Session slicing of mirrored packets
US-12184680-B2 · Dec 31, 2024 · US
Policy approval layer
US9313230B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9313230-B1 |
| Application number | US-201414493212-A |
| Country | US |
| Kind code | B1 |
| Filing date | Sep 22, 2014 |
| Priority date | Sep 22, 2014 |
| Publication date | Apr 12, 2016 |
| Grant date | Apr 12, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A customer of a policy management service may use an interface with a configuration and management service to interact with policies that may be applicable to the customer's one or more resources. The customer may create and/or modify the policies and the configuration and management service may notify one or more other entities of the created and/or modified policies. The one or more other entities may be operated by user authorized to approve the created and/or modified policies. Interactions with the configuration and management service may be the same as the interactions with the policy management service.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method, comprising: under the control of one or more computer systems each having one or more hardware processors configured with executable instructions including, obtaining a current state of a policy from a policy management service, where the policy management service is operable to put the policy into effect, and the policy defines permissions for access to a set of computing resources; receiving a request to modify the policy, the request specifies a modification to the current state of the policy and application of the modification creates a modified policy; determining a description of the modification to the current state of the policy based at least in part on the specified modifications to the current state of the policy; transmitting a notification that includes the determined description; receiving an approval of the modification from an entity of a set of entities authorized to approve modifications to the policy; contingent of receiving a first number of approvals from a second number of entities of the set of entities authorized to approve modifications to the policy, where the first number is greater than one and less than the second number, transmitting an instruction to the policy management service to put the modified policy into effect; and detecting an error with the modified policy. 2. The computer-implemented method of claim 1 , wherein the request is formatted in a manner that the policy management service supports. 3. The computer-implemented method of claim 1 , wherein the entity authorized to approve modifications to the policy is different from a second entity responsible for the modification to the policy. 4. A system, comprising: one or more processors; and memory with instructions that, as a result of execution by the one or more processors, cause the system to: obtain a current state of a policy from a policy management service, where the policy management service is operable to put the policy into effect, and the policy defines permissions for access to a set of computing resources; receive a request to modify the policy, the request specifies a modification to the current state of the policy and application of the modification creates a modified policy; determine a description of the modification to the current state of the policy based at least in part on the specified modifications to the current state of the policy; transmit a notification that includes the description; receive an approval of the modification from an entity of a set of entities authorized to approve modifications to the policy; contingent of receiving a first number of approvals from a second number of entities of the set of entities authorized to approve modifications to the policy, where the first number is greater than one and less than the second number, transmit an instruction to the policy management service to put the modified policy into effect; and detect an error with the modified policy. 5. The system of claim 4 , wherein the memory further includes instructions that, as a result of execution by the one or more processors, cause the system to store, in a repository, the current state of the policy. 6. The system of claim 4 , wherein: the memory further includes instructions that, as a result of execution by the one or more processors, cause the system to execute a simulation of the modified policy and, as a result of detection of the error, restore a previous version of the policy; and wherein the error is detected as a result of the simulation. 7. The system of claim 4 , wherein the memory further includes instructions that, as a result of execution by the one or more processors, cause the system to transmit a set of application programming interface calls that cause the policy management service to enforce the modified policy, where application programming interface calls accepted by the system are of a first format and application programming interface calls accepted by the policy management service are also of the first format. 8. The system of claim 4 , wherein the memory further includes instructions that, as a result of execution by the one or more processors, cause the system to serialize the modification into a structured format suitable for enforcement by the policy management service. 9. The system of claim 4 , wherein the notification is transmitted to the entity as a result of the entity being authorized to provide approval for modified policy. 10. The system of claim 4 , wherein the instruction is contingent upon a successful simulation of the policy including the modification. 11. The system of claim 4 , wherein: the memory further includes instructions that, as a result of execution by the one or more processors, cause the system to receive, from an second entity different from the entity, instructions to apply the modification; and transmission of the instruction to the policy management service is triggered by receipt of the first number of approvals. 12. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least: obtain a current state of a policy from a policy management service, where the policy management service is operable to put the policy into effect, and the policy defines permissions for access to a set of computing resources; receive a request to modify the policy, the request specifies a modification to the current state of the policy and application of the modification creates a modified policy; determine a description of the modification to the current state of the policy based at least in part on the specified modifications to the current state of the policy; transmit a notification that includes the description; receive an approval of the modification from an entity of a set of entities authorized to approve modifications to the policy; contingent of receiving a first number of approvals from a second number of entities of the set of entities authorized to approve modifications to the policy, where the first number is greater than one and less than the second number, transmit an instruction to the policy management service to put the modified policy into effect; and detect an error with the modified policy. 13. The non-transitory computer-readable storage medium of claim 12 , wherein the approval includes an electronic signature attesting to an identity of an operator of the entity. 14. The non-transitory computer-readable storage medium of claim 12 , wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to obtain, from the policy management service, the current state of the policy prior to the modification. 15. The non-transitory computer-readable storage medium of claim 12 , wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to generate a restore point based at least in part on the current state of the policy prior to the modification. 16. The non-transitory computer-readable storage medium of claim 12 , wherein the current state of the policy includes at least some encrypted data, wherein the encrypted data may only be decrypted by the policy management service. 17. The non-transitory computer-readable storage medium of claim 12 , wherein the instructions further comprise instructions that, as a result of execution by th
Assignees
Inventors
Classifications
Office automation; Time management · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Error avoidance (G06F11/07 and subgroups take precedence) · CPC title
Indexing scheme relating to error detection, to error correction, and to monitoring · CPC title
Point-in-time backing up or restoration of persistent data · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9313230B1 cover?
- A customer of a policy management service may use an interface with a configuration and management service to interact with policies that may be applicable to the customer's one or more resources. The customer may create and/or modify the policies and the configuration and management service may notify one or more other entities of the created and/or modified policies. The one or more other ent…
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 12 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).