data usage and the categorized data usage may be analyzed to determine unauthorized use of the cellular network.


Managing communications between computing nodes

Owner: Amazon Technologies, Inc.
Publication #: 09426181
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

Techniques are described for managing communications between multiple intercommunicating computing nodes, such as multiple virtual machine nodes hosted on one or more physical computing machines or systems. In some situations, users may specify groups of computing nodes and optionally associated access policies for use in the managing of the communications for those groups, such as by specifying which source nodes are allowed to transmit data to particular destinations nodes. In addition, determinations of whether initiated data transmissions from source nodes to destination nodes are authorized may be dynamically negotiated for and recorded for later use in automatically authorizing future such data transmissions without negotiation. This abstract is provided to comply with rules requiring an abstract, and it is submitted with the intention that it will not be used to interpret or limit the scope or meaning of the claims.


Efficient multi-part upload for a data warehouse

Owner: Amazon Technologies, Inc.
Publication #: 09426219
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

Data may be partitioned and uploaded in multiple parts in parallel to a data warehouse cluster in a data warehouse system. Data to be uploaded may be identified, and the partitions for the data may be determined at the storage client. The data may then be partitioned at the storage client. In various embodiments, no local partitions of the data may be maintained in persistent storage at the storage client. The partitioned data may then be sent in parallel to a data warehouse staging area in another network-based service that is implemented as part of a same network-based service implementing the data warehouse system. A request may then be sent to the data warehouse cluster to perform a multi-part upload from the staging area to the data warehouse cluster.


Remotely emulating computing devices

Owner: Amazon Technologies, Inc.
Publication #: 09424052
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

Disclosed are various embodiments that facilitate remote emulation of computing devices. A model of a computing device and an application that is executable in the computing device are identified. The application is executed in a hosted environment. A video signal of the application is encoded into a media stream. A user interface is encoded for rendering in a client. The user interface includes a graphical representation of the model of the computing device. A screen of the graphical representation of the model of the computing device is configured to render at least a portion of the video signal from the media stream.


Virtualization infrastructure support

Owner: Amazon Technologies, Inc.
Publication #: 09424062
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

Remote computing resource service providers allow customers to execute one or more applications in a virtual environment on computer systems provided by the computing resource service provider. The customer applications are generally executed by multiple virtual machine instances working together. The virtual machines may be managed by a hypervisor executing on computer systems operated by the service provider. Different hypervisors may support different features and have different capabilities. Customers may wish to execute the one or more applications on a particular hypervisor in order to utilize certain features. A control plane may be used to facilitate management of the virtual environment by one or more services of the computing resource service provider.


Content enhancement techniques

Owner: Amazon Technologies, Inc.
Publication #: 09424107
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

Techniques for enhancing content being rendered on an electronic device are described herein. In some instances, the techniques include monitoring interactions between a user and a content item that the user consumes on an electronic device. The content items may include electronic books, songs, videos, documents, or the like. In response to detecting an interaction between the user and the content item, the techniques may publish an event indicative of the interaction to an application platform that hosts one or more applications. The applications may be designed to enhance the content that the user consumes in one or more specified ways.


Providing data volume recovery access in a distributed data store to multiple recovery agents

Owner: Amazon Technologies, Inc.
Publication #: 09424140
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

A distributed data store may provide volume recovery access to multiple recovery agents. A data volume may be maintained for a storage client at the distributed data store. Write access to the data volume may be granted according to a single writer consistency scheme. When a recovery event is detected for the data volume, the data volume may be made available to multiple recovery agents that may perform respective recovery operations. Upon first completion of a recovery operation for the data volume, granting access to the data volume according to the single writer consistency scheme may be resumed. In some embodiments, the distributed data store may be a log-structured data store.


Automatic rotation and storage of security credentials

Owner: Amazon Technologies, Inc.
Publication #: 09424419
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

A system and method for a credentials agent that automatically rotates and stores security credentials usable at least in part to authenticate calling applications with a computing resource service provider. Upon determining that a first set of credentials are due to be rotated, the credentials agent may obtain a second set of credentials and store the second set of credentials in a data store. The credentials agent may give notice to a calling application that the first set of credentials is due to be rotated, whereupon the calling application may obtain the second set of credentials and be authenticated to access a resource of the computing resource service provider at least in part by providing the second set of credentials. The authorization system provides visualizations and alerts to administrators of unexpected states that may be caused by misconfigured applications or malicious users.


Account management services for load balancers

Owner: Amazon Technologies, Inc.
Publication #: 09424429
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

A configurable load balancer can be utilized in a multi-tenant environment, where the load balancer can incorporate, or utilize, an account management service operable to perform security tasks such as authentication, authorization, and session management. Customers can utilize the load balancer to control access that users have to resources associated with those customers, without having to build and maintain a dedicated user management system. By implementing security functionality at the load balancer level, traffic can be managed before reaching the resources, which can help to reduce traffic and load on the resources, and can also help to prevent attacks and secure sensitive information. Visibility into the traffic through the load balancer also allows for behavior and usage monitoring, which is helpful for tasks such as billing and usage limit enforcement.


Object recognition for three-dimensional bodies

Owner: Amazon Technologies, Inc.
Publication #: 09424461
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

Various embodiments utilize two-dimensional (“2D”) and three-dimensional (“3D”) object features for purposes such as object recognition and/or image matching. For example, a user can capture an image (e.g., still images or video) of an object and can receive information about items that are determined to match the object. For example, the image can be analyzed to detect visual features (e.g., corners, edges, etc.) of the object and the detected visual features can be combined to generate a combined visual feature vector which can be used for object recognition, image matching, or other such purposes. Other approaches utilize the image to generate a 3D model of the object represented in the image, which can be used to determine at least one object or types of objects that match the object represented in the image.


Security mechanism evaluation service

Owner: Amazon Technologies, Inc.
Publication #: 09425966
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

Methods and apparatus for a security mechanism evaluation service are disclosed. A storage medium stores program instructions that when executed on a processor define a programmatic interface enabling a client to submit an evaluation request for a security mechanism. On receiving an evaluation request from a client indicating a particular security mechanism using public-key encryption, the instructions when executed, identify resources of a provider network to be used to respond. The instructions, when executed, provide to the client, one or more of: (a) a trustworthiness indicator for a certificate authority that issued a public-key certificate in accordance with the particular security mechanism; (b) a result of a syntax analysis of the public-key certificate; or (c) a vulnerability indicator for a key pair.


Resource pooling and subletting from user to another user

Owner: Amazon Technologies, Inc.
Publication #: 09426019
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

Various electronic resources, such as multi-tenant or cloud resources, can be pooled together for access by specified members associated with a given pool. For example, users with access to different resources can enable their resources to be pooled together for purposes such as reduced pricing and increased flexibility. In some instances, a user can pool resources configured for a particular purpose, such that the user can effectively lease out an entire environment. The users accessing the pool can pay for some or all portion of the cost of the resources during the period of usage.


Request response transmutation pipeline

Owner: Amazon Technologies, Inc.
Publication #: 09426027
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

A system may be configured to provide a service for performing various actions on behalf of clients. The clients may be associated with diverse properties such as location, language, and legal jurisdiction. A service may be adapted to respond to a diversified client base. Properties of the client may be identified. A client capability enumeration may be loaded and used to identify transformation operations that may be performed on requests to the service and replies to the client. Transformation operations may be applied in a transmutation pipeline that modifies the input to and the results of an action.


Providing devices as a service

Owner: Amazon Technologies, Inc.
Publication #: 09426154
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

Devices, such as hardware security modules, are provided as a service. A customer of a computing resource provider is able to request the addition of a device to a network of the customer hosted by the computing resource provider. The computing resource provider reconfigures a set of computing resources so that the devices of the customer are able to communicate with the device as if the device was in the customer's own network.


Client device connectivity with integrated business rules and multiple network types

Owner: Amazon Technologies, Inc.
Publication #: 09426158
Publication Date: 2016-08-23
Patent URL: View on USPTO Website

Applications executing on mobile client devices may access remote resources via network connections. Operational capabilities and financial costs of these connections may differ. Developers, network administrators, and other parties may wish to moderate usage of various available conditions to conform to business rules. Connectivity information including one or more network grants are integrated into an application received from a developer at ingestion by an application management server, which accesses those business rules. The client devices may coordinate with a proxy server to provide additional controls. Networking public interfaces provide the developer with a simplified pathway for development of applications which use network connections, particularly on mobile devices.


Automated inventory quality control

Owner: Amazon Technologies, Inc.
Publication #: 09415935
Publication Date: 2016-08-16
Patent URL: View on USPTO Website

An apparatus for determining discrepancies between physical inventory and virtual inventory includes a memory and a processor. The memory can store a virtual inventory associated with an inventory bin, and an image representing a physical inventory associated with the inventory bin. The processor is coupled to the memory and can determine from the image a physical inventory comprising one or more units of inventory from the inventory bin. The processor can also determine discrepancies between the determined physical inventory of the inventory bin and the virtual inventory associated with the inventory bin.


Capturing snapshots of storage volumes

Owner: Amazon Technologies, Inc.
Publication #: 09417815
Publication Date: 2016-08-16
Patent URL: View on USPTO Website

A method and apparatus for capturing a snapshot of storage volumes of a data capture group are disclosed. In the method and apparatus, a request to create a data capture group may be received and processed. The data capture group may have one or more storage volumes. Upon defining the data capture group, a snapshot of the storage volumes of the data capture group may be taken.


Approaches for managing virtual instance data

Owner: Amazon Technologies, Inc.
Publication #: 09417897
Publication Date: 2016-08-16
Patent URL: View on USPTO Website

A resource provider is able to manage instance data associated with virtual compute instances running in the resource provider environment. For example, when provisioning a compute instance, the resource provider can obtain data associated with the compute instance and can store this data, for example, in a data store. The resource provider can act as a centralized repository of such data for some or all instances that are running in the resource provider environment. Entities (e.g., users or other compute instances running in the resource provider environment) can query the resource provider to perform various operations (e.g., read, modify, duplicate) on the data being managed by the resource provider for the various compute instances. Any changes to the data for a compute instance, for example, by a user, the compute instance, or a different compute instance, can be saved by the resource provider and propagated to the compute instance.


Equitable resource allocation for storage object deletion

Owner: Amazon Technologies, Inc.
Publication #: 09417917
Publication Date: 2016-08-16
Patent URL: View on USPTO Website

Methods and apparatus for equitable resource allocation for storage object deletions are disclosed. A storage medium stores program instructions that when executed on a processor implement a deletion task dispatcher of a multi-tenant storage service. The dispatcher identifies one or more deletion job objects that each comprise an indication of a respective set of storage objects that are candidates for scheduled deletion from the storage service. The dispatcher determines a set of resources to be used for deletion operations corresponding to a particular deletion job object, based at least in part on the number of distinct clients whose storage objects are indicated in the job object, and assigned the set of resource to initiate the deletion operations corresponding to the particular job object.


Automatic table schema generation

Owner: Amazon Technologies, Inc.
Publication #: 09418085
Publication Date: 2016-08-16
Patent URL: View on USPTO Website

Methods and systems for automatic table schema generation are disclosed. A description of a data source is received. A table definition is determined based on the description of the data source, wherein the table definition maps the data source to one or more columns of an output table. A parser for the data source is selected from a set of predefined parsers based on the description of the data source. A query against the data source is received. One or more elements of data responsive to the query are retrieved from the data source using the selected parser. The one or more elements are transformed into the output table based on the table definition.


Token-based secure data management

Owner: Amazon Technologies, Inc.
Publication #: 09419841
Publication Date: 2016-08-16
Patent URL: View on USPTO Website

In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, access policies define authorizations regarding which entities are able to resolve a token to access the actual sensitive data.


Network device configuration deployment pipeline

Owner: Amazon Technologies, Inc.
Publication #: 09419856
Publication Date: 2016-08-16
Patent URL: View on USPTO Website

The following description is directed to configuring network devices. In one example, a deployed configuration for a network device can be collected. The deployed configuration can be representative of a state of the network device at the time of collection. A difference can be detected between the deployed configuration and an authoritative configuration for the network device. In response to detecting the difference, an update of the network device according to the authoritative configuration for the network device can be scheduled.


Automated service interface optimization

Owner: Amazon Technologies, Inc.
Publication #: 09419899
Publication Date: 2016-08-16
Patent URL: View on USPTO Website

Disclosed are various embodiments for automated service interface optimization. In one embodiment, a service client and/or a service provider is reconfigured to use an optimized version of a data transfer interface, where the optimized version transfers fewer data items from the service provider to the service client. In another embodiment, service calls from a service client for multiple different data objects are aggregated into an aggregated service call for a data object. In yet another embodiment, an optimized data object is provided to a service client in response to a request for an unoptimized data object. If the service client attempts to use a data item excluded from the optimized data object, the excluded data item is then provided to the service client.


System and method for throttling service requests using work-based tokens

Owner: Amazon Technologies, Inc.
Publication #: 09419904
Publication Date: 2016-08-16
Patent URL: View on USPTO Website

A system that provides services to clients may receive and service requests, various ones of which may require different amounts of work. An admission control mechanism may manage requests based on tokens, each of which represents a fixed amount of work. The tokens may be added to a token bucket at rate that is dependent on a target work throughput rate while the number of tokens in the bucket does not exceed its maximum capacity. If at least a pre-determined minimum number of tokens is present in the bucket when a service request is received, it may be serviced. Servicing a request may include deducting an initial number of tokens from the bucket, determining that the amount of work performed in servicing the request is different than that represented by the initially deducted tokens, and deducting additional tokens from or replacing tokens in the bucket to reflect the difference.


Access control using impersonization

Owner: Amazon Technologies, Inc.
Publication #: 09420007
Publication Date: 2016-08-16
Patent URL: View on USPTO Website

A first service submits a request to a second service on behalf of a customer of a service provider. The request may have been triggered by a request of the customer to the first service. To process the request, the second service evaluates one or more policies to determine whether fulfillment of the request is allowed by policy associated with the customer. The one or more policies may state one or more conditions on one or more services that played a role in submission of the request. If determined that the policy allows fulfillment of the request, the second service fulfills the request.


Log streaming facilities for computing applications

Owner: Amazon Technologies, Inc.
Publication #: 09420068
Publication Date: 2016-08-16
Patent URL: View on USPTO Website

To facilitate log streaming in a computing cloud, application service providers may dynamically provision one or more named log streams. A file-oriented interface to log streams may be made available to a plurality of virtual computer system instances used to provide the application services. Application service providers may further dynamically provision one or more sets of log stream processing agents arranged in one or more log stream processing graphs. Particular log streams may be assigned to particular log stream processing graphs for real-time processing. Processed log streams and/or associated data may be stored for later inspection. Such provisioning and/or configuration may be performed with a unified Web-based interface.


Spawning new timelines during game session replay

Owner: Amazon Technologies, Inc.
Publication #: 09409083
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

A game system in which game sessions involving one or more players may be recorded and saved as game records. A previously recorded game session may be selected and replayed. However, in addition to providing a static replay of the game session, the game system may allow one or more players to step into and assume control of respective game characters at any point during the replay of the game session. When a player steps into and takes control of game a character during the playback, a new timeline is spawned from the original timeline with potentially different outcomes, and a new game record corresponding to the new timeline is generated and stored.


Enhancing user experience by presenting past application usage

Owner: Amazon Technologies, Inc.
Publication #: 09409090
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

Past usage of an application is presented in order to enhance the experience of a user with an application. An application is executed in a hosted environment in one or more computing devices. Input commands may be obtained from a client and provided to the application. A real-time state of the application may be recorded as the application is executed in the hosted environment. The real-time state of the application that has been recorded may be replayed.


Remote content presentation queues

Owner: Amazon Technologies, Inc.
Publication #: 09411809
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

Systems, methods, and computer-readable media are disclosed for generating, storing, and managing play queues remotely from a user device on which content associated with the play queues may be played. A client application executing on a user device may transmit a request to generate a remote play queue to a remote server. The request may include an indication one or more sources for the content and may optionally include an indication of the content to associate with the play queue. The remote server may access metadata associated with a subset of the content of the play queue and transmit the metadata to the client application, thereby allowing retrieval and playback of the content on the user device.


Management of application state data

Owner: Amazon Technologies, Inc.
Publication #: 09411872
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

Disclosed are various embodiments for synchronizing application state information across devices. More specifically, embodiments of the disclosure are related to generating and storing of application state information. Key-value pairs are stored on a client device and synchronized with an application synchronization service.


System and method for splitting a replicated data partition

Owner: Amazon Technologies, Inc.
Publication #: 09411873
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

A system that implements a data storage service may store data on behalf of storage service clients. The system may maintain data in multiple replicas of partitions that are stored on respective computing nodes in the system. The system may split a data partition into two new partitions, and may split the replica group that stored the original partitions into two new replica groups, each storing one of the new partitions. To split the replica group, the master replica may propagate membership changes to the other members of the replica group for adding members to the original replica group and for splitting the expanded replica group into two new replica groups. Subsequent to the split, replicas may attempt to become the master for the original replica group or for a new replica group. If an attempt to become master replica for the original replica group succeeds, the split may fail.


Enabling transfer of digital assets

Owner: Amazon Technologies, Inc.
Publication #: 09411982
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

Techniques for managing digital assets are described that enable a principal to designate a plurality of users that will gain access and ownership of the principal's account that contains the various digital assets of the principal in the event of a transfer of assets. The account may be a network accessible account that maintains various digital assets of the principal, such as multimedia, applications, virtual machines, data, and others. In the event of a transfer, access to the account can be controlled by a cryptographic secret, where each of the designated users has been provided with a distinct share (part) of the cryptographic secret. A minimum number of shares of the secret are required before access to the principal's account will be granted. The minimum number may be configured by the principal in advance.


Instance host configuration

Owner: Amazon Technologies, Inc.
Publication #: 09413604
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

Methods and apparatus for instance host configuration are disclosed. A system includes a plurality of instance hosts configurable for resource instances of a network-accessible service, and control servers to manage remote configuration of the instance hosts. In response to an instance configuration request from a client, a selected control server transmits, to a selected instance host, a sequence of one or more commands. The selected instance host instantiates a remote command executor. The remote command executor initiates configuration operations corresponding to the command sequence, and terminates. The selected control server provides a response to the instance configuration request, based at least in part on results of the operations initiated by the executor.


Automatic management of resource sizing

Owner: Amazon Technologies, Inc.
Publication #: 09413626
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

A system for providing automatic resource resizing is provided. The system may be configured to maintain a plurality of virtual machine instances. The system may be further configured to receive a request to execute a program code and allocate computing resources for executing the program code on one of the virtual machine instances. The amount of resources allocated for executing the program code may be specified by the request and adjusted as needed.


System and method for controlling access to web services resources

Owner: Amazon Technologies, Inc.
Publication #: 09413678
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

A system and method for controlling access to web services resources. A system may include a storage medium configured to store instructions and one or more processors configured to access the storage medium. The instructions may be executable by at least one of the processors to implement a web services access control system (ACS) configured to receive requests. Each request specifies an access operation to be performed with respect to a corresponding resource. Each of the requests is associated with a corresponding principal. For each received request, the ACS may be further configured to determine whether an access control entry exists that is associated with both the resource and principal associated with the request and that specifies an access type sufficient to perform the access operation. If no such entry exists, the ACS may deny the request.


Multi-tenant throttling approaches

Owner: Amazon Technologies, Inc.
Publication #: 09413680
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

An opportunistic throttling approach can be used for customers of shared resources in a multi-tenant environment. Each customer can have a respective token bucket with a guaranteed fill rate. When a request is received for an amount of work to be performed by a resource, the corresponding number of tokens are obtained from, or charged against, a global token bucket. If the global bucket has enough tokens, and if the customer has not exceeded a maximum work rate or other such metric, the customer can charge less than the full number of tokens against the customer's token bucket, in order to reduce the number of tokens that need to be taken from the customer bucket. Such an approach can enable the customer to do more work and enable the customer's bucket to fill more quickly as fewer tokens are charged against the customer bucket for the same amount of work.


Network interface with on-board packet processing

Owner: Amazon Technologies, Inc.
Publication #: 09413783
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

A system and method comprising a network interface controller having a processor configured to receive data packets, determine whether field values extracted from the packet satisfy legitimacy criteria, and based on the determination, either provide the packet to a computing device if a set of one or more legitimacy criteria is satisfied or perform a mitigation action if the set of one or more legitimacy criteria is not satisfied.


Operating system interface implementation using network-accessible services

Owner: Amazon Technologies, Inc.
Publication #: 09413819
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

Methods and apparatus for operating system interface implementation using network-accessible services are described. A request to execute a particular program at a distributed computing platform implementing a set of operating system interfaces using resources of network-accessible services of a provider network is received. A compute instance of a computing service is selected for executing operations of a thread of the program. Corresponding to the invocation of a particular operating system interface within the program, at least one operation is performed at a particular service. An overall result of execution of the particular program is determined based at least in part of results of the at least one operation.


Application streaming service

Owner: Amazon Technologies, Inc.
Publication #: 09413830
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

A method can include a node receiving a token redemption request from a client computing device. The node can determine a destination host management service based at least in part on a geographic proximity of the destination host management service to the client computing device. The destination host management service can be one of a plurality of host management systems distributed across a plurality of data centers. The node can route the token redemption request to the destination host management service. The destination host management service can determine a destination host running an application in one of the plurality of data centers and provision a session between the client computing device and the application running in the destination host.


Network-accessible signal processing service

Owner: Amazon Technologies, Inc.
Publication #: 09413854
Publication Date: 2016-08-09
Patent URL: View on USPTO Website

Methods and apparatus for a network-accessible signal-processing service are disclosed. A programmatic interface may be established to enable clients to specify a signal processing workflow comprising one or more elements with respective data sources, data destinations, and processing techniques to be applied to the data obtained from the data sources. An indication of a particular workflow may be received via the interface. A processing technique indicated for an element of the workflow may be initiated at a resource of a provider network, on a data set obtained from a data source of the element. A result of the analysis may be transmitted to a data destination of the element.


Optimized write performance at block-based storage during volume snapshot operations

Owner: Amazon Technologies, Inc.
Publication #: 09405483
Publication Date: 2016-08-02
Patent URL: View on USPTO Website

Write optimization for block-based storage performing snapshot operations may be implemented. Write requests for a particular data volume may be received for which a snapshot operation is in progress. A determination may be made as to whether a data chunk of the data volume modified as part of the write request has not yet been stored to a remote snapshot data store as part of the snapshot operation. For a data chunk that is to be modified and that has not yet been stored, the data chunk may be stored in a local in-memory volume snapshot buffer. Once the data chunk is stored in the in-memory volume snapshot buffer, the write request may be performed and acknowledged as complete. The data chunk may be sent to the remote snapshot data store asynchronously with regard to the acknowledgment of the write request.


Correction of dependency issues in network-based service remedial workflows

Owner: Amazon Technologies, Inc.
Publication #: 09405605
Publication Date: 2016-08-02
Patent URL: View on USPTO Website

A system and method for preventing dependency problems, such as deadlocks, within network-based computing service workflows, such as workflows that occur within computing assets that provide network-based computing services. The system and method creates a remedial workflow or action for the computing services to address deadlocks or other blocking conditions within the services which may occur should the underlying computing assets need to be restarted, rebooted or sequentially execute and reach a problematic operational state. The system and method will determine the reliance of each computing service upon the functionality of one or more other network-based computing services and structure the remedial workflow accordingly. Other aspects of the disclosure are described in the detailed description, figures, and claims.


Intermediary for testing content and applications

Owner: Amazon Technologies, Inc.
Publication #: 09405660
Publication Date: 2016-08-02
Patent URL: View on USPTO Website

A test device may include an application that accesses online content. In some examples, a test intermediary and/or a test user interface (UI) are downloaded to the test device in response to a request by the application for obtaining the content from a network location. The test intermediary may be positioned to receive communications between the application and the content during testing of the content and/or the application. For example, the test intermediary may intercept metrics and other callbacks passed between the content and the application during manual or automated testing. In some instances, the test intermediary may provide the metrics and/or other test outputs for display in the test user UI rendered on the test device. The content may be rendered to be functional within the test UI, and the existence of the test intermediary and/or the test UI may be transparent to the application and the content.


Preventing attacks that rely on same-page merging by virtualization environment guests

Owner: Amazon Technologies, Inc.
Publication #: 09405708
Publication Date: 2016-08-02
Patent URL: View on USPTO Website

In a virtualization environment, a guest process may protect itself from potential timing side-channel attacks by other guest processes on the same host machine by taking steps to avoid same-page merging for memory pages that it accesses. Pages that include critical code (e.g., cryptographic functions) or sensitive data (e.g., cryptography keys) may be designated as important pages to protect from such attacks. A placeholder location of a specified size for storing a non-deterministic value (e.g., a random or pseudorandom number) may be inserted into these pages when instantiated, making them unlikely to match pages accessed by other guests. Therefore, the host machine may be unlikely to identify them as pages for which there is a same-page merging opportunity. The values in the placeholder locations may be updated periodically or in response to certain events (e.g., context switches between guests or the detection of same-page merging).


Data recovery in a distributed computing environment

Owner: Amazon Technologies, Inc.
Publication #: 09405815
Publication Date: 2016-08-02
Patent URL: View on USPTO Website

A computing system recovers volumes in a distributed computing environment while reducing downtime of storage servers. In an embodiment, a storage server contacts a control plane after a storage failure has occurred. If the storage server hosts an authoritative copy of an offline volume, the storage server is requested to restore the volume. Non-authoritative volumes are removed from the storage server and the storage server provides read access to the restored volume while resuming storage services.


Data integrity verification

Owner: Amazon Technologies, Inc.
Publication #: 09405920
Publication Date: 2016-08-02
Patent URL: View on USPTO Website

A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.


Persona based recommendations

Owner: Amazon Technologies, Inc.
Publication #: 09406091
Publication Date: 2016-08-02
Patent URL: View on USPTO Website

Location data may be obtained through devices associated with one or more users. The actual locations and places that correspond to the location data may be inferred. Location patterns that represent when and where each user spends their time may also be determined. One or more personas that represent categories corresponding to types of behavior or location patterns that users may exhibit may be created and maintained. One or more of the personas may be assigned to or associated with each of the users based on the location patterns associated with each user and the type of behavior that is expected to be exhibited for each persona. One or more recommendations may be provided to the users based at least partly on the personas that have been assigned to the users, which may cause the users to receive recommendations that are likely to be of particular interest.


Control of spectral range intensity in media devices

Owner: Amazon Technologies, Inc.
Publication #: 09406277
Publication Date: 2016-08-02
Patent URL: View on USPTO Website

Illumination of a display is controlled so as to modulate the intensity of emissions in one or more spectral ranges over time while content is being presented. Usage data indicative of user interaction with the presented content or previously presented content can be used to generate or modify a pattern profile. The pattern profile is used to control light emitters of a media device. Various operating modes respectively directed to decreasing or increasing intensity over time within certain portions of the visible spectrum can be used during the presentation of written, video or other content.


Secure initialization vector generation

Owner: Amazon Technologies, Inc.
Publication #: 09407437
Publication Date: 2016-08-02
Patent URL: View on USPTO Website

A plaintext and cryptographic key are used to generate an initialization vector to be used in a cryptographic algorithm, such as an encryption algorithm. In some examples, the plaintext and cryptographic key are input into an effectively one-way function, such as a cryptographic hash function, the output of which is usable as an initialization vector. Cryptographic keys may be rotated probabilistically based at least in part on probabilities of output collisions of the effectively one-way function to ensure a low probability of two different plaintexts resulting in calculation of the same initialization vector for use with the same cryptographic key.


Multiple authority data security and access

Owner: Amazon Technologies, Inc.
Publication #: 09407440
Publication Date: 2016-08-02
Patent URL: View on USPTO Website

Data is encrypted such that multiple keys are needed to decrypt the data. The keys are accessible to different entities so that no single entity has access to all the keys. At least one key is managed by a service provider. A customer computer system of the service provider may be configured with executable instructions directing the orchestration of communications between the various entities having access to the keys. As a result, security compromise in connection with a key does not, by itself, render the data decryptable.


Configuration and verification by trusted provider

Owner: Amazon Technologies, Inc.
Publication #: 09407505
Publication Date: 2016-08-02
Patent URL: View on USPTO Website

A computing resource is loaded with the code or data, and an audited record of the loaded code or data is generated. Furthermore, a configuration integrity is generated based on the record of the loaded code or data. The configuration integrity verifier is sent to a requestor for verification of the code or data, the configuration integrity verifier being usable as a trusted verification of the loaded code or data.


Providing notification of computing resource availability for on-demand allocation

Owner: Amazon Technologies, Inc.
Publication #: 09407569
Publication Date: 2016-08-02
Patent URL: View on USPTO Website

Technologies are described herein for providing notifications of computing resource availability for on-demand allocation. A resource request is received from a requesting application indicating the type, size, number, and other parameters of the computing resources desired. Upon determining that the requested computing resources are not immediately available, suitable alternative resources are determined based on the parameters of the requested resources. The availability of computing resources at the service provider is monitored, and when the requested resources or suitable alternatives become available, the requesting application is sent one or more resource availability notifications describing the available resources. The requesting application may then allocate the available resources from the service provider on-demand.


Single set of credentials for accessing multiple computing resource services

Owner: Amazon Technologies, Inc.
Publication #: 09407615
Publication Date: 2016-08-02
Patent URL: View on USPTO Website

A user may utilize a set of credentials to access, through a managed directory service, one or more services provided by a computing resource service provider. The managed directory service may be configured to identify one or more policies applicable to the user. These policies may define the level of access to the one or more services provided by the computing resource service provider. Based at least in part on these policies, the managed directory service may transmit a request to an identity management system to obtain a set of temporary credentials that may be used to enable the user to access the one or more services. Accordingly, the managed directory service may be configured to enable the user, based at least in part on the policies and the set of temporary credentials, to access an interface, which can be used to access the one or more services.


Dynamically modifying program execution capacity

Owner: Amazon Technologies, Inc.
Publication #: 09400690
Publication Date: 2016-07-26
Patent URL: View on USPTO Website

Techniques are described for managing program execution capacity, such as for a group of computing nodes that are provided for executing one or more programs for a user. In some situations, dynamic program execution capacity modifications for a computing node group that is in use may be performed periodically or otherwise in a recurrent manner, such as to aggregate multiple modifications that are requested or otherwise determined to be made during a period of time, and with the aggregation of multiple determined modifications being able to be performed in various manners. Modifications may be requested or otherwise determined in various manners, including based on dynamic instructions specified by the user, and on satisfaction of triggers that are previously defined by the user. In some situations, the techniques are used in conjunction with a fee-based program execution service that executes multiple programs on behalf of multiple users of the service.


Forecasting server behavior

Owner: Amazon Technologies, Inc.
Publication #: 09400731
Publication Date: 2016-07-26
Patent URL: View on USPTO Website

In a computing environment, common attributes of one or more computing resources are identified for which a predicted probability of an event associated with the one or more computing resources is to be determined. A first predicted probability of the event based on data associated with actual occurrences of the events is calculated. A second predicted probability of the event is calculated based on updated data associated with the event.


Reading station structures

Owner: Amazon Technologies, Inc.
Publication #: 09400971
Publication Date: 2016-07-26
Patent URL: View on USPTO Website

In some examples, a reader system is provided for managing inventory items in an inventory system. The reader system may be configured to read tags associated with items stowed in an inventory holder. The inventory holder may be detachably coupled to a mobile drive unit. The mobile drive unit may move the inventory holder to a first position near an antenna of the reader system and the tags may begin to be read. While reading or at other times in the reading process, the mobile drive unit may move the inventory holder relative to the antenna. The identified tags may be compared to a manifest list of items expected to be stowed in the inventory holder.


Distributing processing for imaging processing

Owner: Amazon Technologies, Inc.
Publication #: 09402018
Publication Date: 2016-07-26
Patent URL: View on USPTO Website

Approaches are described for managing the processing of images or video on a computing device. A portable computing device can include one or more dedicated components, such as an application-specific integrated circuit (ASIC) or other dedicated processor component, to be integrated into the computing device to perform at least a portion of the imaging processing of captured images or video. For example, the dedicated processor component can enable the offloading of basic image signal processing, as well as higher level or “machine vision” processing from the device processor of the device. In this way, the dedicated processor component can perform signal processing for which the input is an image (or video), and where image or video data can be analyzed, interpreted and/or manipulated to generate an output, the output of image processing being either an image or a set of characteristics or parameters related to the image. The output can be provided to a device processor for further processing.


Character simulation and playback notification in game session replay

Owner: Amazon Technologies, Inc.
Publication #: 09393486
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

A game system in which game sessions may be recorded and saved as game records. A previously recorded game session may be selected and replayed, and players may step into and assume control of respective game characters during the replay. When a player steps into and takes control of game a character during replay of a game session, a new timeline is spawned from the original timeline, and a new game record corresponding to the new timeline is generated and stored. Players that were involved in a previously recorded game session that is being replayed may be manually or automatically notified that the game session is being replayed. The notification may occur upon initiation of the replay and/or when a new timeline is spawned. Notified players may view the game session without participating, or may take control their respective characters to participate.


Optimization of packet processing by delaying a processor from entering an idle state

Owner: Amazon Technologies, Inc.
Publication #: 09396010
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

Some embodiments facilitate high performance packet-processing by enabling one or more processors that perform packet-processing to determine whether to enter an idle state or similar state. As network packets usually arrive or are transmitted in batches, the processors of some embodiments determine that more packets may be coming down a multi-stage pipeline upon receiving a first packet for processing. As a result, the processors may stay awake for a duration of time in anticipation of an incoming packet. Some embodiments keep track of the last packet that entered the first stage of the pipeline and compare that with a packet that the processor just processed in a pipeline stage to determine whether there may be more packets coming that need processing. In some embodiments, a processor may also look at a queue length of a queue associated with an upstream stage to determine whether more packets may be coming.


Error handling in a network resource generation environment

Owner: Amazon Technologies, Inc.
Publication #: 09396053
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

Disclosed are various embodiments that facilitate error handling in a network resource generation environment. A request for a network resource is obtained from a client. The network resource is associated with a network site hosted on behalf of a first party by a second party. Resource generation code supplied by the first party is executed by a framework in response to the request. A customized error network resource is sent to the client in response to determining that an error has occurred in the framework that executes the resource generation code.


Software testing with feedback acquisition

Owner: Amazon Technologies, Inc.
Publication #: 09396092
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

Methods and systems for software testing with feedback acquisition are disclosed. Modified program code is generated based on programmatic analysis of original program code. The modified program code includes the original program code and a plurality of additional instructions. The additional instructions implement user interface prompts soliciting answers to user feedback questions. The modified program code is sent to one or more client devices for execution. User input responsive to the user interface prompts is then received from the one or more client devices.


Automated test generation service

Owner: Amazon Technologies, Inc.
Publication #: 09396160
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

Systems and methods are described for testing computing resources. In one embodiment, a request for verification of a computing setting related to a computing environment is received. Computing environment parameters and performance metrics are analyzed to determine an initial test population for testing the computing setting. A computing device in the computing environment is configured in accordance with the initial test population. Testing in accordance with the initial test population is performed and the initial test population is iteratively updated based on results of the testing.


Iris image data processing for template iris pattern generation

Owner: Amazon Technologies, Inc.
Publication #: 09396394
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

Systems, devices, methods, computer-readable media, techniques, and methodologies are disclosed for generating a template iris pattern using multiple image frames containing image data corresponding to detected light at different wavelengths along the electromagnetic (EM) spectrum including light in the infrared, near-infrared, and/or visible light bands.


Web of trust management in a distributed system

Owner: Amazon Technologies, Inc.
Publication #: 09397835
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

A web of trust is used to validate states of a distributed system. The distributed system operates based at least in part on a domain trust. A root of trust issues the domain trust issues a domain trust. Domain trusts are updatable in accordance with rules of previous domain trusts so that a version of a domain trust is verifiable by verifying a chain of previous domain trust versions.


Methods and apparatus for scalable private services

Owner: Amazon Technologies, Inc.
Publication #: 09397909
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

Methods and apparatus for providing scalable private services in service provider networking environments. A service provider that provides a large, public, multi-tenant implementation of a web service to multiple customers via a public API endpoint may allow a customer to request the establishment of a private implementation of the service. In response, a service private instance may be automatically and/or manually established for the customer that provides a private API endpoint to the service and that is at least in part implemented on single-tenant hardware that is not shared with other customers. The service private instance may initially be implemented as a relatively small scale and possibly limited implementation of the service when compared to the service public instance. As the needs of the customer grow, the service private instance may be automatically and/or manually scaled up from the initial implementation.


Managing interaction with hosted services

Owner: Amazon Technologies, Inc.
Publication #: 09397987
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

Systems and methods are disclosed which facilitate managing interaction with instances corresponding to hosted services. Customers may implement services on a hosted computing environment. Further, the customer may allow limited interaction with the hosted service to a third party (e.g., in connection with a secondary service). For example, the third party may interact with a temporary copy of the hosted service. Thereafter, the customer may, given the consent of the third party, view details of the third party's interaction with the copy, and may be enabled to merge any alterations with the initial hosted service. In addition, a customer may monitor their own interactions with a hosted service or copies of a hosted service, and view details of the differences between multiple versions of the hosted service.


Bootstrapping user authentication on devices

Owner: Amazon Technologies, Inc.
Publication #: 09397989
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

Disclosed are various embodiments that facilitate bootstrapping authentication of a user at a first device using a second device. The second device is authenticated for access to a user account via a first security credential. A second security credential is received by the second device. The second security credential is then sent to the first device. Subsequently, the second security credential is received from the first device, and the first device is authenticated for access to the user account.


Server defenses against use of tainted cache

Owner: Amazon Technologies, Inc.
Publication #: 09398066
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

Systems, methods, and computer readable media are described for validating objects stored in a web cache. In one embodiment, a computing device caches objects received while accessing networked content over a network. The computing device generates a description of conditions associated with the caching of the objects. When the computing device accesses networked content via a second network, the computing device or a remote server connected thereto utilizes the description to determine whether an object in the cache is trusted or untrusted. The server manages a policy that defines rules for making the determination. The policy can be generated based on descriptions received from a plurality of devices.


Selecting among virtual networking protocols

Owner: Amazon Technologies, Inc.
Publication #: 09398121
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

Techniques are disclosed for determining a virtual networking framework for computing nodes to use where they are part of a plurality of computing nodes that have heterogeneous virtual networking framework capabilities. Each node may report its capabilities to a mapping server, which serves as a centrally-managed selector of policy capabilities for the two computing nodes to use in communications with each other. The mapping server selects virtual networking framework capabilities for the two computing nodes to use in communicating with each other, instructs the nodes of these selected capabilities, and the two nodes then communicate according to these selected capabilities.


Automatic determination of device mode based on use characteristics

Owner: Amazon Technologies, Inc.
Publication #: 09398143
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

Systems, methods, and computer-readable media are disclosed for generating a baseline use profile that indicates typical patterns of use of a device over time, transitioning the device to a challenge mode when sensor data indicates a deviation from the baseline use profile by more than a permissible tolerance, presenting challenges to the user while in the challenge mode, and determining whether to restrict or allow access to device functionality based on user responses to the challenges.


Interactive applications

Owner: Amazon Technologies, Inc.
Publication #: 09398342
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

Disclosed are various embodiments to facilitate interactive experiences. Interactive content includes video content that is streamed to a client device, such as a set-top box. Complementary content is transmitted to a controller device, such as a tablet computing system and/or smartphone. Input obtained from the controller device can affect an update to the video content and/or complementary content.


Suspending noise cancellation using keyword spotting

Owner: Amazon Technologies, Inc.
Publication #: 09398367
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

Aspects of the disclosure provide suspension of noise cancellation at a noise-cancelling device using keyword spotting. In one aspect, a predetermined word or phrase can be spotted within an utterance received at the noise-cancelling device, and in response, noise cancellation can be suspended or otherwise terminated. The predetermined word or phrase can be specific to an end-user that utilizes the noise-cancelling device and/or a person that interacts with the end-user. In another aspect, interaction between an operator and the noise-cancelling device can be monitored after noise cancellation is suspended, and based at least on such interaction, a model for keyword spotting can be refined. In certain aspects, noise cancellation at the noise-cancelling device can be suspended or otherwise terminated in response to receiving a suspension directive via an electronic non-audio signal, for example, from a peripheral device. In other aspects, the noise-cancelling device can resume noise cancellation in response to a control signal.


