What technology area does this patent fall under?

Primary CPC classification H04L63/126. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jul 02 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Contribution signatures for tagging

US12028461B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12028461-B2
Application number	US-202318196266-A
Country	US
Kind code	B2
Filing date	May 11, 2023
Priority date	Dec 22, 2015
Publication date	Jul 2, 2024
Grant date	Jul 2, 2024

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method, comprising: determine policies to be associated with a plurality of resources in a computing resource environment; enabling a first signed request to comprise signed tagging metadata, at least one second signed request, and at least one signed additional metadata; validating the first signed request and the at least one second signed request; and provisioning the plurality of resources with the policies associated there with by tagging the plurality of resources using individual metadata associated with the signed tagging metadata and the at least one signed additional metadata. 2. The computer-implemented method of claim 1 , further comprising: receiving at least the first signed request from an application; and signing tagging metadata using a private key or credential to generate the signed tagging metadata, the private key or credential associated with a customer or entity and to be associated with a type or scope of access to the plurality of resources based in part on the policies. 3. The computer-implemented method of claim 1 , wherein the type or scope of access to the plurality of resources comprises ways in which the plurality of resources is utilized to perform a process or task using the plurality of resources. 4. The computer-implemented method of claim 1 , further comprising: receiving the first signed request, in part, to create a virtual machine instance; and enabling one or more of the signed tagging metadata or the at least one signed additional metadata to be digitally signed using a symmetric or asymmetric key, and wherein at least part of the policies for the plurality of resources is determined based in part on the symmetric or asymmetric key. 5. The computer-implemented method of claim 1 , wherein at least one of the signed tagging metadata or the at least one signed additional metadata comprises a key-value pair that is applied to the plurality of resources, and wherein at least part of the policies for the plurality of resources provide a level of access control to the plurality of resources based in part on the key value pair. 6. The computer-implemented method of claim 1 , further comprising: verifying, by a notation service, that the first signed request and the at least one second signed request correspond to a valid request chain for provisioning the plurality of resources. 7. The computer-implemented method of claim 1 , further comprising: causing the signed tagging metadata and the at least one signed additional metadata to be stored to a metadata repository for a computing resource environment hosting the plurality of resources; and enabling the metadata repository to be searchable, using a search key and an associated value, to determine metadata that are currently applied to one or more of resources in the computing resource environment comprising the plurality of resources. 8. A system, comprising: at least one processor; and memory including instructions that, when executed by the at least one processor, cause the system to: determine policies to be associated with a plurality of resources in a computing resource environment; enable a first signed request to comprise signed tagging metadata, at least one second signed request, and at least one signed additional metadata; validate the first signed request and the at least one second signed request; and provision the plurality of resources with the policies associated there with by tagging the plurality of resources using individual metadata associated with the signed tagging metadata and the at least one signed additional metadata. 9. The system of claim 8 , wherein the instructions that, when executed by the at least one processor, further cause the system to: receive at least the first signed request from an application; and sign tagging metadata using a private key or credential to generate the signed tagging metadata, the private key or credential associated with a customer or entity and to be associated with a type or scope of access to the plurality of resources based in part on the policies. 10. The system of claim 9 , wherein the type or scope of access to the plurality of resources comprises ways in which the plurality of resources is utilized to perform a process or task using the plurality of resources. 11. The system of claim 8 , wherein the instructions that, when executed by the at least one processor, further cause the system to: receive the first signed request, in part, to create a virtual machine instance; and enable one or more of the signed tagging metadata or the at least one signed additional metadata to be digitally signed using a symmetric or asymmetric key, and wherein at least part of the policies for the plurality of resources is determined based in part on the symmetric or asymmetric key. 12. The system of claim 8 , wherein at least one of the signed tagging metadata or the at least one signed additional metadata comprises a key-value pair that is applied to the plurality of resources, and wherein at least part of the policies for the plurality of resources provide a level of access control to the plurality of resources based in part on the key value pair. 13. The system of claim 8 , wherein the instructions that, when executed by the at least one processor, further cause the system to: verify, by a notation service, that the first signed request and the at least one second signed request correspond to a valid request chain for provisioning the plurality of resources. 14. The system of claim 8 , wherein the instructions that, when executed by the at least one processor, further cause the system to: cause the signed tagging metadata and the at least one signed additional metadata to be stored to a metadata repository for a computing resource environment hosting the plurality of resources; and enable the metadata repository to be searchable, using a search key and an associated value, to determine metadata that are currently applied to one or more of resources in the computing resource environment comprising the plurality of resources. 15. A non-transitory computer readable medium comprising instructions that when executed by at least one processor cause the at least one processor to: determine policies to be associated with a plurality of resources in a computing resource environment; enable a first signed request to comprise signed tagging metadata, at least one second signed request, and at least one signed additional metadata; validate the first signed request and the at least one second signed request; and provision the plurality of resources with the policies associated there with by tagging the plurality of resources using individual metadata associated with the signed tagging metadata and the at least one signed additional metadata. 16. The non-transitory computer readable medium of claim 15 comprising the instructions that when executed by the at least one processor further cause the at least one processor to: receive at least the first signed request from an application; and sign tagging metadata using a private key or credential to generate the signed tagging metadata, the private key or credential associated with a customer or entity and to be associated with a type or scope of access to the plurality of resources based in part on the policies. 17. The non-transitory computer readable medium of claim 15 comprising the instructions that when executed by the at least one processor further cause the at least one processor to: receive the first signed request, i

Assignees

Amazon Tech Inc

Inventors

Classifications

G06F2212/402
Encrypted data · CPC title
H04L63/126Primary
the source of the received data · CPC title
H04L63/061
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
G06F12/1408
by using cryptography (for digital transmission H04L9/00) · CPC title
H04L9/3247Primary
involving digital signatures · CPC title

Patent family

Related publications grouped by family.

View patent family 69141156

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12028461B2 cover?: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that s…
Who is the assignee on this patent?: Amazon Tech Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/126. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jul 02 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Tag-based policy architecture

Access control using impersonization

Providing services as resources for other services

Methods and nodes for verification of data

Credential management in a multi-tenant environment

Frequently asked questions