Mapping electronic devices within an area

Owner: Amazon Technologies, Inc.
Publication #: 09398413
Publication Date: 2016-07-19
Patent URL: View on USPTO Website

A computing device is used to acquire data and information regarding various electronic devices within a home, commercial space, or another area of interest. Locations for the electronic devices may also be determined by way of a location resource of the computing device, by user input, or through another suitable technique. Various maps may be generated that include graphical representations of the electronic devices, as well as walls, doorways, furniture, or other features within the area or space of interest. A user may amend or add various details within such a map by way of respective user interfaces presented by the computing device. The respective functions and cooperative operations of the electronic devices may be visualized and improved through such mapping.


Providing content via multiple display devices

Owner: Amazon Technologies, Inc.
Publication #: 09389745
Publication Date: 2016-07-12
Patent URL: View on USPTO Website

Disclosed are various embodiments for providing content via multiple display devices. Primary content is rendered on a first display device. A secondary display service executed by a second computing device is identified. A directive is sent to the secondary display service to render secondary content on the second display device. The secondary content relates to a current state of the primary content.


Content preview for electronic devices

Owner: Amazon Technologies, Inc.
Publication #: 09389757
Publication Date: 2016-07-12
Patent URL: View on USPTO Website

Techniques for previewing portions of the content item using an electronic device include displaying a first portion of the content item, receiving input from a user indicative of a desire to browse a second portion of the content item different than the first portion, and displaying a preview window illustrating the second portion of the content item in response to the input. The preview window may enable the user to simultaneously view the second portion illustrated therein as well as at least part of the first portion. In addition, a viewing position of the user may be maintained at a location of the first portion in the content item while the second portion is illustrated in the preview window. Accordingly, the user may not lose context of the first portion of the content item while the viewing the second portion.


Constraint verification for distributed applications

Owner: Amazon Technologies, Inc.
Publication #: 09389886
Publication Date: 2016-07-12
Patent URL: View on USPTO Website

Systems and methods are described for analyzing and verifying distributed applications. In one embodiment, an application program is executed as independently executable components. During execution, redundant portions of application program data are aggregated. A property of the application program is verified using the aggregated application program data to represent code execution paths.


Distributed caching system

Owner: Amazon Technologies, Inc.
Publication #: 09390052
Publication Date: 2016-07-12
Patent URL: View on USPTO Website

Embodiments of a distributed caching system are disclosed that cache data across multiple computing devices on a network. In one embodiment, a first cache system serves as a caching front-end to a distributed cluster of additional cache systems. The first cache system can distribute cache requests to the additional cache systems. The first distributed caching system can also serve as a cache server itself, by storing data on its own internal cache. For example, the first cache system can first attempt to find a requested data item on the internal cache, but, if the lookup results in a cache miss, the first cache system can search the additional cache systems for the data. In some embodiments, the first cache system is configured to multiplex requests to each additional cache system over a single negotiated streaming protocol connection, which allows for network efficiencies and faster detection of failure.


Personalized landing pages

Owner: Amazon Technologies, Inc.
Publication #: 09390181
Publication Date: 2016-07-12
Patent URL: View on USPTO Website

Personalized landing pages may be generated for users based at least in part upon information known about the individual users who are viewing the landing pages. Such information may include, for example, the consumer segments to which the individual user belongs, the individual users' browsing and purchasing histories, personal preferences and attributes. The landing pages are personalized to include, for example, content that may be of particular interest to the user and arranged in a manner that may appeal to the user.


System and method for tracking service results

Owner: Amazon Technologies, Inc.
Publication #: 09391825
Publication Date: 2016-07-12
Patent URL: View on USPTO Website

Various embodiments of a system and method for tracking service requests are described. Embodiments may include call tree generation logic configured to receive multiple request identifiers associated with a respective one of multiple service requests. Each given request identifier may include an origin identifier, a depth value, and a request stack comprising one or more interaction identifiers. The call tree generation logic may also be configured to, based on multiple request identifiers that each include an origin identifier associated with a particular root request, generating a data structure that specifies a hierarchy of services called to fulfill that particular root request. Based on one or more of the interaction identifiers and one or more of the depth values, the generated data structure may specify for each given service of the hierarchy: a parent service that called the given service, and one or more child services called by the given service.


Facilitating application compatibility across devices

Owner: Amazon Technologies, Inc.
Publication #: 09392047
Publication Date: 2016-07-12
Patent URL: View on USPTO Website

Disclosed are various embodiments that facilitate compatibility of applications across multiple different devices. It is determined whether an application is compatible with a client device. If the application is not compatible, an application wrapper to facilitate execution of the application by the client device is encoded. The application wrapper is then provided for transfer to the client device.


Remote display graphics

Owner: Amazon Technologies, Inc.
Publication #: 09392315
Publication Date: 2016-07-12
Patent URL: View on USPTO Website

Images displayed on a source device may be displayed on a target device. The source device may send the target device graphical commands and information to be processed natively at the target device, rather than duplicating the screen of a source device at the target device. Graphical elements to be used by the target device may be sent with the graphical commands or may be sent during out-of-band configuration exchanges between the source and target devices to reduce latency during display sharing.


Configuration of a profile associated with a stylus

Owner: Amazon Technologies, Inc.
Publication #: 09383839
Publication Date: 2016-07-05
Patent URL: View on USPTO Website

A stylus may comprise a configurable profile to control one or more local and remote operational features. One or more computing devices may be in communication with the stylus. The one or more computing devices may be configured to receive information relating to the reconfiguration of the settings of the operational profile, reconfigure the operational profile based at least in part on the received information, store the reconfigured operational profile, and associate the reconfigured operational profile with the stylus, wherein the at least one operational feature of the stylus is modified based on the reconfigured operational profile.


Determining and monitoring performance capabilities of a computer resource service

Owner: Amazon Technologies, Inc.
Publication #: 09384115
Publication Date: 2016-07-05
Patent URL: View on USPTO Website

To determine and monitor the performance of a computer resource service in real time, a resource monitoring tool can initiate test virtual machines on the computer systems of the computer resource service. The resource monitoring tool can then monitor various metrics that indicated the performance of the test virtual machines over time, such as processor performance, memory performance, input/output (I/O) performance, and network performance. The resource monitoring tool can store the monitored metrics, provide select metrics to users, and use the metrics to manage the computer resource service. To accurately gauge the performance, the resource monitoring tool can select computer systems for testing that are representative of the computer resource service and the computer resources of the computer resource service.


Database system providing skew metrics across a key space

Owner: Amazon Technologies, Inc.
Publication #: 09384227
Publication Date: 2016-07-05
Patent URL: View on USPTO Website

A database service may maintain tables on behalf of clients and may provision throughput capacity for those tables. A table may be divided into multiple partitions, according to hash of the primary key values for each of the items in the table, and the items in the table may be accessed using the hash of their primary key values. Provisioned throughput capacity for the table may be divided between the partitions and used in servicing requests directed to items in the table. The service (or underlying system) may provide mechanisms for generating skew-related metrics or reports and presenting them to clients via a graphical user interface (GUI). The metrics and reports may indicate the amount of uniformity or skew in the distribution of requests across the key space for the table using histograms, heat maps, or other representations. Clients may initiate actions to correct any skewing via the GUI.


Reducing latency for remotely executed applications

Owner: Amazon Technologies, Inc.
Publication #: 09384276
Publication Date: 2016-07-05
Patent URL: View on USPTO Website

Disclosed are various embodiments that reduce video encoding latency for remotely executed applications. An application is executed in response to a client request. A video frame generated by the application is obtained before the video frame is sent to an external port of a graphics device. The video frame is encoded into a compressed video stream. The compressed video stream is sent to the client.


Framework for stateless packet tunneling

Owner: Amazon Technologies, Inc.
Publication #: 09385912
Publication Date: 2016-07-05
Patent URL: View on USPTO Website

A framework can be utilized with conventional networking components to enable those components to process packets of specific formats using conventional algorithms, such as algorithms for receive side coalescing (RCS) and TCP segmentation offloading (TSO). Format and flow information can be added to an opaque field or other portion of a packet, at an appropriate location or pre-configured offset. Placing information at a specific location or offset enables the networking hardware to quickly recognize a packet for processing. Packets can be segmented and coalesced using conventional algorithms on the networking hardware, enabling packets of various formats to be able to take advantage of various performance enhancements.


System and method for allocating resources for heterogeneous service requests

Owner: Amazon Technologies, Inc.
Publication #: 09385963
Publication Date: 2016-07-05
Patent URL: View on USPTO Website

A system for allocating constrained resources (e.g., downstream services, execution threads, database connections, input/output channels, computational resources, and/or memory) to requested services that are dependent on those resources may include multiple resource queues, each of which maintains a queue of requests for a respective constrained resource, and multiple service request queues, from which requests may be subsequently serviced. As each request reaches the head of a resource queue, it may receive a resource token for a respective constrained resource. Once the request has collected resource tokens for each of the constrained resources on which it depends, the request may be passed to a service request queue that maintains a queue of requests of a particular type. Requests in the multiple service request queues may be serviced on a round-robin or weighted round-robin basis. The number of tokens available for each constrained resource may be modified based on observed system performance.


Security recommendation engine

Owner: Amazon Technologies, Inc.
Publication #: 09386033
Publication Date: 2016-07-05
Patent URL: View on USPTO Website

Users are authorized to access tagged metadata in a provider network. A revision control and binding mechanism may be applied to tagged metadata that is added or modified by the user. A recommendation pertaining to security and compliance for the computing resource may be determined based on an analysis of the computing resource, scoring criteria, and data pertaining to customer and system data.


Mobile device security

Owner: Amazon Technologies, Inc.
Publication #: 09386507
Publication Date: 2016-07-05
Patent URL: View on USPTO Website

Techniques for providing friction-free transactions using geolocation and user identifiers are described herein. These techniques may ascertain a user's location based on a location of a mobile device. A transaction between the user and a merchant may be completed with zero or minimal input from the user based on the geolocation of the mobile device and the user identifiers. In some implementations, a transaction initiated earlier is completed when the mobile device arrives at the merchant. Additionally, a parent-child or similar relationship may be established between multiple devices. Security on the mobile device based may be provided by biometric identification and calculation of variance from regular movement patterns. Advertisements may be sent to the mobile device based on bids from merchants near to the mobile device. Promotions may be sent to the mobile device when more than a threshold number of mobile devices are located at the same merchant.


Ensuring availability of data in a set being uncorrelated over time

Owner: Amazon Technologies, Inc.
Publication #: 09378230
Publication Date: 2016-06-28
Patent URL: View on USPTO Website

A computing resource monitoring service receives an executable command to redundantly store a metric pertaining to computing resources provided to the customer by a computing resource service provider. The executable command may comprise a hash key and a hash value for the metric. Based on the hash key included in the executable command, the computing resource monitoring service may select one or more data zones, each of the data zones comprising one or more storage nodes for storing metrics. The computing resource monitoring service may be configured to obtain a schedule of storage nodes from the data zones in order to determine the active storage nodes based at least in part on the hash key. Accordingly, the computing resource monitoring service may identify a storage node from the one or more active nodes based at least in part on the hash key and store the metric in the identified node.


Management of inventory items

Owner: Amazon Technologies, Inc.
Publication #: 09378484
Publication Date: 2016-06-28
Patent URL: View on USPTO Website

In some examples, a reader system is provided for managing inventory items in an inventory system. The reader system may be configured to read tags associated with items stowed in an inventory holder. The inventory holder may be detachably coupled to a mobile drive unit. The mobile drive unit may move the inventory holder to a first position near an antenna of the reader system and the tags may begin to be read. While reading or at other times in the reading process, the mobile drive unit may move the inventory holder relative to the antenna. The identified tags may be compared to a manifest list of items expected to be stowed in the inventory holder.


Systems and methods for media processing

Owner: Amazon Technologies, Inc.
Publication #: 09380326
Publication Date: 2016-06-28
Patent URL: View on USPTO Website

A processing service provides content publishers and other such users with automated content processing (e.g., transcoding or other). The content publisher is enabled to provide content (e.g., media files) to an input location for applying various processing to the content. Upon determining that the content has been placed into the input store, the processing service may select an appropriate workflow to be applied to the content and execute the workflow. The workflow may be selected based on various attributes of the content, the publisher, or the input store, such as the file name, embedded metadata, file size, time of day and the like. The workflow can process the content and store the resulting content into an output store or provide the content to various viewer devices. The workflow may also be customizable by the content publisher via an API or other such interface.


Presenting information related to content items

Owner: Amazon Technologies, Inc.
Publication #: 09372592
Publication Date: 2016-06-21
Patent URL: View on USPTO Website

An electronic device may present an interface providing information related to one or more content items. For example, the interface may present representations related to a plurality of content items to indicate relative values among the content items of at least one metric. Additionally, each representation may further indicate at least one of a quality of the value of the metric or a different metric value. A user may navigate the interface to more specific or more general views for a particular metric, characteristic and/or category, and may use the interface to view more information about a selected content item. Alternatively, the representations may represent, or may be arranged according to, authors, publishers, genres, etc. In some examples, the representations may represent terms obtained from content items that satisfy one or more metrics, such as terms that occur in content items sold within a specified period of time.


Automated firmware settings framework

Owner: Amazon Technologies, Inc.
Publication #: 09372731
Publication Date: 2016-06-21
Patent URL: View on USPTO Website

Systems and methods are described for managing computing resources. In one embodiment, mappings between a plurality of parameters of an abstracted firmware framework to corresponding firmware settings of computing components are maintained. The mappings are determined based on predetermined associations between vendor-specific firmware settings and abstracted firmware settings that implement a standardized interface that is independent of the vendor-specific firmware settings. In response to receiving one of the plurality of parameters, the received parameter is translated to corresponding vendor-specific firmware settings based on the mappings.


Constructing state-transition functions for mobile devices

Owner: Amazon Technologies, Inc.
Publication #: 09372786
Publication Date: 2016-06-21
Patent URL: View on USPTO Website

Disclosed are various embodiments for a state monitoring application. A state monitoring application initiates the execution of test operations on a client device. States of the client device are monitored to determine when the client device is at risk of entering an unresponsive state. When the client device is at risk, the state monitoring application initiates the execution of remedy operations to prevent the client device from becoming unresponsive.


Transactional control of RDBMS database definition language operations

Owner: Amazon Technologies, Inc.
Publication #: 09372855
Publication Date: 2016-06-21
Patent URL: View on USPTO Website

Database Definition Language (DDL) transactions are defined that include one or more DDL operations that are to be executed to modify aspects of a relational database, such as its structure. If performance of one or more of the DDL operations in a DDL transaction fails, then the changes made to the relational database by some or all of the DDL operations may be reversed. Instructions and state information may be generated and stored prior to, during, and/or following the execution of a DDL operation that may be utilized to reverse the changes to a relational database made by the DDL operations. User interfaces might also be provided for defining, selecting, editing, and executing DDL transactions, and for providing information relating to the execution and rollback of DDL operations in a DDL transaction.


Balanced append tree data structure

Owner: Amazon Technologies, Inc.
Publication #: 09372879
Publication Date: 2016-06-21
Patent URL: View on USPTO Website

Techniques are described for employing a substantially self-balanced append tree data structure to store and access information. The append tree data structure is a hierarchical data structure in which a leaf node or a parent node may be added to expand the append tree data structure. The determination to add a leaf node or a parent node may be based on a counter for leaf nodes present in the append tree data structure. Nodes in the append tree data structure may be blocks in memory, with each block corresponding to a plurality of positions that may be employed to tracking message identifiers in a messaging service.


System and method for performing replica copying using a physical copy mechanism

Owner: Amazon Technologies, Inc.
Publication #: 09372911
Publication Date: 2016-06-21
Patent URL: View on USPTO Website

A system that implements a data storage service may maintain tables in a data store on behalf of clients. The service may maintain table data in multiple replicas of partitions of the data that are stored on respective computing nodes in the system. In response to detecting a failure or fault condition, or receiving a service request from a client to move or copy a partition replica, the data store may copy a partition replica to another computing node using a physical copy mechanism. The physical copy mechanism may copy table data from physical storage locations in which it is stored to physical storage locations allocated to a destination replica on the other computing node. During copying, service requests to modify table data may be logged and applied to the replica being copied. A catch-up operation may be performed to apply modification requests received during copying to the destination replica.


Managing operational throughput for shared resources

Owner: Amazon Technologies, Inc.
Publication #: 09374243
Publication Date: 2016-06-21
Patent URL: View on USPTO Website

Usage of shared resources can be managed by enabling users to obtain different types of guarantees at different times for various types and/or levels of resource capacity. A user can select to have an amount or rate of capacity dedicated to that user. A user can also select reserved capacity for at least a portion of the requests, tasks, or program execution for that user, where the user has priority to that capacity but other users can utilize the excess capacity during other periods. Users can alternatively specify to use the excess capacity or other variable, non-guaranteed capacity. The capacity can be for any appropriate functional aspect of a resource, such as computational capacity, throughput, latency, bandwidth, and storage. Users can submit bids for various types and combinations of excess capacity, and winning bids can receive dedicated use of the excess capacity for at least a period of time.


Establishing secure remote access to private computer networks

Owner: Amazon Technologies, Inc.
Publication #: 09374341
Publication Date: 2016-06-21
Patent URL: View on USPTO Website

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various ways. For example, a user may programmatically invoke an API provided by the configurable network service to obtain assistance in establishing remote access from a remote location to a provided computer network of the configurable network service, such as to establish a VPN connection from the remote location to the provided computer network using hardware and/or software supplied to the remote location in response to the API invocation.


Distributed passcode verification system

Owner: Amazon Technologies, Inc.
Publication #: 09374368
Publication Date: 2016-06-21
Patent URL: View on USPTO Website

A distributed passcode verification system includes devices that each have a hardware secret and that are each able to perform a limited number of verifications using their hardware secrets. Passcode verifiers receive passcode information from a passcode information manager. The passcode information provides information usable, with a hardware secret, to verify passcodes provided to a verifier.


Dynamic specification auditing for a distributed system

Owner: Amazon Technologies, Inc.
Publication #: 09374417
Publication Date: 2016-06-21
Patent URL: View on USPTO Website

A distributed system may implement dynamic specification auditing. A specification for a distributed system may be maintained in a machine readable format. Specification assertion agents corresponding to different components of the distributed system may request and receive the specification in order to verify whether tasks performed by the respective component satisfy the specification. The specification assertion agents may then send assertions of the success or failure of the component to be stored in order to verify compliance with specification. Various reports may be generated which identify failures or components in the distributed system that are not reporting assertions.


Streaming game server video recorder

Owner: Amazon Technologies, Inc.
Publication #: 09374552
Publication Date: 2016-06-21
Patent URL: View on USPTO Website

A content provider may operate computing nodes configured to provide graphics rendering services to a client running a game or other application. A graphics frame may be rendered and encoded in a format compatible with a client's display device. A second version of the frame may be encoded in a format having selected storage characteristics and compatible with a plurality of display types. The frame may be added to the end of a video stored by the content provider. Frames may be deleted from the video to prevent the video from exceeding a maximum length.


System and method for data replication using a single master failover protocol

Owner: Amazon Technologies, Inc.
Publication #: 09367252
Publication Date: 2016-06-14
Patent URL: View on USPTO Website

A system that implements a data storage service may store data on behalf of storage service clients. The system may maintain data in multiple replicas of various partitions that are stored on respective computing nodes in the system. The system may employ a single master failover protocol, usable when a replica attempts to become the master replica for a replica group of which it is a member. Attempting to become the master replica may include acquiring a lock associated with the replica group, and gathering state information from the other replicas in the group. The state information may indicate whether another replica supports the attempt (in which case it is included in a failover quorum) or stores more recent data or metadata than the replica attempting to become the master (in which case synchronization may be required). If the failover quorum includes enough replicas, the replica may become the master.


Cryptographically attested resources for hosting virtual machines

Owner: Amazon Technologies, Inc.
Publication #: 09367339
Publication Date: 2016-06-14
Patent URL: View on USPTO Website

Approaches to enable the configuration of computing resources for executing virtual machines on behalf of users to be cryptographically attested to or verified. When a user requests a virtual machine to be provisioned, an operator of the virtualized computing environment can initiate a two phase launch of the virtual machine. In the first phase, the operator provisions the virtual machine on a host computing device and obtains cryptographic measurements of the software and/or hardware resources on the host computing device. The operator may then provide those cryptographic measurements to the user that requested the virtual machine. If the user approves the cryptographic measurements, the operator may proceed with the second phase and actually launch the virtual machine on the host. In some cases, operator may compare the cryptographic measurements to a list of approved measurements to determine whether the host computing device is acceptable for hosting the virtual machine.


Efficient query processing in columnar databases using bloom filters

Owner: Amazon Technologies, Inc.
Publication #: 09367574
Publication Date: 2016-06-14
Patent URL: View on USPTO Website

A bloom filter is generated for efficient query processing for unsorted data in a column of a columnar database. Bloom filters represented as bitmaps are generated for data blocks storing data for a column of a columnar database table. An indication of a query directed toward the column is received and the bloom filter for each data block is examined to determine which ones of the data blocks do not need to be read in order to service the query for the select data. Data is then read from the data blocks storing data for the column excepting the ones which do not need to be read.


Selecting supplemental content for inclusion in a search results page

Owner: Amazon Technologies, Inc.
Publication #: 09367627
Publication Date: 2016-06-14
Patent URL: View on USPTO Website

Disclosed are various embodiments that involve selecting supplemental content to be included in a search results page. A search query is received. A set of search results is generated by executing a search based at least in part on the search query. A subset of supplemental content providers is selected based at least in part on respective relevancies of the supplemental content providers to the search query. A search results page is generated. The search results page is configured to present supplemental content from the subset of supplemental content providers in association with the set of search results.


Data security with a security module

Owner: Amazon Technologies, Inc.
Publication #: 09367697
Publication Date: 2016-06-14
Patent URL: View on USPTO Website

A security module securely manages keys. The security module is usable to implement a cryptography service that includes a request processing component. The request processing component responds to requests by causing the security module to perform cryptographic operations that the request processing component cannot perform due to a lack of access to appropriate keys. The security module may be a member of a group of security modules that securely manage keys. Techniques for passing secret information from one security module to the other prevent unauthorized access to secret information.


Text detection using features associated with neighboring glyph pairs

Owner: Amazon Technologies, Inc.
Publication #: 09367736
Publication Date: 2016-06-14
Patent URL: View on USPTO Website

A multi-orientation text detection method and associated system is disclosed that utilizes orientation-variant glyph features to determine a text line in an image regardless of an orientation of the text line. Glyph features are determined for each glyph in an image with respect to a neighboring glyph. The glyph features are provided to a learned classifier that outputs a glyph pair score for each neighboring glyph pair. Each glyph pair score indicates a likelihood that the corresponding pair of neighboring glyphs form part of a same text line. The glyph pair scores are used to identify candidate text lines, which are then ranked to select a final set of text lines in the image.


Managing communications between computing nodes

Owner: Amazon Technologies, Inc.
Publication #: 09369302
Publication Date: 2016-06-14
Patent URL: View on USPTO Website

Techniques are described for managing communications sent to and/or from multiple computing nodes, such as for a group of computing nodes that are part of one or more private networks. In at least some situations, the techniques are used in conjunction with providing network address translation (“NAT”) functionality to a group of computing nodes that share one or more networks, such as to provide NAT functionality in a distributed and asymmetric manner using multiple computing devices that perform different types of operations at different locations within the private network.


In-memory distributed cache

Owner: Amazon Technologies, Inc.
Publication #: 09369332
Publication Date: 2016-06-14
Patent URL: View on USPTO Website

Improved caching mechanisms are presented herein for use with an in-memory distributed cache and, potentially, other types of caches. One mechanism permits cache clients to wait on a cache key being fetched by one or more other cache clients. When the cache key arrives at the cache, the waiting cache clients may be called back with the cache key. Another mechanism allows a service to push changed values directly into a distributed cache. Yet another mechanism allows the storage of information in a cache that defines dependencies between cached values. The dependency information can be utilized to invalidate cache values that are dependent upon other cached values that have been invalidated.


Dynamic isolation of shared resources

Owner: Amazon Technologies, Inc.
Publication #: 09369389
Publication Date: 2016-06-14
Patent URL: View on USPTO Website

Shared resources can be isolated such that abuse of the resource by one user does not significantly affect the use of that resource by another user. A combination of access and flow control can be used, wherein a control gateway or other such component sits along a path between the user and the resource, such that the user obtains connections or access to the resource through the gateway. In this way, the gateway can control aspects such as the number of concurrent threads or channels granted to a user, as well as any delay in providing these threads or channels to the resource. A closed feedback loop can provide real-time information such that adjustments can be made dynamically, preventing abuse by users while also preventing the resource allocations from being underutilized.


Virtual network interface objects

Owner: Amazon Technologies, Inc.
Publication #: 09369403
Publication Date: 2016-06-14
Patent URL: View on USPTO Website

Methods and apparatus for interfaces to manage virtual network interface objects. A system may include resource instances and a network interface virtualization coordinator. Responsive to a record creation request, the coordinator creates an interface records that may include an IP address, subnet information and security properties. The coordinator may, in response to a request to attach the record to a resource instance, enable traffic directed to the IP address to flow to the resource instance. In response to a subsequent detach request, the traffic to the IP address may be disabled at the resource instance. The same interface record may be attached to another resource instance in response to another attach request, enabling traffic directed to the IP address to flow to the second resource instance.


Passcode verification using hardware secrets

Owner: Amazon Technologies, Inc.
Publication #: 09369461
Publication Date: 2016-06-14
Patent URL: View on USPTO Website

A hardware secret is securely maintained in a computing device. The hardware secret is used to generate a hash of a passcode that is persistently stored for later use in verification. When a passcode is received as part of an authentication attempt, the hardware secret is used to generate a reference hash of the received passcode that is then compared with the persistently stored hash to determine whether there is a match.


Task-based content management

Owner: Amazon Technologies, Inc.
Publication #: 09358464
Publication Date: 2016-06-07
Patent URL: View on USPTO Website

In some cases, one or more tasks may be selected for inclusion within a content item or portions of a content item such as different story arcs. Each such task may be completed based, at least in part, on an associated set of one or more actions and an associated set of one or more parameters. Also, in some cases, one or more node layouts may be generated in association with a content item or portions of a content item. Each node within a node layout may, for example, have at least one associated task within a respective content item or content item portion.


Network resource access via a mobile shell

Owner: Amazon Technologies, Inc.
Publication #: 09361131
Publication Date: 2016-06-07
Patent URL: View on USPTO Website

Mobile device applications may be developed and distributed which include abbreviated, content-based references for one or more network resources. Network resource references may be identified by a native shell running on a mobile device, and a network resource lookup may be performed in order to resolve the network resource reference to the network resource. This allows for dynamic access to network-accessible resources such as catalog services, metric services, and advertising services. A mobile application may provide in-app access to such resources without requiring the application's developer to include detailed application programming interface functionality specific to a particular network resource.


Review-broadcasting integrating social networks and product information

Owner: Amazon Technologies, Inc.
Publication #: 09361368
Publication Date: 2016-06-07
Patent URL: View on USPTO Website

A feedback module identifies one or more social network data entries received from the at least one social network provider that are related to a content item. The feedback module parses the identified one or more social network data entries to identify feedback related to the content item. The feedback module then generates a feedback result based on the feedback identified in the one or more social network data entries.


Systems and methods providing recommendation data

Owner: Amazon Technologies, Inc.
Publication #: 09361379
Publication Date: 2016-06-07
Patent URL: View on USPTO Website

Computer applications may generate event data based on a large volume of different types of record data. Described herein are systems, methods and devices for providing website recommendations using the event data. In one example, using the event data, a computing node generates the website recommendations within a designated amount of time after the generation of the record data.


Use of decoy data in a data store

Owner: Amazon Technologies, Inc.
Publication #: 09361457
Publication Date: 2016-06-07
Patent URL: View on USPTO Website

Disclosed are various embodiments for identifying a table of non-decoy data matching a set of criteria. Decoy data is inserted into the table of non-decoy data. The decoy data is detected in a result comprising the decoy data, the result generated in response to an access of the data store. An alarm is generated based at least upon the result.


Determining present venue for a user device

Owner: Amazon Technologies, Inc.
Publication #: 09361633
Publication Date: 2016-06-07
Patent URL: View on USPTO Website

A user device acquires identifiers and signal strengths corresponding to detectable wireless devices. The user device associates one or more of the identifiers with one or more venues, assigning a confidence value to each association. A score value is also assigned to each association based on the signal strengths and the confidence values. One of the associations is selected based on the score values, and is designated as the most likely venue where the user device is located. Information may be accessed or requested, or one or more operations may be performed, in accordance with the most likely venue.


Programmatically simulating system conditions

Owner: Amazon Technologies, Inc.
Publication #: 09363145
Publication Date: 2016-06-07
Patent URL: View on USPTO Website

Systems and methods are provided for programmatically simulating one or more system conditions for a network resource using one or more services. In one implementation, a server receives a request to initiate a treatment. The request identifies a treatment definition. The server determines, based on the treatment definition, the one or more services and deploys the one or more services to the network resource. The one or more services simulate the one or more system conditions.


Logical switches

Owner: Amazon Technologies, Inc.
Publication #: 09363208
Publication Date: 2016-06-07
Patent URL: View on USPTO Website

The deployment and scaling of a network of electronic devices can be improved by utilizing one or more network transpose boxes. Each transpose box can include a number of connectors and a meshing useful for implementing a specific network topology. Different tiers of a network can be connected to one or more of the network transpose boxes, and operated as a logical switch. A control server can be used to manage the control plane operations of the logical switch.


Detecting covert routing

Owner: Amazon Technologies, Inc.
Publication #: 09363281
Publication Date: 2016-06-07
Patent URL: View on USPTO Website

A method and apparatus for detecting covert routing is disclosed. In the method and apparatus, data addressed to an unrestricted computer system traverses a first routing path. The data may be caused to traverse a second a routing path to be received by the unrestricted computer system, whereby a response received from the unrestricted computer system may be indicative of a potential that the data traversing the first routing path was covertly routed to a restricted computer system.


Data storage power management

Owner: Amazon Technologies, Inc.
Publication #: 09354683
Publication Date: 2016-05-31
Patent URL: View on USPTO Website

Embodiments of the present disclosure are directed to, among other things, managing power of one or more data storage devices. In some examples, a storage service may obtain a schedule associated with enabling different storage devices at different times. The storage service may also identify a request of a batch of requests for accessing the storage devices. In some cases, the storage service may also determine which storage device to activate based at least in part on the schedule and/or the request. Further, the storage service may manage power of a storage device based at least in part on the determination of which storage device to activate.


Storage service lifecycle policy transition management

Owner: Amazon Technologies, Inc.
Publication #: 09355060
Publication Date: 2016-05-31
Patent URL: View on USPTO Website

Methods and apparatus for storage lifecycle configuration management are disclosed. A storage medium stores program instructions that, when executed on a processor, implement a storage lifecycle manager. The manager receives a lifecycle policy to be applied to storage objects of a container of a storage service. The policy indicates lifecycle transitions to be implemented for the objects. The manager stores (a) a policy modification sequence number (PMSN) indicative of a most recent modification of the policy and (b) a policy application sequence number (PASN) associated with the particular logical container, where the PASN is based on the PMSN. The manager later compares the PMSN and the PASN to determine whether a lifecycle transition is to be performed, and if the transition is to be performed, schedules one or more operations for the transition.


Managing external communications for provided computer networks

Owner: Amazon Technologies, Inc.
Publication #: 09356860
Publication Date: 2016-05-31
Patent URL: View on USPTO Website

Techniques are described for providing managed computer networks. In some situations, the techniques include managing communications for computing nodes of a managed computer network by using a pool of multiple alternative intermediate destinations to forward at least some communications to other final destinations. For example, a manager module associated with a source computing node may select a particular one of multiple alternative intermediate destinations to use for one or more particular communications from the source computing node to an indicated final destination, such as based on network addresses associated with the source computing node and/or the final destination. The multiple alternative intermediate destinations may have various forms, including multiple alternative edge devices at a first location at which various computing nodes are co-located that operate to manage communications between those co-located computing nodes at the first location and other external computer systems at one or more other locations.


Allocating cloud-hosted application resources using end-user metrics

Owner: Amazon Technologies, Inc.
Publication #: 09356883
Publication Date: 2016-05-31
Patent URL: View on USPTO Website

At least one workflow comprising end-user interactions with an application implemented using provider network resources is identified by a resource allocation service of the provider network. The service collects performance metrics associated with the end-user workflow. If a performance metric meets a threshold criterion, a re-evaluation of the resources assigned to the application is initiated. Configuration changes to modify the set of provider network resources assigned to the application are implemented in accordance with a result of the resource re-evaluation.


Managing resource power states in shared environments

Owner: Amazon Technologies, Inc.
Publication #: 09348391
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

Customers in a multi-tenant environment can obtain power consumption information for a set of resources or other computing components used by those customers, including time-accurate accounting for various components of those resources utilized on behalf of the customer. A customer can also have the ability to specify how the resources are to be operated when used for the customer, in order to manage the amount of power consumption. The accounting can be performed even when the resources are shared among multiple users or entities. Various hardware components or agents can be used to provide detailed power consumption information for those components that is associated with a particular customer. The information can be used not only for accounting and monitoring purposes, but also to make dynamic adjustments based on various changes in usage, power consumption, or other such factors.


Fast-booting application image using variation points in application source code

Owner: Amazon Technologies, Inc.
Publication #: 09348634
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

Application boot images are generated for later instantiation of computer system images. A computer system partially executes executable code of an application source. A snapshot of the computer system is taken and the snapshot is used to build a repository of application boot images that can be accessed for computer system instantiation.


Reboot-initiated virtual machine instance migration

Owner: Amazon Technologies, Inc.
Publication #: 09348646
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

A method for migrating a virtual machine instance within a service provider environment may include determining to migrate an instance running on a source server computer, the source server computer associated with a plurality of hardware resource settings. A target server computer may be identified based at least in part on the plurality of hardware resource settings. A local data volume of the target server computer may be synchronized with a local data volume of the source server computer. A notification may be sent to the user, indicating migration of the instance can be initiated. Upon receiving a reboot request, disconnecting at least one network interface attached to the instance. The instance may be terminated from running on the source server computer, and may be launched on the target server computer using the synchronized local data volume and instance state data.


Singleton coordination in an actor-based system

Owner: Amazon Technologies, Inc.
Publication #: 09348672
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

Techniques for singleton coordination in an actor-based system are described herein. In some examples, one or more actors within an actor based system may be designated as singleton actors. Each singleton actor is permitted to have only a single associated instance in the actor-based system. In some cases, when multiple executing instances (i.e., duplicates) of a singleton actor are detected, the duplicates may be resolved, for example, such that no more than a single instance of the singleton actor is retained. In some examples, one or more singleton coordinators may be responsible for selecting one or more hubs on which to generate new or re-generated singletons, monitoring existing singletons to ensure that they continue to execute, and re-generating existing singletons after termination.


Managing update attempts by a guest operating system to a host system or device

Owner: Amazon Technologies, Inc.
Publication #: 09349010
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.


Fine art samples

Owner: Amazon Technologies, Inc.
Publication #: 09349139
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

Methods and systems for selecting and shipping an art sample that will degrade after a pre-defined period of time are provided. A user can request an art sample while browsing for items associated with an electronic marketplace. The art sample, which can be a lower quality replica of an original art piece, may be printed utilizing a printing technique which results in the art sample degrading after a pre-defined period of time. The art sample may then be shipped to the user to aid in determining whether to purchase the original art piece by utilizing the art sample to visualize the potential purchase in the user's own viewing space.


Service for adding functionality to applications

Owner: Amazon Technologies, Inc.
Publication #: 09349141
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

An application management system modifies developer-submitted applications, such as mobile applications, to add various types of functionality before such applications are made available for purchase. The added functionality may, for example, enable end users to make in-application purchases of content items from an application store. As another example, Digital Rights Management (DRM) functionality may be added for controlling user access to content items, such as content items available in an application store.


System and method for configuration management service

Owner: Amazon Technologies, Inc.
Publication #: 09350610
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

System and method for agentless computing system configuration management in networked environments. A configuration management service may be implemented as a service on a network with a standard network interface. A client may communicate with the service to specify a configuration for a target system, for example through a browser interface. The specified configuration may be stored by the service. The service may generate a package according to the specified configuration. The package may be delivered to the target system via the network. The package may then install the configuration, for example, one or more software, data, or other digital components, on the target systems in accordance with the specified configuration. The clients may request that the service verify and/or update the installed configuration on the target system. The service may, in response, generate an update package for the installed configuration. Target systems may include computer systems and virtual machines.


Compute instance migrations across availability zones of a provider network

Owner: Amazon Technologies, Inc.
Publication #: 09350682
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

A provider network may implement compute instance migrations across availability zones. Compute instances may be located in a particular availability zone of provider network that is implemented across multiple availability zones. A request may be received, from a client of the provider network or other component of the provider network, to migrate a compute instance that is currently operating for a client and located in one availability zone to another availability zone. A destination compute instance may be provisioned in the other availability zone based on a configuration of the currently operating compute instance. In some embodiments, other computing resources utilized by the currently operating compute instance, such as data storage resources, may be moved to the other availability zone. Migration may be completed such that the destination compute instance is currently operating for the client and the compute instance is not.


Location service for user authentication

Owner: Amazon Technologies, Inc.
Publication #: 09350717
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

A method and apparatus for location authentication of the user are disclosed. In the method and apparatus, the location of the user is authenticated if one or more conditions for geographic proximity associated with two or more devices of the user are satisfied. Upon the location of the user being authenticated, the user may be granted access to a service.


Template representation of security resources

Owner: Amazon Technologies, Inc.
Publication #: 09350738
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.


HTTP tunnelling over websockets

Owner: Amazon Technologies, Inc.
Publication #: 09350763
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

Conventional messages sent by sources such as applications executing on a computing device can be intercepted by a message converter module, or other such component, and converted to raw data, binary data, or another appropriate format that is able to be sent using a websocket connection. A websocket connection can provide greater efficiencies in at least some situations, and the intercepting of a message independent of, and transparent to, an application or other such component or module enables the websocket connections to be implemented without knowledge of the connections or conversion by applications at either endpoint.


Devices, systems, and methods for responding to telemarketers

Owner: Amazon Technologies, Inc.
Publication #: 09350858
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

Aspects of the disclosure provide responses from a communication device to a call from an unknown source, such as telemarketers. In certain aspects, information associated with a communication address of the unknown source can be accessed by the communication device, and a response to the call can be specific to some or all of the information. In other aspects, the responses can be automated and/or can be directed, at least in part, by external input supplied to the communication device.


Mobile notifications based upon location

Owner: Amazon Technologies, Inc.
Publication #: 09351110
Publication Date: 2016-05-24
Patent URL: View on USPTO Website

Disclosed are various embodiments employed to generate device notifications based upon location data associated with a mobile device. To this end, a request to generate a device notification is obtained from a user application. Notification content is extracted from the request and an escalated or de-escalated notification level is applied that is based at least in part upon the location of the mobile device and properties about the location that can be identified.


Managing replication of computing nodes for provided computer networks

Owner: Amazon Technologies, Inc.
Publication #: 09342412
Publication Date: 2016-05-17
Patent URL: View on USPTO Website

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable.


Dynamically modifying durability properties for individual data volumes

Owner: Amazon Technologies, Inc.
Publication #: 09342457
Publication Date: 2016-05-17
Patent URL: View on USPTO Website

A block-based storage system may implement dynamic durability adjustment for page cache write logging. A rate of incoming write requests for data volumes maintained at a storage node may be monitored. Based, at least in part, on the rate of incoming write requests, a dynamic modification to a durability property for a data volume may be made, such as enabling page cache write logging the data volume or disabling write logging for the data volume. When incoming write requests are received, a determination may be made as to whether page cache write logging for a particular data volume is enabled. For write requests with disabled page cache write logging, the page cache may be updated and the write request may be acknowledged without storing a log record describing the update in a page cache write log.


Managing committed processing rates for shared resources

Owner: Amazon Technologies, Inc.
Publication #: 09342801
Publication Date: 2016-05-17
Patent URL: View on USPTO Website

Commitments against various resources can be dynamically adjusted for customers in a shared-resource environment. A customer can provision a data volume with a committed rate of Input/Output Operations Per Second (IOPS) and pay only for that commitment (plus any overage), for example, as well as the amount of storage requested. The customer can subsequently adjust the committed rate of IOPS by submitting an appropriate request, or the rate can be adjusted automatically based on any of a number of criteria. Data volumes for the customer can be migrated, split, or combined in order to provide the adjusted rate. The interaction of the customer with the data volume does not need to change, independent of adjustments in rate or changes in the data volume, other than the rate at which requests are processed.


Return path trace

Owner: Amazon Technologies, Inc.
Publication #: 09344320
Publication Date: 2016-05-17
Patent URL: View on USPTO Website

A reverse network tracing mechanism is described. In an embodiment, a network information request is received that is addressed to a predetermined destination. It is determined that the network information request has an expired timer and a message is returned indicating that a return network path routing procedure has been initiated. After determining that the network information request has an unexpired timer, contents of the network information request are modified to enable identification of at least a portion of the return path from the predetermined destination to a source address of the network information request.


Centrally managed use case-specific entity identifiers

Owner: Amazon Technologies, Inc.
Publication #: 09344407
Publication Date: 2016-05-17
Patent URL: View on USPTO Website

Disclosed are various embodiments for centrally managed use case-specific entity identifiers. An identifier translation service receives an identifier translation request from a requesting service. The request specifies a first use case-specific entity identifier, which is specific to a first use case. An actual entity identifier is obtained by decrypting the first use case-specific entity identifier. A second use case-specific entity identifier is generated based at least in part on encrypting the actual entity identifier. The second use case-specific entity identifier is sent to the requesting service in response to the identifier translation request.


Remote access to mobile communication devices

Owner: Amazon Technologies, Inc.
Publication #: 09345061
Publication Date: 2016-05-17
Patent URL: View on USPTO Website

Disclosed are various embodiments that facilitate remote access to mobile communication devices. A video signal and an audio signal that may be generated in a phone device are captured. The video signal may correspond to a screen of the phone device. The signals are encoded into a media stream, which is sent to a computing device. Input data is obtained from the computing device, and the input data is provided to one or more applications executed in the phone device.


Workflows with API idiosyncrasy translation layers

Owner: Amazon Technologies, Inc.
Publication #: 09336020
Publication Date: 2016-05-10
Patent URL: View on USPTO Website

User actions for configuring a computing environment may be recorded and converted to a workflow definition. A translation layer may be associated with the workflow definition and invoked to perform actions described by the workflow by utilizing one or more application programming interfaces. The translation layer may adapt to application programming interface idiosyncrasies by translating state transitions, including asynchronous to synchronous state transitions and synchronous to asynchronous state transitions.


Placement and tuning of virtual machines

Owner: Amazon Technologies, Inc.
Publication #: 09336030
Publication Date: 2016-05-10
Patent URL: View on USPTO Website

Approaches are disclosed for enabling owners of virtual computing resources to specify one or more constraints for their virtual machines and/or virtual networks, with respect to metrics such as cost, latency, throughput, network bandwidth, power usage, server availability, data redundancy, correlated failure susceptibility, and other such metrics. A customer can declare a set of constraints with metrics goals for their virtual machine instance or network of instances, and the service provider can optimize the placement (e.g., host selection) and various settings (e.g., hardware and software settings) to satisfy the specified constraints. The satisfaction of customer-specified constraints may need to take into account what other virtual machine instances are performing in the shared resource environment.


Attributing causality to program execution capacity modifications

Owner: Amazon Technologies, Inc.
Publication #: 09336069
Publication Date: 2016-05-10
Patent URL: View on USPTO Website

Techniques are described for managing program execution capacity, such as for a group of computing nodes that are provided for executing one or more programs for a user. In some situations, dynamic program execution capacity modifications for a computing node group that is in use may be performed periodically or otherwise in a recurrent manner, such as to aggregate multiple modifications that are requested or otherwise determined to be made during a period of time. In addition, various operations may be performed to attribute causality information or other responsibility for particular program execution capacity modifications that are performed, including by attributing a single event as causing one capacity modification, and a combination of multiple events as possible causes for another capacity modification. The techniques may in some situations be used in conjunction with a fee-based program execution service that executes multiple programs on behalf of multiple users of the service.


Client-side event logging for heterogeneous client environments

Owner: Amazon Technologies, Inc.
Publication #: 09336126
Publication Date: 2016-05-10
Patent URL: View on USPTO Website

A testing model for heterogeneous client environments is enabled. A test of a computer system state transition may be specified. The test specification may include elements corresponding to test actions that cause the computer system state transition and elements corresponding to test conditions that are evaluated to generate the test results. A collection of pre-assembled executable components suitable for implementing specified tests at a wide variety of clients may be maintained, and particular test specifications may be mapped to a corresponding and optimal implementation subset of the collection. Test results may be determined based on one or more outputs of the implementation subset of executable components. A vendor and version independent browser driver may include code capable of identifying an operational set of browser capabilities among the superset of considered browser capabilities independent of vendor or version identification by a browser under test.


Global query hint specification

Owner: Amazon Technologies, Inc.
Publication #: 09336272
Publication Date: 2016-05-10
Patent URL: View on USPTO Website

A query optimizer may receive a query (e.g., from a source that generated the query). Input that specifies both a query hint string and a hint may be received to a hint specification interface. The hint may be applied to the query, from outside the query, to optimize a query execution plan. Applying the hint may be based, at least in part, on a query hint string. For example, which query block is associated with the query hint string may be determined. Upon such a determination, the hint may be applied to the determined query block.


Provisioning and managing replicated data instances

Owner: Amazon Technologies, Inc.
Publication #: 09336292
Publication Date: 2016-05-10
Patent URL: View on USPTO Website

A replicated database can be provisioned that provides primary and secondary replicas located in different data zones or geographical locations. The database can be installed on the primary replica, and both the primary and secondary replica can include a block level replication mechanism that allows any I/O operation to be replicated between the replicas. Any failure of the primary replica can be addressed by performing a failover operation to the secondary replica. A DNS name or other such approach can be used such that the name can be aliased to the secondary replica during a failover. The creation of the database and provisioning of the replicated instance can be initiated using a Web service call to a control environment. A replicated database can also be scaled according to storage or computing capacity with no disruption of service using a Web service call to the control environment.


Rapid malware inspection of mobile applications

Owner: Amazon Technologies, Inc.
Publication #: 09336389
Publication Date: 2016-05-10
Patent URL: View on USPTO Website

Disclosed are various embodiments for inspecting malware with little or no user interruption. A first computing device may compare a source code of an application to a fingerprint stored locally on the first computing device. The first computing device may transmit the source code to a second computing device to determine whether the source code resides in a database comprising approved applications. If the source code does not reside in the database, a thorough scan of the source code may be conducted.


Bidding on electronic resources

Owner: Amazon Technologies, Inc.
Publication #: 09336551
Publication Date: 2016-05-10
Patent URL: View on USPTO Website

Systems and methods involve managing exhaustible electronic resources, such as IPv4 addresses. A spot market for the electronic resources is operated to enable users to obtain units of the electronic resources. Potential users may provide pricing criteria. When a spot price for units of the electronic resources satisfies the pricing criteria for a potential user, the potential user may be given access to a requested number of units of the electronic resources.


Notifying a user utilizing smart alerting techniques

Owner: Amazon Technologies, Inc.
Publication #: 09336674
Publication Date: 2016-05-10
Patent URL: View on USPTO Website

A configuration associated with an electronic message may be received, the electronic message containing a keyword. Historical notification information comprising information about multiple electronic messages may be accessed to determine one or more related electronic messages. A number of related electronic messages may be determined by comparing the keyword to the historical notification information. An electronic notification may be generated based at least in part on the configuration information, the electronic message, and the multiple related electronic messages.


Automatically configuring virtual private networks

Owner: Amazon Technologies, Inc.
Publication #: 09338053
Publication Date: 2016-05-10
Patent URL: View on USPTO Website

Disclosed are various embodiments for configuring virtual private networks (VPNs). A request is made, through a service call, for creation of a VPN through a client VPN gateway and a server VPN gateway. In response to the service call, a generic gateway configuration document is received. The generic gateway configuration document is applicable to the client VPN gateway. The generic gateway configuration document is translated to a device-specific gateway configuration document.


Overlay networks for application groups

Owner: Amazon Technologies, Inc.
Publication #: 09338092
Publication Date: 2016-05-10
Patent URL: View on USPTO Website

A method and apparatus for configuring an overlay network are provided. In the method and apparatus, a plurality of applications are deployed for execution on one or more computing systems. The plurality of applications may be part of an application group. Credentials information is provided to the one or more computing systems, whereby the credentials information is usable for securing communication between at least two applications of the plurality of applications that are executed on different computing systems. Further, configuration information that is usable for establishing a routing path for data sent by or addressed to a first application of the plurality of applications is provided to at least one computing system.


Virtual machine morphing for heterogeneous migration environments

Owner: Amazon Technologies, Inc.
Publication #: 09329886
Publication Date: 2016-05-03
Patent URL: View on USPTO Website

Virtual machines may migrate between heterogeneous sets of implementation resources in a manner that allows the virtual machines to efficiently and effectively adapt to new implementation resources. Furthermore, virtual machines may change types during migration without terminating the virtual machines. Migration templates may be established to manage migration of sets of virtual machines between sets of implementation resources and/or virtual machine types. Migration templates may be established based at least in part on information provided by migration agents added to the virtual machines under consideration for migration. The migration agents may detect and augment relevant virtual machine capabilities, as well as trigger reconfiguration of virtual machine components in accordance with migration templates.


Dynamically modifying a cluster of computing nodes used for distributed execution of a program

Owner: Amazon Technologies, Inc.
Publication #: 09329909
Publication Date: 2016-05-03
Patent URL: View on USPTO Website

Techniques are described for managing distributed execution of programs. In some situations, the techniques include dynamically modifying the distributed program execution in various manners, such as based on monitored status information. The dynamic modifying of the distributed program execution may include adding and/or removing computing nodes from a cluster that is executing the program, modifying the amount of computing resources that are available for the distributed program execution, terminating or temporarily suspending execution of the program (e.g., if an insufficient quantity of computing nodes of the cluster are available to perform execution), etc.


Range query capacity allocation

Owner: Amazon Technologies, Inc.
Publication #: 09330158
Publication Date: 2016-05-03
Patent URL: View on USPTO Website

Distributed database management systems may perform range queries over the leading portion of a primary key. Non-random distribution of data may improve performance related to the processing of range queries, but may tend to cause workload to be concentrated on particular partitions. Groups of partitions may be expanded and collapsed based on detection of disproportionate workload. Disproportionate write workload may be distributed among a group of partitions that can subsequently be queried using a federated approach. Disproportionate read workload may be distributed among a group of read-only replicated partitions.


Mapping stored client data to requested data using metadata

Owner: Amazon Technologies, Inc.
Publication #: 09330198
Publication Date: 2016-05-03
Patent URL: View on USPTO Website

Disclosed are various embodiments that employ metadata to map stored client data to form fields and other data consumers. Data items are requested by a data consumer, such as a form. Metadata is obtained that includes a mapping of stored data items to the requested data items, and the mapping is associated with an identification of the data consumer. The requested data items are provided to the data consumer based at least in part on the mapping and the stored data items.


Fine-grained access control for synchronized data stores

Owner: Amazon Technologies, Inc.
Publication #: 09330271
Publication Date: 2016-05-03
Patent URL: View on USPTO Website

A remote distributed data store may be configured to process data updates received through invocation of a common API with reference to a common schema. Local data stores may also be configured to process updates using a common API and schema. Data for multiple users may be stored in a common collection of items maintained by a remote distributed data store. User identity may be verified through a public identity service. User identity and access permissions may be associated with items stored in a remote distributed data store.


Dynamic network traffic mirroring

Owner: Amazon Technologies, Inc.
Publication #: 09331915
Publication Date: 2016-05-03
Patent URL: View on USPTO Website

Data packets may be mirrored or replicated to network ports and/or listening stations. Additionally, the data packets may include characteristics. Based at least in part on the characteristics of the data packets, dynamic capture lengths may be determined. A portion of the data packets may be transmitted to the network ports and/or listening station based at least in part on determined capture lengths.


Customizable sign-on service

Owner: Amazon Technologies, Inc.
Publication #: 09332001
Publication Date: 2016-05-03
Patent URL: View on USPTO Website

Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc., and with the customizations that are available being determined specifically for that service.


Data communication using media files

Owner: Amazon Technologies, Inc.
Publication #: 09332027
Publication Date: 2016-05-03
Patent URL: View on USPTO Website

A web browser may implement a single origin policy that makes an exception for media files such as markup language image files. In cases where the delivery of data to a browser may be blocked by a single origin policy, such as where the data originates from a domain other than the domain that originates the initially presented content, the data may be encoded in one or more media files, such as images, to circumvent the single origin policy. The data may be encoded using height and width dimensions, pixel colors, transparencies, or other characteristics of the media file(s). The media file(s) may be sent to the browser and decoded to access the data.


Call routing to subject matter specialist for network page topic

Owner: Amazon Technologies, Inc.
Publication #: 09332124
Publication Date: 2016-05-03
Patent URL: View on USPTO Website

Disclosed are various embodiments for location based call routing to a subject matter specialist. A call request is received from a computing device which includes an identifier of a network page. A topic specialist for the network page is identified from the contents of the network page. The call request is completed by establishing a call between the computing device and another computing device which is operated by the topic specialist.


User-guided object identification

Owner: Amazon Technologies, Inc.
Publication #: 09332189
Publication Date: 2016-05-03
Patent URL: View on USPTO Website

A user attempting to obtain information about an object can capture image information including a view of that object, and the image information can be used with a matching or identification process to provide information about that type of object to the user. In order to narrow the search space to a specific category, and thus improve the accuracy of the results and the speed at which results can be obtained, the user can be guided to capture image information with an appropriate orientation. An outline or other graphical guide can be displayed over image information captured by a computing device, in order to guide the user in capturing the object from an appropriate direction and with an appropriate scale for the type of matching and/or information used for the matching. Such an approach enables three-dimensional objects to be analyzed using conventional two-dimensional identification algorithms, among other such processes.


Template-driven data access

Owner: Amazon Technologies, Inc.
Publication #: 09323504
Publication Date: 2016-04-26
Patent URL: View on USPTO Website

Template-driven data access is enabled. A collection of data model component identifiers that are accessible for use by view developers may be established. View developers may specify views of the data model with a view description language and may utilize accessible data model component identifiers to reference data model components that may be rendered in the views. The views may be in accordance with a Model-View-Controller (MVC) architecture. In contrast to a conventional MVC architecture, changes to a view do not require changes to a corresponding controller. For example, view developers may create, update, modify and delete views independent of the activity of controller developers. In accordance with at least one embodiment, there is a universal controller for views specified with the view specification language and/or utilizing the predefined collection of accessible data model component identifiers.


Secure virtual machine memory allocation management via dedicated memory pools

Owner: Amazon Technologies, Inc.
Publication #: 09323552
Publication Date: 2016-04-26
Patent URL: View on USPTO Website

Embodiments are disclosed for recycling memory from a memory pool dedicated to a virtual machine instance. For example, memory sub-pools can be pre-allocated to respective virtual machine instances. Memory scrubbing can be ordinarily performed to avoid data leakage between different customers. However, scrubbing can be inhibited when a given virtual machine reclaims memory previously released to the dedicated pool because the memory remains dedicated to the instance. Further features, such as partition and merge of sub-pools can be supported. Control of the features can be accomplished via API calls as part of a web service.


Programmatic event detection and message generation for requests to execute program code

Owner: Amazon Technologies, Inc.
Publication #: 09323556
Publication Date: 2016-04-26
Patent URL: View on USPTO Website

A service manages a plurality of virtual machine instances for low latency execution of user codes. The service can provide the capability to execute user code in response to events triggered on an auxillary service to provide implicit and automatic rate matching and scaling between events being triggered on the auxiliary service and the corresponding execution of user code on various virtual machine instances. An auxiliary service may be configured as an event triggering service to detect events and generate event messages for execution of the user codes. The service can request, receive, or poll for event messages directly from the auxiliary service or via an intermediary message service. Event messages can be rapidly converted to requests to execute user code on the service. The time from processing the event message to initiating a request to begin code execution is less than a predetermined duration, for example, 100 ms.


Scalable log-based transaction management

Owner: Amazon Technologies, Inc.
Publication #: 09323569
Publication Date: 2016-04-26
Patent URL: View on USPTO Website

A first transaction manager of a partitioned storage group stores a first conditional commit record for a first write of a multi-partition transaction based on a first conflict detection operation. A second transaction manager stores a second conditional commit record for a second write of the transaction based on a second conflict detection operation. A client-side component of the storage group determines that both writes have been conditionally committed, and stores an unconditional commit record in a commit decision repository. A write applier examines the first conditional commit record and the unconditional commit record before propagating the first write to the first partition.


Automatic volume attenuation for speech enabled devices

Owner: Amazon Technologies, Inc.
Publication #: 09324322
Publication Date: 2016-04-26
Patent URL: View on USPTO Website

A speech recognition system that also automatically recognizes and acts in response to significant audio interruptions. Received audio is compared with stored acoustic signatures of noises which may trigger a change in device operation, such as pausing, loudening or attenuating of content playback after hearing a certain audio interruption, such as a doorbell, etc. If the received audio matches a stored acoustic model, the system alters an operational state of one or more devices, which may or may not include itself.


Computer security threat sharing

Owner: Amazon Technologies, Inc.
Publication #: 09325732
Publication Date: 2016-04-26
Patent URL: View on USPTO Website

A computer security threat sharing technology is described. A computer security threat is recognized at an organization. A partner network graph is queried for security nodes connected to a first security node representing the organization. The first security node is connected to at least a second security node representing a trusted security partner of the organization. The second security node is associated with identification information. The computer security threat recognized by the organization is communicated to the trusted security partner using the identification information associated with the second security node.


Dynamic security policy generation

Owner: Amazon Technologies, Inc.
Publication #: 09325739
Publication Date: 2016-04-26
Patent URL: View on USPTO Website

A user interface is described, such as a graphical user interface (GUI), operable to receive a representation of a security policy expressed in a first policy language, where that security policy will be supported by policy evaluation engines (or other such components) that are configured to operate using security policies expressed using a second (different) policy language. The representation of the security policy is persisted in a data store in accordance with the first policy language. Subsequently, in response to receiving a request to access a resource, a second representation of the security policy is generated by translating the content of the security policy into a second policy language that is associated with the policy evaluation engine. The second representation of the security policy is then evaluated by the policy evaluation engine to grant or deny access to the resource.


Content provider selection system

Owner: Amazon Technologies, Inc.
Publication #: 09325761
Publication Date: 2016-04-26
Patent URL: View on USPTO Website

Described herein are systems and methods for automatically selecting a content provider for delivery of content for consumption by a user. Various selection data such as cost, subscription plan, and so forth are gathered and a weighting profile is applied to generate a total weight by content provider. The total weight by content provider may be used to select one content provider from another for delivery of a particular piece of content.


Gaze assisted object recognition

Owner: Amazon Technologies, Inc.
Publication #: 09317113
Publication Date: 2016-04-19
Patent URL: View on USPTO Website

An electronic device can attempt to determine a gaze direction of a user, which can be used to determine an object of interest to the user. Determining the gaze direction helps to reduce the search space and reduce processing requirements for identifying the object. Image information can be captured that includes the object of interest, which then can be analyzed to recognize the type of object. Upon recognizing the object, the user can be provided with information about the object, which in some cases can depend at least in part upon a current context or location of the object. If the object is a networked device, the user can potentially be provided with input options for controlling the device.


Integration of an independent three-dimensional rendering engine

Owner: Amazon Technologies, Inc.
Publication #: 09317175
Publication Date: 2016-04-19
Patent URL: View on USPTO Website

Systems and approaches provide for a user interface (UI) that is based on the position of a user's head with respect to a computing device. In particular, a three-dimensional (3D) rendering engine that is independent of a particular operating system can be integrated with the UI framework of the operating system such that a window or view into a fully 3D world can be drawn using the independent renderer. This window or view can then be laid out and manipulated in a manner similar to other elements of the UI framework. Further, the 3D window or view can be configured to monitor head tracking data as input events to the UI framework. The contents of the window or view can be redrawn or rendered based on the head tracking data to simulate three-dimensionality of the content.


Efficient storage of variably-sized data objects in a data store

Owner: Amazon Technologies, Inc.
Publication #: 09317213
Publication Date: 2016-04-19
Patent URL: View on USPTO Website

Variably-sized data objects may be received for storage at a data store. The data store may have a minimum write size. In various embodiments, received data objects may be divided into one or more equally-sized portions that equal the minimum write size of the data store and a remainder of the data object. The one or more equally-sized portions of the data object may be stored in data blocks that are equivalent to the minimum write size of the data store in a fixed-size data storage area of the data store. The remainder of the data object may be stored in a variably-sized data storage area of the data store along with one or more other data portions in a same data block. The remainder of the data object may, in some embodiments, be linked to the one or more equally-sized portions of the data object.


Centralized processing of events

Owner: Amazon Technologies, Inc.
Publication #: 09317343
Publication Date: 2016-04-19
Patent URL: View on USPTO Website

Disclosed are systems, methods, and other embodiments relating to event processing. A plurality of events from a plurality of services are buffered in a server, each of the services being implemented in at least one service server. An indexed storage of the events is performed in a data store. Metrics are generated from the events, where a condition associated with an operation of the services may be determined from the metrics.


Vendor and version independent browser driver

Owner: Amazon Technologies, Inc.
Publication #: 09317398
Publication Date: 2016-04-19
Patent URL: View on USPTO Website

A testing model for heterogeneous client environments is enabled. A test of a computer system state transition may be specified. The test specification may include elements corresponding to test actions that cause the computer system state transition and elements corresponding to test conditions that are evaluated to generate the test results. A collection of pre-assembled executable components suitable for implementing specified tests at a wide variety of clients may be maintained, and particular test specifications may be mapped to a corresponding and optimal implementation subset of the collection. Test results may be determined based on one or more outputs of the implementation subset of executable components. A vendor and version independent browser driver may include code capable of identifying an operational set of browser capabilities among the superset of considered browser capabilities independent of vendor or version identification by a browser under test.


Methods and apparatus for providing composed appliance services in virtualized private networks

Owner: Amazon Technologies, Inc.
Publication #: 09319272
Publication Date: 2016-04-19
Patent URL: View on USPTO Website

Methods and apparatus that enable appliance service instances to be provisioned in a subnet of a customer's private network on a service provider network without provisioning the backend nodes in the customer's subnet. At least one front-end node instance is provisioned in the customer's subnet. Instead of provisioning the backend nodes in the customer's subnet, the appliance service provider provisions the backend node instances in the appliance service provider's subnet. In addition, at least the front-end node instance may be provided with multiple interfaces. At least two of the interfaces face different subnets, with one facing the customer subnet and the other facing the backend subnet operated by the appliance service provider in which the backend node instances are implemented. In some implementations, a third interface may face a management subnet so that the owner of the front-end node instance may manage the instance.


Credential management

Owner: Amazon Technologies, Inc.
Publication #: 09319392
Publication Date: 2016-04-19
Patent URL: View on USPTO Website

A credential management system is described that provides a way to disable and/or rotate credentials, such as when a credential is suspected to have been compromised, while minimizing potential impact to various systems that may depend on such credentials. The credentials may be disabled temporarily at first and the availability of various resources is monitored for changes. If no significant drop of availability in the resources has occurred, the credential may be disabled for a longer period of time. In this manner, the credentials may be disabled and re-enabled for increasingly longer time intervals until it is determined with sufficient confidence/certainty that disabling the credential will not adversely impact critical systems, at which point the credential can be rotated and/or permanently disabled. This process also enables the system to determine which systems are affected by a credential in cases where such information is not known.


Audio capture and remote output

Owner: Amazon Technologies, Inc.
Publication #: 09319792
Publication Date: 2016-04-19
Patent URL: View on USPTO Website

In a wireless content sharing system, audio may be captured at various levels of a source device, including at an application level. Audio may also be divided into components prior to packetization and transmission, allowing different channels of audio to be sent to different target devices. Audio may be sent with timing information to coordinate playback of content. Audio may be buffered to reduce user noticeable latency.


Injecting active periods into scheduled inactive periods

Owner: Amazon Technologies, Inc.
Publication #: 09319993
Publication Date: 2016-04-19
Patent URL: View on USPTO Website

A processing device determines a usage schedule for a mobile device based on one or more first criteria, the usage schedule comprising a scheduled active period of the mobile device and a scheduled inactive period of the mobile device. The processing device identifies an additional active period for the mobile device that is based on one or more second criteria. The processing device causes the mobile device to transition into a low power state during the scheduled inactive period and to transition out of the low power state during the additional active period prior to the scheduled active period, wherein the mobile device will perform a scheduled operation during the additional active period and prior to the scheduled active period.


Immersive content to enhance user media experience

Owner: Amazon Technologies, Inc.
Publication #: 09310982
Publication Date: 2016-04-12
Patent URL: View on USPTO Website

Content corresponding to a literary work, movie, audio presentation, or other media is provided to a computing device associated with a user. Immersive content related to the content may be communicated to a computing device and presented to the user at times when the content is not being consumed. The formatting, communicational modes, apparent source, subject matter, or other aspects of the immersive content may correspond to the preferences or other information provided by the user. In this way, user engagement with a story or other media may be stimulated or enhanced when the user is not actively consuming the primary content.


Data security using request-supplied keys

Owner: Amazon Technologies, Inc.
Publication #: 09311500
Publication Date: 2016-04-12
Patent URL: View on USPTO Website

Requests are submitted to a request processing entity where the requests include a cryptographic key to be used in fulfilling the request. The request processing entity, upon receipt of the request, extracts the key from the request and uses the key to perform one or more cryptographic operations to fulfill the request. The one or more cryptographic operations may include encryption/decryption of data that to be/is stored, in encrypted form, by a subsystem of the request processing entity. Upon fulfillment of the request, the request processing entity may perform one or more operations to lose access to the key in the request, thereby losing the ability to use the key.


Providing access to remote networks via external endpoints

Owner: Amazon Technologies, Inc.
Publication #: 09313172
Publication Date: 2016-04-12
Patent URL: View on USPTO Website

Systems and methods for providing access to a remote network via an external endpoint are provided. A client establishes a secure connection between an external endpoint and a remote network. Transmissions from clients to the external endpoint are supplemented with additional information regarding handling within the remote network, and then transmitted to an internal endpoint within the remote network. The internal endpoint processes the transmission based on the supplemental information and returns a response to the external endpoint. A response is then returned to the client. Access policies may be created by authorized users to establish processing of client transmissions. These policies may be stored and enforced by the internal endpoint or the external endpoint.


Virtual requests

Owner: Amazon Technologies, Inc.
Publication #: 09313191
Publication Date: 2016-04-12
Patent URL: View on USPTO Website

A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/or authentication service to translate the virtual request components over the first protocol to one or more second requests using the second protocol. Virtual request components may also prove the authenticity of the virtual request received by the servicer to an authentication service. If virtual request is valid, the authentication service may issue a credential to the servicer to send the one or more second requests to an independent service. Virtual requests may be included in various protocols, including credential-based protocols and certificate exchange-based protocols.


Management and authentication in hosted directory service

Owner: Amazon Technologies, Inc.
Publication #: 09313193
Publication Date: 2016-04-12
Patent URL: View on USPTO Website

A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.


Managing restricted access resources

Owner: Amazon Technologies, Inc.
Publication #: 09313208
Publication Date: 2016-04-12
Patent URL: View on USPTO Website

Entities such as resource and service providers can utilize a ticketing system to define operational actions as primitives that can be stored, combined into more complex workflows, and executed in a restricted zone wherein a portion of the resources or services are not directly accessible to those providers. These primitives can be stored in the provider environment and shared with the restricted zone, in order to provide a structured approach to the sharing of operational knowledge. When a primitive is first received to the restricted zone, a person vetted by the customer associated with the restricted zone can review and approve the primitive, and can cause the primitive to be executed in the restricted zone. When that same primitive is subsequently received to the restricted zone, a lookup can be performed to determine that an approval exists, whereby the primitive can be executed in the restricted zone without another review.


Policy approval layer

Owner: Amazon Technologies, Inc.
Publication #: 09313230
Publication Date: 2016-04-12
Patent URL: View on USPTO Website

A customer of a policy management service may use an interface with a configuration and management service to interact with policies that may be applicable to the customer's one or more resources. The customer may create and/or modify the policies and the configuration and management service may notify one or more other entities of the created and/or modified policies. The one or more other entities may be operated by user authorized to approve the created and/or modified policies. Interactions with the configuration and management service may be the same as the interactions with the policy management service.


Stateless packet segmentation and processing

Owner: Amazon Technologies, Inc.
Publication #: 09313302
Publication Date: 2016-04-12
Patent URL: View on USPTO Website

High-speed processing of packets to, and from, a virtualization environment can be provided while utilizing segmentation offload and other such functionality of commodity hardware. Virtualization information can be added to extension portions of protocol headers, for example, such that the payload portion is unchanged and, when physical address information is added to a frame, a frame can be processed using commodity hardware. In some embodiments, the virtualization information can be hashed and added to the payload or stream at, or relative to, various segmentation boundaries, such that the virtualization or additional header information will only be added to a subset of the packets once segmented, thereby reducing the necessary overhead. Further, the hashing of the information can allow for reconstruction of the virtualization information upon desegmentation even in the event of packet loss.


Camera interfaces for electronic devices

Owner: Amazon Technologies, Inc.
Publication #: 09313391
Publication Date: 2016-04-12
Patent URL: View on USPTO Website

Approaches are described for managing the processing of image data via an electronic device. In particular, various embodiments enable a component, or combination of components, such as one or more camera interface components or other such interface components, to be integrated into a computing device (e.g., a mobile phone, a tablet computer, a wearable device, etc.) to manage the processing of image data captured by one or more cameras of the computing device. For example, one or more camera interface components, such as a camera interface circuit, can allow for coupling at least two cameras to a single input camera port of a processor component.


Network service request throttling system

Owner: Amazon Technologies, Inc.
Publication #: 09313604
Publication Date: 2016-04-12
Patent URL: View on USPTO Website

Disclosed are various embodiments for throttling requests for a network service. A request for a network service is received from a client application and parameters are extracted from the request. Throttling policies applicable to the parameters are identified and retrieved, and it is determined whether the request should be processed based at least upon the throttling policies and the request parameters.


Virtual data storage service with sparse provisioning

Owner: Amazon Technologies, Inc.
Publication #: 09304687
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

Virtual data stores may be sparsely provisioned by virtual data storage services in a manner that controls risk of implementation resource shortages. Relationships between requested data storage space size, data storage server capacity, allocated data storage space size and/or allocated data storage space utilization may be tracked on a per data store, per customer, per data storage server, and/or a per virtual data storage service basis. For each such basis, a set of constraints may be specified to control the relationships. The set of constraints may be enforced during implementation resource allocation, and by migration of data storage space portions to different implementation resources as part of a sparse provisioning load balancing. Sparse provisioning details may be made explicit to virtual data storage service customers to varying degrees including explicit, aggregate on a per customer basis, and aggregate on a per virtual data storage service basis.


Identification of virtual computing instance issues

Owner: Amazon Technologies, Inc.
Publication #: 09304796
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

Technology for identifying virtual computing instance issues is described. An operating information report of a virtual computing instance may be parsed to obtain a diagnostic result. The diagnostic result may be compared against a data store of known computing instance issues to determine whether there is an issue for the virtual computing instance. The issue may be flagged when identified and provided for resolution.


Dynamic replica failure detection and healing

Owner: Amazon Technologies, Inc.
Publication #: 09304815
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

Detecting replica faults within a replica group and dynamically scheduling replica healing operations are described. Status metadata for one or more replica groups may be accessed. Based, at least in part, the status data a number of available replicas for at least one replica group may be determined to incompliant with a healthy state definition for the replica group. One or more healing operations to restore the number of available replicas for the at least one replica group to the respective healthy state definition may be dynamically scheduled. In some embodiments, one or more resource constraints for performing healing operations and one or more resource requirements for each of the one or more healing operations may be used to order the one or more healing operations.


System and method for providing flexible storage and retrieval of snapshot archives

Owner: Amazon Technologies, Inc.
Publication #: 09304867
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

A group of computers is configured to implement a block storage service. The block storage service includes a block-level storage for storing data from a set of distinct computing instances for a set of distinct users. An interface is configured to allow the set of distinct users to specify respective destinations for storing backup copies of respective data stored in the block-level storage for the distinct users. At least some of the respective destinations are for different storage systems remote from one another. A backup copy function is provided for creating backup copies of data stored in the block-level storage by the set of distinct computing instances for the set of distinct users. The backup copies are stored in different destination locations specified by respective ones of the plurality of distinct users via the interface.


Results cache invalidation

Owner: Amazon Technologies, Inc.
Publication #: 09305056
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

Embodiments may include storing a query result in a results set cache with the query result being generated from execution of a particular query on a plurality of data records. One or more probabilistic data structures may be generated based, at least in part, on a subset of the data records that is reflected in the query result. An indication may be received that the plurality of data records has been modified. It may then be determined whether to invalidate the query result in the results set cache based, at least in part, on the one or more probabilistic data structures and a representation of modified plurality of data records.


Source identification for unauthorized copies of content

Owner: Amazon Technologies, Inc.
Publication #: 09305177
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.


Optimization of categorizing data items in a computing system

Owner: Amazon Technologies, Inc.
Publication #: 09305258
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

A set of techniques is described for optimizing the categorization of data items in a computing system. The techniques include continuously metering data items by traversing each data item through a chain of rules in a sequential order until the data item matches a rule. Once the item matches the rule, it can be successfully categorized. The system can then analyze the number of matches for each rule over a period of time and optimize the sequential order of the chain of rules according to the analysis of the number of matches. For example, the system can modify the sequential order by arranging the rules according to the number of matches of each rule. Alternatively, the system may compute a velocity of matches and use it to optimize the sequential order. Alternatively, the system may use the rate of change to optimize the sequential order.


Improving customer experience in network-based services

Owner: Amazon Technologies, Inc.
Publication #: 09305262
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

Disclosed herein are systems, devices, and techniques for using collective intelligence to improve a customer's experience when using network-based services. Data generated as a byproduct of one or more customer interactions with the network-based service may be repeatedly gathered, optionally stored, and analyzed to generate collective intelligence information. This collective intelligence information may be compared to various assessed parameters associated with a characteristic (i.e., a type and/or a configuration) of a computer resource(s), parameters associated with a state of the network-based service provider environment, and/or a customer experience criterion specified by the customer.


Association of item identifiers

Owner: Amazon Technologies, Inc.
Publication #: 09305283
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

A radio-frequency identification (RFID) reader system and an imaging device are provided. The RFID reader system is configured to read an RFID tag attached to an item at a location relative to a barcode. The barcode is associated with the item. Once the RFID reader system identifies the RFID tag, the imaging device uses the placement of the RFID tag and/or features of the RFID tag to identify and read the barcode. The imaging device may also identify the RFID tag. Once the barcode is identified, the barcode and the RFID tag are associated.


Text synchronization with audio

Owner: Amazon Technologies, Inc.
Publication #: 09305530
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

A technology for synchronizing text with audio includes analyzing the audio to identify voice segments in the audio where a human voice is present and to identify non-voice segments in proximity to the voice segments. Segmented text associated with the audio, having text segments, may be identified and synchronized to the voice segments.


Providing instance availability information

Owner: Amazon Technologies, Inc.
Publication #: 09306814
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

A distributed execution environment provides instances of computing resources for customer use, such as instances of data processing resources, data storage resources, database resources, and networking resources. Data is collected from systems internal to and external to the distributed execution environment. Some or all of the data is utilized to compute instance availability information for instances of computing resources provided by the distributed execution environment. The instance availability information might then be provided to customers and other users of the distributed execution environment. Various types of actions might be taken in a manual or automated way based upon the computed instance availability information.


Emulating circuit switching in cloud networking environments

Owner: Amazon Technologies, Inc.
Publication #: 09306870
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

Methods and apparatus for emulating circuit switching in cloud networking environments are disclosed. A system includes a plurality of resources of a provider network and a resource manager. The resource manager receives a circuit switching emulation request specifying (a) a first resource group and a second resource group, and (b) a desired network traffic rate to be supported between the first and second resource groups. In response to a determination to accept the circuit switching emulation request, the resource manager initiates configuration operations associated with a network path between the first and second resource groups to allow network traffic between the first and second resource groups at a rate up to the desired network traffic rate.


Provisioning digital certificates in a network environment

Owner: Amazon Technologies, Inc.
Publication #: 09306935
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

A method for provisioning digital certificates in a compute service environment may include authorizing a customer entity for using and/or controlling a network resource in the compute service environment. Upon completing the authorization, a digital certificate may be issued to the customer entity. The digital certificate may be associated with the network resource and may be issued for a limited duration period. The use and/or control of the network resource by the customer entity may be monitored. Reissuance of the digital certificate may be conditioned on whether the customer entity is still using and/or controlling the network resource in the compute service environment. If the customer entity is still using and/or controlling the network resource in the multi-tenant environment, the digital certificate may be automatically reissued for another limited duration period. The automatically reissuing may take place without receiving a certificate reissue request from the customer entity.


Configure interconnections between networks hosted in datacenters

Owner: Amazon Technologies, Inc.
Publication #: 09306949
Publication Date: 2016-04-05
Patent URL: View on USPTO Website

Systems, methods and computer-readable media are described for connecting private networks that may otherwise be isolated. More particularly, the private networks may include private clouds that may be operated on a plurality of datacenters. A determination may be made as to whether network connections between the private clouds may be established and as to what compute resources of the private clouds may be exposed to the network connections. This determination may be used to generate virtual network paths that may be configured to route traffic between the private clouds.


Deduplication architecture

Owner: Amazon Technologies, Inc.
Publication #: 09298723
Publication Date: 2016-03-29
Patent URL: View on USPTO Website

A receiver-side deduplication architecture for data storage systems, for example remote data storage systems that use block-based data storage and that provide the data storage to client(s) via a network. The architecture may provide network deduplication by reducing bandwidth usage on communications channel(s) between the client(s) and the data storage systems. The architecture may leverage block storage technology of a data store provided to clients by a data store provider and caching technology to implement a deduplication data dictionary. The deduplication data dictionary includes deduplication data blocks stored in the data store and a mapping tier that leverages caching technology to store and maintain a store of key/value pairs that map data block fingerprints to deduplication data blocks in the data store.


Failover and recovery for replicated data instances

Owner: Amazon Technologies, Inc.
Publication #: 09298728
Publication Date: 2016-03-29
Patent URL: View on USPTO Website

Replicated instances in a database environment provide for automatic failover and recovery. A monitoring component can periodically communicate with a primary and a secondary replica for an instance, with each capable of residing in a separate data zone or geographic location to provide a level of reliability and availability. A database running on the primary instance can have information synchronously replicated to the secondary replica at a block level, such that the primary and secondary replicas are in sync. In the event that the monitoring component is not able to communicate with one of the replicas, the monitoring component can attempt to determine whether those replicas can communicate with each other, as well as whether the replicas have the same data generation version. Depending on the state information, the monitoring component can automatically perform a recovery operation, such as to failover to the secondary replica or perform secondary replica recovery.


Data set capture management with forecasting

Owner: Amazon Technologies, Inc.
Publication #: 09298737
Publication Date: 2016-03-29
Patent URL: View on USPTO Website

A set of virtualized computing services may include multiple types of virtualized data store differentiated by characteristics such as latency, throughput, durability and cost. A sequence of captures of a data set from one data store to another may be scheduled to achieve a variety of virtualized computing service user and provider goals such as lowering a probability of data loss, lowering costs, and computing resource load leveling. Data set captures may be scheduled according to policies specifying fixed and flexible schedules and conditions including flexible scheduling windows, target capture frequencies, probability of loss targets and/or cost targets. Capture lifetimes may also be managed with capture retention policies, which may specify fixed and flexible lifetimes and conditions including cost targets. Such data set capture policies may be specified with a Web-based administrative interface to a control plane of the virtualized computing services.


Predictive page loading based on navigation

Owner: Amazon Technologies, Inc.
Publication #: 09299030
Publication Date: 2016-03-29
Patent URL: View on USPTO Website

Disclosed are various embodiments for predictive network page loading. Content corresponding to a network request is obtained. A next network page associated with the obtained page content is predicted. If the prediction is confident relative to a predetermined confidence threshold, then a first network page is generated. The first network page includes the page content corresponding to the network request and a portion of content for the predicted network page. The generated first network page is provided to a client. A request for another network page is received. If the another network page in the request corresponds to the predicted next network page, a second network page is generated. The second network page includes the remainder of the content for the predicted page content.


Techniques for image browsing

Owner: Amazon Technologies, Inc.
Publication #: 09299103
Publication Date: 2016-03-29
Patent URL: View on USPTO Website

A set of images may be obtained by a computing system of a user device. A display may be provided on the user device including a first image of the set of images. An indication may be received that indicates a tilt action of the user device. Based at least in part on the tilt action being within a particular tilt threshold, a partial view of the first image and a partial view of the second image may be provided to the user.


Techniques for selecting musical content for playback

Owner: Amazon Technologies, Inc.
Publication #: 09299331
Publication Date: 2016-03-29
Patent URL: View on USPTO Website

Techniques are described for automatically selecting musical content for playback based on an initial “seed” of music selected by a user in a way that seamlessly extends the user's listening experience. The initially selected seed music might be, for example, an album or a playlist. Music that follows the seed music is algorithmically selected to match the music selected by the user.


Network address verification

Owner: Amazon Technologies, Inc.
Publication #: 09300625
Publication Date: 2016-03-29
Patent URL: View on USPTO Website

Data payloads that may not be accessible to customer computing devices may be utilized to verify network address ownership. In some examples, a first payload may be provided to a computing device having an address. Additionally, a second payload may be received from the computing device. Based at least in part on a relationship between the first payload and the second payload, an action associated with the address may be performed.


Device coordination

Owner: Amazon Technologies, Inc.
Publication #: 09300639
Publication Date: 2016-03-29
Patent URL: View on USPTO Website

A distributed computing environment utilizes a cryptography service. The cryptography service manages keys securely on behalf of one or more entities. The service may utilize multiple security modules. A coordinator may coordinate the security modules to ensure that the security modules operate with consistent operational parameters. A security module may propose a set of parameters for acceptance by the coordinator. If accepted, the coordinator may update the security modules in accordance with the proposal.


Connection following during network reconfiguration

Owner: Amazon Technologies, Inc.
Publication #: 09300731
Publication Date: 2016-03-29
Patent URL: View on USPTO Website

An allocated IP address is remapped from a first virtual machine to a second virtual machine while maintaining existing client connections on the first virtual machine. A communication channel is established between the first and second virtual machines, and existing connections associated with the IP address are tracked. Packets addressed to the IP address are forwarded to the second virtual machine instead of the first machine. If the second virtual machine receives a packet that contains a new connection request, the new connection is established with the second virtual machine. However, if the second virtual machine receives a packet that is associated with an existing connection to the first virtual machine, then the packet is forwarded to the first virtual machine via the communication channel.


API calls with dependencies

Owner: Amazon Technologies, Inc.
Publication #: 09300759
Publication Date: 2016-03-29
Patent URL: View on USPTO Website

Techniques are disclosed for a client-and-server architecture where the client makes asynchronous API calls to the client. Where the client makes multiple asynchronous API calls, and where these API calls have dependencies (i.e., a result of one call is used as a parameter in a second call), the client may send the server these multiple asynchronous API calls before execution of a call has completed. The server may then execute these multiple asynchronous API calls, using a result generated from one call as a parameter to another call.


Adaptive service timeouts

Owner: Amazon Technologies, Inc.
Publication #: 09292039
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

Disclosed are various embodiments for a timeout management application. Latency data for executing services is obtained. The used service capacity is calculated. If the service capacity is outside of a predefined range, the timeout of a selected service is reconfigured.


Systems and methods providing optimization data

Owner: Amazon Technologies, Inc.
Publication #: 09292336
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

Service fleets made up of many pieces of computer hardware may perform computational tasks. Described herein are systems and methods for optimizing costs associated with the computer hardware. In one example, an optimization system indicates an amount of hardware needed such that the service fleet operates at an optimal cost. The amount of hardware may be determined based on hardware cost metric data generated for a service fleet.


Monitoring applications for compatibility issues

Owner: Amazon Technologies, Inc.
Publication #: 09292423
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

A compatibility service monitors programs to detect compatibility issues. The compatibility service provides users, such as developers, with notifications of compatibility issues a program may experience when the program executes on a particular device and/or uses a particular operating system. In some configurations, the compatibility service detects compatibility issues by performing tests on programs using a testing service. The compatibility service may also receive notifications of incompatibilities from different sources. For example, the compatibility service may receive notifications of incompatibilities from other users (e.g., developers), web sites, and the like. The compatibility service may proactively notify developers of compatibility issues for their programs. For example, one developer may request to be notified of all detected compatibility issues, whereas another developer might request to be notified of compatibility issues that are above some specified severity level of incompatibility.


Traffic control for prioritized virtual machines

Owner: Amazon Technologies, Inc.
Publication #: 09292466
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

Information about the transmission of packets or other information can be inferred based at least in part upon the state of one or more queues used to transmit that information. In a networking example, a hook can be added to a free buffer API call from a queue of a NIC driver. When a packet is transmitted and a buffer freed, the hook can cause information for that packet to be transmitted to an appropriate location, such as a network traffic control component or control plane component, whereby that information can be compared with packet, source, and other such information to infer which packets have been transmitted, which packets are pending, and other such information. This information can be used for various purposes, such as to dynamically adjust the allocation of a resource (e.g., a NIC) to various sources based at least in part upon the monitored behavior.


Managing autocorrect actions

Owner: Amazon Technologies, Inc.
Publication #: 09292621
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

Text input that is automatically “corrected” by an auto-correction process can be analyzed to determine whether to also include text as input before the correction. A set of words particular to an environment can be run through a number of auto-correct processes to determine which words are likely to be corrected, as well as the corrected versions. These “corrected” versions can be added to an index or other collection as synonyms, or alternatives, for the uncorrected words. When a request or other input is received that includes a corrected term, a determination can be made as to whether to include content for the synonymous uncorrected term. Such an approach can enable a user to obtain content that is more likely of interest to the user based at least in part upon known corrections made to terms that did not necessarily need correcting.


Hardware secret usage limits

Owner: Amazon Technologies, Inc.
Publication #: 09292711
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

A hardware secret is securely maintained in a computing device. The device operates in accordance with a usage limit corresponding to a limited number of operations using the hardware secret that the device is able to perform. Once the device reaches a usage limit, the device becomes temporarily or permanently unable to perform additional operations using the hardware secret.


System and method for personalized commands

Owner: Amazon Technologies, Inc.
Publication #: 09292839
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

Various embodiments of a system and method for personalized commands are described. The system and method for personalized commands may include a payment service including a command management component. Such payment service may be responsive to one or more base commands. The command management component may be configured to generate a user interface for specifying personalized commands that correspond to the base commands. The command management component may be configured to generate mapping information from the information received via the user interface. The command management component may be configured to receive one or more messages that may include commands for the payment service, including personalized commands. From the personalized commands, the command management component may be configured to determine a corresponding base commands (e.g., based on the mapping information). Once the base command is determined, the payment service may perform the base command.


Watermarking media assets at the network edge

Owner: Amazon Technologies, Inc.
Publication #: 09292896
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

Watermarking techniques are described which can be performed at network edge locations such as a Content Delivery Network (CDN) point-of-presence (POP). An edge server can identify users by request and apply a watermark based on the user to media content stored locally. Performance is improved by moving the watermarking from a central location closer to the user in terms of network proximity. An edge server can receive instructions on what type of watermark to assign and how to assign it. The edge server can use requester's identity to create and apply watermarks at the time of transferring media content to the requester. Individualized watermarking is applied to the bits transmitted to the device, the watermark indicating the specific user downloading the stream, time of transmission, etc. Watermarking can be applied throughout all of the frames of the media content rather than merely attaching it at a specific place.


Storing state information from network-based user devices

Owner: Amazon Technologies, Inc.
Publication #: 09293138
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

Network-based services may be provided to a user through the user of a speech-based user device located within a user environment. The speech-based user device may accept speech commands from a user and may also interact with the user by means of generated speech. Operating state of the speech-based user device may be provided to the network-based service and stored by the service. Applications that provide services through the speech-based interface may request and obtain the stored state information.


Automated cloud resource trading system

Owner: Amazon Technologies, Inc.
Publication #: 09294236
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

Methods and apparatus for an automated cloud resource trading system are disclosed. A system includes a plurality of resource instances, a resource manager, and a pricing optimizer. The resource manager receives an indication that a client has opted in for automated implementation of recommendations from the pricing optimizer. In response to the opt-in indication, and a recommendation generated by the pricing optimizer based at least in part on an analysis of the client's resource usage and the pricing of instances reserved for the client, the resource manager includes a particular resource instance currently reserved for the client in a listing of instances available for reservation by other clients.


Cryptographically verified repeatable virtualized computing

Owner: Amazon Technologies, Inc.
Publication #: 09294282
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

A virtualized system that is capable of executing a computation that has been identified as a repeatable computation and recording various representations of the state of the computing environment throughout the execution of the repeatable computation, where the state of the computing environment can be cryptographically signed and/or verified using a trusted platform module (TPM), or other cryptographic module. For example, a TPM embedded in the host computing device may generate a hash measurement that captures the state of the repeatable computation at the time of the computation. This measurement can be digitally signed using one or more cryptographic keys of the TPM and recorded for future use. The recorded state can subsequently be used to repeat the computation and/or determine whether the computation was repeated successfully according to certain defined criteria.


Remotely configured network appliances and services

Owner: Amazon Technologies, Inc.
Publication #: 09294437
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.


Techniques for data security in a multi-tenant environment

Owner: Amazon Technologies, Inc.
Publication #: 09294507
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

The usage of data in a multi-tenant environment can be controlled by utilizing functionality at the hypervisor level of various resources in the environment. Data can be associated with various tags, security levels, and/or compartments. The ability of resources or entities to access the data can depend at least in part upon whether the resources or entities are also associated with the tags, security levels, and/or compartments. Limitations on the usage of the data can be controlled by one or more policies associated with the tags, security levels, and/or compartments. A control service can monitor traffic to enforce the appropriate rules or policies, and in some cases can prevent encrypted traffic from passing beyond a specified egress point unless the encryption was performed by a trusted resource with the appropriate permissions.


Connection re-balancing in distributed storage systems

Owner: Amazon Technologies, Inc.
Publication #: 09294558
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

At a particular node of a storage service to which connections have been established on behalf of one or more clients, respective workload indicators are collected from a set of peer nodes of the storage service. A determination is made at the particular node that (a) a local workload metric exceeds a connection rebalancing threshold, and (b) a peer capacity availability criterion has been met. The peer capacity availability criterion may be determined from the respective workload indicators. In response to the determination, a particular client connection is closed.


Shadowing storage gateway

Owner: Amazon Technologies, Inc.
Publication #: 09294564
Publication Date: 2016-03-22
Patent URL: View on USPTO Website

Methods, apparatus, and computer-accessible storage media for shadowing data stored on a local store to a remote store provided by a service provider. A gateway may be configured as a shadowing gateway on a customer network in response to receiving configuration information. The shadowing gateway may receive reads and writes to the local store. The gateway passes the requests to the local store, and also uploads write data indicated by the writes to the service provider to update a snapshot of the local store maintained by the service provider on the remote store. The write data may be buffered to a write log for uploading, and may be uploaded as blocks according to a block storage format used by the service provider. The shadowing process may be transparent to processes on the customer network. The shadowed data may be used to recover data on the local store.


Virtual service provider zones

Owner: Amazon Technologies, Inc.
Publication #: 09286491
Publication Date: 2016-03-15
Patent URL: View on USPTO Website

A service proxy services as an application programming interface proxy to a service, which may involve data storage. When a request to store data is received by the service proxy, the service proxy encrypts the data and stores the data in encrypted form at the service. Similarly, when a request to retrieve data is received by the service proxy, the service proxy obtains encrypted data from the service and decrypts the data. The data may be encrypted using a key that is kept inaccessible to the service.


Personal webservice for item acquisitions

Owner: Amazon Technologies, Inc.
Publication #: 09286627
Publication Date: 2016-03-15
Patent URL: View on USPTO Website

Architectures and techniques are described to provide a personal webservice for item acquisitions. In particular implementations, the personal webservice of the individual indicates items that have been acquired by the individual and/or items that the individual has indicated an interest in acquiring. Information specifying items acquired by the individual may be obtained from computing devices of the individual, third-party data sources (e.g. financial entities, socials networking sites), or both. Additionally, a number of webservice applications and/or webservice agents may provide supplemental information about items included in the personal webservice of the individual, provide notifications derived from the supplemental information about the items, or both. The supplemental information may be obtained from manufacturers of the items, online content related to the items (e.g. news articles, blog posts, reviews), information from merchants offering the items for acquisition, and the like.


Network gateway services and extensions

Owner: Amazon Technologies, Inc.
Publication #: 09288182
Publication Date: 2016-03-15
Patent URL: View on USPTO Website

A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.


Cryptographic key escrow

Owner: Amazon Technologies, Inc.
Publication #: 09288208
Publication Date: 2016-03-15
Patent URL: View on USPTO Website

An escrow platform is described that can be used to enable access to devices. The escrow platform can be used to sign cryptographic network protocol challenges on behalf of clients so that the secrets used to sign cryptographic network protocol challenges do not have to be exposed to the clients. The escrow platform can store or control access to private keys, and the corresponding public keys can be stored on respective target platforms. A client can attempt to access a target platform and in response the target platform can issue a challenge. The client platform can send the challenge to the escrow platform, which can use the corresponding private key to sign the challenge. The signed challenge can be sent back to the client, which can forward it to the target platform. The target platform can verify the expected private key and grant access.


Class replacer during application installation

Owner: Amazon Technologies, Inc.
Publication #: 09280339
Publication Date: 2016-03-08
Patent URL: View on USPTO Website

This disclosure describes systems, methods, and computer-readable media related to online advertisement campaign recommendations. An archive file may be received from a server. The archive file may include one or more compiled code files and a manifest file. The archive file may be unpackaged. The one or more compiled code files may be optimized based at least in part on the manifest file. The optimizing the one or more compiled code files may include identifying a first sequence of bytes and a second sequence of bytes from one or more sources; formatting the second sequence of bytes based at least in part on one or more rules; searching the one or more compiled code files to identify one or more sequence of bytes matching the first sequence of bytes; and replacing the identified one or more sequence of bytes with the formatted second sequence of bytes. The optimized compiled code files may be stored.


Request processing techniques

Owner: Amazon Technologies, Inc.
Publication #: 09280372
Publication Date: 2016-03-08
Patent URL: View on USPTO Website

A computer system implements a hypervisor which, in turn, implements one or more computer system instances and a controller. The controller and a computer system instance share a memory. A request is processed using facilities of both the computer system instance and the controller. As part of request processing, information is passed between the computer system instance and the controller via the shared memory.


Dynamic scaling of a cluster of computing nodes

Owner: Amazon Technologies, Inc.
Publication #: 09280390
Publication Date: 2016-03-08
Patent URL: View on USPTO Website

Techniques are described for managing distributed execution of programs, including by dynamically scaling a cluster of multiple computing nodes performing ongoing distributed execution of a program, such as to increase and/or decrease computing node quantity. An architecture may be used that has core nodes that each participate in a distributed storage system for the distributed program execution, and that has one or more other auxiliary nodes that do not participate in the distributed storage system. Furthermore, as part of performing the dynamic scaling of a cluster, computing nodes that are only temporarily available may be selected and used, such as computing nodes that might be removed from the cluster during the ongoing program execution to be put to other uses and that may also be available for a different fee (e.g., a lower fee) than other computing nodes that are available throughout the ongoing use of the cluster.


Efficient replication of system transactions for read-only nodes of a distributed database

Owner: Amazon Technologies, Inc.
Publication #: 09280591
Publication Date: 2016-03-08
Patent URL: View on USPTO Website

A distributed database system may efficiently replicate system transactions one or more read-only nodes. An update to a distributed database may be received. One or more system transactions may be performed to apply the update. For each system transaction, one or more change notifications may be generated which indicate changes to be applied in order to perform the system transaction. A particular one of the change notifications may be identified as the last change to be applied in order to complete the system transaction. The change notifications may be sent to one or more read-only nodes. The read-only nodes may process read requests for the distributed database system. The identified change notification may indicate to the read-only nodes the last change to be applied prior to presenting a state of the database that includes the system transaction when servicing read requests.


Managing API authorization

Owner: Amazon Technologies, Inc.
Publication #: 09280686
Publication Date: 2016-03-08
Patent URL: View on USPTO Website

Multiple variants of an API can coexist through API management by using metadata in a pre-processing and post-processing system to weed out requests to which a client does not have permission and return parameters that do not belong with the API request variant. Metadata is added to request objects such that an instance of a request object may be examined to determine a request handler to properly inspect the request object and recommend further processing or rejection of the instance. Metadata may also be added to a response object created as a result of processing the request object such that a response handler may be identified to ensure the fields match the proper response to the request object. The API may be dynamically managed at the point of request and also at the point of return rather than a statically coded whitelist checked multiple times within the code itself.


Deal based communications via multiple channel options

Owner: Amazon Technolgies, Inc.
Publication #: 09280782
Publication Date: 2016-03-08
Patent URL: View on USPTO Website

Architectures and techniques are described to provide a number of options to exchange information related to deals via a plurality of channels. Each of the communication channels may be utilized to exchange communications about different aspects of acquiring and redeeming deals. The channel options may be related to categories of computing devices, operating systems executed by computing devices, one or more sites, various forms of communication, client device applications, etc. A service provider that offers deals on behalf of merchants may determine one or more options for each communication channel with respect to merchants offering deals and with respect individuals that may participate in deals offered by the service provider. After determining the channel options for a deal offered by a particular merchant and for individuals designated to receive information about the deal, communications with respect to the deal may be exchanged over the channels via certain channel options.


Layered redundancy encoding schemes for data storage

Owner: Amazon Technologies, Inc.
Publication #: 09281845
Publication Date: 2016-03-08
Patent URL: View on USPTO Website

Techniques for optimizing data storage are disclosed herein. In particular, methods and systems for implementing redundancy encoding schemes with data storage systems are described. The redundancy encoding schemes may be scheduled according to system and data characteristics. The schemes may span multiple tiers or layers of a storage system. The schemes may be generated, for example, in accordance with a transaction rate requirement, a data durability requirement or in the context of the age of the stored data. The schemes may be designed to rectify entropy-related effects upon data storage. The schemes may include one or more erasure codes or erasure coding schemes. Additionally, methods and systems for improving and/or accounting for failure correlation of various components of the storage system, including that of storage devices such as hard disk drives, are described.


Managing use of alternative intermediate destination computing nodes for provided computer networks

Owner: Amazon Technologies, Inc.
Publication #: 09282027
Publication Date: 2016-03-08
Patent URL: View on USPTO Website

Techniques are described for managing communications for a managed computer network by using a defined pool of alternative computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module associated with a source computing node may select a particular alternative intermediate destination computing node from a defined pool to use for one or more particular communications from the source computing node to an indicated final destination, such as based on a configured logical network topology for the managed computer network and/or on one or more other selection criteria (e.g., to enable load balancing between the alternative computing nodes). The manager module then forwards those communications to the selected intermediate destination computing node for further handling.


Points of interest recommendations

Owner: Amazon Technologies, Inc.
Publication #: 09282161
Publication Date: 2016-03-08
Patent URL: View on USPTO Website

Embodiments of the present disclosure are directed to, among other things, providing point of interest item recommendations and/or point of interest map information to users. In some examples, point of interest tags associated by a first user with point of interest items may be managed. Additionally, point of interest item ratings may be received from at least one of a plurality of other users. Based at least in part on the received ratings, a recommendation of a first point of interest item of the one or more point of interest items may be prepared for the first user.


Disaster recovery service

Owner: Amazon Technologies, Inc.
Publication #: 09274903
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

A customer may use a disaster recovery service to generate a disaster recovery scenario in order to make certain resources available to the customer in the event of a data region failure. The customer may specify a recovery point objective, a recovery time objective and a recovery data region for the scenario. Accordingly, the disaster recovery service may coordinate with one or more other services provided by the computing resource service provider to reproduce the customer resources and other resources necessary to support the customer resources. These reproduced resources may be transferred to the recovery data region based at least in part on the parameters specified by the customer. In the event of a data region failure, the disaster recovery service may update the domain name system to resolve any customer requests for the customer resources to the recovery data region.


Intelligent cache eviction at storage gateways

Owner: Amazon Technologies, Inc.
Publication #: 09274956
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

Methods and apparatus for intelligent cache eviction at storage gateways are disclosed. A system comprises computing devices configured to determine whether the number of free chunks of storage at a storage appliance for caching portions of a storage object is below a threshold value. If the number is below the threshold, the computing devices identify an eviction set of chunks to be freed, and generate a respective new instance identifier for each chunk of the eviction set. The identifier of a given chunk may be used to determine a validity of a block of the chunk. The devices store, within metadata storage of the appliance, the new instance identifiers of the eviction set, and indicate that the chunks of the eviction set are available for caching data of the storage object.


Methods and apparatus for controlling snapshot exports

Owner: Amazon Technologies, Inc.
Publication #: 09275124
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

Methods, apparatus, and computer-accessible storage media for controlling export of snapshots to external networks in service provider environments. Methods are described that may be used to prevent customers of a service provider from downloading snapshots of volumes, such as boot images created by the service provider or provided by third parties, to which the customer does not have the appropriate rights. A request may be received from a user to access one or more snapshots, for example a request to export the snapshot or a request for a listing of snapshots. For each snapshot, the service provider may determine if the user has rights to the snapshot, for example by checking a manifest for the snapshot to see if entries in the snapshot manifest belong to an account other than the customer's. If the user has rights to the snapshot, the request is granted; otherwise, the request is not granted.


Annotation mapping

Owner: Amazon Technologies, Inc.
Publication #: 09275368
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

A method for annotation mapping includes identifying a set of differences between a first version of a document and a second version of the document, the first version comprising annotations. The method further includes generating a position map that maps differences between the first version and the second version, where the position map facilitates the migration of the annotations from the first version to the second version.


Transferring ownership of computing resources

Owner: Amazon Technologies, Inc.
Publication #: 09275408
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

A service provider provides instances of computing resources for customer use, such as instances of data processing resources, data storage resources, database resources, and networking resources. A customer of the service provider might create a solution that utilizes one or more instances of computing resources provided by the service provider. The customer can request to transfer control and payment responsibility for computing resources, such as those utilized in a solution, to another customer of the distributed computing environment. In response to such a request, control and payment responsibility for the resources may be transferred to the receiving customer. The request to transfer resources might be received by way of a solution marketplace or through another mechanism.


Key rotation with external workflows

Owner: Amazon Technologies, Inc.
Publication #: 09276754
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

A material set, such as an asymmetric keypair, is processed using an associated workflow to prepare the material set for activation and/or use. In one embodiment, a material set is generated and information about the material set is communicated to a workflow manager. Based at least on the information, the workflow manager generates a workflow that when accomplished will allow the material set to be activated and/or used. In another embodiment, a service provider provides a key manager, workflow manager and destination for the key, such as a load balancer that terminates SSL connections. A key can be generated by the key manager, sent through the workflow manager for processing (potentially communicated to third parties such as a certificate authority, if needed) and installed at a destination.


Providing virtual networking functionality for managed computer networks

Owner: Amazon Technologies, Inc.
Publication #: 09276811
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify one or more virtual local area networks (“VLANs”) for a managed computer network being provided for the user, such as with each VLAN including multiple computing nodes of the managed computer network. Networking functionality corresponding to the specified VLAN(s) may then be provided in various manners, such as if the managed computer network itself is a distinct virtual computer network overlaid on one or more other computer networks, and communications between computing nodes of the managed virtual computer network are handled in accordance with the specified VLAN(s) of the managed virtual computer network by emulating functionality that would be provided by networking devices of the managed virtual computer network if they were physically present and configured to support the specified VLAN(s).


Automated testing of a direct network-to-network connection

Owner: Amazon Technologies, Inc.
Publication #: 09276812
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

A direct network connection is established between a customer network and a service provider network. Computing resources are then provisioned in the service provider network in an automated fashion. The network connection between the service provider network and the customer network is also configured such that data can be transmitted from one of the computing resources to another one of the computing resources by way of at least a portion of the customer network. Test data is then transmitted from one computing resource to another computing resource by way of at least a portion of the customer network. One or more test results are then generated based upon characteristics of the transmission of the test data from one resource to the other resource by way of the customer network. The resources may be de-provisioned in an automated fashion following completion of the testing.


Dynamic network traffic throttling

Owner: Amazon Technologies, Inc.
Publication #: 09276864
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

Information about the transmission of packets or other information can be inferred based at least in part upon the state of one or more queues used to transmit that information. In a networking example, a hook can be added to a free buffer API call from a queue of a NIC driver. When a packet is transmitted and a buffer freed, the hook can cause information for that packet to be transmitted to an appropriate location, such as a network traffic control component or control plane component, whereby that information can be compared with packet, source, and other such information to infer which packets have been transmitted, which packets are pending, and other such information. This information can be used for various purposes, such as to dynamically adjust the allocation of a resource (e.g., a NIC) to various sources based at least in part upon the monitored behavior.


Client-configurable security options for data streams

Owner: Amazon Technologies, Inc.
Publication #: 09276959
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

A configuration request comprising a security option selected for a particular data stream is received. Nodes of a plurality of functional categories, such as a data ingestion category and a data retrieval category are to be configured for the stream. The security option indicates a security profile of a resource to be used for nodes of at least one functional category. In accordance with the configuration request, a node of a first functional category is configured at a resource with a first security profile, and configuration of a node of a second functional category is initiated at a different resource with a different security profile.


Identifying nodes already storing indicated input data to perform distributed execution of an indicated program in a node cluster

Owner: Amazon Technologies, Inc.
Publication #: 09276987
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

Techniques are described for managing execution of programs, such as for distributed execution of a program on multiple computing nodes. In some situations, the techniques include selecting a cluster of computing nodes to use for executing a program based at least in part on data to be used during the program execution. For example, the computing node selection for a particular program may be performed so as to attempt to identify and use computing nodes that already locally store some or all of the input data that will be used by those computing nodes as part of the executing of that program on those nodes. Such techniques may provide benefits in a variety of situations, including when the size of input datasets to be used by a program are large, and the transferring of data to and/or from computing nodes may impose large delays and/or monetary costs.


Mobile distributed memory systems

Owner: Amazon Technologies, Inc.
Publication #: 09277352
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

Data may be managed by a mobile data management system. The system may receive data intended for a web service system location at a first location from an external source located at a second location. In some aspects, the data may be received via an application programming interface. The system may also cause storage of the received data in at least one memory while the system is at the second location. The system may further provide the received data to the web service system while at the first location.


Offset-based congestion control in storage systems

Owner: Amazon Technologies, Inc.
Publication #: 09274710
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

An I/O request directed to a portion of a storage object managed at a distributed storage service is received. A congestion control parameter value to be used to schedule a storage operation corresponding to the I/O request is determined. The congestion control parameter is based at least in part on an offset within the storage object to which the I/O request is directed. The storage operation is scheduled in accordance with the congestion control parameter at a selected physical storage device to which the portion of the storage object is mapped.


Distribution of applications with a saved state

Owner: Amazon Technologies, Inc.
Publication #: 09274780
Publication Date: 2016-03-01
Patent URL: View on USPTO Website

Disclosed are various embodiments for sharing applications initialized to a specified state. In one embodiment, a saved state service receives a plurality of state parameters that describe a state of the application, wherein the state parameters are reported by the application during execution of the application. The save state service then generates a unique data string that corresponds to the state parameters by serializing the state parameters using a data interchange standard. The saved state service may then generate a link to install the application, wherein the link includes the unique data string. In one embodiment, the saved state service serves up the link that, upon invocation on a client, installs the application and initializes the application in the specified state.


Managing the release of electronic content using a template without version logic

Owner: Amazon Technologies, Inc.
Publication #: 09268534
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

A facility for rendering a dynamic electronic document is described. The dynamic electronic document has both a current and a future edition. The current edition incorporates a current version of a content item, while the future edition incorporates a future version of the content item. The facility receives a request to return the dynamic electronic document. In response to the request, the facility retrieves a template for the electronic document that contains a single identifier that identifies a group of content item versions containing both the current version of the content item and the future version of the content item. The facility uses the single identifier contained in the template, together with an indication of whether the current edition of the dynamic electronic document or the future version is being requested by the received request, to incorporate the appropriate version of the content item in the rendered dynamic electronic document.


Methods and systems for dynamically managing requests for computing capacity

Owner: Amazon Technologies, Inc.
Publication #: 09268584
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

Embodiments of systems and methods are described for dynamically managing requests for computing capacity from a provider of computing resources. Illustratively, the computing resources may include program execution capabilities, data storage or management capabilities, network bandwidth, etc. The systems or methods automatically allocate computing resources for execution of one or more programs associated with the user. The systems and methods may enable the user to make changes to the allocated resources after execution of the one or more programs has started.


Efficient recovery of storage gateway cached volumes

Owner: Amazon Technologies, Inc.
Publication #: 09268651
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

Methods and apparatus for efficient recovery of cached volumes at storage gateways are disclosed. To recover, after an unplanned shutdown, a storage gateway appliance configured to cache chunks of a storage object, chunk metadata corresponding to a particular chunk is read into an in-memory metadata region from a first metadata location. Based on analysis of the chunk metadata, a validation requirement indication for the particular chunk is stored, and the chunk is designated as being accessible for client I/O requests. In response to receiving a subsequent I/O request targeted to the particular chunk, the chunk metadata is validated using a different metadata location prior to performing the requested I/O operation.


Cached volumes at storage gateways

Owner: Amazon Technologies, Inc.
Publication #: 09268652
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

Methods and apparatus for supporting cached volumes at storage gateways are disclosed. A storage gateway appliance is configured to cache at least a portion of a storage object of a remote storage service at local storage devices. In response to a client's write request, directed to at least a portion of a data chunk of the storage object, the appliance stores a data modification indicated in the write request at a storage device, and asynchronously uploads the modification to the storage service. In response to a client's read request, directed to a different portion of the data chunk, the appliance downloads the requested data from the storage service to the storage device, and provides the requested data to the client.


Automated test case generation for applications

Owner: Amazon Technologies, Inc.
Publication #: 09268672
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

Some implementations include receiving an application binary file for an application to be tested. One or more static analysis operations may be performed on the application binary file to identify application parameters. In some cases, keywords may be associated with individual application parameters, and the keywords may be used to query a test case repository in order to identify test cases. The identified test cases may be used to generate a test plan, and at least a portion of the test plan may be automatically executed in some cases. A test report may be generated that includes a list of test case failures and potential solutions, and the test report may be sent e.g., to a third-party developer or an approval engineer for review.


Dynamically selecting example passages

Owner: Amazon Technologies, Inc.
Publication #: 09268733
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

Techniques for dynamically selecting example passages to output on an electronic device in response to a user selecting a word or other portion of a content item are described herein. In one example, a user selects a word from a rendered electronic book. In response, the device outputs an entry for the word from a reference work (e.g., a definition from a dictionary, etc.). In addition, the device outputs passages that include the word from other electronic books stored on the device. These passages are more likely to be recognized and appreciated by the user than generic passages, since the dynamically-selected passages are found in electronic books that the user has previously acquired and potentially previously read.


Selecting content-enhancement applications

Owner: Amazon Technologies, Inc.
Publication #: 09268734
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

Techniques for enhancing content being rendered on an electronic device are described herein. In some instances, the techniques include monitoring interactions between a user and a content item that the user consumes on an electronic device. The content items may include electronic books, songs, videos, documents, or the like. In response to detecting an interaction between the user and the content item, the techniques may publish an event indicative of the interaction to an application platform that hosts one or more applications. The applications may be designed to enhance the content that the user consumes in one or more specified ways.


Data replication framework

Owner: Amazon Technologies, Inc.
Publication #: 09268835
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

Systems and methods are directed to an eventually consistent replicated data store that uses, for its underlying storage, a computer software library that provides a high-performance embedded database for data. The replicated data store employs a plurality of hosts interconnected to one another, allowing for writes to any host and full awareness of membership across all hosts. With the data replication framework, various modes are allowed to be built up on top of the core system.


Efficient query processing using histograms in a columnar database

Owner: Amazon Technologies, Inc.
Publication #: 09268838
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

A probabilistic data structure is generated for efficient query processing using a histogram for unsorted data in a column of a columnar database. A bucket range size is determined for multiples buckets of a histogram of a column in a columnar database table. In at least some embodiments, the histogram may be a height-balanced histogram. A probabilistic data structure is generated to indicate for which particular buckets in the histogram there is a data value stored in the data block. When an indication of a query directed to the column for select data is received, the probabilistic data structure for each of the data blocks storing data for the column may be examined to determine particular ones of the data blocks which do not need to be read in order to service the query for the select data.


Course content and assignment distribution

Owner: Amazon Technologies, Inc.
Publication #: 09269274
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

An electronic content distribution system may include functionality for defining and tracking instructional classes. Assignments may be created for an instructional class, defining electronic content that is to be consumed as part of the assignment. Assignments may be presented to students on devices that the students use for consuming electronic content, such as handheld eBook readers. In addition, the listed assignments may allow the students to easily open the electronic content specified by the assignments, for consumption and study using the same device.


Managing imaging of multiple computing devices

Owner: Amazon Technologies, Inc.
Publication #: 09270530
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

Systems and methods for managing imaging of multiple computing devices are provided. A device image manager determines a number of device images which may be loaded by the computing devices. The device image manager transmits a set of device images to the computing devices, which then store the device images. When provisioning of one or more of the computing devices is desired, the device image manager selects a device image or receives selection of a device image. The device image manager then sends a provisioning command device to the appropriate computing devices identifying the selected device image. If the computing devices have stored the selected device image, the computing devices may load the selected device image without requiring retransmission of the device image.


Adaptive client-aware session security

Owner: Amazon Technologies, Inc.
Publication #: 09270662
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

Source information for requests submitted to a system are classified to enable differential handling of requests over a session whose source information changes over the session. For source information (e.g., an IP address) classified as fixed, stronger authentication may be required to fulfill requests when the source information changes during the session. Similarly, for source information classified as dynamic, source information may be allowed to change without requiring the stronger authentication.


Facilitating access to data in network page generation code

Owner: Amazon Technologies, Inc.
Publication #: 09270727
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

Disclosed are various embodiments for facilitating access to data in network page generation code supplied by customers of a hosting provider. A request for a network page is obtained from a client. The network page is associated with a network site hosted by a hosting provider on behalf of a customer. Page generation code supplied by the customer is obtained, and this code includes a dynamic data variable. One or more service calls are executed based at least in part on the dynamic data variable to obtain one or more data objects. The page generation code is executed to generate the network page in response to the request, where the page generation code is executed with the data objects in place of the dynamic data variable.


Visual options for audio menu

Owner: Amazon Technologies, Inc.
Publication #: 09270811
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

Aspects of the disclosure provide replacement and/or augmentation of automated audio menus of automated communication platforms with interactive digital menus. A digital menu of options associated with an automated communication platform may be provided in response to a call from a communication device to the automated communication platform having an automated audio menu for interaction with such a platform. The digital menu can include options that correspond to options in the automated audio menu, and can be displayed at the communication device via interactive buttons or other actionable indicia. The digital menu also can include options representing shortcuts for specific responses to the automated communication platform and/or options for responses customized to the communication device and the automated communication platform. Shortcuts and/or customized options can be displayed at the communication device with indicia distinctive from other options corresponding to the automated audio menu.


Segmentation approaches for object recognition

Owner: Amazon Technologies, Inc.
Publication #: 09270899
Publication Date: 2016-02-23
Patent URL: View on USPTO Website

An object represented in an image can be segmented from the image background by capturing a pair of images, one with flash and one without, and generating a differential image. This differential image can be analyzed using an algorithm, such as a connected components or computer vision algorithm, to determine one or more portions of the image that correspond to an object. An appropriate one of these objects can be selected as corresponding to the object of interest, and an outline of the selected object can be used to determine a portion of one of the original images that corresponds to the object. This portion then can be provided to an object recognition or other such process for analysis, which can increase the efficiency and accuracy of the analysis.


Activity tracing using distributed clock network

Owner: Amazon Technologies, Inc.
Publication #: 09261898
Publication Date: 2016-02-16
Patent URL: View on USPTO Website

Systems and methods are described for coordinating clocks in a distributed computing environment. In one embodiment, a plurality of groups of nodes are formed. Nodes within a group may be time-synchronized and time differences between groups may be tracked. Clock adjustments between groups may be accumulated for tracked activities. The accumulated clock adjustments may be used to determine an ordering of the tracked activities.


Providing executing programs with reliable access to non-local block data storage

Owner: Amazon Technologies, Inc.
Publication #: 09262273
Publication Date: 2016-02-16
Patent URL: View on USPTO Website

Techniques are described for managing access of executing programs to non-local block data storage. In some situations, a block data storage service uses multiple server storage systems to reliably store block data that may be accessed over one or more networks by programs executing on other physical computing systems. Users may create block data storage volumes that are each stored by at least two of the server block data storage systems, and may initiate use of such volumes by one or more executing programs, such as in a reliable manner by enabling an automatic switch to a second volume copy if a first volume copy becomes unavailable. A group of multiple server block data storage systems that store block data volumes may in some situations be co-located at a data center, and programs that use volumes stored there may execute on other physical computing systems at that data center.


Network page test system and methods

Owner: Amazon Technologies, Inc.
Publication #: 09262311
Publication Date: 2016-02-16
Patent URL: View on USPTO Website

Systems and methods for testing a network page without encapsulating the network page with a test environment are presented. A script such as a test injector script may be added to a network page in development. The test injector script may identify one or more tests to run on the network page based, at least in part, on metadata included in the network page. The domain object model (DOM) of the network page may be modified to include tests to be performed on the network page.


Replication in distributed caching cluster

Owner: Amazon Technologies, Inc.
Publication #: 09262323
Publication Date: 2016-02-16
Patent URL: View on USPTO Website

A cache cluster is configuration-aware such that client initialization, access to replicated cached data and changes to the underlying structure of the cache cluster can be dynamically updated. For example, a management system monitoring a cache cluster notices a large number of requests for a key that causes a significant load on a first memory caching node. To reduce the load on the first memory caching node, the management system may cause cached data related to the key to be replicated to a second memory caching node. A configuration stored in one or more of the memory caching nodes may be updated by the management system to allow both memory caching nodes to serve the requests for the key to clients.


Data quality checking and automatic correction

Owner: Amazon Technologies, Inc.
Publication #: 09262451
Publication Date: 2016-02-16
Patent URL: View on USPTO Website

Data is checked against data quality rules and a corresponding report is generated. The report is provided to an entity, which may be a subscriber. Data correction schema is used to correct stored data. The data quality rules or the data correction schema may be amended or modified according to user input, which may be a subscriber entity. The subscriber or another entity may be billed for data quality or correction services as performed. A budget value may limit the scope or intensity of the data quality services that are performed, as well.


Application recommendations based on application and lifestyle fingerprinting

Owner: Amazon Technologies, Inc.
Publication #: 09262470
Publication Date: 2016-02-16
Patent URL: View on USPTO Website

Disclosed are various embodiments that employ application fingerprinting and lifestyle fingerprinting. Application fingerprints are received, where each application fingerprints is associated with a corresponding application and is generated based at least in part on a static analysis, a dynamic analysis, and a behavioral analysis of the corresponding application. A selection of an application is received. Applications that are similar to the selected application are determined by comparing a particular application fingerprint that is associated with the selected application with other application fingerprints. Users are determined based at least in part on lifestyle fingerprints. In one embodiment, such users may be invited to test the selected application.


Input-output prioritization for database workload

Owner: Amazon Technologies, Inc.
Publication #: 09262505
Publication Date: 2016-02-16
Patent URL: View on USPTO Website

A database management system may be operated by a third-party provider that hosts the system in a datacenter and provides access to the system to end users on behalf of various entities. Limits on total capacity consumption may be imposed, but may result in service outages when capacity consumption exceeds those limits. Requests to perform operations on the system may be classified. The request classifications may be associated with policies for admitting or rejecting the request. One or more token buckets representative of capacity available to the request to perform the operation may be used to determine to admit the request and updated based on the cost of performing the operation.


Adaptive client-aware session security as a service

Owner: Amazon Technologies, Inc.
Publication #: 09262642
Publication Date: 2016-02-16
Patent URL: View on USPTO Website

Source information for requests submitted to a system are classified to enable differential handling of requests over a session whose source information changes over the session. For source information (e.g., an IP address) classified as fixed, stronger authentication may be required to fulfill requests when the source information changes during the session. Similarly, for source information classified as dynamic, source information may be allowed to change without requiring the stronger authentication.


Managing power consumption in a data center

Owner: Amazon Technologies, Inc.
Publication #: 09264334
Publication Date: 2016-02-16
Patent URL: View on USPTO Website

Systems and methods are provided for managing resources. In one implementation, a method is provided in which a management server determines whether a condition related to one or more resources has occurred. The management server further determines at least one program instance to terminate. The at least one program instance executes on one of a plurality of servers. The management server further terminates the determined at least one program instance, which was used by an excess program execution capacity user.


Client-side spam detection and prevention

Owner: Amazon Technologies, Inc.
Publication #: 09264418
Publication Date: 2016-02-16
Patent URL: View on USPTO Website

Systems and methods for detecting and preventing spam content attempted to be sent from a sender account may be provided. In an embodiment, a system can determine if a user's electronic service has been compromised based on analyzing electronic messages attempted to be sent by the electronic service. For example, the system can calculate a score for the electronic messages utilizing a spam detection algorithm where the score represents the probability that the message contains spam content. The system can prevent the communication of electronic messages upon a determination that the electronic service has been compromised. The system can request authentication information from the user before further communication is allowed from the compromised electronic service.


Providing an instance availability estimate

Owner: Amazon Technologies, Inc.
Publication #: 09256452
Publication Date: 2016-02-09
Patent URL: View on USPTO Website

Data defining the actual time to availability for various configurations of instances of computing resources is collected. The collected data can be utilized to provide an estimate of the expected time to availability for a specific configuration of an instance of a computing resource in response to receiving a request to create a new instance of the computing resource.


System for managing and scheduling containers

Owner: Amazon Technologies, Inc.
Publication #: 09256467
Publication Date: 2016-02-09
Patent URL: View on USPTO Website

A system and method for a container service that obtains a software image of a software container that has been configured to be executed within a computer system instance registered to a cluster by one or more processors. The container service is configured to receive a request to launch the software image in accordance with a task definition, wherein the task definition specifies an allocation of resources for the software container. The container service may then determine, according to a placement scheme, a subset of a set of container instances registered to the cluster in which to launch the software image in accordance with the task definition. Upon determining the subset of the set of container instances, the container service may launch the software image as one or more running software containers in the set of container instances in accordance with the task definition.


Tracking data communicated between services

Owner: Amazon Technologies, Inc.
Publication #: 09256657
Publication Date: 2016-02-09
Patent URL: View on USPTO Website

Techniques are described for tracking data objects transferred among multiple services in a computing environment. Services that are involved in the transfer of data objects may be instrumented to generate recordings that describe outbound and inbound transfers of data objects. The recordings may be analyzed to identify key-value pairs included in the transferred data objects, where the key corresponds to a data attribute that stores a particular value in a data object. For each pair of keys that are associated with a same or substantially similar value, a correlation metric may be updated for each instance of association. Over time, the correlation metric may indicate a higher degree of correlation for those pairs of keys that frequently share a same value. Pairs of keys exhibiting an above-threshold correlation count may be designated as related in that they are involved in the transfer of data objects.


Automatic quote generation

Owner: Amazon Technologies, Inc.
Publication #: 09256889
Publication Date: 2016-02-09
Patent URL: View on USPTO Website

Automatic quotes or references are generated based on a user's interaction with one or more pieces of content. A passage for quotation may be determined based at least in part on usage data including information about interaction with one or more pieces of content. A user may begin to type a quotation and a corresponding passage is inserted. The user may vary the scope of the passage, such as adding sentences or paragraphs. User annotation of the passage while the content is presented may also generate an automatically inserted quotation. A citation descriptive of the quoted passage may also be inserted. The automatically inserted quotation may be configured with a link or script, allowing additional functions or access to source content.


Secure input to a computing device

Owner: Amazon Technologies, Inc.
Publication #: 09257133
Publication Date: 2016-02-09
Patent URL: View on USPTO Website

A computing device senses speech or other user input. One or more physical variable pertaining to a user of the computing device are also sensed, and respective signals are analyzed or compared to the user input. The analysis determines if the user input is likely that of an authorized user, and assigns a confidence metric to that determination. The computing device may then perform actions corresponding to the speech or user input content in accordance with the determination.


Mutual authentication with symmetric secrets and signatures

Owner: Amazon Technologies, Inc.
Publication #: 09258117
Publication Date: 2016-02-09
Patent URL: View on USPTO Website

A client and server negotiate a secure communication channel using a pre-shared key where the server, at the time the negotiation initiates, lacks access to the pre-shared key. The server obtains the pre-shared key from another server that shares a secret with the client. A digital signature or other authentication information generated by the client may be used to enable the other server to determine whether to provide the pre-shared key.


Decentralized verification in a distributed system

Owner: Amazon Technologies, Inc.
Publication #: 09258118
Publication Date: 2016-02-09
Patent URL: View on USPTO Website

A credential, such as a password, for an entity is used to generate multiple keys. The generated keys are distributed to credential verification systems to enable the credential verification systems to perform authentication operations. The keys are generated such that access to a generated key allows for authentication with a proper subset of the credential verification systems. Thus, unauthorized access to information used by one authentication system does not, by itself, allow for successful authentication with other authentication systems.


Distributed policy enforcement with verification mode

Owner: Amazon Technologies, Inc.
Publication #: 09258312
Publication Date: 2016-02-09
Patent URL: View on USPTO Website

User-specified policies may be efficiently implemented and enforced with a distributed set of policy enforcement components. User-specified policies may be transformed into a normal form. Sets of normal form policies may be optimized. The optimized policies may be indexed and/or divided and provided to the distributed set of policy enforcement components. The distributed policy enforcement may have a sandbox mode and/or verification mode enabling policy configuration verification. With appropriate authorization, substitute data may be used in verification mode to evaluate requests with respect to policies. Evaluation results, relevant policies, and decision data utilized during request evaluation may be collected, filtered and reported at a variety of levels of detail. Originating user-specified policies may be tracked during the policy normalization process to enable reference to user-specified policies in verification mode reports.


Detection of and responses to network attacks

Owner: Amazon Technologies, Inc.
Publication #: 09258319
Publication Date: 2016-02-09
Patent URL: View on USPTO Website

Disclosed are various embodiments for detecting and responding to attacks on a computer network. One embodiment of such a method describes monitoring data communications transmitted to a target class of first computing nodes; in response to detecting a non-legitimate data communication to a computing node in the target class, determining whether the non-legitimate data communication is a form of attack on a network to which the computing nodes are connected; and in response to determining that the network is under attack, implementing new security measures for second computing nodes that are not part of the target class to protect the second computing nodes against the attack on the network while the attack is ongoing.


Managing interaction with hosted services

Owner: Amazon Technologies, Inc.
Publication #: 09258371
Publication Date: 2016-02-09
Patent URL: View on USPTO Website

Systems and methods are disclosed which facilitate managing interaction with instances corresponding to hosted services. Customers may implement services on a hosted computing environment. Further, the customer may allow limited interaction with the hosted service to a third party (e.g., in connection with a secondary service). For example, the third party may interact with a temporary copy of the hosted service. Thereafter, the customer may, given the consent of the third party, view details of the third party's interaction with the copy, and may be enabled to merge any alterations with the initial hosted service. In addition, a customer may monitor their own interactions with a hosted service or copies of a hosted service, and view details of the differences between multiple versions of the hosted service.


Discovery of public points of interest

Owner: Amazon Technologies, Inc.
Publication #: 09250088
Publication Date: 2016-02-02
Patent URL: View on USPTO Website

Disclosed are various embodiments for discovery of public points of interest. Data identifying points of interest is obtained. Each point of interest is associated with a respective user and specifies a respective name and a respective geographic location. A public point of interest is determined based at least in part on a similarity of the respective names of a subset of the points of interest, a proximity of the respective geographic locations of the subset of the points of interest, and a number of different users associated with the subset of the points of interest.


Data write caching for sequentially written media

Owner: Amazon Technologies, Inc.
Publication #: 09250811
Publication Date: 2016-02-02
Patent URL: View on USPTO Website

Techniques for implementing a data queuing and/or caching scheme for optimizing data storage are described herein. Data write requests are received and processed by at least queuing the requests and/or associated data for recording upon one or more data storage devices. The order within the queue, as well as the order in which the queued requests are serviced, may, in some embodiments, be optimized. The stored data are verified by determining the position of a write pointer implemented by the one or more data storage devices relative to the contents and/or position of the queued data requests.


Database cache survivability across database failures

Owner: Amazon Technologies, Inc.
Publication #: 09251003
Publication Date: 2016-02-02
Patent URL: View on USPTO Website

A database system may implement database cache survivability across database failures. In various embodiments, a database cache may be maintained independent of a failure of a database. A database cache may be maintained in a non-volatile memory device or maintained in a shared memory segment of system memory. Upon recovery from a database failure, a recovery point may be determined that indicates a consistent state of the database. Cache entries of the database cache inconsistent with the consistent state of the database may be invalidated, and the database cache may be made available for access requests directed toward the database. Valid cache entries from before the database failure may be made available without accessing a back-end data store for the database.


Backup of volatile memory to persistent storage

Owner: Amazon Technologies, Inc.
Publication #: 09251047
Publication Date: 2016-02-02
Patent URL: View on USPTO Website

Approaches for automatically backing up data from volatile memory to persistent storage in the event of a power outage, blackout or other such failure are described. The approaches can be implemented on a computing device that includes a motherboard, central processing unit (CPU) a main power source, volatile memory (e.g., random access memory (RAM)), an alternate power source and circuitry (e.g., a specialized application-specific integrated circuit (ASIC)) for performing the backup of volatile memory to a persistent storage device. In the event of a power failure of the main power source, the alternate power source is configured to supply power to the specialized ASIC for backing up the data in the volatile memory. For example, when power failure is detected, the ASIC can read the data from the DIMM socket using power supplied from the alternate power source and write that data to a persistent storage device.


Hypervisor assisted virtual memory obfuscation

Owner: Amazon Technologies, Inc.
Publication #: 09251090
Publication Date: 2016-02-02
Patent URL: View on USPTO Website

Remote computing resource service providers allow customers to execute one or more applications in a virtual environment on computer systems provided by the computing resource service provider. The virtual machines may be managed by a hypervisor executing on computer systems operated by the service provider. The virtual machines' memory may be protected by a memory obfuscation service and the hypervisor. The memory obfuscation service may enable the virtual machines to maintain at least a portion of sensitive information in an obfuscated format. The virtual machines may request access to the virtual machines' memory, the memory obfuscation service may obtain the requested memory in an obfuscated format and un-obfuscate the memory such that it may be used by the virtual machines.


Redundant key management

Owner: Amazon Technologies, Inc.
Publication #: 09251097
Publication Date: 2016-02-02
Patent URL: View on USPTO Website

A data storage service redundantly stores data and keys used to encrypt the data. Data objects are encrypted with first cryptographic keys. The first cryptographic keys are encrypted by second cryptographic keys. The first cryptographic keys and second cryptographic keys are redundantly stored in a data storage system to enable access of the data objects, such as to respond to requests to retrieve the data objects. The second cryptographic keys may be encrypted by third keys and redundantly stored in the event access to a second cryptographic key is lost.


Data transmission to an untrusted entity

Owner: Amazon Technologies, Inc.
Publication #: 09251361
Publication Date: 2016-02-02
Patent URL: View on USPTO Website

Techniques for transmitting data to an entity may be provided. In particular, a location of a data file (e.g., image, text, multimedia file, document, blog entry, identifying user information) can be provided to a location of a transitive file storage device for the entity to retrieve, instead of providing the data file directly to the entity. The entity can then provide the data file to users (e.g., via a hosted network page) and/or provide the data file to a service provider along with code to enable the service provider to provide the data file to users.


Use case-specific entity identifiers

Owner: Amazon Technologies, Inc.
Publication #: 09251375
Publication Date: 2016-02-02
Patent URL: View on USPTO Website

Use case-specific entity identifiers are disclosed. Entity data associated with an actual entity identifier of an entity is generated. A use case-specific entity identifier is generated based at least in part on encrypting the actual entity identifier using reversible encryption. The entity data, in association with the use case-specific entity identifier, is sent to another service.


Managing communications between computing nodes

Owner: Amazon Technologies, Inc.
Publication #: 09253211
Publication Date: 2016-02-02
Patent URL: View on USPTO Website

Techniques are described for managing communications between multiple intercommunicating computing nodes, such as multiple virtual machine nodes hosted on one or more physical computing machines or systems. In some situations, users may specify groups of computing nodes and optionally associated access policies for use in the managing of the communications for those groups, such as by specifying which source nodes are allowed to transmit data to particular destinations nodes. In addition, determinations of whether initiated data transmissions from source nodes to destination nodes are authorized may be dynamically negotiated for and recorded for later use in automatically authorizing future such data transmissions without negotiation. This abstract is provided to comply with rules requiring an abstract, and it is submitted with the intention that it will not be used to interpret or limit the scope or meaning of the claims.


Altering streaming video encoding based on user attention

Owner: Amazon Technologies, Inc.
Publication #: 09253494
Publication Date: 2016-02-02
Patent URL: View on USPTO Website

Disclosed are various embodiments for adjusting the encoding of a video signal into a video stream based on user attention. A video signal is encoded into a video stream. A temporary lapse of attention by a user of the interactive application is predicted. The encoding of the video signal into the video stream is adjusted from an initial state to a conservation state in response to predicting the temporary lapse of attention by the user. The conservation state is configured to conserve one or more resources used for the video stream relative to the initial state.


Pan and zoom gesture detection in a multiple touch display

Owner: Amazon Technologies, Inc.
Publication #: 09235338
Publication Date: 2016-01-12
Patent URL: View on USPTO Website

Systems and methods of zooming and panning an image on a multi-touch enabled computing device are provided. The difference in the mean absolute deviation of consecutive move events is used to determine the scaling factor to apply, and the translation of centroids of consecutive move events is used to determine the pan gesture to apply.


Deploying updates to an application during periods of off-peak demand

Owner: Amazon Technologies, Inc.
Publication #: 09235401
Publication Date: 2016-01-12
Patent URL: View on USPTO Website

Update preferences might be utilized to specify that an update to an application should not be applied until the demand for the application falls below a certain threshold. Demand for the application is monitored. The update to the application is applied when the actual demand for the application falls below the specified threshold. The threshold might be set such that updates are deployed during the off-peak periods of demand encountered during a regular demand cycle, such as a diurnal, monthly, or yearly cycle.


Deployment version management

Owner: Amazon Technologies, Inc.
Publication #: 09235409
Publication Date: 2016-01-12
Patent URL: View on USPTO Website

Customers wanting to deploy software packages, or updates to those packages, across a group of servers or other computing resources can rely upon a component such as a resource manager to manage the deployment. The resource manager can utilize a data structure that stores deployment information by Revision number, and merges information for each verified deployment into a Mainline for those resources. Each Deployment can involve an Individual Release or a Baseline Release, and the importance of those Releases can be determined with respect to a current snapshot of the Mainline. Such an approach enables important Release and Deployment information to be quickly determined and obtained, which can help with configuring and scheduling future Deployments.


Dynamic user interface rendering

Owner: Amazon Technologies, Inc.
Publication #: 09235429
Publication Date: 2016-01-12
Patent URL: View on USPTO Website

Clickstream data describes a pathway or sequence taken by a user while accessing webpages or other user interfaces. The clickstream data may be parsed or processed to identify the time the user spent viewing each webpage, the number of elements on each webpage, the user's access bandwidth, and other data defining respective user access metrics. The user access metrics may be applied toward the generation of more effective user interfaces having idealized element counts, element placements or counts targeted to a particular user, elements based on estimated user access times, and so on.


System and method for logical deletion of stored data objects

Owner: Amazon Technologies, Inc.
Publication #: 09235476
Publication Date: 2016-01-12
Patent URL: View on USPTO Website

Systems and methods for providing object versioning in a storage system may support the logical deletion of stored objects. In response to a delete operation specifying both a user key and a version identifier, the storage system may permanently delete the specified version of an object having the specified key. In response to a delete operation specifying a user key, but not a version identifier, the storage system may create a delete marker object that does not contain object data, and may generate a new version identifier for the delete marker. The delete marker may be stored as the latest object version of the user key, and may be addressable in the storage system using a composite key comprising the user key and the new version identifier. Subsequent attempts to retrieve the user key without specifying a version identifier may return an error, although the object was not actually deleted.


Local emulation of distributed key-value data store

Owner: Amazon Technologies, Inc.
Publication #: 09235609
Publication Date: 2016-01-12
Patent URL: View on USPTO Website

A local data store may also be configured to process updates using a common API with reference to a common schema. The common API and common schema may also be employed by hosted applications utilizing a remote distributed data store. Behavior of the remote distributed data store may be emulated by the local data store. Behaviors of the distributed data store that may be simulated include eventual consistency, provisioned throughput and latency based on horizontal partitioning.


Resource locators with keys

Owner: Amazon Technologies, Inc.
Publication #: 09237019
Publication Date: 2016-01-12
Patent URL: View on USPTO Website

Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.


Distributed policy enforcement with optimizing policy transformations

Owner: Amazon Technologies, Inc.
Publication #: 09237155
Publication Date: 2016-01-12
Patent URL: View on USPTO Website

User-specified policies may be efficiently implemented and enforced with a distributed set of policy enforcement components. User-specified policies may be transformed into a normal form. Sets of normal form policies may be optimized. The optimized policies may be indexed and/or divided and provided to the distributed set of policy enforcement components. The distributed policy enforcement may have a sandbox mode and/or verification mode enabling policy configuration verification. With appropriate authorization, substitute data may be used in verification mode to evaluate requests with respect to policies. Evaluation results, relevant policies, and decision data utilized during request evaluation may be collected, filtered and reported at a variety of levels of detail. Originating user-specified policies may be tracked during the policy normalization process to enable reference to user-specified policies in verification mode reports.


Virtual machine based content processing

Owner: Amazon Technologies, Inc.
Publication #: 09237188
Publication Date: 2016-01-12
Patent URL: View on USPTO Website

A set of techniques is described for enabling a virtual machine based transcoding system. The system enables any transcoding provider to make their transcoding service available to other users over a network. The system can automate the deployment, execution and delivery of the transcoding service on behalf of the transcoding provider and enable other users to use the transcoding services to transcode content. The system receives a virtual machine image, transfers the image to a location where the media content is stored and creates a virtual private network of resources that will perform the transcoding of the media content. The virtual private network may be firewalled or otherwise restricted from opening connections with external clients when transcoding the content in order to prevent malicious use of the media content.


System-wide query optimization

Owner: Amazon Technologies, Inc.
Publication #: 09229983
Publication Date: 2016-01-05
Patent URL: View on USPTO Website

A locally optimized plan for executing a command using a sequence of steps can be determined for a single computing node. However, the locally optimized sequence of steps may not be optimized for a combined system comprising multiple computing nodes, any one of which may be tasked with executing the command. A plan that is optimized for the combined system may be determined by comparing the predicted cost of locally optimized plans for computing nodes in the combined system.


Index-based querying of archived data sets

Owner: Amazon Technologies, Inc.
Publication #: 09230011
Publication Date: 2016-01-05
Patent URL: View on USPTO Website

Methods and systems for index-based querying of archived data sets are disclosed. A plurality of indices are generated, each comprising a plurality of pointers to storage locations of a plurality of updates to a document. A query request is received after generating the plurality of indices. The query request comprises an identifier of the document and a specified time range. A subset of the indices that comprise the identifier of the document within the specified time range are determined. From the subset of the indices are retrieved a subset of the pointers to the storage locations for one or more of the updates to the document within the specified time range. The one or more updates to the document within the specified time range are retrieved using the subset of the plurality of pointers.


System testing techniques

Owner: Amazon Technologies, Inc.
Publication #: 09230056
Publication Date: 2016-01-05
Patent URL: View on USPTO Website

A pool of test entities, such as test users and test products, is maintained. Parameters for test entities may be received and test entities may be selected from sets of test entities satisfying the parameters. Selection of a test entity from a set of test entities satisfying received parameters may utilize stochastic techniques. When multiple tests are administered simultaneously, test entities may be provided in a manner that ensures that one test does not affect the validity of another test due to the test's activity in connection with the test entities.


Deliverability-based e-mail sending

Owner: Amazon Technologies, Inc.
Publication #: 09230245
Publication Date: 2016-01-05
Patent URL: View on USPTO Website

Methods and systems for deliverability-based e-mail sending are disclosed. A plurality of e-mail addresses for a user are acquired. For each of the e-mail addresses, a connection between a sending computer system and a receiving computer system is opened. A likelihood of successful e-mail delivery is determined for each of the connections. The connection having the highest likelihood of delivery is automatically selected. An e-mail is sent using the selected connection, and the other connections are closed without sending an e-mail.


Virtual endpoints for request authentication

Owner: Amazon Technologies, Inc.
Publication #: 09231930
Publication Date: 2016-01-05
Patent URL: View on USPTO Website

Customers can utilize resources of a multi-tenant environment to provide one or more services available to various users. In order to simplify the process for these customers, the multi-tenant environment can include an infrastructure wherein a portion of the resources provide an authentication and/or authorization service that can be leveraged by the customer services. These resources can logically sit in front of the resources used to provide the customer services, such that a user request must pass through the authorization and authentication service before being directed to the customer service. Such resources can provide other functionality as well, such as load balancing and metering.


Content delivery to user devices using server-initiated connections

Owner: Amazon Technologies, Inc.
Publication #: 09231949
Publication Date: 2016-01-05
Patent URL: View on USPTO Website

Features are disclosed for enabling servers to initiate the opening of connections with clients, initiate transfers of data to clients, and provide clients with hints regarding which content retrieval, connection establishment, and other network operations will likely improve user-perceived performance on the client. A token may be transmitted from a client to a server, and the server may utilize the token to initiate a network connection with the client and send data to the client. The token may also be passed to a third party for similar use. Hints may be provided to the client, indicating actions that the client may perform in order to improve content processing efficiency and enhance a user experience with the content. The disclosed features may, for example, be incorporated into web browser and server software.


Video presentation using repeated video frames

Owner: Amazon Technologies, Inc.
Publication #: 09232249
Publication Date: 2016-01-05
Patent URL: View on USPTO Website

A variety of media devices may stream and present content such as movies, music, audiobooks, and so forth. During streaming, data transfer rates may temporarily drop below that needed to maintain presentation. Described herein are techniques and systems for repeating presentation of previously received video frames. This repeated presentation allows for presentation of the content to continue uninterrupted, while providing time for the data transfer rate to regain a level capable of maintaining the presentation.


Initiation of wireless service

Owner: Amazon Technologies, Inc.
Publication #: 09232388
Publication Date: 2016-01-05
Patent URL: View on USPTO Website

Disclosed are various embodiments for implementing wireless service for a wireless device. In a representative embodiment, a service initiation system is executed in a computing device that communicates with a service provider system over a network to activate a wireless service associated with a newly purchased wireless device. The service initiation system also generates a network page to send to a client over the network, where the network page has a component that initiates a porting of a contact designation associated with a prior wireless device to the newly purchased wireless device separate from the activation of the wireless service for the newly purchased wireless device.


Application provided browser plugin

Owner: Amazon Technologies, Inc.
Publication #: 09223557
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

An application may be installed on a user device. Installing the application may include receiving and storing an executable application, a plugin, and an application manifest. The application manifest may include a path corresponding to the plugin and one or more rules associated with the plugin. A webpage may be requested from the web server. The webpage may be parsed to determine that the webpage includes an instruction to use the plugin. It may be determined that the application includes the plugin. The path corresponding to the plugin may be obtained from the application manifest. The webpage may be presented using the plugin.


Organizing content using pipelines

Owner: Amazon Technologies, Inc.
Publication #: 09223621
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

A transcoding service is described that is capable of transcoding or otherwise processing content, such as video, audio or multimedia content, by utilizing one or more pipelines. A pipeline can enable a user to submit transcoding jobs (or other processing jobs) into an available pipeline, where a transcoding service (or other such service) assigns one or more computing resources to process the jobs received to each pipeline. The transcoding service and the pipelines can be provided by at least one service provider (e.g., a cloud computing provider) or other such entity to a plurality of customers. A service provider can also provide the computing resources (e.g., servers, virtual machines, etc.) used to process the transcoding jobs from the pipelines.


Energy storage for memory protection during power event

Owner: Amazon Technologies, Inc.
Publication #: 09223664
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

An energy storage device included in a data center environment can supply energy to a set of solid state drives in the data center environment when power failure or another power event has occurred. In some embodiments, there can be a controller for each solid state drive. The controller can be configured to detect or determine the occurrence of the power failure or other power event and, in response, transmit a command to a respective solid state drive instructing the solid state drive to perform a graceful and atomic shutdown operation, so that data stored on the drive is made durable and the drive enters a quiescent state (e.g., sleep mode, hibernate mode, power-off mode, etc.). As such, the energy storage device can provide protection against power events to solid state drives that lack native (e.g., built-in, inherent, etc.) power protection mechanisms.


Custom host errors definition service

Owner: Amazon Technologies, Inc.
Publication #: 09223673
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

A custom host errors definition service is provided. The custom host errors definition service can create separate endpoints through which different customers can define custom host errors for one or more host computing systems, which might operate in a distributed execution environment. A custom host error definition can specify one or more host computing systems, one or more system components of the one or more host computing systems, one or more attributes, one or more error conditions for the one or more attributes, and one or more actions to perform as a result of the error conditions being satisfied. The error conditions can be, but are not limited to, threshold conditions, component failure conditions, missing hardware conditions, degraded hardware conditions, system firmware failures, incorrect firmware conditions, and the like.


Range retrievals from archived data objects according to a predefined hash tree schema

Owner: Amazon Technologies, Inc.
Publication #: 09223789
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

Ranges of data stored within archived data may be retrieved according to a predefined hash tree schema. A retrieval request for a range of one or more data chunks of an archived data object stored in archival data store may be retrieved. In response, the requested range of the archived data object may be determined to be tree-hash aligned. In response to determining that the requested range is tree-hash aligned, a retrieval job may be initiated to obtain the range of one or more data chunks and to stage the one or more data chunks for download. A download request may for one or more of the obtained and staged data chunks, and if determined to be tree-hash aligned, a tree hash root node may be sent to the requesting client in addition to the requested data.


System and method for providing high availability data

Owner: Amazon Technologies, Inc.
Publication #: 09223841
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

A computer-implemented data processing system and method writes a first plurality of copies of a data set at a first plurality of hosts and reads a second plurality of copies of the data set at a second plurality of hosts. The first and second pluralities of copies may be overlapping and the first and second pluralities of hosts may be overlapping. A hashing function may be used to select the first and second pluralities of hosts. Version histories for each of the first copies of the data set may also be written at the first plurality of hosts and read at the second plurality of hosts. The version histories for the second copies of the data set may be compared and causal between the second copies of the data set may be evaluated based on the version histories for the second copies of the data set.


Optimized log storage for asynchronous log updates

Owner: Amazon Technologies, Inc.
Publication #: 09223843
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

A log-structured data store may implement optimized log storage for asynchronous log updates. In some embodiments, log records may be received indicating updates to data stored for a storage client and indicating positions in a log record sequence. The log records themselves may not be guaranteed to be received according to the log record sequence. Received log records may be stored in a hot log portion of a block-based storage device according to an order in which they are received. Log records in the hot log portion may then be identified to be moved to a cold log portion of the block-based storage device in order to complete a next portion of the log record sequence. Log records may be modified, such as compressed, or coalesced, before being stored together in a data block of the cold log portion according to the log record sequence.


Architectures for content identification

Owner: Amazon Technologies, Inc.
Publication #: 09223902
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

A user can capture various types of information concurrently using multiple sensors of an electronic device. This “scene” data can be provided to a service for processing, which is able to identify various types of potential matches and aggregate information to be returned to the client device. In at least some embodiments, matching information can be sent with the results such that the electronic device can match an element in the scene the next time that element is encountered, without having to contact the service again. In some embodiments, an attempt can be made to predict elements that the user might attempt to identify, and one or more corpora of data can be sent to the electronic device such that the client device can perform any matching on the device for elements in those corpora.


Data storage application programming interface

Owner: Amazon Technologies, Inc.
Publication #: 09225675
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

An application programming interface for a data storage service provides a convenient mechanism for clients of the data storage service to access its various capabilities. An API call may be made to initiate a job and in response a job identifier may be provided. A separate API call specifying the job identifier may be made and a response providing information related to the job may result. Various API calls may be used to store data, retrieve data, obtain an inventory of stored data, and to obtain other information relating to stored data.


Browser security module

Owner: Amazon Technologies, Inc.
Publication #: 09225690
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.


Storage gateway activation process

Owner: Amazon Technologies, Inc.
Publication #: 09225697
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

Methods, apparatus, and computer-accessible storage media for activating a gateway to a remote service provider. The gateway serves as an interface between processes on a customer network and the provider, for example to store customer data to a remote data store. A gateway sends a public key and metadata describing the gateway to the provider. The gateway receives an activation key from the provider and exposes the activation key on the customer network. The customer obtains the key and communicates to the provider using the key to provide customer information including a name for the gateway and to authorize registration of the gateway. The provider provides the customer information to the gateway. The gateway requests security credentials from the provider using the customer information and the key. The provider sends a security credential to the gateway. The gateway may then obtain configuration information from the customer via the provider.


Unified management of third-party accounts

Owner: Amazon Technologies, Inc.
Publication #: 09225704
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

Disclosed are various embodiments for management of third-party accounts for users in an organization. It is determined whether a user in an organization is to be provided with managed access to a third-party network site. An account may be managed for the user with the third-party network site in response when the user is to be provided with managed access to the third-party network site. A security credential is stored for the managed account. A client computing device associated with the user is configured to authenticate with the third-party network site using the security credential. The user may be restricted from accessing the security credential.


Enhanced security for electronic communications

Owner: Amazon Technologies, Inc.
Publication #: 09225712
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

Techniques are described for providing enhanced security for electronic communications, such as by including in a message sent between two services a digital signature that is generated by using secret information known to the services, so that the recipient receives assurance regarding the sender's identity if the recipient can replicate the received digital signature using the secret information known to the recipient. In some situations, the enhanced security is used in communications to and/or from an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users, such as to prevent malicious phishers from inappropriately gaining access to user information. Various services may use the enhanced security techniques when interacting with the access manager system at various times, such as to initiate sign-on for a user and/or to take subsequent action on behalf of a signed-on user.


Constrained credentialed impersonation

Owner: Amazon Technologies, Inc.
Publication #: 09225744
Publication Date: 2015-12-29
Patent URL: View on USPTO Website

Client impersonation is recognized by an access control service using servicer credentials to allow a servicer to impersonate a user's context while requesting actions be performed on a computing resource. A servicer may be requested to perform an action through impersonation, granting access to the context of a user related to the computing resource. The computing resource receives servicer credentials and impersonation information from the servicer. After verifying the servicer's authorization to perform actions under the context of the user, the servicer may attempt to perform the requested action. The action may be logged as performed by the servicer impersonating the user. The user may also be billed for any costs incurred.


Cloning and recovery of data volumes

Owner: Amazon Technologies, Inc.
Publication #: 09218245
Publication Date: 2015-12-22
Patent URL: View on USPTO Website

Aspects of a data environment, such as the cloning, hibernation, and recovery of databases, are managed using a separate control environment. A monitoring component of the control environment can periodically communicate with the data environment to determine any necessary actions to be performed, such as to recover from faults or events for a data instance in the data environment. A workflow can be instantiated that includes tasks necessary to perform actions such as recovery, hibernation, resumption from hibernation, or backup or cloning. Tasks of the workflow can cause certain jobs to be performed by host managers in the data environment to affect calls made to the control environment.


Systems and methods providing event data

Owner: Amazon Technologies, Inc.
Publication #: 09218437
Publication Date: 2015-12-22
Patent URL: View on USPTO Website

Computer applications may generate a large volume of different types of record data. In one example, the large volume of record data may represent millions of different processes occurring every second. Described herein are systems, methods and devices for generating parsed data based on the large volume of record data. The parsed data may be consumed by computing nodes within a designated amount of time from the generation of the record data.


Enhanced biometric security measures

Owner: Amazon Technologies, Inc.
Publication #: 09218474
Publication Date: 2015-12-22
Patent URL: View on USPTO Website

Functionality is disclosed for enhancing the security of a computing device equipped with a fingerprint input device. A pre-unlock operation is performed when a duress fingerprint is used to access a locked device. The pre-unlock operation may include one or more computer-implemented mechanisms to secure, hide, remove, move, encrypt, disassociate, communicate or modify data stored on the device and/or remote locations. In some embodiments, the pre-unlock operation may direct a device to capture information and communicate such information to remote computers contemporaneously with the receipt of a duress fingerprint.


Best practice analysis, automatic remediation

Owner: Amazon Technologies, Inc.
Publication #: 09219648
Publication Date: 2015-12-22
Patent URL: View on USPTO Website

Embodiments of the present disclosure are directed to, among other things, providing resource allocation advice, configuration recommendations, and/or migration advice regarding data storage, access, placement, and/or related web services. In some examples, a web service may utilize or otherwise control a client instance to control, access, or otherwise manage resources of a distributed system. Based at least in part on one or more resource usage checks and/or configuration checks, resource usage information and/or configuration information of an account utilizing a web service, and/or user preferences and/or settings, resource allocation advice, system configuration recommendations, and/or migration advice may be provided to a user of an account. Additionally, in some examples, one or more remediation operations may be performed automatically.


Using virtual networking devices to manage routing cost information

Owner: Amazon Technologies, Inc.
Publication #: 09219679
Publication Date: 2015-12-22
Patent URL: View on USPTO Website

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing cost information to update the configuration of the managed computer network, and/or includes determining actual cost information corresponding to use of an underlying substrate network and providing routing cost information to the client that reflects the determined actual cost information, so as to enable the client to modify the configuration of the managed computer network accordingly.


Archival data identification

Owner: Amazon Technologies, Inc.
Publication #: 09213709
Publication Date: 2015-12-15
Patent URL: View on USPTO Website

Methods and systems are provided herein that facilitate cost-effective and reliable data identification in an archival data storage system. In an embodiment, a data object stored in an archival data storage system is identified by a data object identifier which encodes storage location information that may be used to locate a data object stored in an archival data storage system that reduces the cost to store a global index. The data object identifier may also encode policy information such as access control information usable for validating subsequent access to the data object, payload validation information such as size and digest usable for verifying the integrity of the payload data, metadata validation information such as error-detection codes usable for validating integrity of the data object identifier and other information.


Database cost tracing and analysis

Owner: Amazon Technologies, Inc.
Publication #: 09213726
Publication Date: 2015-12-15
Patent URL: View on USPTO Website

Web services hosted at a data center may employ architectural patterns that tend to obfuscate the source of queries made against databases and other resources in the data center. The queries may be the source of performance, capacity or utilization problems, and may contribute to the cost of hosting the web service. Web service invocations may be associated with identifiers that can be included in modified queries sent to databases and other resources. Summarized cost information may be calculated based on recorded associations between the identifiers and query performance information.


Content access control across multiple media devices

Owner: Amazon Technologies, Inc.
Publication #: 09213845
Publication Date: 2015-12-15
Patent URL: View on USPTO Website

Described herein are systems and methods for controlling access by a user to content across a plurality of media devices. Access content limits may be set and enforced across the plurality of media devices. A user exceeding the limits may be disallowed from access to the content. The content access limits for a user may be specified by one or more of time, cost, content category, and so forth.


Computing resource availability risk assessment using graph comparison

Owner: Amazon Technologies, Inc.
Publication #: 09215158
Publication Date: 2015-12-15
Patent URL: View on USPTO Website

Embodiments of the present disclosure are directed to, among other things, determining whether some or all portions of an application stack implemented on a distributed system are vulnerable to availability issues. In some examples, a web service may utilize or otherwise control a client instance to control, access, or otherwise manage resources of a distributed system. Based at least in part on comparing one or more customer graphs with one or more model, curated, or best practice graphs of a distributed system, availability risks and/or deployment recommendations may be provided. Additionally, in some examples, one or more remediation and/or migration operations may be performed automatically or provided as recommendations.


Using a fraud metric for provisioning of digital certificates

Owner: Amazon Technologies, Inc.
Publication #: 09215231
Publication Date: 2015-12-15
Patent URL: View on USPTO Website

A method for provisioning digital certificates in a multi-tenant network environment may include receiving an API request for a digital certificate from a representative of a customer entity. Existing account information of the representative may be retrieved, the existing account information associated with at least one service provided within the multi-tenant network environment and used by the representative. The identity of the representative may be verified based at least in part on digital certificate authentication information within the API request. At least one fraud metric may be generated for the representative based on the retrieved existing account information. The at least one fraud metric may be indicative of fraudulent activity associated with the representative. The identity verification and the at least one fraud metric may be used to determine whether to issue the digital certificate to the customer entity.


Managing distributed execution of programs

Owner: Amazon Technologies, Inc.
Publication #: 09207975
Publication Date: 2015-12-08
Patent URL: View on USPTO Website

Techniques are described for managing distributed execution of programs. In some situations, the techniques include determining configuration information to be used for executing a particular program in a distributed manner on multiple computing nodes and/or include providing information and associated controls to a user regarding ongoing distributed execution of one or more programs to enable the user to modify the ongoing distributed execution in various manners. Determined configuration information may include, for example, configuration parameters such as a quantity of computing nodes and/or other measures of computing resources to be used for the executing, and may be determined in various manners, including by interactively gathering values for at least some types of configuration information from an associated user (e.g., via a GUI that is displayed to the user) and/or by automatically determining values for at least some types of configuration information (e.g., for use as recommendations to a user).


Monitoring and automatic scaling of data volumes

Owner: Amazon Technologies, Inc.
Publication #: 09207984
Publication Date: 2015-12-08
Patent URL: View on USPTO Website

Aspects of a data environment, such as various capacities of data stores and instances, can be managed using a separate control environment. A monitoring component of the control environment can periodically communicate with the data environment to obtain performance information. The information is analyzed, using algorithms such as trending and extrapolation algorithms, to determine any recommended scaling of resources in the data environment. The scaling can be performed automatically, or as authorized by a customer. A workflow can be instantiated that includes tasks necessary to perform the scaling. The scaling of storage capacity can be performed without affecting the availability of the data store.


Managing contingency capacity of pooled resources in multiple availability zones

Owner: Amazon Technologies, Inc.
Publication #: 09208032
Publication Date: 2015-12-08
Patent URL: View on USPTO Website

A network-based services provider may reserve and provision primary resource instance capacity for a given service (e.g., enough compute instances, storage instances, or other virtual resource instances to implement the service) in one or more availability zones, and may designate contingency resource instance capacity for the service in another availability zone (without provisioning or reserving the contingency instances for the exclusive use of the service). For example, the service provider may provision resource instance(s) for a database engine head node in one availability zone and designate resource instance capacity for another database engine head node in another availability zone without instantiating the other database engine head node. While the service operates as expected using the primary resource instance capacity, the contingency resource capacity may be leased to other entities on a spot market. Leases for contingency instance capacity may be revoked when needed for the given service (e.g., during failover).


Systems and methods for determining interest in an item or category of items

Owner: Amazon Technologies, Inc.
Publication #: 09208202
Publication Date: 2015-12-08
Patent URL: View on USPTO Website

Systems and methods are provided for determining customer interest associated with an item or category of items. In some embodiments, one or more discussion forums associated with each of a plurality of items may be determined. For each item, interest criteria associated with the item may be determined based at least in part on the one or more discussion forums associated with the item. The interest criteria may include the number of user posts in the one or more discussion forums and/or the number of users who have participated in the one or more discussion forums. An interest score associated with each item may be determined based at least in part on the interest criteria. In some embodiments, interest ranking information for an item or category may be generated by comparing the interest score associated with an item or category and interest scores associated with other items or categories.


Brokering for application hosting computing resources of multiple vendor-specific provisioned computing environments

Owner: Amazon Technologies, Inc.
Publication #: 09210031
Publication Date: 2015-12-08
Patent URL: View on USPTO Website

In certain embodiments, a computer-implemented method includes accessing, using one or more processing units, application parameters associated with an application. The application parameters define constraints for hosting the application using one or more of a plurality of provisioned computing environments available over a computer network from multiple computing resources vendors. Each vendor is associated with a corresponding vendor-specific provisioned computing environment that includes computing resources available to be provisioned for use by a multiple entities distinct from the vendors. The method includes accessing, using the one or more processing units, vendor-specific data for the vendor-specific provisioned computing environments. The method includes determining, using the one or more processing units, from among the vendor-specific provisioned computing environments and based on the application parameters and the vendor-specific data for the provisioned computing environments, a first vendor-specific provisioned computing environment for hosting the application.


Using virtual networking devices to manage network configuration

Owner: Amazon Technologies, Inc.
Publication #: 09210041
Publication Date: 2015-12-08
Patent URL: View on USPTO Website

Techniques are described for providing managed virtual computer networks that may have a configured logical network topology with one or more virtual networking devices, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. In some situations, the emulating of networking device functionality includes receiving routing communications directed to the networking devices and using included routing information to update the configured network topology for the managed computer network. In addition, the techniques may further include supporting interactions with devices that are external to the virtual computer network, including remote physical networking devices that are part of a remote computer network configured to interoperate with the virtual computer network, and/or specialized network devices that are accessible via a substrate network on which the virtual computer network is overlaid.


Clustered dispersion of resource use in shared computing environments

Owner: Amazon Technologies, Inc.
Publication #: 09210048
Publication Date: 2015-12-08
Patent URL: View on USPTO Website

Host machines and other devices performing synchronized operations can be dispersed across multiple racks in a data center to provide additional buffer capacity and to reduce the likelihood of congestion. The level of dispersion can depend on factors such as the level of oversubscription, as it can be undesirable in a highly connected network to push excessive host traffic into the aggregation fabric. As oversubscription levels increase, the amount of dispersion can be reduced and two or more host machines can be clustered on a given rack, or otherwise connected through the same edge switch. By clustering a portion of the machines, some of the host traffic can be redirected by the respective edge switch without entering the aggregation fabric. When provisioning hosts for a customer, application, or synchronized operation, for example, the levels of clustering and dispersion can be balanced to minimize the likelihood for congestion throughout the network.


Mixed-mode authorization metadata manager for cloud computing environments

Owner: Amazon Technologies, Inc.
Publication #: 09210178
Publication Date: 2015-12-08
Patent URL: View on USPTO Website

Methods and apparatus for a mixed-mode authorization metadata manager for cloud computing environments are disclosed. A system includes a plurality of service managers coordinating respective distributed multitenant services, and a metadata manager. In response to a metadata request for an authorization entity, the metadata manager identifies a first and a second service manager coordinating services in use by a client account with which the authorization entity is affiliated. The first and second service managers implement respective authorization APIs. The metadata manager provides composite authorization metadata of the authorization entity based at least in part on (a) service authorization metadata provided by each of the first and second service managers and (b) identity authorization metadata provided by an identity manager.


Client side cache management

Owner: Amazon Technologies, Inc.
Publication #: 09210235
Publication Date: 2015-12-08
Patent URL: View on USPTO Website

A system, method and computer-readable medium for client-side cache management are provided. A client request for content is returned that includes executable code for generating a request for preload information. Based on processing the executable code, a client computing device requests preload information from a content delivery service provider. The content delivery service provider provides an identification of content based on resource requests previously served by the content delivery service provider. The client computing device processes the preload information and generates and obtains identified resources for maintenance in a client computing device memory, such as cache.


Automated statistical graphing tool

Owner: Amazon Technologies, Inc.
Publication #: 09195374
Publication Date: 2015-11-24
Patent URL: View on USPTO Website

Statistics of a distributed computing system are managed to identify and/or provide percentile data associated with the managed statistics. In some examples, percentiles associated with performance data of the computing system may be calculated. Based at least in part on a factor associated with the performance data, one or more of the calculated percentiles may be selected. Additionally, in some examples, graph data for at least a portion of the selected percentiles may be provided.


Interactive application programming interface documentation

Owner: Amazon Technologies, Inc.
Publication #: 09195457
Publication Date: 2015-11-24
Patent URL: View on USPTO Website

Documentation for an application programming interface may include a source code portion. Input may be received from a user of the documentation indicating a request to see a simulated result of executing the source code portion. A set of instructions corresponding to the source code portion may be loaded. State dependencies of the set of instructions may be resolved to form an execution environment for the instructions. Simulated results for executing the source code portion may be obtained by executing the instructions based on the execution environment.


Dynamic logical zone assignment

Owner: Amazon Technologies, Inc.
Publication #: 09195484
Publication Date: 2015-11-24
Patent URL: View on USPTO Website

Techniques are disclosed for dynamic assignment of a logical zone to a data center. A request may be received to link together different accounts. Data center selection information may then be obtained including, for example, an identification of the data centers to which each of the linked accounts is currently assigned, linked account usage information and system capacity information. The obtained information may be used to determine a selected data center to which to assign the logical zone across each of the linked accounts. The selected data center may be determined based on one or more selection priorities, which may be set based on input from any combination of a customer, a service provider and/or another party. Any linked accounts not currently assigned to the selected data center may then have instances migrated to the selected data center using, for example, one or more passive and/or active migration techniques.


Selectively persisting application program data from system memory to non-volatile data storage

Owner: Amazon Technologies, Inc.
Publication #: 09195542
Publication Date: 2015-11-24
Patent URL: View on USPTO Website

Application program data stored in system memory may be selectively persisted. An indication may be provided to an application program that an application data object or a range of application data stored in system memory may be treated as persistent. Data backup may be enabled for the application data object or range of application data in the event of a system failure, copying the application data object or range of application data from system memory to non-volatile data storage. Upon recovery from a system failure, further data backup for the application data object or the range of application data may be disabled. In some embodiments, at least some of the application data object or range of application data may be recovered for the application program to access. Data backup for the application data object or the range of application data may also be re-enabled.


Adaptive responses to trickle-type denial of service attacks

Owner: Amazon Technologies, Inc.
Publication #: 09195805
Publication Date: 2015-11-24
Patent URL: View on USPTO Website

Various approaches are provided that are able to mitigate the effects of potential trickle-type denial of service (DoS) attacks or similar occurrences. Connection values such as the maximum number of concurrent connections and the timeout values for new connections can be adjusted dynamically in response to changes in operational state and/or an amount of suspicious activity. The suspicious activity can include, for example, a low rate of packets or bytes per unit time, repetitive small headers, unrecognized headers, and other such information. In some embodiments the changes are made iteratively to minimize the effect of the changes on legitimate requests. After the level of suspicious activity decreases, the connection values can iteratively be readjusted hack to normal operational values, in order to minimize any remaining portion of the potential attack.


Key derivation techniques

Owner: Amazon Technologies, Inc.
Publication #: 09197409
Publication Date: 2015-11-24
Patent URL: View on USPTO Website

Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.


Best practice analysis, migration advisor

Owner: Amazon Technologies, Inc.
Publication #: 09197502
Publication Date: 2015-11-24
Patent URL: View on USPTO Website

Embodiments of the present disclosure are directed to, among other things, providing resource allocation advice, configuration recommendations, and/or migration advice regarding data storage, access, placement, and/or related web services. In some examples, a web service may utilize or otherwise control a client instance to control, access, or otherwise manage resources of a distributed system. Based at least in part on one or more resource usage checks and/or configuration checks, resource usage information and/or configuration information of an account utilizing a web service, and/or user preferences and/or settings, resource allocation advice, system configuration recommendations, and/or migration advice may be provided to a user of an account. Additionally, in some examples, one or more remediation operations may be performed automatically.


Client device connectivity with integrated business rules

Owner: Amazon Technologies, Inc.
Publication #: 09197617
Publication Date: 2015-11-24
Patent URL: View on USPTO Website

Applications executing on mobile client devices may access remote resources via network connections. Operational capabilities and financial costs of these connections may differ. Developers, network administrators, and other parties may wish to moderate usage of various available conditions to conform to business rules. Connectivity information including one or more network grants are integrated into an application received from a developer at ingestion by an application management server, which accesses those business rules. The client devices may coordinate with a proxy server to provide additional controls. Networking public interfaces provide the developer with a simplified pathway for development of applications which use network connections, particularly on mobile devices.


Inventory system with climate-controlled inventory

Owner: Amazon Technologies, Inc.
Publication #: 09185998
Publication Date: 2015-11-17
Patent URL: View on USPTO Website

A system includes a climate-controlled inventory holder, a mobile drive unit, and a management module. The climate-controlled inventory holder is configured to control a climate of one or more inventory items stored by the inventory holder. The mobile drive unit is operable to transport the climate-controlled inventory holder from a first location to a second location based at least in part upon one or more instructions received from a management module. The management module is operable to receive an order for an inventory item, determine that the inventory holder stores the inventory item, and instruct the mobile drive unit to transport the climate-controlled inventory holder from the first location to the second location.


Evaluating application compatibility

Owner: Amazon Technologies, Inc.
Publication #: 09189220
Publication Date: 2015-11-17
Patent URL: View on USPTO Website

Disclosed are various embodiments for evaluating application compatibility with computing devices. A set of applications is determined and then filtered to exclude those applications which are incompatible with a particular client. The filtering is performed by determining a capability set for the client and performing an evaluation of a compatibility expression for each application using the capability set to determine whether each application is compatible with the client. The filtered set of applications is returned and may be used in user interfaces associated with an application marketplace system.


Frequent data set captures for volume forensics

Owner: Amazon Technologies, Inc.
Publication #: 09189343
Publication Date: 2015-11-17
Patent URL: View on USPTO Website

Techniques, including systems and methods, take frequent captures of data sets for the purpose of forensic analysis. The data set captures are taken at the block level in various embodiments. Data set captures are used to instantiate forensic storage volumes that are attached to computing instances. The computing instances can access data in the forensic storage volumes at a state corresponding to a specified capture time. A user can select different capture times to re-instantiate the forensic storage volume to see how the forensic storage volume changed between captures.


Method and apparatus for providing fulfillment services

Owner: Amazon Technologies, Inc.
Publication #: 09189768
Publication Date: 2015-11-17
Patent URL: View on USPTO Website

Method and apparatus for providing inventory fulfillment services to customers who have small quantities of heterogeneous items to sell. A self-service registration interface for generating lists of items to sell via the inventory fulfillment service is provided. The inventory fulfillment service may provide pricing suggestions to the customer. The inventory fulfillment service may determine whether a listed item satisfies one or more listing rules. Shipping information for a list of items may be automatically generated and provided to the customer. The customer may ship the items in one shipment to a specified facility. The customer is the seller of record for all items listed. The customer may not be charged for services until an item is sold. A listing period may be specified for which listed items will be carried. If an item does not sell within the period, option(s) for disposal of the item may be provided.


Processing content using pipelines

Owner: Amazon Technologies, Inc.
Publication #: 09183049
Publication Date: 2015-11-10
Patent URL: View on USPTO Website

A transcoding service is described that is capable of transcoding or otherwise processing content, such as video, audio or multimedia content, by utilizing one or more pipelines. A pipeline can enable a user to submit transcoding jobs (or other processing jobs) into an available pipeline, where a transcoding service (or other such service) assigns one or more computing resources to process the jobs received to each pipeline. The transcoding service and the pipelines can be provided by at least one service provider (e.g., a cloud computing provider) or other such entity to a plurality of customers. A service provider can also provide the computing resources (e.g., servers, virtual machines, etc.) used to process the transcoding jobs from the pipelines.


Providing access to an application programming interface through a named pipe

Owner: Amazon Technologies, Inc.
Publication #: 09183065
Publication Date: 2015-11-10
Patent URL: View on USPTO Website

An API calling process creates a named pipe through which a program can submit data to an application programming interface (“API”). Appropriate permissions are set on the named pipe such that only authorized applications can write data to the named pipe. When data is written to the named pipe, the written data is piped to the API calling process. The API calling process may process the written data, such as by placing the data into an appropriate format for submission to an API. The API calling process then utilizes appropriate credentials to call an API with the data written to the named pipe. For example, the API calling process might utilize service credentials to make a Web services API call to submit the data written to the named pipe to a Web services API exposed by a network service.


Avoidance of dependency issues in network-based service startup workflows

Owner: Amazon Technologies, Inc.
Publication #: 09183092
Publication Date: 2015-11-10
Patent URL: View on USPTO Website

A system and method for preventing dependency problems, such as deadlocks, within startup of computing service workflows, such as workflows that occur within computing assets that provide network-based computing services. The system and method creates a remedial workflow or action for the computing services to address deadlocks or other blocking conditions within the services which may occur should the underlying computing assets need to be restarted, rebooted or sequentially execute and reach a problematic operational state. The system and method will determine the reliance of each computing service upon the functionality of one or more other network-based computing services and structure the remedial workflow accordingly. Other aspects of the disclosure are described in the detailed description, figures, and claims.


Network site hosting in a managed environment

Owner: Amazon Technologies, Inc.
Publication #: 09183189
Publication Date: 2015-11-10
Patent URL: View on USPTO Website

Disclosed are various embodiments for network site hosting in a managed environment. A request for a network page is obtained, where the network page is associated with a network site hosted by a hosting provider on behalf of a customer. Aggregated data is obtained from a data aggregation service. The aggregated data is aggregated by the data aggregation service from multiple data sources. Page generation code supplied by the customer is executed in one or more machine instances to generate the network page in response to the request. The page generation code has access to the aggregated data. A resource management application facilitates configuration of the machine instances by the customer.


Rapid malware inspection of mobile applications

Owner: Amazon Technologies, Inc.
Publication #: 09183389
Publication Date: 2015-11-10
Patent URL: View on USPTO Website

Disclosed are various embodiments for inspecting malware with little or no user interruption. A first computing device may compare a source code of an application to a fingerprint stored locally on the first computing device. The first computing device may transmit the source code to a second computing device to determine whether the source code resides in a database comprising approved applications. If the source code does not reside in the database, a thorough scan of the source code may be conducted.


Providing configurable workflow capabilities

Owner: Amazon Technologies, Inc.
Publication #: 09184988
Publication Date: 2015-11-10
Patent URL: View on USPTO Website

Techniques are described for providing clients with access to functionality for creating, configuring and executing defined workflows that manipulate source data in defined manners, such as under the control of a configurable workflow service that is available to multiple remote clients over one or more public networks. A defined workflow for a client may, for example, include multiple interconnected workflow components that are specified by the client and that each are configured to perform one or more types of data manipulation operations on a specified type of input data. The configurable workflow service may further execute the defined workflow at one or more times and in one or more manners, such as in some situations by provisioning multiple computing nodes provided by the configurable workflow service to each implement at least one of the workflow components for the defined workflow.


Distributed clock network with time synchronization and activity tracing between nodes

Owner: Amazon Technologies, Inc.
Publication #: 09185003
Publication Date: 2015-11-10
Patent URL: View on USPTO Website

Systems and methods are described for coordinating clocks in a distributed computing environment. In one embodiment, a plurality of groups of nodes are formed. Nodes within a group may be time-synchronized and time differences between groups may be tracked. Clock adjustments between groups may be accumulated for tracked activities. The accumulated clock adjustments may be used to determine an ordering of the tracked activities.


Operational reporting in a computing environment

Owner: Amazon Technologies, Inc.
Publication #: 09185008
Publication Date: 2015-11-10
Patent URL: View on USPTO Website

In a system that provides network-based computer infrastructure services, a monitoring agent is installed on a computer to gather and report operational metrics from various sources, which may include infrastructure support services as well as elements of the computer itself. Metrics to be gathered and reported by the monitoring agent, as well as the format in which metrics are to be reported, are specified declaratively so that they can be changed without altering the procedural aspects of the monitoring agent.


Secure and efficient communication through an intermediary

Owner: Amazon Technologies, Inc.
Publication #: 09185088
Publication Date: 2015-11-10
Patent URL: View on USPTO Website

Techniques are disclosed for secure and efficient communication from a source to a destination through an intermediary. The disclosed techniques employ a source-to-intermediary encryption algorithm to encrypt the communication from the source to the intermediary. The disclosed techniques also employ an intermediary-to-destination encryption algorithm to encrypt the communication from the intermediary to the destination. Thus, a more optimal encryption algorithm may be employed for communication between the intermediary and the destination, even if the more optimal encryption algorithm is not supported by the source. Also, a more optimal encryption algorithm may be employed for communication between the source and the intermediary, even if the more optimal encryption algorithm is not supported by the destination.


Managing memory in virtualized environments

Owner: Amazon Technologies, Inc.
Publication #: 09176764
Publication Date: 2015-11-03
Patent URL: View on USPTO Website

Techniques are described for enabling a virtual machine to be presented with an amount of available guest memory, where a hypervisor or other privileged component manages the mapping of the resources based at least in part on the capacity of resources one or more hosts. This enables resources to be effectively oversubscribed to on host computing devices that have a limited amount of total available resources but which are running multiple virtual machines. For example, each virtual machine on the device can be presented as having access to the total amount of available resources that are available on the device or more in some cases. In some cases, resources may be mapped to a plurality of hosts that have available resources.


Ontology based customer support techniques

Owner: Amazon Technologies, Inc.
Publication #: 09177319
Publication Date: 2015-11-03
Patent URL: View on USPTO Website

Methods and systems for providing customer support in response to support communication are disclosed. Such communications may be structured or unstructured, and unstructured communications may be subject to further processing. A determination is made at least as to one or more relevant support classes, as well as to whether further support action(s) should be initiated. When determined that at least a further support action should be initiated, aspects of the support action may be determined and initiated.


Parameter based key derivation

Owner: Amazon Technologies, Inc.
Publication #: 09178701
Publication Date: 2015-11-03
Patent URL: View on USPTO Website

Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.


Delivery of items for consumption by a user device

Owner: Amazon Technologies, Inc.
Publication #: 09178744
Publication Date: 2015-11-03
Patent URL: View on USPTO Website

An item-providing system supplies items to a user device for consumption at the user device via communication infrastructure. The device may correspond to a book reader device or other type of device. The item-providing system uses a content delivery module to deliver the items to the user device.


Provisioning multiple network resources

Owner: Amazon Technologies, Inc.
Publication #: 09178766
Publication Date: 2015-11-03
Patent URL: View on USPTO Website

A resource provisioning service allows users to provision multiple, different network resources in an atomic manner and with a single call to a resource provisioning service. In some instances, the multiple, different network resources comprise individual types of resources that form a portion of one or more cloud-computing platforms. For instance, one or more entities may host and operate a cloud-computing platform that includes different types of network resources, such a storage service, a load balancing service, a compute service, a security service, or any other similar or different type of network-accessible service.


Interacting with restricted environments

Owner: Amazon Technologies, Inc.
Publication #: 09178867
Publication Date: 2015-11-03
Patent URL: View on USPTO Website

A computer-implemented method includes recording one or more actions being performed by an agent using at least one resource of a resource provider environment, the at least one resource being associated with a non-restricted zone in the resource provider environment. The method includes creating a primitive that describes the one or more actions. The primitive is able to be executed on at least one different resource in a restricted zone in the resource provider environment to perform the one or more actions using the different resource. The restricted zone includes resources associated with a customer that are directly accessible only to at least one authorized entity. The method includes submitting the primitive to the restricted zone in the resource provider environment. The primitive is able to be executed by the at least one authorized entity on the at least one different resource in the restricted zone.


Digital item ingestion process

Owner: Amazon Technologies, Inc.
Publication #: 09170795
Publication Date: 2015-10-27
Patent URL: View on USPTO Website

Disclosed are various embodiments for an ingestion process modifying digital items. A computing system receives an uploaded digital item configured to communicate with a testing server application when executed. The ingestion process reconfigures the digital item to communicate with a production server application when executed.


Automating workflow validation

Owner: Amazon Technologies, Inc.
Publication #: 09170821
Publication Date: 2015-10-27
Patent URL: View on USPTO Website

A test document associated with a workflow definition is obtained, the test document including an input for an action of the workflow definition and an expected state for the workflow definition based on the input. The input is delivered for the action of a workflow instance, the workflow instance being an instance of the workflow definition executed by a workflow engine, and the action determined based upon a present state of the workflow instance. A next state of the workflow instance is obtained, where the next state is determined by the workflow engine based upon the present state, the action and the input. The next state of the workflow instance is compared to the expected state of the test document.


Predictive upload of snapshot data

Owner: Amazon Technologies, Inc.
Publication #: 09170891
Publication Date: 2015-10-27
Patent URL: View on USPTO Website

A snapshot of a volume is taken by proactive uploading of scheduled snapshot data before the scheduled snapshot time has arrived. A volume snapshot schedule of once a day may be set up to a service provider using a speed-limited network connection. Using a determined upload speed of the network connection and a list of changes to the volume since a prior snapshot, a snapshot system may determine an appropriate time to start uploading volume data so that the snapshot may be completed at or after the scheduled snapshot time. By using the list of changes and available bandwidth of the network connection, the snapshot may be completed earlier than had it been started at the time of the snapshot and the available bandwidth of the network connection may be more efficiently used.


Distributed lock service with external lock information database

Owner: Amazon Technologies, Inc.
Publication #: 09171019
Publication Date: 2015-10-27
Patent URL: View on USPTO Website

A system that implements a distributed lock service may include a failure detector for servers and sessions, and may track the state of sessions on a per-client-connection basis. It may include an external lock information database that stores lock state information and that supports a higher write throughput rate than a distributed state manager. Each database record may store an identifier of a session during which a lock on a respective item was obtained (if any) and a staleness indicator. A distributed state manager may maintain a session identifier and a respective staleness indicator for each established session, and may push updates to this session information to interested client processes, which may cache the information. A client process wishing to lock an item may determine whether it can do so dependent on the information in a corresponding database record and on its own cached session information.


Unified account metadata management

Owner: Amazon Technologies, Inc.
Publication #: 09172621
Publication Date: 2015-10-27
Patent URL: View on USPTO Website

Methods and apparatus for unified account metadata management are disclosed. A storage medium stores program instructions that when executed on a processor generate a graph representation of metadata associated with a client account of a provider network. At least a portion of the metadata is obtained using an internal mechanism of the provider network. The graph comprises a plurality of nodes (representing resources associated with the client account) and a plurality of edges (representing configuration relationships). The instructions when executed provide a visualization of resources and configuration relationships of the graph; and in response to a graphical interaction with the visualization, issue a command to a network-accessible service of the provider network to implement a configuration modification associated with a resource represented in the graph.


Frameworks and interfaces for offload device-based packet processing

Owner: Amazon Technologies, Inc.
Publication #: 09172640
Publication Date: 2015-10-27
Patent URL: View on USPTO Website

High-speed processing of packets to, and from, a virtualization environment can be provided while utilizing hardware-based segmentation offload and other such functionality. A hardware vendor such as a network interface card (NIC) manufacturer can enable the hardware to support open and proprietary stateless tunneling in conjunction with a protocol such as single root I/O virtualization (SR-IOV) in order to implement a virtualized overlay network. The hardware can utilize various rules, for example, that can be used by the NIC to perform certain actions, such as to encapsulate egress packets and decapsulate packets.


Testing conversion and rendering of digital content

Owner: Amazon Technologies, Inc.
Publication #: 09164874
Publication Date: 2015-10-20
Patent URL: View on USPTO Website

Some examples include testing of software able to render a content item on a display of an electronic device. The testing may include capturing images of rendered portions of a content item and comparing the captured images with previously obtained reference images that have been verified to be correctly rendered. The testing techniques can be applied to conversion software that converts digital content items from one format to another and/or testing of the converted content items themselves. Additionally, content presentation software that displays digital content items on an electronic device, such as by interacting with rendering software, may also be tested using a similar technique.


Inexpensive deletion in a data storage system

Owner: Amazon Technologies, Inc.
Publication #: 09165002
Publication Date: 2015-10-20
Patent URL: View on USPTO Website

Systems and methods are provided herein for storing data to enable inexpensive and/or guaranteed deletion of data. In various embodiments, a customer specifies a data deletion indication associated with a data object to be stored, specifying when and/or how to delete the data object. Such a data deletion indication may be based, for example, on a regulatory compliance requirement. Based at least in part on the data deletion indication, the storage system may select, from a plurality of storage devices, a storage device to store the data object. Data objects with similar data deletion indications may be stored in the same storage device. In some embodiments, a data object stored in a storage device using the methods described herein may be deleted as part of the deletion of all or a portion of the storage device near a time specified by the data deletion indication of the data object.


Techniques for reliable network authentication

Owner: Amazon Technologies, Inc.
Publication #: 09165126
Publication Date: 2015-10-20
Patent URL: View on USPTO Website

Disclosed are various embodiments of techniques that may be used to improve the reliability of network authentication. A communication session is established between a server computing device and a client computing device. The communication session is established via a network using a credential for a network site. A verifier for the credential is generated, which may be used to confirm the authenticity of the credential. The verifier is provided to the client computing device via the network.


Augmented reality presentation

Owner: Amazon Technologies, Inc.
Publication #: 09165318
Publication Date: 2015-10-20
Patent URL: View on USPTO Website

Described are methods and systems of providing an augmented experience on a user device to facilitate user interaction with one or more virtual items. An augmented image comprising an actual object and a virtual item is generated and presented in a user interface. The user interface allows the user to lock a relative position of the virtual item as presented, such that the user may appear to “move” the virtual item. The user interface may also provide sizing information of the virtual item relative item to the actual object.


Distributed caching system

Owner: Amazon Technologies, Inc.
Publication #: 09166862
Publication Date: 2015-10-20
Patent URL: View on USPTO Website

The disclosure describes embodiments of a distributed caching system that are configured to store handshake data between client devices and servers, enabling handshake transaction to be resumed in case of interruption. Client devices can resume the handshake transaction even if assigned to new servers as the new servers can obtain the handshake data identifiers from the distributed caching system.


Distributed storage system with web services client interface

Owner: Amazon Technologies, Inc.
Publication #: 09166863
Publication Date: 2015-10-20
Patent URL: View on USPTO Website

A distributed, web-services based storage system. A system may include a web services interface configured to receive, according to a web services protocol, a given client request for access to a given data object, the request including a key value corresponding to the object. The system may also include storage nodes configured to store replicas of the objects, where each replica is accessible via a respective unique locator value, and a keymap instance configured to store a respective keymap entry for each object. For the given object, the respective keymap entry includes the key value and each locator value corresponding to replicas of the object. A coordinator may receive the given client request from the web services interface, responsively access the keymap instance to identify locator values corresponding to the key value and, for a particular locator value, retrieve a corresponding replica from a corresponding storage node.


Maintaining private connections during network interface reconfiguration

Owner: Amazon Technologies, Inc.
Publication #: 09166947
Publication Date: 2015-10-20
Patent URL: View on USPTO Website

A request is received to change an association of a network interface record from a first resource instance to a second resource instance. The network interface record may include an IP address associated with the first resource instance. In response to the request, the first resource instance is prevented from receiving data packets addressed to the IP address of the network interface record through a first network interface object attached to the first resource instance. The network interface record is associated with the second resource instance so that the second resource instance is enabled to receive data packets addressed to the IP address of the network interface record through a second network interface object attached to the second resource instance.


Social networking behavior-based identity system

Owner: Amazon Technologies, Inc.
Publication #: 09166961
Publication Date: 2015-10-20
Patent URL: View on USPTO Website

Disclosed are various embodiments for a social networking behavior-based identity system that employs social networking data that a user has elected to share through an opt-in procedure. First social networking data is stored in association with a user identity. An assertion of the user identity is received from a client after the first social networking data is stored. Second social networking data is received in response to receiving the assertion of the user identity. An identity confidence level as to whether the user identity belongs to a user at the client is generated based at least in part on a comparison of the second social networking data with the first social networking data.


Hinged ancillary displays

Owner: Amazon Technologies, Inc.
Publication #: 09158135
Publication Date: 2015-10-13
Patent URL: View on USPTO Website

Ancillary or secondary displays usable with various electronic devices are described herein. In some implementations, the ancillary display may include a dual hinge to allow the ancillary display to act as a cover for a portion of an associated electronic device. In some implementations, the ancillary display may include a magnetic connector capable of providing a mechanical coupling with an electronic device. The magnetic connector may also provide a pathway for the transmission of data and/or power between the ancillary display and the electronic device.


Grid layout control for network site design

Owner: Amazon Technologies, Inc.
Publication #: 09158743
Publication Date: 2015-10-13
Patent URL: View on USPTO Website

Disclosed are various embodiments for designing a network site. A grid layout component is provided in conjunction with a network page. The network page has at least one text element and at least one image element. The grid layout component has a plurality of cell configurations. Each cell configuration includes at least one text cell and at least one image cell. An indication is received from a user, indicating that one of the cell configurations is to be an initial cell configuration. In response to the user indication, the at least one text element and the at least one image element are displayed in a grid having the initial cell configuration. Layout code is generated which renders the grid, including the at least one text element and the at least one image element, within the network page for display by the browser.


Authentication of virtual machine images using digital certificates

Owner: Amazon Technologies, Inc.
Publication #: 09158909
Publication Date: 2015-10-13
Patent URL: View on USPTO Website

A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.


Systems and methods for fabricating products on demand

Owner: Amazon Technologies, Inc.
Publication #: 09159106
Publication Date: 2015-10-13
Patent URL: View on USPTO Website

Systems and methods are provided for fabricating products on demand. In some embodiments, a manufacturable model, which may include information about a three-dimensional representation of a product to be fabricated, is received by a user of an electronic system and may be validated by the electronic system. A prototype of the product can be generated based at least in part on the manufacturable model, and the manufacturable model and/or the product can be made available for selection by other users of the system. The product may be fabricated based at least in part on the manufacturable model using, for example, a three-dimensional printer, and may be delivered to users of the electronic system.


Mining of user event data to identify users with common interests

Owner: Amazon Technologies, Inc.
Publication #: 09160548
Publication Date: 2015-10-13
Patent URL: View on USPTO Website

A computer-implemented matching service matches users to other users, and/or to user communities, based at least in part on a computer analysis of event data reflective of user behaviors. The event data may, for example, evidence user affinities for particular items represented in an electronic catalog, such as book titles, music titles, movie titles, and/or other types of items that tend to reflect the traits of users. Event data reflective of other types of user actions, such as item-detail-page viewing events, browse node visits, search query submissions, and/or web browsing patterns may additionally or alternatively be considered. By taking such event data into consideration, the matching service reduces the burden on users to explicitly supply personal profile information, and reduces poor results caused by exaggerations and other inaccuracies in such profile information.


Verified hardware-based erasure of data on distributed systems

Owner: Amazon Technologies, Inc.
Publication #: 09152505
Publication Date: 2015-10-06
Patent URL: View on USPTO Website

Systems, methods and related processes for securely erasing and/or rendering permanently inaccessible data stored on storage systems securely erased is described. Such storage systems may, in some aspects, integrate hardware capable of secure erasure. In some aspects, a cryptographically-based system is utilized.


Automated mobile application verification

Owner: Amazon Technologies, Inc.
Publication #: 09152541
Publication Date: 2015-10-06
Patent URL: View on USPTO Website

Disclosed are various embodiments for automatically testing and verifying mobile applications. A mobile application is obtained from a source entity. The mobile application is automatically installed in different mobile computing devices in a testing environment. Execution of the mobile application is automatically initiated in the different mobile computing devices. Whether the mobile application meets performance criteria is automatically verified for each of the different mobile computing devices.


Adapting decoy data present in a network

Owner: Amazon Technologies, Inc.
Publication #: 09152808
Publication Date: 2015-10-06
Patent URL: View on USPTO Website

Disclosed are various embodiments for obtaining policy data specifying decoy data eligible to be inserted within a response to an access of a data store. The decoy data is detected in the response among a plurality of non-decoy data based at least upon the policy data. An action associated with the decoy data is initiated in response to the access of the data store meeting a configurable threshold.


Secure proxy

Owner: Amazon Technologies, Inc.
Publication #: 09154479
Publication Date: 2015-10-06
Patent URL: View on USPTO Website

Methods and systems are provided herein to enable secure proxying of network traffic between trusted and untrusted environments. In particular, a secure proxy may be provided that includes a set of security layers and a secure endpoint resolver, either of which may be provided and/or updated by a service provider. The security layers may be associated with policies that may be applicable to various network protocol layers (e.g., application layer). The security layers may be used to inspect, restrict and/or modify traffic between the trusted and untrusted environment to ensure data and network security. The secure endpoint resolver may be used, for example, by an application in the trusted environment, to obtain current service-related information such as the list of IP addresses currently associated with a service or service endpoint. Such endpoint information may be used, in turn, to update security layer policies such as a white list.


Secure device configuration

Owner: Amazon Technologies, Inc.
Publication #: 09154483
Publication Date: 2015-10-06
Patent URL: View on USPTO Website

Described herein are systems and methods for secure configuration provisioning of network credentials to configure a device to join one or more networks. One implementation provides for distribution of network credentials to associated devices without user intervention while maintaining security and avoiding distribution of the network credentials to external devices, such as a third-party server. Devices may be associated by purchase from a common merchant, registration to a common account, and so forth.


Systems and methods identifying and reacting to potentially malicious activity

Owner: Amazon Technologies, Inc.
Publication #: 09154515
Publication Date: 2015-10-06
Patent URL: View on USPTO Website

Information security may include defending information from unauthorized access, use, disclosure, modification, destruction, and so forth. Described herein are systems, methods and devices for enabling a user device to implement functions for dynamically identifying and reacting to potentially malicious activity. In one example, a user device configures a sentinel node to identify potentially malicious behavior by causing the sentinel node to analyze data from selected emitter nodes and selected algorithms. The user device may also specify how the sentinel node reacts to potential malicious activity.


Bandwidth-optimized cloud resource placement service

Owner: Amazon Technologies, Inc.
Publication #: 09154589
Publication Date: 2015-10-06
Patent URL: View on USPTO Website

Methods and apparatus for a bandwidth-optimized cloud resource placement service are disclosed. A system includes a plurality of resources of a provider network and a resource manager. The resource manager receives a placement request comprising resource pair specifications, where each specification indicates respective capabilities of a desired first and second resource, and a network traffic rate to be supported between the first and second resources. The resource manager identifies resources that match the desired capabilities and can be linked by network paths supporting the desired traffic rates. The resource manager provides an acquisition plan for the identified resources to the client. If the client requests an implementation of the plan, the resource manager acquires the resources on behalf of the client.


Suggesting points of interest on a mapped route using user interests

Owner: Amazon Technologies, Inc.
Publication #: 09146129
Publication Date: 2015-09-29
Patent URL: View on USPTO Website

Methods, systems and computer program products for suggesting points of interests on a mapped route using user interests include receiving a request for a mapped route. The request can include off-route information indicating that the user is willing to visit points of interest not directly along the mapped route. That is, points of interests that may not necessarily be close to the user's mapped route but may be of high interest to the user can be presented or suggested to the user to enhance the user's travel experience or trip. The points of interest suggested can be selected based on respective relevancy scores representing a level of relevancy to a user interest. The suggested points of interest can be ranked based on the relevancy factors. The suggested point of interest displayed to the user can also be limited to those having a relevancy factor that meets a predetermined threshold.


Processing event messages for user requests to execute program code

Owner: Amazon Technologies, Inc.
Publication #: 09146764
Publication Date: 2015-09-29
Patent URL: View on USPTO Website

A service manages a plurality of virtual machine instances for low latency execution of user codes. The service can provide the capability to execute user code in response to events triggered on an auxillary service to provide implicit and automatic rate matching and scaling between events being triggered on the auxiliary service and the corresponding execution of user code on various virtual machine instances. An auxiliary service may be configured as an event triggering service to detect events and generate event messages for execution of the user codes. The service can request, receive, or poll for event messages directly from the auxiliary service or via an intermediary message service. Event messages can be rapidly converted to requests to execute user code on the service. The time from processing the event message to initiating a request to begin code execution is less than a predetermined duration, for example, 100 ms.


Mitigating an impact of a datacenter thermal event

Owner: Amazon Technologies, Inc.
Publication #: 09146814
Publication Date: 2015-09-29
Patent URL: View on USPTO Website

A ranking service can retrieve metrics from a metrics data store and use the metrics to determine a priority order in which to power down resources in a data center. Metrics from the data store can include a number of instances running on a host, a length of time that an instance has been operational, a type of instance, an amount of CPU use on a host, etc. The ranking service can also obtain other parameters from other sources. The parameters can include whether redundant or failover instances exist, the importance of the instances, whether the customer itself is considered important, other generic parameters from the customer account, a customer provided ranking of instances, etc.


Analysis and verification of distributed applications

Owner: Amazon Technologies, Inc.
Publication #: 09146829
Publication Date: 2015-09-29
Patent URL: View on USPTO Website

Systems and methods are described for analyzing and verifying distributed applications. In one embodiment, an application program is parsed and a set of inputs is determined. The application program is executed as one or more independently executable components. During execution, non-deterministic events are modified in order to effectuate a deterministic result. Redundant portions of the set of inputs are aggregated, and the set of inputs is iteratively updated.


Server facilitated content distribution

Owner: Amazon Technologies, Inc.
Publication #: 09146893
Publication Date: 2015-09-29
Patent URL: View on USPTO Website

Described herein are systems and methods for initiating on a first device distribution and presentation of content to a second device. A server facilitates the distribution by determining a presentation context of the second device. Based at least in part on the presentation context, the server retrieves and processes the content and provides output content to the second device for presentation. A consolidated content list may also be maintained. The consolidated content list allows the user to add content for later consumption, or access the content, regardless of the content provider supplying the content.


Systems and methods providing parameters for modifying a font

Owner: Amazon Technologies, Inc.
Publication #: 09146907
Publication Date: 2015-09-29
Patent URL: View on USPTO Website

Media devices display content with fonts that contain sets of glyphs such as letters. Described herein are systems, devices, and methods for providing parameters for modifying a font. The modification of the font may increase readability for users of the media devices. The parameters may be determined based on at least one of an analysis of the content or an analysis of existing fonts and modifications already made to the existing fonts.


Dialogue-driven user security levels

Owner: Amazon Technolgies, Inc.
Publication #: 09147054
Publication Date: 2015-09-29
Patent URL: View on USPTO Website

Natural language controlled devices may be implemented in an environment where the devices are configured to operate with multiple different users. The techniques described herein implement security requirements for a device configured to operate in an environment where the multiple different users may request functionality. The security requirements may be implemented based on the whether the functionality requested is personal and/or secured.


Trusted computing host

Owner: Amazon Technologies, Inc.
Publication #: 09147086
Publication Date: 2015-09-29
Patent URL: View on USPTO Website

A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.


Secured firmware updates

Owner: Amazon Technologies, Inc.
Publication #: 09148413
Publication Date: 2015-09-29
Patent URL: View on USPTO Website

When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. In some embodiments, an asymmetric keying approach can be used to encrypt or sign the firmware. In other cases access can be controlled by enabling firmware updates only through a channel or port that is not exposed to the customer, or by mapping only those portions of the hardware that are to be accessible to the user. In other embodiments, the user can be prevented from modifying firmware by only provisioning the user on a machine after an initial mutability period wherein firmware can be modified, such that the user never has access to a device when firmware can be updated. Combinations and variations of the above also can be used.


Credential management in a multi-tenant environment

Owner: Amazon Technologies, Inc.
Publication #: 09148414
Publication Date: 2015-09-29
Patent URL: View on USPTO Website

Customers accessing resources or services in a multi-tenant environment can obtain assurance that a provider of that environment will honor only requests associated with the customer and will reject any requests that might have been tampered with or otherwise falsely generated. Various endpoints or interfaces can be used, which can be located in the multi-tenant environment, in a customer environment, or in a separate location. These endpoints or interfaces can sign unsigned requests, or otherwise increase the credentials of a signed request, on behalf of a customer. In some embodiments, additional metadata can be added that can increase the authentication level of the requests. Such an approach can enable a customer to provide or delegate access to the resources without exposing the credentials outside a secure environment.


Resolving conflicts within saved state data

Owner: Amazon Technologies, Inc.
Publication #: 09141682
Publication Date: 2015-09-22
Patent URL: View on USPTO Website

Disclosed are various embodiments for synchronizing application state information across devices. More specifically, embodiments of the disclosure are related to resolving conflicts between application state information. A synchronization rule, an event name and/or event value are embedded within application state information obtained from devices associated with a user, from which conflicts can be resolved by an application synchronization service.


Distributed computer system snapshot instantiation with variable depth

Owner: Amazon Technologies, Inc.
Publication #: 09141683
Publication Date: 2015-09-22
Patent URL: View on USPTO Website

Distributed computer systems prepare and instantiate snapshots by processing sets of nodes representing computer resources that are portions of a larger system. A user may choose to prepare or instantiate a snapshot containing all or only a portion of the data within the distributed computer system, such as a template of the distributed computer system. A template snapshot may be available in an electronic marketplace for other users to purchase and instantiate into a replica of the distributed computer system.


System and method for associating keywords with a web page

Owner: Amazon Technologies, Inc.
Publication #: 09141713
Publication Date: 2015-09-22
Patent URL: View on USPTO Website

A web page optimization engine for optimizing a web page is described. The web page optimization engine includes a keyword mapping engine configured to generate a keyword map including a listing of keywords, where each keyword is associated with one or more web pages. The web page optimization engine further includes a map reversal engine configured to generate a web page map including a listing of web page subject matters, where each web page subject matter is associated with one or more keywords based on the associations from the keyword map. The web page optimization engine yet further includes a web page generation engine configured to generate a web page for a web page subject matter in the web page map to include at least one of the one or more keywords for that web page subject matter.


Secure transfer and use of secret material in a shared environment

Owner: Amazon Technologies, Inc.
Publication #: 09141769
Publication Date: 2015-09-22
Patent URL: View on USPTO Website

Aspects related to the secure transfer and use of secret material are described. In one embodiment, public vendor and provider keys are provided to a customer and encrypted secret material is received in return. The encrypted secret material may include a customer secret material encrypted by the public vendor and provider keys. The encrypted secret material is imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret material of the customer, as the customer secret material is decrypted and stored within the trusted execution environment but is not accessed by the provider in an unencrypted form. In turn, the provider may receive various instructions to perform cryptographic operations on behalf of the customer, and those instructions may be performed by the trusted execution environment.


Differential bandwidth metering for networks with direct peerings

Owner: Amazon Technologies, Inc.
Publication #: 09141947
Publication Date: 2015-09-22
Patent URL: View on USPTO Website

Methods and apparatus for differential bandwidth metering in a network implementing direct peerings. A system includes a plurality of resource collections and a billing manager. The billing manager obtains a first metric of network traffic transmitted on behalf of a client to obtain one or more services from one or more resource collections. The billing manager also obtains a second metric of network traffic transmitted on behalf of the client over one or more private links, where each private link is set up to establish a network path between a respective client network of the client and a respective resource collection of the plurality of resource collections. The billing manager provides composite billing information to the client comprising a differential billing amount dependent upon a difference between the first metric and the second metric.


Automatically selecting alert modes based on location

Owner: Amazon Technologies, Inc.
Publication #: 09143898
Publication Date: 2015-09-22
Patent URL: View on USPTO Website

Disclosed are various embodiments for automatically selecting alert modes for a mobile device based at least in part on the mobile device location. A location of the mobile device is determined. A map feature classification of the location is obtained from a server. One or more notifications of the mobile device are automatically to use a particular alert mode that is selected based at least in part on the map feature classification of the location.


Compiler optimization in a computing environment

Owner: Amazon Technologies, Inc.
Publication #: 09134980
Publication Date: 2015-09-15
Patent URL: View on USPTO Website

A set of techniques is described for enabling profile-driven compiler optimization based on cloud-specific information. A service provider may host applications on behalf of multiple users by providing a set of shared resources in a multi-tenant computing environment, where the resources are shared by the various applications hosted thereon. The service provider can collect runtime conditions, resource contention data and other environment-specific information of the shared resources. This gathered information can be provided a profile-driven compiler. The profile-driven compiler can use the information to recompile the source code of the application to produce an optimized version the application that is specifically tuned to run on the shared resources. The running version of the application can then be replaced by the optimized version.


Identifying and resolving software issues

Owner: Amazon Technologies, Inc.
Publication #: 09135146
Publication Date: 2015-09-15
Patent URL: View on USPTO Website

Technologies are described herein for use in identifying and resolving software issues. One or more corrective actions may be identified and taken that are based upon the similarity between an unresolved issue and one or more resolved issues and/or upon the similarity between code changes made to resolve similar previously resolved issues. A version control graph might also be utilized to determine if a change made to resolve an issue in one branch of a software component is applicable to another branch of the software component. The version control graph might also be utilized to compute the relevance of an entry in an issue tracking system for an issue at a point in time after the entry is created in the issue tracking system.


Self-service configuration for data environment

Owner: Amazon Technologies, Inc.
Publication #: 09135283
Publication Date: 2015-09-15
Patent URL: View on USPTO Website

The values of various operating and/or configuration parameters of a data environment are managed using a set of self-service Web services and interfaces of a separate control environment. A customer can submit a Web services call into an externally-facing application programming interface (API) or other such externally-facing interface of the control environment. The API receiving the call, as well as information extracted from the call, can be used to determine appropriate adjustments to be performed in the data environment. A workflow can be instantiated that includes tasks used to validate and/or apply the adjustments to the target resources, such as databases, data instances, data stores, instance classes, etc. Various real-time functions such as monitoring and auto-scaling also can be performed via the control plane.


Using virtual networking devices to manage routing communications between connected computer networks

Owner: Amazon Technologies, Inc.
Publication #: 09137102
Publication Date: 2015-09-15
Patent URL: View on USPTO Website

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and one or more other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage routing communications between the inter-connected managed computer networks in accordance with client-specified configuration information.


Availability risk assessment, system modeling

Owner: Amazon Technologies, Inc.
Publication #: 09137110
Publication Date: 2015-09-15
Patent URL: View on USPTO Website

Embodiments of the present disclosure are directed to, among other things, determining whether some or all portions of an application stack implemented on a distributed system are vulnerable to availability issues. In some examples, a web service may utilize or otherwise control a client instance to control, access, or otherwise manage resources of a distributed system. Based at least in part on comparing one or more customer graphs with one or more model, curated, or best practice graphs of a distributed system, availability risks and/or deployment recommendations may be provided. Additionally, in some examples, one or more remediation and/or migration operations may be performed automatically or provided as recommendations.


Managing networks utilizing network simulation

Owner: Amazon Technologies, Inc.
Publication #: 09137121
Publication Date: 2015-09-15
Patent URL: View on USPTO Website

Systems and methods are disclosed which facilitate the management of changes to a hosted network. In one aspect, a resource optimization manager obtains an identification of one or more changes to be implemented on a hosted network. The network validation manager component simulates the implementation of the identified changes and records state information associated with the monitored simulation. The network validation manager component generates a network change template that includes the information recorded from the simulation of the change to the hosted network. In another aspect, the network validation manager component can utilize network change templates to monitor the implementation of changes to the hosted network. The network change templates can then be utilized to determine whether to proceed with implementation of the change to the hosted network or whether to revert the hosted network to a condition prior to the implementation of the identified change.


Providing local secure network access to remote services

Owner: Amazon Technologies, Inc.
Publication #: 09137209
Publication Date: 2015-09-15
Patent URL: View on USPTO Website

Techniques are described for providing users with access to computer networks, such as to enable users to create computer networks that are provided by a remote configurable network service for use by the users. Such provided computer networks may be configured to be private computer networks accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. In addition, access to remote resource services may be configured and provided from such computer networks in various manners, such as to include a local access mechanism as part of a provided computer network that is configured to forward communications sent to the access mechanism to a particular remote resource service.


Configurable-capacity time-series tables

Owner: Amazon Technologies, Inc.
Publication #: 09128965
Publication Date: 2015-09-08
Patent URL: View on USPTO Website

Methods and apparatus for configurable-capacity time-series tables are disclosed. A schedule of database table management operations, including at least an operation to change a throughput constraint associated with a table in response to a triggering event, is generated. The table is instantiated with an initial throughput constraint in accordance with the schedule. Work requests directed to the table are accepted based on the initial throughput constraint. The throughput constraint is modified in response to the triggering event. Subsequent work requests are accepted based on the modified throughput constraint.


Mapping identifying information

Owner: Amazon Technologies, Inc.
Publication #: 09129118
Publication Date: 2015-09-08
Patent URL: View on USPTO Website

A technology is described for making a decision based on identifying without disclosing the identifying information. The method may include receiving a mapping value that represents identifying information that has been converted into a mapping value. A request for data associated with the identifying information may be made by providing the mapping value as a proxy for the identifying information whereby the data associated with the identifying information may be located using the mapping value and returned to a requesting client or service.


Touchscreen input device with identifier

Owner: Amazon Technologies, Inc.
Publication #: 09122334
Publication Date: 2015-09-01
Patent URL: View on USPTO Website

When a touchscreen input device is in proximity with a first computing device, the touchscreen input device can send an identifier to the first computing device. The touchscreen input device can be used with the first computing device to define an action that can be performed on other computing devices. The first computing device can send the identifier of the touchscreen input device and an indication of the defined action to a server. When a touchscreen input device is in proximity with a second computing device, the touchscreen input device can send the identifier to the second computing device. The second computing device can send the identifier to the server. The server can send the second computing device an indication that the defined action can be performed on the second computing device.


Software container recommendation service

Owner: Amazon Technologies, Inc.
Publication #: 09122562
Publication Date: 2015-09-01
Patent URL: View on USPTO Website

A technology is described for a software container recommendation service. An example method may include collecting utilization metrics for an application hosted on a computing instance. The utilization metrics may be a measure of computing resources used by the application. The utilization metrics may be analyzed to determine a level of computing resources for the computing instance used by the application. A software container configuration for the application may be determined based at least in part on the utilization metrics when analysis of the utilization metrics indicates an underutilization of computing resources by the application. The specifications of the software container configuration may then be provided to a customer.


Predicting location of a mobile user

Owner: Amazon Technologies, Inc.
Publication #: 09123014
Publication Date: 2015-09-01
Patent URL: View on USPTO Website

Disclosed are various embodiments for predicting a future location of a mobile user. A recent location of a mobile user is received. Past location data for the mobile user is retrieved from storage. A future location of the mobile user is predicted based at least in part on the recent location and on the past location data. The prediction is provided in response to a query or by subscription.


Controlling the rendering of supplemental content related to electronic books

Owner: Amazon Technologies, Inc.
Publication #: 09116654
Publication Date: 2015-08-25
Patent URL: View on USPTO Website

Architectures and techniques are provided to control the rendering of supplemental content associated with electronic books. For example, electronic books may be associated with content that is in addition to the content originally provided to an individual acquiring the electronic book, such as annotations, social networking site information, media outlet information, and the like. Individuals may control the supplemental electronic book content that is rendered via their client devices via actuation of a physical input device or a representation of an input device shown via a touch sensitive display. The amount of supplemental content that is rendered may correspond to information associated with a specified number of categories of supplemental electronic book content based on a supplemental content rendering level. In other implementations, the amount of supplemental electronic book content that is rendered may correspond to an amount of supplemental content to be rendered for each category of supplemental content.


System and method for data replication using a single master failover protocol

Owner: Amazon Technologies, Inc.
Publication #: 09116862
Publication Date: 2015-08-25
Patent URL: View on USPTO Website

A system that implements a data storage service may store data on behalf of storage service clients. The system may maintain data in multiple replicas of various partitions that are stored on respective computing nodes in the system. The system may employ a single master failover protocol, usable when a replica attempts to become the master replica for a replica group of which it is a member. Attempting to become the master replica may include acquiring a lock associated with the replica group, and gathering state information from the other replicas in the group. The state information may indicate whether another replica supports the attempt (in which case it is included in a failover quorum) or stores more recent data or metadata than the replica attempting to become the master (in which case synchronization may be required). If the failover quorum includes enough replicas, the replica may become the master.


Reduced bandwidth data uploading in data systems

Owner: Amazon Technologies, Inc.
Publication #: 09116909
Publication Date: 2015-08-25
Patent URL: View on USPTO Website

Methods and apparatus for uploading data from a sender to a receiver. A data deduplication technique is described that may reduce the bandwidth used in uploading data from the sender to the receiver. In the technique, the receiver, rather than the sender, maintains a fingerprint dictionary for previously uploaded data. When a sender has additional data to be uploaded, the sender extracts fingerprints for units of the data and sends the fingerprints to the receiver. The receiver checks its fingerprint dictionary to determine the data units to be uploaded and notifies the sender of the identified units, which then sends the identified units of data to the receiver. The technique may, for example, be applied in virtualized data store systems to reduce bandwidth usage in uploading data.


Pre-fetching of network page content

Owner: Amazon Technologies, Inc.
Publication #: 09116999
Publication Date: 2015-08-25
Patent URL: View on USPTO Website

Disclosed are various embodiments for pre-fetching of resources referenced on a network page. A predicted next network page is retrieved by a computer system. The predicted next network page references at least one resource. At least one attribute of the resource is evaluated according to at least one retrieval criteria. At least one resource is retrieved if the attribute meets the retrieval criteria.


Stateless and secure authentication

Owner: Amazon Technologies, Inc.
Publication #: 09117062
Publication Date: 2015-08-25
Patent URL: View on USPTO Website

Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.


Persistent connections for email web applications

Owner: Amazon Technologies, Inc.
Publication #: 09118650
Publication Date: 2015-08-25
Patent URL: View on USPTO Website

A token for a webclient in communication with an HTTP server to access an email system is stored at a database by the HTTP server. If the HTTP server is unexpectedly unavailable, a backup HTTP server that next interacts with the webclient can locate the token for the webclient using identifying information for the webclient to locate a record in the database containing the token. The backup HTTP server can then provide seamless access to the email system for the webclient despite the loss of connectivity to the initial HTTP server.


Triggered data shelving to a different storage system and storage deallocation

Owner: Amazon Technologies, Inc.
Publication #: 09110600
Publication Date: 2015-08-18
Patent URL: View on USPTO Website

A data volume may be shelved based at least in part on statistical triggers associated with the data, a user of the data, or a system configured to store and/or manage the data. Upon receiving a request to detach a data volume from a computing device, a determination of whether the data volume should be shelved may be made. In some aspects, the data volume may be shelved by moving the data to another storage system, storing an identifier of the data volume, and de-allocating space associated with the shelved data such that the shelved data is no longer maintained in the storage system. Further, in some aspects, upon a request to attach the data volume, the data may be moved back, the original identifier may be re-assigned to the data volume, and the data volume may be re-attached to the computing device.


Proxy for injecting configuration information

Owner: Amazon Technologies, Inc.
Publication #: 09110732
Publication Date: 2015-08-18
Patent URL: View on USPTO Website

A proxy operating inside of a virtual machine that is responsible for receiving user-specified configuration information, such as credentials, and updating the configuration of the virtual machine with the user-specified values at the time of assigning the virtual machine to a user. Once the proxy updates the configuration of the virtual machine, the virtual machine is assigned the user that provided the user configuration information and the proxy can deactivate or uninstall itself from the virtual machine, such as by deleting all files, registry entries and other traces of execution.


Tag-based deployment to overlapping host sets

Owner: Amazon Technologies, Inc.
Publication #: 09110756
Publication Date: 2015-08-18
Patent URL: View on USPTO Website

Methods and systems for deploying software packages are provided. In an example, a deployment service allows users to deploy software packages to target sets of computing devices where the target sets may overlap. The deployment service prevents software packages from being deployed to target sets that would conflict with a software package deployed to at least some of the target set as a result of the target set overlapping with another set.


Assessing quality of code in an open platform environment

Owner: Amazon Technologies, Inc.
Publication #: 09110770
Publication Date: 2015-08-18
Patent URL: View on USPTO Website

Techniques for driving higher quality of code may be provided. For example, code may be received for hosting on a computing resource. A computing service may be implemented to analyze the code prior to the hosting. The analysis may include assessing components of the code against criteria associated with code performance. Based on the analysis, the computing service may determine a quality of the code, provide recommended changes to the code that may improve the quality, and identify a proper computing resource for hosting the code at the quality.


Correlated failure zones for data storage

Owner: Amazon Technologies, Inc.
Publication #: 09110797
Publication Date: 2015-08-18
Patent URL: View on USPTO Website

Techniques for optimizing data storage are disclosed herein. In particular, methods and systems for implementing redundancy encoding schemes with data storage systems are described. The redundancy encoding schemes may be scheduled according to system and data characteristics. The schemes may span multiple tiers or layers of a storage system. The schemes may be generated, for example, in accordance with a transaction rate requirement, a data durability requirement or in the context of the age of the stored data. The schemes may be designed to rectify entropy-related effects upon data storage. The schemes may include one or more erasure codes or erasure coding schemes. Additionally, methods and systems for improving and/or accounting for failure correlation of various components of the storage system, including that of storage devices such as hard disk drives, are described.


Extracting structured knowledge from unstructured text

Owner: Amazon Technologies, Inc.
Publication #: 09110882
Publication Date: 2015-08-18
Patent URL: View on USPTO Website

Embodiments of the present invention relate to knowledge representation systems which include a knowledge base in which knowledge is represented in a structured, machine-readable format that encodes meaning. Techniques for extracting structured knowledge from unstructured text and for determining the reliability of such extracted knowledge are also described.


Reducing input processing latency for remotely executed applications

Owner: Amazon Technologies, Inc.
Publication #: 09111080
Publication Date: 2015-08-18
Patent URL: View on USPTO Website

Disclosed are various embodiments for reducing input processing latency for remotely executed applications. An application is executed in a hosted environment, and a video signal generated by the application is encoded into a media stream. The media stream is sent to a client by way of a network. Unprocessed user input data for the application is obtained from the client computing device by way of the network. The unprocessed user input data is processed at a first processing rate that is above a second processing rate associated with a normal processing of the unprocessed user input data in the client.


Performance based recommendations

Owner: Amazon Technologies, Inc.
Publication #: 09111219
Publication Date: 2015-08-18
Patent URL: View on USPTO Website

Systems and associated processes are disclosed for generating recommendations for users based on the computing device likely to be utilized by the user to execute an application, among other things. These systems and processes are described in the context of an interactive computing system that enables users to download applications for mobile devices or for other computing devices. The performance of applications running on the user's computing device can be monitored with the performance data being collected and provided to the interactive computing system. The interactive computing system can include a recommendation system or service that processes the performance data and using the performance data, among possibly other data, the recommendation system can recommend alternative applications to the user for download. Further, in some cases, the interactive computing system can recommend modifications to the user's computing device to improve the performance of the application running on the user's computing device.


Appliance backnets in dedicated resource environment

Owner: Amazon Technologies, Inc.
Publication #: 09112841
Publication Date: 2015-08-18
Patent URL: View on USPTO Website

A backnet can be created within a dedicated private network of a customer that enables a distinct party to access and/or control a portion of the resources within the private network. In one example, a backnet includes a separate virtual interface for an appliance or other such resource that is not visible or accessible to the customer owning the customer cloud, but can be accessed by another appliance or component in the customer cloud, or an appliance vendor external to the customer cloud. While the customer can control the permission for the backnet, the vendor can control or implement the resources within the backnet in a way that is isolated from the customer. Usage of the backnet can be separately monitored and billed to the vendor, even though the resources are part of the dedicated customer cloud.


Secure communication between applications on untrusted platforms

Owner: Amazon Technologies, Inc.
Publication #: 09112854
Publication Date: 2015-08-18
Patent URL: View on USPTO Website

Disclosed are various embodiments for facilitating secure communication between applications on an untrusted computing platform. It is verified that a first application installed in a computing device has permission to communicate with a second application also installed in the computing device based at least in part on a secure key associated with the first application. The verification may include determining that the secure key has been signed by a predetermined certificate and determining that the secure key includes a platform-specific, tamper-proof identifier of the first application. Alternatively, the verification may include determining that the first application is signed by a predetermined certificate. Communication between the first and second applications is facilitated when the first application has permission to communicate with the second application.


Multitenant monitoring system storing monitoring data supporting flexible pivot querying

Owner: Amazon Technologies, Inc.
Publication #: 09104392
Publication Date: 2015-08-11
Patent URL: View on USPTO Website

Monitoring data can be received and managed in a multi-tenant environment. Monitoring data can be received for multiple tenants. The received monitoring data can be sorted. Sorting can be performed based on various criteria, such as by tenant. The sorted monitoring data can be written to data files. Each data file can store monitoring data for a plurality of tenants. Receiving, sorting, and writing monitoring data can be performed within a multi-tenant monitoring system.


Automated root cause analysis

Owner: Amazon Technologies, Inc.
Publication #: 09104572
Publication Date: 2015-08-11
Patent URL: View on USPTO Website

Various aspects of the performance of computing resources, such as storage volumes, are measured and used to train a probability model. The probability model is used in a query engine that is able to respond receive queries about a computing resource's state. The queries may specify a state of the computing resource and provide a set of measurements of the computing resource's performance. The query engine may use the probability model, which may be in the form of a contingency table, to provide information that indicates one or more most likely causes of the state.


Translation of applications

Owner: Amazon Technologies, Inc.
Publication #: 09104661
Publication Date: 2015-08-11
Patent URL: View on USPTO Website

Disclosed are various embodiments that facilitate translation of applications. An image is obtained, and text shown within the image is recognized. Translated text is generated by translating the text from one language to another. The translated text is incorporated into the image. The image is then sent to another computing device.


Providing access to application data

Owner: Amazon Technologies, Inc.
Publication #: 09104885
Publication Date: 2015-08-11
Patent URL: View on USPTO Website

Disclosed are various embodiments for providing access to application data stored by multiple applications across multiple devices of a user. A request to store application data is obtained by a data storage service from an application associated with a user. The application is executed in a client computing device, and the request specifies a security credential and is obtained by way of a network. The application data is stored by the data storage service in response to the request to store. The data storage service may be configured to store data for multiple applications associated with the user, and each of the applications may be associated with a different security credential.


Multi-user secret decay

Owner: Amazon Technologies, Inc.
Publication #: 09106405
Publication Date: 2015-08-11
Patent URL: View on USPTO Website

Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.


Interfaces to manage last-mile connectivity for direct network peerings

Owner: Amazon Technologies, Inc.
Publication #: 09106469
Publication Date: 2015-08-11
Patent URL: View on USPTO Website

Methods and apparatus for interfaces to manage last-mile connectivity and dynamic reconfiguration for direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements an interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator determines a connectivity provider to provide last-mile connectivity to the requester, and transmits a notification identifying the selected connectivity provider.


Predicting long-term computing resource usage

Owner: Amazon Technologies, Inc.
Publication #: 09106589
Publication Date: 2015-08-11
Patent URL: View on USPTO Website

Techniques are described for performing automated predictions of program execution capacity or other capacity of computing-related hardware resources that will be used to execute software programs in the future, such as for a group of computing nodes that execute one or more programs for a user. The predictions that are performed may in at least some situations be based on historical data regarding corresponding prior actual usage of execution-related capacity (e.g., for one or more prior years), and may include long-term predictions for particular future time periods that are multiple months or years into the future. In addition, the predictions of the execution-related capacity for particular future time periods may be used in various manners, including to manage execution-related capacity at or before those future time periods, such as to prepare sufficient execution-related capacity to be available at those future time periods.


Synchronizing authentication sessions between applications

Owner: Amazon Technologies, Inc.
Publication #: 09106642
Publication Date: 2015-08-11
Patent URL: View on USPTO Website

Disclosed are various embodiments for synchronizing authentication sessions between applications. In one embodiment, a first authentication token is received from a first application in response to determining that the first application is authenticated with a service provider. A second authentication token is requested from a token exchange service associated with the service provider. The second authentication token is requested using the first authentication token. The second application is configured to use the second authentication token in order to access a resource of the service provider.


Call routing to subject matter specialist for network page

Owner: Amazon Technologies, Inc.
Publication #: 09106747
Publication Date: 2015-08-11
Patent URL: View on USPTO Website

Disclosed are various embodiments for location based call routing to a subject matter specialist. A call request is received from a computing device which includes an identifier of a network page. A topic specialist for the network page is identified from the contents of the network page. The call request is completed by establishing a call between the computing device and another computing device which is operated by the topic specialist.


Managing workflows

Owner: Amazon Technologies, Inc.
Publication #: 09098329
Publication Date: 2015-08-04
Patent URL: View on USPTO Website

Systems and methods are disclosed that facilitate the selection of virtual machine instances to implement each action associated with a specified workflow. Workflows are configured and defined as a series of actions or processes that have various requirements. For each action in a specified workflow, a workflow management component can select virtual machine resources that are best suited to implement the specific action in accordance with the requirements of the action.


Throughput-sensitive redundancy encoding schemes for data storage

Owner: Amazon Technologies, Inc.
Publication #: 09098433
Publication Date: 2015-08-04
Patent URL: View on USPTO Website

Techniques for optimizing data storage are disclosed herein. In particular, methods and systems for implementing redundancy encoding schemes with data storage systems are described. The redundancy encoding schemes may be scheduled according to system and data characteristics. The schemes may span multiple tiers or layers of a storage system. The schemes may be generated, for example, in accordance with a transaction rate requirement, a data durability requirement or in the context of the age of the stored data. The schemes may be designed to rectify entropy-related effects upon data storage. The schemes may include one or more erasure codes or erasure coding schemes. Additionally, methods and systems for improving and/or accounting for failure correlation of various components of the storage system, including that of storage devices such as hard disk drives, are described.


Hosting architecture with configuration modified functionality for components by utilizing hardware latches to prevent further modifications based on a trust level associated with the components

Owner: Amazon Technologies, Inc.
Publication #: 09098465
Publication Date: 2015-08-04
Patent URL: View on USPTO Website

A service provider can maintain one or more host computing devices which may be utilized as bare metal instances by one or more customers of the service provider. Illustratively, each host computing device includes hardware components that are configured in a manner to allow the service provider to implement one or more processes upon a power cycle of the host computing device and prior to access of the host computing device resources by customers. In one aspect, a hosting platform includes components arranged in a manner to limit modifications to software or firmware on hardware components. In another aspect, the hosting platform can implement management functions for establishing control plane functions between the host computing device and the service provider that is independent of the customer. Additionally, the management functions can also be utilized to present different hardware or software attributes of the host computing device.


Knowledge repository

Owner: Amazon Technologies, Inc.
Publication #: 09098492
Publication Date: 2015-08-04
Patent URL: View on USPTO Website

A knowledge storage system is described. A specific embodiment is a computer system comprising a knowledge base of general knowledge in structured form which can be added to and queried by untrained users. Various embodiments include the facility for remote computers to access the knowledge stored in the system, natural language questions to be answered, profile screens giving general knowledge about an object in the system, and methods for distinguishing between reliable and unreliable facts.


Generating suggested search queries

Owner: Amazon Technologies, Inc.
Publication #: 09098569
Publication Date: 2015-08-04
Patent URL: View on USPTO Website

A user supplied search query is received. Historical search queries are identified that are relevant and/or similar to the user supplied search query. The identified historical queries are then ranked according to various factors. Suggested search queries that are relevant to the user supplied query are identified.


Using virtual networking devices to connect managed computer networks

Owner: Amazon Technologies, Inc.
Publication #: 09094421
Publication Date: 2015-07-28
Patent URL: View on USPTO Website

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage data communications between computing nodes of the inter-connected managed computer networks in accordance with client-specified configuration information.


Input control assignment

Owner: Amazon Technologies, Inc.
Publication #: 09086759
Publication Date: 2015-07-21
Patent URL: View on USPTO Website

Various techniques may be employed for assigning user inputs such as a touch on a touchscreen to various input controls such as buttons or other features provided on a touchscreen. One example input assignment technique is a nearest neighbor technique, whereby a touch may, for example, be assigned to an input control that is positioned closest to the touch location. Another example input assignment technique is an angle and distance technique, whereby a touch may, for example, be assigned to an input control based on an angle and a distance of the touch relative to a prior touch.


Container contract for data dependencies

Owner: Amazon Technologies, Inc.
Publication #: 09088463
Publication Date: 2015-07-21
Patent URL: View on USPTO Website

Disclosed are various embodiments involving a container contract for data dependencies using representational state transfer (REST). A data resource is obtained by way of REST in response to determining that an application component has a dependency on the data resource. The application component is invoked to process the data resource. The data resource may be sent to the server by way of REST to effect a modification to the data resource in the server in response to determining that the application component has modified the data resource.


Generating a replacement binary for emulation of an application

Owner: Amazon Technologies, Inc.
Publication #: 09081896
Publication Date: 2015-07-14
Patent URL: View on USPTO Website

Disclosed are various embodiments for generating a replacement binary for emulation of an application. A computer ingests native object code and identifies a central processing unit (CPU) from the native object code. The computer transforms the native object code to produce replacement object code. When executed on the computing device, the replacement code invokes an emulator for the CPU to execute the native code.


Storing tokenized information in untrusted environments

Owner: Amazon Technologies, Inc.
Publication #: 09081978
Publication Date: 2015-07-14
Patent URL: View on USPTO Website

Techniques are described for tokenizing information to be stored in an untrusted environment. During tokenization, one or more strings in a file or data stream are replaced with a token. The token may be generated as a random number or a counter, such that the replaced string may not be derived based on the token. Token-to-string mapping data may be stored in a trusted environment, and the tokenized information may be stored in the untrusted environment. Users may search the tokenized information based on non-sensitive search terms present in a whitelist that is accessible from the untrusted environment, the whitelist providing a token-to-string mapping for the non-sensitive terms. The search results may be provided as redacted information, in which the non-sensitive strings have been detokenized based on the whitelist while the sensitive strings remain tokenized.


Managing multiple security policy representations in a distributed environment

Owner: Amazon Technologies, Inc.
Publication #: 09083749
Publication Date: 2015-07-14
Patent URL: View on USPTO Website

Customers accessing resources or services in a distributed environment can obtain assurance that a provider of that environment will only allow requests to access those resources or services when those requests satisfy at least one security policy associated with the customer. A customer can provide a security policy update that might be written in a different representation (e.g., version) than is supported by all relevant policy evaluation engines across the distributed environment. A component or service such as an access management service can evaluate the representation of the policy, as well as the representations supported by the evaluation engines, and can determine if the features of the policy update are supported by the representations of the engines. If so, the policy update can be translated to express the policy document in the supported representation(s), such that the policy can be utilized without having to update the relevant engines.


System and method for dynamically changing web uniform resource locators

Owner: Amazon Technologies, Inc.
Publication #: 09075777
Publication Date: 2015-07-07
Patent URL: View on USPTO Website

A web browser is implemented to receive a document from a server. The document may include one or more embedded Uniform Resource Locator (URL) references. The web browser may display the document on a user interface. A user associated with the web browser may determine one or more of the original embedded URL references should be replaced. In response to user input, the web browser may change at least one of the original embedded URL references to a corresponding replacement embedded URL reference and display the document with the replacement embedded URL reference. The web browser may save an association of the original embedded URL reference with the replacement embedded URL reference and subsequently, when receiving the document with the original embedded URL reference, automatically replace the original embedded URL reference with the corresponding replacement embedded URL reference before displaying the document.


Account state simulation service for cloud computing environments

Owner: Amazon Technologies, Inc.
Publication #: 09075788
Publication Date: 2015-07-07
Patent URL: View on USPTO Website

Methods and apparatus for an account state simulation service for cloud computing environments are disclosed. A system includes a plurality of service managers coordinating respective distributed network-accessible services, and a metadata manager. The metadata manager receives an account state change simulation request, indicating (a) an initial account state of a client account and (b) a collection of operations to be simulated. The metadata manager generates a response to the account change state simulation request, comprising at least one of (a) a representation of an expected end state of the client account reachable as a result of performing the collection of operations (b) an indication of an expected failure of a particular operation of the collection of operations or (c) an estimate of an expected billing amount associated with an implementation of the collection of operations.


Managing requests for security services

Owner: Amazon Technologies, Inc.
Publication #: 09076013
Publication Date: 2015-07-07
Patent URL: View on USPTO Website

Embodiments of systems and methods are described for managing requests for security services to a provider of computing resources. In some implementations, a user can request that security services be provided to analyze or test a target network. For example, the user can request that security services conduct penetration testing of the target network in order to detect vulnerabilities with the target network's security infrastructure or configuration. The computing resource provider can dynamically provide the security services to the target network, for example, by instantiating one or more virtual machines that begin security testing of the target network in response to the user's request. In some embodiments, the provider of the security services may instantiate a security virtual machine instance (VMI) that can be connected to a customer's network using a secure connection, such as a virtual private network. The virtual machine instance can be physically located outside the customer's network while functioning as part of the customer's network. Thus, the security VMI can test security from either outside the network or from inside the network. In some embodiments, the VMI may test at multiple locations of the customer's network, for example, by establishing connections to multiple locations on the customer network.


Programmatically simulating system conditions

Owner: Amazon Technologies, Inc.
Publication #: 09077643
Publication Date: 2015-07-07
Patent URL: View on USPTO Website

Systems and methods are provided for programmatically simulating one or more system conditions for a network resource using one or more services. In one implementation, a server receives a request to initiate a treatment. The request identifies a treatment definition. The server determines, based on the treatment definition, the one or more services and deploys the one or more services to the network resource. The one or more services simulate the one or more system conditions.


Aligning content items to identify differences

Owner: Amazon Technologies, Inc.
Publication #: 09069767
Publication Date: 2015-06-30
Patent URL: View on USPTO Website

Techniques for aligning content items with one another are described herein. These techniques may align different versions of a same content item for the purpose of identifying differences between the versions, identifying commonalities between the versions, mapping annotations made in one version to the other version, aggregating annotations across the different versions, or for any other reason. The content items may include electronic books, songs, videos, documents, or the like.


System and method for adjusting membership of a data replication group

Owner: Amazon Technologies, Inc.
Publication #: 09069827
Publication Date: 2015-06-30
Patent URL: View on USPTO Website

A system that implements a data storage service may store data on behalf of storage service clients. The system may maintain data in multiple replicas of partitions that are stored on respective computing nodes in the system. A master replica for a replica group may increment a membership version indicator for the group, and may propagate metadata (including the membership version indicator) indicating a membership change for the group to other members of the group. Propagating the metadata may include sending a log record containing the metadata to the other replicas to be appended to their respective logs. Once the membership change becomes durable, it may be committed. A replica attempting to become the master of a replica group may determine that another replica in the group has observed a more recent membership version, in which case logs may be synchronized or snipped, or the attempt may be abandoned.


Revocable shredding of security credentials

Owner: Amazon Technologies, Inc.
Publication #: 09071429
Publication Date: 2015-06-30
Patent URL: View on USPTO Website

Customers accessing resources and/or data in a multi-tenant environment can obtain assurance that a provider of that environment will honor only requests associated with the customer. A multi-tenant cryptographic service can be used to manage cryptographic key material and/or other security resources in the multi-tenant environment. The cryptographic service can provide a mechanism in which the service can receive requests to use the cryptographic key material to access encrypted customer data, export key material out of the cryptographic service, destroy key material managed by the cryptographic service, among others. Such an approach can enable a customer to manage key material without exposing the key material outside a secure environment.


Data locker synchronization

Owner: Amazon Technologies, Inc.
Publication #: 09061202
Publication Date: 2015-06-23
Patent URL: View on USPTO Website

Disclosed are various embodiments enabling a saved state of an application to be stored at a central location and to be retrieved by multiple computing devices executing the application. Accordingly, saved states of applications and interfaces are also enabled to follow a user from one personal computing device to the next.


Rich recording and playback of program execution

Owner: Amazon Technologies, Inc.
Publication #: 09063803
Publication Date: 2015-06-23
Patent URL: View on USPTO Website

Information regarding the execution of a program is recorded. A program execution monitor detects the occurrence of events related to the execution of the program. In response to detecting an event, the program execution monitor creates an entry in an event list identifying the event and the time at which the event occurred. A playback component may utilize the event list to play back the recording of the program at a time corresponding to an identified event. In other embodiments, the program execution monitor stores the operational state of a program at the time an event is detected. The stored operational state can be utilized to recreate the state of the program at the time the event was detected and restart execution of the program at that time. Other types of inputs to the program might also be recorded and played back.


Backoff-based scheduling of storage object deletions

Owner: Amazon Technologies, Inc.
Publication #: 09063946
Publication Date: 2015-06-23
Patent URL: View on USPTO Website

Methods and apparatus for backoff-based scheduling of storage object deletions are disclosed. A storage medium stores program instructions that when executed on a processor, obtain an indication of a collection of storage objects of a network-accessible multi-tenant storage service to be deleted in accordance with specified deletion criteria. A deletion of a storage object comprises a metadata deletion operation and one or more other operations. The instructions initiate, corresponding to at least some objects of the collection, respective metadata deletion operations at a metadata node of the storage service. If a metric associated with the metadata node meets a threshold criterion, the instructions delay, by a particular amount of time, an initiation of an operation corresponding to a deletion of another storage object.


Dynamic tree determination for data processing

Owner: Amazon Technologies, Inc.
Publication #: 09063976
Publication Date: 2015-06-23
Patent URL: View on USPTO Website

Data can be processed in parallel across a cluster of nodes using a parallel processing framework. Using Web services calls between components allows the number of nodes to be scaled as necessary, and allows developers to build applications on the framework using a Web services interface. A job scheduler works together with a queuing service to distribute jobs to nodes as the nodes have capacity, such that jobs can be performed in parallel as quickly as the nodes are able to process the jobs. Data can be loaded efficiently across the cluster, and levels of nodes can be determined dynamically to process queries and other requests on the system.


Network data transmission analysis

Owner: Amazon Technologies, Inc.
Publication #: 09064121
Publication Date: 2015-06-23
Patent URL: View on USPTO Website

Network computing systems may implement data loss prevention (DLP) techniques to reduce or prevent unauthorized use or transmission of confidential information or to implement information controls mandated by statute, regulation, or industry standard. Implementations of network data transmission analysis systems and methods are disclosed that can use contextual information in a DLP policy to monitor data transmitted via the network. The contextual information may include information based on a network user's organizational structure or services or network infrastructure. Some implementations may detect bank card information in network data transmissions. Some of the systems and methods may be implemented on a virtual network overlaid on one or more intermediate physical networks that are used as a substrate network.


Distributed caching system

Owner: Amazon Technologies, Inc.
Publication #: 09064124
Publication Date: 2015-06-23
Patent URL: View on USPTO Website

The disclosure describes embodiments of a distributed caching system that are configured to store session state identifiers in a networked cache, enabling dynamic allocation of requests to servers. Client devices can resume secure sessions even if assigned to new servers as the new servers can obtain the session state identifiers from the distributed caching system. In at least some cases, the client device can be authenticated without the server having to perform a full authentication, thereby reducing the workload of the server and decreasing latency as the server can respond faster.


Service for managing digital content resales

Owner: Amazon Technologies, Inc.
Publication #: 09064276
Publication Date: 2015-06-23
Patent URL: View on USPTO Website

A content management system couples DRM protection of content items with a digital content store to allow content items to be transferred or resold from one user to another. The content management system can generate application-specific digital stores that allow end users to conduct transactions with other users to buy, sell, and/or trade content items associated with the application. In response to a sale or trade of a content item between two users, DRM protections associated with the content item can allow the content item to be removed from one user computing device and provided to another user computing device, while maintaining the same number of outstanding active copies of the content item before and after the transaction.


Network capacity planning

Owner: Amazon Technologies, Inc.
Publication #: 09065730
Publication Date: 2015-06-23
Patent URL: View on USPTO Website

Systems, methods and interfaces are provided for the modeling of network data capacity for a network corresponding to a set of nodes interconnected via point-to-point network paths. A network capacity processing system obtains demand estimates for the nodes and network paths of the network. The network capacity processing system then identifies a set of failure scenarios for the network nodes and network paths. The network capacity processing system then generates of a set of processing results corresponding to load estimates for the network paths of the network and based on applying the set of failure scenarios to the model of network data capacity. Utilizing data capacity models, failure scenarios and set of processing results, the network capacity processing system can provide for network capacity planning or contingency planning.


Browser-based provisioning of quality metadata

Owner: Amazon Technologies, Inc.
Publication #: 09065827
Publication Date: 2015-06-23
Patent URL: View on USPTO Website

Various features are disclosed for generating and presenting users with resource metadata regarding the usefulness or predicted usefulness of particular pages, sites, and/or other network resources. The metadata may be based partly or wholly on the monitored browsing behaviors of many users, including behaviors reflective of whether particular resources were useful to the users. The metadata may, in some cases, be personalized for particular users based, for example, on their browsing environments or contexts. For example, the metadata presented to a smartphone user regarding a particular link may reflect a determination of whether the target resource is well suited for display on smartphones generally or on the user's particular model of smartphone.


Custom resources in a resource stack

Owner: Amazon Technologies, Inc.
Publication #: 09058219
Publication Date: 2015-06-16
Patent URL: View on USPTO Website

A resource stack managed by a resource stack provider is created based on a resource stack template that integrates a custom resource from a second provider into the resource stack using a notification system with the second provider. For example, a customer may create a template that defines a resource stack that comprises resources available from the resource stack provider and one or more custom resources provided by a second provider. When a resource stack is created, resources available from the resource stack provider may be provisioned. Custom resources may be initialized by notifying the provider of the custom resource of the requested integration of the custom resource with the resource stack and requested configuration details. The custom resource provider may respond with an indication of successful integration when the custom resource has been successfully initialized. After initializing the resources, the resource stack may be enabled for use.


Providing router information according to a programmatic interface

Owner: Amazon Technologies, Inc.
Publication #: 09059941
Publication Date: 2015-06-16
Patent URL: View on USPTO Website

A provider network may implement providing router information according to a programmatic interface. A plurality of routers may be implemented as part of provider network. Clients that utilize these routers may wish to obtain information specific to one or more routers in order to configure communications utilizing the particular router. A request may be received for the information from the client that is formatted according to the programmatic interface that is platform-independent. The requests may be maintained along with other received requests until selected for servicing according to a priority scheme. The request may be translated into one or more versions of the request that are formatted according to a interfaces specific to the one or more routers. The translated one or more versions of the request may be sent to the one or more routers to obtain the information from the one or more routers. The information may then be provided to the client.


Anonymized personalization of network content

Owner: Amazon Technologies, Inc.
Publication #: 09060031
Publication Date: 2015-06-16
Patent URL: View on USPTO Website

Features are disclosed for modifying identifying data including, but not limited to, demographic information, user identifiers, and device identifiers, according to user-definable preferences prior to transmitting content requests to content servers. The information may be modified to protect a user's privacy. In addition, the modified information may allow the content provider to serve a customized or targeted version of content that is more relevant to the user than a version that may otherwise be generated without the aid of identifying data. Users may elect to share some, all, or none of their identifying data with content providers, or users may elect to generalize their specific identifying data. Additional features include providing generalized or customized identifying data to cooperating content providers. Custom headers and other data fields may be provided to content providers, and content providers may choose to use information in the custom data fields or ignore it.


System and method for performing live partitioning in a data store

Owner: Amazon Technologies, Inc.
Publication #: 09052831
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

A system that implements a scalable data storage service may maintain tables in a data store on behalf of storage service clients. The service may maintain table data in multiple replicas of partitions that are stored on respective computing nodes in the system. In response to detecting an anomaly in the system, detecting a change in data volume on a partition or service request traffic directed to a partition, or receiving a service request from a client to split a partition, the data storage service may create additional copies of a partition replica using a physical copy mechanism. The data storage service may issue a split command defined in an API for the data store to divide the original and additional replicas into multiple replica groups, and to configure each replica group to maintain a respective portion of the table data that was stored in the partition before the split.


Storage object deletion job management

Owner: Amazon Technologies, Inc.
Publication #: 09052942
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

Methods and apparatus for storage object deletion job management are disclosed. A storage medium stores program instructions that when executed on a processor, identify, during a particular deletion execution iteration, a particular deletion job object stored at a multi-tenant storage service, wherein the particular deletion job object indicates a collection of storage objects that are eligible for deletion from the storage service in accordance with specified deletion criteria. The instructions determine, based on a job validity criterion, whether deletion operations corresponding to the particular deletion job object of the one or more deletion job objects are to be scheduled. If the job object is validated, the instructions initiate a deletion operation for storage objects indicated in the particular deletion job object.


Load balancing between general purpose processors and graphics processors

Owner: Amazon Technologies, Inc.
Publication #: 09052959
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

Disclosed are various embodiments for facilitating load balancing between central processing units (CPUs) and graphics processing units (GPUs). A request is obtained to execute a first application in one or more computing devices. In one embodiment, a second application associated with the first application is assigned to be executed in GPUs of the one or more computing devices instead of CPUs of the one or more computing devices when a resource usage profile associated with the first application indicates that the first application imposes a greater CPU load than GPU load. Conversely, the second application is assigned to be executed in the CPUs instead of the GPUs when the resource usage profile indicates that the first application imposes a greater GPU load than CPU load.


System and method for fetching the latest versions of stored data objects

Owner: Amazon Technologies, Inc.
Publication #: 09053054
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

A distributed storage system may store data object instances in persistent storage and may cache keymap information for those data object instances. The system may cache a latest symbolic key entry for some user keys of the data object instances. When a request is made for the latest version of stored data object instances having a specified user key, the latest version may be determined dependent on whether a latest symbolic key entry exists for the specified user key, and keymap information for the latest version may be returned. When storing keymap information, a flag may be set to indicate that a corresponding latest symbolic key entry should be updated. The system may delete a latest symbolic key entry for a particular user key from the cache in response to determining that no other requests involving the keymap information for data object instances having the particular user key are pending.


Automated tuning of a service configuration using load tests on hosts

Owner: Amazon Technologies, Inc.
Publication #: 09053070
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

Methods and systems for automated tuning of a service configuration are disclosed. An optimal configuration for a test computer is selected by performing one or more load tests using the test computer for each of a plurality of test configurations. The performance of a plurality of additional test computers configured with the optimal configuration is automatically determined by performing additional load tests using the additional test computers. A plurality of production computers are automatically configured with the optimal configuration if the performance of the additional test computers is improved with the optimal configuration.


Self-service testing

Owner: Amazon Technologies, Inc.
Publication #: 09053084
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

An architecture and techniques for implementing a unified and extensible meta-testing framework within a distributed environment. This framework allows entities within the distributed environment to run tests written in different testing frameworks in a unified way. In addition, this disclosure describes techniques for allowing an entity within the distributed environment to test itself, both from its own perspective as well as from the perspective of other entities within the distributed environment.


Storage device selection for database partition replicas

Owner: Amazon Technologies, Inc.
Publication #: 09053167
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

A system that implements a data storage service may store data in multiple replicated partitions on respective storage nodes. The selection of the storage nodes (or storage devices thereof) on which to store the partition replicas may be performed by administrative components that are responsible for partition management and resource allocation for respective groups of storage nodes (e.g., based on a global view of resource capacity or usage), or the selection of particular storage devices of a storage node may be determined by the storage node itself (e.g., based on a local view of resource capacity or usage). Placement policies applied at the administrative layer or storage layer may be based on the percentage or amount of provisioned, reserved, or available storage or IOPS capacity on each storage device, and particular placements (or subsequent operations to move partition replicas) may result in an overall resource utilization that is well balanced.


Filtering communications

Owner: Amazon Technologies, Inc.
Publication #: 09053297
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.


Token-based debugging of access control policies

Owner: Amazon Technologies, Inc.
Publication #: 09053343
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

Methods and systems for allowing system administrators to effectively debug access control issues experience by users without comprising security. In some embodiment, when a user's request to access services provided by a service provider is denied, the user may be issued a token that encodes some of debugging information useful for determining the cause of the denial of access. The debugging information may be encoded such that it is inaccessible to the user. Subsequently, the user may give the token to an administrator. The administrator may submit the token to the service provider, which may decode the token and provide the administrator access to debugging information that is useful for debugging access control policies causing the denial of access.


Method and system for product restocking using machine-readable codes

Owner: Amazon Technologies, Inc.
Publication #: 09053479
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

The present disclosure provides a number of systems and associated processes for using machine-readable codes to perform a transaction. Embodiments of the present disclosure provide a system and associated processes for consolidating and replacing various forms of payment (e.g. credit cards, debit cards, and cash) with a single payment system. Further, embodiments of the present disclosure provide a system and associated processes for reordering a product provided by a product provider. Moreover, embodiments of the present disclosure provide a system and associated processes for accepting a gift, or gift transaction, associated with a gift card. In addition, embodiments of the present disclosure provide a system and associated processes for performing an Automatic Teller Machine (ATM) transaction using a machine-readable code.


Secure validation using hardware security modules

Owner: Amazon Technologies, Inc.
Publication #: 09053480
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

Disclosed is secure decryption and business rule validation of encrypted confidential data within a hardware security module (HSM). The validation may include the use of a Bloom filter stored and executing within the HSM. The return order of encrypted data within the HSM as well as requests for external data relating to validation may be randomized to further harden against correlation attacks.


Service for managing digital content licenses

Owner: Amazon Technologies, Inc.
Publication #: 09053482
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

A content management system may receive, purchase or otherwise obtain licenses from content owners or licensors and provide such content licenses to application developers or other content creators. The content management system can act as a central broker for licensing content rights to developers. The application developers can then generate content items based on the obtained licenses and provide or sell those content items to users of their applications. For instance, the developer may license an automobile design, brand name or performance data from an automobile manufacturer and create an automobile model for a racing game application.


Monitoring of services

Owner: Amazon Technologies, Inc.
Publication #: 09054942
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

Various systems, methods, and programs embodied on a computer readable medium that facilitate monitoring of services and servers. In one embodiment, an amount of data is stored in at least one storage device, the data being generated by a plurality of services executed on a plurality of servers, and by the servers upon which the services are executed. A plurality of monitoring applications are executed in a monitoring server, the monitoring applications being configured to perform a plurality of monitoring functions with respect to at least a portion of the data to facilitate an assessment of an operating condition of the services and the servers. An interface layer surrounds the monitoring applications in the monitoring server. The interface layer defines a messaging format that is used by devices external to the interface layer to interact with the monitoring applications.


Selective communication of messages

Owner: Amazon Technologies, Inc.
Publication #: 09055017
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

A message originator may generate messaging data for selective communication by a messaging provider via an interface generated by a browser software application. The user may also interact with various content providers such that event data is generated based on the user interaction with each content provider. The messaging provider can then obtain the messaging data and the event data to determine a target set of messages to be published. Additionally, the messaging provider can select a set of message recipients to receive, or otherwise access, the target set of messages based on filtering criteria submitted by the message originator, content provider, service provider, and/or message recipients. Credit may be allocated based on activity associated with the communicated messages. The messaging provider may also facilitate additional interaction between the message originator and the message recipients including the initiation of additional communication channels.


Provisioning account credentials via a trusted channel

Owner: Amazon Technologies, Inc.
Publication #: 09055055
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

Disclosed are various embodiments for provisioning client credentials via a trusted channel. A client computing device is configured to access a trusted channel of communication. An account configuration manager automatically requests access to accounts linked to the trusted channel of communication. A respective security credential communication is received for the accounts via the trusted channel of communication. One or more applications are configured to access the accounts based at least in part on the respective security credential communications.


Distributed network address translation

Owner: Amazon Technologies, Inc.
Publication #: 09055117
Publication Date: 2015-06-09
Patent URL: View on USPTO Website

Systems and methods are disclosed that facilitate the management of network address information utilized by hosted computing devices. Each host computing device includes a local network and port address management component that is configured with port address translation information for the specific host computing device. Additionally, one or more edge computing devices also include a local network and port address management component that is configured with network and port address translation information. The network and port address translation information facilitates the correlation of internal network address information associated with a virtual machine instance with a tuple of an externally accessible network address and port address information. The local network and port address translation management components utilize the network and port address translation information to translate communication requests to and from the virtual machine instances without requiring a centralized network and port address translation component.


Self-describing data blocks of a minimum atomic write size for a data store

Owner: Amazon Technologies, Inc.
Publication #: 09047189
Publication Date: 2015-06-02
Patent URL: View on USPTO Website

Self-describing data blocks of a minimum atomic write size may be stored for a data store. Data may be received for storage in a data block of a plurality of data blocks at a persistent storage device that are equivalent to a minimum atomic write size for the persistent storage device. Metadata may be generated for the data that includes an error detection code which is generated for the data and the metadata together. The data and the metadata are sent to the persistent storage device to store together in the data block. An individual atomic write operation may write together the data and the metadata in the data block. When accessed, the error detection code is applicable to detect errors. The metadata may also be applicable to determine whether the data is stored for a currently assigned purpose or a previously assigned purpose of the data block.


System and method for deletion of extraneous delete marker objects

Owner: Amazon Technologies, Inc.
Publication #: 09047312
Publication Date: 2015-06-02
Patent URL: View on USPTO Website

Systems and methods for providing object versioning in a storage system may support the logical deletion of stored objects through the use of delete marker objects. In response to a delete operation specifying a key, but not a version identifier, the storage system may create a delete marker object that is stored as the latest object version of the key. In response to performing a subsequent mutating operation, or at pre-determined time intervals, the storage system may perform a local and/or a global analysis of the delete marker objects stored in the system (and/or metadata associated with those delete marker objects) to determine whether any of them are no longer needed to ensure correct operation of the system. The analysis may apply one or more reap conditions to delete marker objects and/or metadata to identify extraneous delete marker objects, removing those that meet one or more reap conditions from storage.


Method, medium, and system for determining eligibility for a location-based shipping option for fulfillment networks

Owner: Amazon Technologies
Publication #: 09047607
Publication Date: 2015-06-02
Patent URL: View on USPTO Website

Methods, systems and apparatus are described for determining eligibility for a location-based shipping option for multiple fulfillment networks. Embodiments may send display information to a user in response to a user request for display information for one or more items offered on a network-based site. The display information may be configured to indicated whether items are eligible for an enhanced shipping option based upon the shipping origin of the item and a predicted shipping destination. Some embodiments may provide multiple fulfillment networks with the enhanced shipping option. Some of the fulfillment networks may be controlled by an entity different from the entity controlling the network-based site. In some embodiments the enhanced shipping option is an option within a subscription-based shipping program for the network-based site.


Configurable-quality random data service

Owner: Amazon Technologies, Inc.
Publication #: 09049232
Publication Date: 2015-06-02
Patent URL: View on USPTO Website

Methods and apparatus for a configurable-quality random data service are disclosed. A method includes implementing programmatic interfaces enabling a determination of respective characteristics of random data to be delivered to one or more clients of a random data service of a provider network. The method includes implementing security protocols for transmission of random data to the clients, including a protocol for transmission of random data to trusted clients at devices within the provider network. The method further includes obtaining, on behalf of a particular client and in accordance with the determined characteristics, random data from one or more servers of the provider network, and initiating a transmission of the random data directed to a destination associated with the particular client.


Offload device for stateless packet processing

Owner: Amazon Technologies, Inc.
Publication #: 09042403
Publication Date: 2015-05-26
Patent URL: View on USPTO Website

High-speed processing of packets to, and from, a virtualization environment can be provided while utilizing hardware-based segmentation offload and other such functionality. A hardware vendor of an offload device can enable the hardware to support open and proprietary stateless tunneling in conjunction with a protocol such as single root I/O virtualization (SR-IOV) in order to implement a virtualized overlay network. The hardware can utilize various rules, for example, that can be used by the offload device to perform certain actions, such as to encapsulate egress packets and decapsulate packets.


Indexing data updates associated with an electronic catalog system

Owner: Amazon Technologies, Inc.
Publication #: 09043311
Publication Date: 2015-05-26
Patent URL: View on USPTO Website

Systems and methods are provided for efficiently indexing archived objects in an archive data store to allow for efficient and quick access to the archived objects. The systems and methods provided also allow alleviate the strain on a live data store and enable a requester wishing to retrieve updates to do so without knowledge of the location of the stored update on a live or archive data store.


Performing flexible pivot querying of monitoring data using a multi-tenant monitoring system

Owner: Amazon Technologies, Inc.
Publication #: 09043327
Publication Date: 2015-05-26
Patent URL: View on USPTO Website

Pivot queries can be performed using stored monitoring data. Pivot queries can be received. Monitoring data can be read from data files. Each data file can store monitoring data for a plurality of tenants. The read monitoring data can be aggregated based on metric types across various dimensions, according to the pivot queries. Results can be presented in various formats, such as charts and graphs. Reading, aggregating, and presenting results can be performed within a multi-tenant monitoring system.


Providing extendible network capabilities for managed computer networks

Owner: Amazon Technologies, Inc.
Publication #: 09043463
Publication Date: 2015-05-26
Patent URL: View on USPTO Website

Techniques are described for managing communications between multiple computing nodes, such as for computing nodes that are part of managed virtual computer networks provided on behalf of users or other entities. In some situations, one or more of the computing nodes of a managed virtual computer network is configured to perform actions to extend capabilities of the managed virtual computer network to other computing nodes that are not part of the managed virtual computer network, such as by forwarding communications between computing nodes of the managed virtual computer network and the other external computing nodes so as to enable the other external computing nodes to participate in the managed virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.


Directory service user exportation system

Owner: Amazon Technologies, Inc.
Publication #: 09043880
Publication Date: 2015-05-26
Patent URL: View on USPTO Website

Disclosed are various embodiments for exporting user accounts and associated information from a directory service for a local computing environment to the authentication service of a remote computing environment. A list of user accounts including usernames and other associated data is selected after querying the directory service. The selection of user accounts is then analyzed to make sure that a minimum set of data has been selected. Subsequently, the user account data is written to file, which can then be either programmatically uploaded or manually uploaded. In certain embodiments of the present disclosure, user account information may be directly exported to an authentication service through a network connection without the intermediate step of first writing the data to file.


Implementation of secure communications in a support system

Owner: Amazon Technologies, Inc.
Publication #: 09037511
Publication Date: 2015-05-19
Patent URL: View on USPTO Website

A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.


Topology service using closure tables and metagraphs

Owner: Amazon Technologies, Inc.
Publication #: 09037571
Publication Date: 2015-05-19
Patent URL: View on USPTO Website

Methods and systems for a topology service providing an interface for specifying a topology and answering queries regarding the topology. Further, the topology service may create, from a specified topology, a directed acyclic graph and corresponding closure table. The topology service may also provide an interface for receiving metadata regarding the topology. In this way, the topology service, based at least in part on connections between nodes in the entries of the closure table and based at least in part on the metadata regarding the topology, may answer queries in regard to the specified topology.


Method for determining access of queries

Owner: Amazon Technologies, Inc.
Publication #: 09037609
Publication Date: 2015-05-19
Patent URL: View on USPTO Website

A query analysis tool determines whether a list of columns within a database is accessed by a query without running the query against the database. Instead of using the database, the query is sent to a query analysis tool that uses a list of columns of interest to resolve ambiguity in the query and then determine if the query potentially accesses the list of columns of interest. If the ambiguity cannot be resolved, then the ambiguous part of the query is determined to not access any of the columns from the list of columns.


Managing use of intermediate destination computing nodes for provided computer networks

Owner: Amazon Technologies, Inc.
Publication #: 09037691
Publication Date: 2015-05-19
Patent URL: View on USPTO Website

Techniques are described for providing managed computer networks. In some situations, the techniques include managing communications for computing nodes of a managed computer network by using one or more particular computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module associated with a source computing node may select one or more particular intermediate destination computing nodes to use for one or more particular communications from the source computing node to an indicated final destination, such as based on a configured logical network topology for the managed computer network. The manager module then forwards those communications to a first of the selected intermediate destination computing nodes for further handling.


Write horizon data management

Owner: Amazon Technologies, Inc.
Publication #: 09037825
Publication Date: 2015-05-19
Patent URL: View on USPTO Website

Conditions are enforced to prevent unintended deletion of data stored by a data storage system. For example, to delete a collection of data, a condition on the collection of data's size may be enforced. The collection may be required to be empty, for example. In addition, a condition that there not exist a pending data processing operation that can affect fulfillment of the condition on the collection of data's size is also enforced.


Variable drive health determination and data placement

Owner: Amazon Technologies, Inc.
Publication #: 09037921
Publication Date: 2015-05-19
Patent URL: View on USPTO Website

The relative health of data storage drives may be determined based, at least in some aspects, on data access information and/or other drive operation information. In some examples, upon receiving the operation information from a computing device, a health level of a drive may be determined. The health level determination may be based at least in part on operating information received from a client entity. Additionally, a storage space allocation instruction or operation may be determined for execution. The allocation instruction or operation determined to be performed may be based at least in part on the determined health level.


Monitoring and analysis of operating states in a computing environment

Owner: Amazon Technololgies, Inc.
Publication #: 09037922
Publication Date: 2015-05-19
Patent URL: View on USPTO Website

A set of techniques is described for monitoring and analyzing crashes and other malfunctions in a multi-tenant computing environment (e.g. cloud computing environment). The computing environment may host many applications that are executed on different computing resource combinations. The combinations may include varying types and versions of hardware or software resources. A monitoring service is deployed to gather statistical data about the failures occurring in the computing environment. The statistical data is then analyzed to identify abnormally high failure patterns. The failure patterns may be associated with particular computing resource combinations being used to execute particular types of applications. Based on these failure patterns, suggestions can be issued to a user to execute the application using a different computing resource combination. Alternatively, the failure patterns may be used to modify or update the various resources in order to correct the potential malfunctions caused by the resource.


Automated service interface optimization

Owner: Amazon Technologies, Inc.
Publication #: 09038094
Publication Date: 2015-05-19
Patent URL: View on USPTO Website

Disclosed are various embodiments for automated service interface optimization. In one embodiment, a service client and/or a service provider is reconfigured to use an optimized version of a data transfer interface, where the optimized version transfers fewer data items from the service provider to the service client. In another embodiment, service calls from a service client for multiple different data objects are aggregated into an aggregated service call for a data object. In yet another embodiment, an optimized data object is provided to a service client in response to a request for an unoptimized data object. If the service client attempts to use a data item excluded from the optimized data object, the excluded data item is then provided to the service client.


Secret variation for network sessions

Owner: Amazon Technologies, Inc.
Publication #: 09038148
Publication Date: 2015-05-19
Patent URL: View on USPTO Website

Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.


Using virtual networking devices and routing information to associate network addresses with computing nodes

Owner: Amazon Technologies, Inc.
Publication #: 09036504
Publication Date: 2015-05-19
Patent URL: View on USPTO Website

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.


Client-allocatable bandwidth pools

Owner: Amazon Technologies, Inc.
Publication #: 09032077
Publication Date: 2015-05-12
Patent URL: View on USPTO Website

Methods and apparatus for client-allocatable bandwidth pools are disclosed. A system includes a plurality of resources of a provider network and a resource manager. In response to a determination to accept a bandwidth pool creation request from a client for a resource group, where the resource group comprises a plurality of resources allocated to the client, the resource manager stores an indication of a total network traffic rate limit of the resource group. In response to a bandwidth allocation request from the client to allocate a specified portion of the total network traffic rate limit to a particular resource of the resource group, the resource manager initiates one or more configuration changes to allow network transmissions within one or more network links of the provider network accessible from the particular resource at a rate up to the specified portion.


Client traffic redirection service

Owner: Amazon Technologies, Inc.
Publication #: 09032092
Publication Date: 2015-05-12
Patent URL: View on USPTO Website

Disclosed are various embodiments for performing network traffic redirection at the client side. Sending of data to a service at a network address is initiated. Whether the network address is in a predetermined network address range is determined. The network address is translated, when the network address is in the predetermined network address range, to one of multiple other network addresses based at least in part on an availability of the service at the other network address. The data is routed to the other network address.


Management of components in a hosting architecture

Owner: Amazon Technologies, Inc.
Publication #: 09032196
Publication Date: 2015-05-12
Patent URL: View on USPTO Website

A service provider can maintain one or more host computing devices which may be utilized as bare metal instances by one or more customers of the service provider. Illustratively, each host computing device includes hardware components that are configured in a manner to allow the service provider to implement one or more processes upon a power cycle of the host computing device and prior to access of the host computing device resources by customers. In one aspect, a hosting platform includes components arranged in a manner to limit modifications to software or firmware on hardware components. In another aspect, the hosting platform can implement management functions for establishing control plane functions between the host computing device and the service provider that is independent of the customer. Additionally, the management functions can also be utilized to present different hardware or software attributes of the host computing device.


Management of components in a hosting architecture

Owner: Amazon Technologies, Inc.
Publication #: 09032197
Publication Date: 2015-05-12
Patent URL: View on USPTO Website

A service provider can maintain one or more host computing devices which may be utilized as bare metal instances by one or more customers of the service provider. Illustratively, each host computing device includes hardware components that are configured in a manner to allow the service provider to implement one or more processes upon a power cycle of the host computing device and prior to access of the host computing device resources by customers. In one aspect, a hosting platform includes components arranged in a manner to limit modifications to software or firmware on hardware components. In another aspect, the hosting platform can implement management functions for establishing control plane functions between the host computing device and the service provider that is independent of the customer. Additionally, the management functions can also be utilized to present different hardware or software attributes of the host computing device.


Management of components in a hosting architecture

Owner: Amazon Technologies, Inc.
Publication #: 09032198
Publication Date: 2015-05-12
Patent URL: View on USPTO Website

A service provider can maintain one or more host computing devices which may be utilized as bare metal instances by one or more customers of the service provider. Illustratively, each host computing device includes hardware components that are configured in a manner to allow the service provider to implement one or more processes upon a power cycle of the host computing device and prior to access of the host computing device resources by customers. In one aspect, a hosting platform includes components arranged in a manner to limit modifications to software or firmware on hardware components. In another aspect, the hosting platform can implement management functions for establishing control plane functions between the host computing device and the service provider that is independent of the customer. Additionally, the management functions can also be utilized to present different hardware or software attributes of the host computing device.


Test prioritization techniques

Owner: Amazon Technologies, Inc.
Publication #: 09032259
Publication Date: 2015-05-12
Patent URL: View on USPTO Website

Systems and methods involve prioritizing information based at least in part on test results for tests. A computing device may administer one or more tests and/or may receive test results for one or more tests. Multiple executions of one or more tests may be administered over a period of time. A device administering a test may evaluate the functionality of at least a portion of an application programming interface (API) or at least a portion of a user interface. Test results may be analyzed to determine a failure pattern and/or pass rate for one or more tests. Test results may be analyzed to determine an error signature and/or error signature frequency for one or more test results. A report can be generated that prioritizes information based at least in part on the tests, test results, and/or any determined information.


Software distribution framework

Owner: Amazon Technologies, Inc.
Publication #: 09032387
Publication Date: 2015-05-12
Patent URL: View on USPTO Website

A computing device receives a notification from a server that a bundle is available for download. The bundle includes software written in a scripting language. The computing device downloads the bundle from the server and authenticates a digital signature of the bundle. The computing device installs the bundle in a user partition of the memory and modifies a path variable in an operating system of the computing device. The path variable is modified to include a location of the installed bundle.


Protecting websites from cross-site scripting

Owner: Amazon Technologies, Inc.
Publication #: 09032519
Publication Date: 2015-05-12
Patent URL: View on USPTO Website

Methods and systems for protecting websites from cross-site scripting are disclosed. A request for a web page comprising a web page element is received from a client. It is determined if the web page comprises a data integrity token for the web page element. It is also determined if a value of the data integrity token matches an expected value. If the web page comprises the data integrity token and if the value matches the expected value, the web page comprising the web page element is sent to the client. If the web page does not comprise the data integrity token or if the value does not match the expected value, a protective operation is performed.


Importance-based data storage verification

Owner: Amazon Technologies, Inc.
Publication #: 09026869
Publication Date: 2015-05-05
Patent URL: View on USPTO Website

Methods and systems for detecting error in data storage entities based at least in part on importance of data stored in the data storage entities. In an embodiment, multiple verification passes may be performed on a data storage entity comprising one or more data blocks. Each data block may be associated with a probability indicating the likelihood that the data block is to be selected for verification. During each verification pass, a subset of the data blocks may be selected based at least in part on the probabilities associated with the data blocks. The probabilities may be adjusted, for example, at the end of a verification pass, based on importance factors such as usage and verification information associated with the data blocks. The probabilities may be updated to facilitate timely detection of important data blocks. Additionally, error mitigation and/or correction routines may be performed in light of detected errors.


Injection of supplemental computer instructions

Owner: Amazon Technologies, Inc.
Publication #: 09027004
Publication Date: 2015-05-05
Patent URL: View on USPTO Website

Application computer instructions can be provided to a publishing server. The publishing service can parse the application computer instructions to identify one or more locations where supplemental computer instructions can be inserted. Metadata about purchasable items can be obtained and the supplemental computer instructions can be written based on the item metadata. The supplemental computer instructions can be inserted into the application computer instructions. A publishable application can be created by compiling the application computer instructions with the inserted supplemental computer instructions.


Method, medium, and system for customizing content based on social network information

Owner: Amazon Technologies, Inc.
Publication #: 09020839
Publication Date: 2015-04-28
Patent URL: View on USPTO Website

Systems and methods are disclosed that use social networking profiles of users to generate personalized content of display pages. The personalized content may be generated using profile data retrieved via an application program interface of a social networking system, and may be presented on the display pages of a distinct system, such as a site that hosts an electronic catalog of items. The personalized content may include features that allow a user to indicate a like or preference for an item and that can be customized based on, e.g., the extent of the user's social network or the influence the user has over other potential users of the catalog system. Systems and methods are also disclosed that use the social networking profiles to generate personalized messages that can be posted to social network contacts of the user to provide information about items for which the contacts may be interested.


Controlling requests through message headers

Owner: Amazon Technologies, Inc.
Publication #: 09021109
Publication Date: 2015-04-28
Patent URL: View on USPTO Website

In some implementations, in response to receiving a request message from a client device, a computing device may provide a response message that includes a custom or non-standard control header. The control header may instruct the client device to wait before sending any subsequent request messages to the computing device. For example, the control header may inform the client device to wait until passage of period of time or until after a specified time arrives before sending a subsequent request message. A module, an application, an operating system, or other software on the client device that receives the response message, interprets the control header and performs one or more operations to comply with the control header. Accordingly, some implementations herein utilize message headers to perform message throttling for controlling an amount of network traffic or load on one or more computing devices.


Methods and apparatus for remote gateway monitoring and diagnostics

Owner: Amazon Technologies, Inc.
Publication #: 09021314
Publication Date: 2015-04-28
Patent URL: View on USPTO Website

Methods, apparatus, and computer-accessible storage media for remotely monitoring and diagnosing storage gateways. Status information may be collected locally on the gateways and uploaded to a service provider via gateway-initiated connections. The uploaded information may be stored to status data store(s). Status proxy(s) on the provider network may analyze the information in the status data store(s) for one or more gateways to detect error conditions on individual gateways or patterns or error conditions on multiple gateways. Upon detecting an error condition on a gateway, the proxy may alert another process, for example an administrator process on the local network that includes the respective gateway. The other process may then message the gateway to address the condition. Information for particular gateways may be provided to clients on request. Information collected from multiple gateways may be viewed and analyzed by the service provider to detect patterns related to gateway design.


Systems and methods providing format data

Owner: Amazon Technologies, Inc.
Publication #: 09021606
Publication Date: 2015-04-28
Patent URL: View on USPTO Website

Computer applications may generate event data based on a large volume of different types of record data. Described herein are systems, methods, and devices for enabling a computing node to implement new functions for dynamically consuming the event data. In one example, the computing node may implement a new function using an expression language, without modifying predefined hard coded functions.


Estimating round-trip times to improve network performance

Owner: Amazon Technologies, Inc.
Publication #: 09013998
Publication Date: 2015-04-21
Patent URL: View on USPTO Website

Disclosed are various embodiments for estimating round-trip times to improve performance of networks. Multiple connections are opened to a network device. Round-trip times associated with sending packets to the network device via the connections are measured. Another connection to the same or a different network device is opened. A round-trip-time estimate for the other connection is initialized based at least in part on the measured round-trip times for the multiple connections, and in some embodiments, network device proximity data.


Measuring network transit time

Owner: Amazon Technologies, Inc.
Publication #: 09014029
Publication Date: 2015-04-21
Patent URL: View on USPTO Website

Disclosed are various embodiments to determine network transit time for a packet. A request packet for determining a network transit time is received. A reply packet is transmitted to the requester in response to the request packet. A reply packet is transmitted to the requester. The reply packet includes information about a packet processing time. This packet processing time includes a time between the receiving of the request packet and the transmitting of the reply packet.


Cross site request forgery mitigation in multi-domain integrations

Owner: Amazon Technologies, Inc.
Publication #: 09015820
Publication Date: 2015-04-21
Patent URL: View on USPTO Website

Systems and methods for authenticating a request submitted from a client device through a third party content provider to an electronic entity are described. In one embodiment, a method includes providing a trusted script to the third party content provider, passing a trust token to the third party content provider and to the client device, and, in response to a request submitted from the client device through the third party content provider, validating the trust token associated with the request with the token passed to the client device, and processing the request. The trusted script is configured to create a trusted window on the third party Web page displayed on the client computing device, receive a trust token from the electronic entity through the trusted window, and associate the trust token with requests submitted from the client computing device through the third party content provider to the electronic entity.


Mobile notifications based upon sensor data

Owner: Amazon Technologies, Inc.
Publication #: 09008629
Publication Date: 2015-04-14
Patent URL: View on USPTO Website

Disclosed are various embodiments employed to generate device notifications based upon ambient conditions associated with a mobile device. To this end, a request to generate a device notification is obtained from a user application. Notification content is extracted from the request and an escalated or de-escalated notification level is applied that is based at least in part upon the ambient conditions of the mobile device and properties about the ambient conditions that can be identified.


Inventory system with climate-controlled inventory

Owner: Amazon Technologies, Inc.
Publication #: 09008827
Publication Date: 2015-04-14
Patent URL: View on USPTO Website

A system includes a climate-controlled inventory holder, a mobile drive unit, and a management module. The climate-controlled inventory holder is configured to control a climate of one or more inventory items stored by the inventory holder. The mobile drive unit is operable to transport the climate-controlled inventory holder from a first location to a second location based at least in part upon one or more instructions received from a management module. The management module is operable to receive an order for an inventory item, determine that the inventory holder stores the inventory item, and instruct the mobile drive unit to transport the climate-controlled inventory holder from the first location to the second location.


Inventory system with connectable inventory holders

Owner: Amazon Technologies, Inc.
Publication #: 09008828
Publication Date: 2015-04-14
Patent URL: View on USPTO Website

An apparatus includes an interface and a processor. The interface is operable to wirelessly transmit instructions to one or more mobile drive units. The processor is communicatively coupled to the interface and is operable to instruct a mobile drive unit to transport a first shipping container storing at least one completed order to a shipping station, instruct the mobile drive unit to connect the first shipping container to a second shipping container to form a group of connected shipping containers. The processor is also operable to detect a trigger event, and in response to detecting the trigger event, coordinate movement of one or more mobile drive units to transport the group of connected shipping containers onto a vehicle for shipment.


Inventory system with connectable inventory holders

Owner: Amazon Technologies, Inc.
Publication #: 09008829
Publication Date: 2015-04-14
Patent URL: View on USPTO Website

A system includes a first mobile drive unit and a second mobile drive unit. The first mobile drive unit is operable to dock with a first item holder at a first end of a column of connected item holders. The second mobile drive unit is operable to dock with a second item holder at a second end of the column of connected item holders. The system also includes a management module that is operable to instruct the first mobile drive unit and the second mobile drive units to transport the column of connected item holders from a first location to a second location.


Inventory system with connectable inventory holders

Owner: Amazon Technologies, Inc.
Publication #: 09008830
Publication Date: 2015-04-14
Patent URL: View on USPTO Website

A system includes a station and a management module. The station includes a queue having a first row and a second row. The management module is operable to instruct a first mobile drive unit to move a first group of connected item holders from the second row to the first row, instruct the first mobile drive unit to move the first group of connected item holders along the station such that one or more items stored by the first group of connected item holders are processed at the station, and after the one or more items from the first group of items are processed, instruct a second mobile drive unit to move a second group of connected item holders from the second row to the first row.


Filling an order at an inventory pier

Owner: Amazon Technologies, Inc.
Publication #: 09009072
Publication Date: 2015-04-14
Patent URL: View on USPTO Website

A system includes an inventory pier, a mobile drive unit, and a management module. The inventory pier includes a defined area arranged to station an inventory holder. The inventory holder stores an inventory item. The mobile drive unit is operable to transport an order holder. The management module is operable to calculate a metric associated with demand for the inventory item. Based at least in part upon the metric, the management module is operable to select, from a plurality of inventory holders, the inventory holder storing the inventory item to be stationed at the defined area of the inventory pier. The management module is further operable to receive an order for the inventory item and instruct the mobile drive unit to transport the order holder to the inventory pier. The order holder is operable to receive the inventory item from the inventory holder proximate to the defined area.


Assessing user-supplied evaluations

Owner: Amazon Technologies, Inc.
Publication #: 09009082
Publication Date: 2015-04-14
Patent URL: View on USPTO Website

Techniques are described for assessing information supplied by users in various ways, such as to assess the reliability and/or other attributes of the user-supplied information. In at least some situations, the user-supplied information includes votes or other evaluations supplied by users related to items available from an online merchant, such as ratings of usefulness or other attributes of item reviews for the items or of other types of content pieces that are provided by other users. If user-supplied information is assessed as being sufficiently reliable and/or to have other desired attributes of interest, such as based on an automated analysis of the information, the user-supplied information may be used in various ways in various embodiments, such as to rate the quality or other attributes of the evaluated content pieces, and/or to rate quality or other attributes of the content-providing users who provide the content pieces.


Distributed storage system with web services client interface

Owner: Amazon Technologies, Inc.
Publication #: 09009111
Publication Date: 2015-04-14
Patent URL: View on USPTO Website

A distributed, web-services based storage system. A system may include a web services interface configured to receive, according to a web services protocol, a given client request for access to a given data object, the request including a key value corresponding to the object. The system may also include storage nodes configured to store replicas of the objects, where each replica is accessible via a respective unique locator value, and a keymap instance configured to store a respective keymap entry for each object. For the given object, the respective keymap entry includes the key value and each locator value corresponding to replicas of the object. A coordinator may receive the given client request from the web services interface, responsively access the keymap instance to identify locator values corresponding to the key value and, for a particular locator value, retrieve a corresponding replica from a corresponding storage node.


Interaction with a virtual network

Owner: Amazon Technologies, Inc.
Publication #: 09009217
Publication Date: 2015-04-14
Patent URL: View on USPTO Website

Systems and method for the management of virtual machine instances are provided. A network data transmission analysis system can host virtual machine networks. A component of a hosted virtual machine network is configured in a manner to receive commands directed towards a simulated network device. The component may then execute a process or processes on the hosted virtual machine network which correspond to the received command.


Extraction and classification of user generated content

Owner: Amazon Technologies, Inc.
Publication #: 09009256
Publication Date: 2015-04-14
Patent URL: View on USPTO Website

Disclosed are various embodiments for a content handler that automatically detects actionable user generated content. The content handler retrieves a text block from a network site and processes the text block for generating a score, wherein the score is a value between a predefined range of values. The content handler may also determine that a content of the text block expresses an actionable user concern when the score exceeds a threshold value, wherein the actionable user concern is capable of being addressed by a customer service agent. Moreover, the content handler may store, in a memory accessible to a representation of the text block in a queue when the text block has the content that expresses the actionable user concern and grant access to the queue for generating a message for a user associated with the text block.


Enforceable launch configurations

Owner: Amazon Technologies, Inc.
Publication #: 09009323
Publication Date: 2015-04-14
Patent URL: View on USPTO Website

Users intending to launch instance