Patents by Inventor Derek Avery Lyon
Derek Avery Lyon has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11924247Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.Type: GrantFiled: June 13, 2022Date of Patent: March 5, 2024Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Derek Avery Lyon, John Michael Morkel, Graeme David Baer, Ajith Harshana Ranabahu, Khaled Salah Sedky
-
Patent number: 11361063Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.Type: GrantFiled: May 8, 2019Date of Patent: June 14, 2022Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Derek Avery Lyon, John Michael Morkel, Graeme David Baer, Ajith Harshana Ranabahu, Khaled Salah Sedky
-
Patent number: 11018948Abstract: A network-based discovery system and service are disclosed that provide client discovery services to a number of clients over a network. The network-based discovery system includes a database that stores discovery information of client network-based resource configurations. The discovery information may be obtained from client resources by client-side discovery components that are placed on client resources, obtain the discovery information and that send the information to the discovery system. The discovery system analyzes the discovery information to determine the client network-based resource configurations and generates client network-based resource configuration representations for the respective clients. The client network-based resource configuration representation may include a description of, and dependencies among, a plurality of computer-based resources.Type: GrantFiled: September 14, 2018Date of Patent: May 25, 2021Assignee: Amazon Technologies, Inc.Inventors: Hariharan Subramanian, David Samuel Zipkin, Derek Avery Lyon, Cristian Gabriel Gafton
-
Publication number: 20190268245Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.Type: ApplicationFiled: May 8, 2019Publication date: August 29, 2019Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Derek Avery Lyon, John Michael Morkel, Graeme David Baer, Ajith Harshana Ranabahu, Khaled Salah Sedky
-
Patent number: 10362039Abstract: A computing resource service provider may receive, from a user client connected to an on-premises network, a security document specifying one or more user roles defining a level of access to customer resources within the on-premises network. In response, the service provider may generate and provide the user client with a cookie specifying the user roles and including an address for an interface within the service provider network. The service provider may receive a request from the user client to access one or more customer resources hosted by the service provider. The request may include the cookie previously provided to the user client. Accordingly, the service provider may extract the user roles from the cookie and determine, based at least in part on these user roles, whether to fulfill the user client request.Type: GrantFiled: December 19, 2016Date of Patent: July 23, 2019Assignee: Amazon Technologies, Inc.Inventors: Wesley Marlin Sutton, Apolak Borthakur, Derek Avery Lyon, Raviprasad Venkatesha Murthy Mummidi, Karthikeyan Natarajan
-
Patent number: 10320624Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.Type: GrantFiled: September 30, 2013Date of Patent: June 11, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Derek Avery Lyon, John Michael Morkel, Graeme David Baer, Ajith Harshana Ranabahu, Khaled Salah Sedky
-
Patent number: 10225152Abstract: A method and apparatus for the evaluation and remediation of an access control policy is disclosed. In the method and apparatus, an intermediary service may make access request, on behalf of a customer, to one or more computing resources and the access control policy is evaluation to determine whether the request is authorized. Further, remediation options for the access control policy are offered for the request to be authorized.Type: GrantFiled: September 30, 2013Date of Patent: March 5, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Derek Avery Lyon, John Michael Morkel, Graeme David Baer, Ajith Harshana Ranabahu, Khaled Salah Sedky
-
Publication number: 20190028355Abstract: A network-based discovery system and service are disclosed that provide client discovery services to a number of clients over a network. The network-based discovery system includes a database that stores discovery information of client network-based resource configurations. The discovery information may be obtained from client resources by client-side discovery components that are placed on client resources, obtain the discovery information and that send the information to the discovery system. The discovery system analyzes the discovery information to determine the client network-based resource configurations and generates client network-based resource configuration representations for the respective clients. The client network-based resource configuration representation may include a description of, and dependencies among, a plurality of computer-based resources.Type: ApplicationFiled: September 14, 2018Publication date: January 24, 2019Applicant: Amazon Technologies, Inc.Inventors: Hariharan Subramanian, David Samuel Zipkin, Derek Avery Lyon, Cristian Gabriel Gafton
-
Patent number: 10079730Abstract: A network-based discovery system and service are disclosed that provide client discovery services to a number of clients over a network. The network-based discovery system includes a database that stores discovery information of client network-based resource configurations. The discovery information may be obtained from client resources by client-side discovery components that are placed on client resources, obtain the discovery information and that send the information to the discovery system. The discovery system analyzes the discovery information to determine the client network-based resource configurations and generates client network-based resource configuration representations for the respective clients. The client network-based resource configuration representation may include a description of, and dependencies among, a plurality of computer-based resources.Type: GrantFiled: September 30, 2015Date of Patent: September 18, 2018Assignee: Amazon Technologies, Inc.Inventors: Hariharan Subramanian, David Samuel Zipkin, Derek Avery Lyon, Cristian Gabriel Gafton
-
Patent number: 9962921Abstract: A 3D shipping container engine may obtain item information for one or more items. Once obtained, container specifications may be determined for a container in which to store the one or more items based on the item(s) information. Based the container specifications, 3D additive manufacturing instructions may be provided for the container.Type: GrantFiled: December 17, 2014Date of Patent: May 8, 2018Assignee: Amazon Technologies, Inc.Inventor: Derek Avery Lyon
-
Patent number: 9792141Abstract: Techniques are described for generating and using virtual machine images and other software images in configured manners, such as by an image generating service on behalf of clients. An image may be configured to include or use multiple underlying components to construct the image, and specified configuration information may cause the generating process for the image to be triggered when underlying construction components change or otherwise when specified triggering conditions are satisfied. For example, an image to be manufactured may include a software program under development by a software developer client, with code files used to create the software program being among the construction components, such that client actions involving those code files (e.g., committing a new version with recent changes to a code repository) triggers a new version of the image to be manufactured that incorporates those changes.Type: GrantFiled: June 30, 2015Date of Patent: October 17, 2017Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Ekanth Sethuramalingam, Raviprasad Venkatesha Murthy Mummidi, Derek Avery Lyon
-
Patent number: 9778952Abstract: A customer network client detects, through a user interface, selection of a graphical representation of a set of virtual machine images and an indication to migrate this set of virtual machine images to an off-premises network managed by a computing resource service provider. In response, the client generates a set of application programming interface calls, which may be transmitted to the service provider and causes the service provider to convert the selected images for use within the off-premises network. The client monitors fulfillment of the calls and, upon determining that the calls has been fulfilled, updates a portion of the user interface associated with the computing resource service provider to indicate that the images may be instantiated within the off-premises network.Type: GrantFiled: June 27, 2014Date of Patent: October 3, 2017Assignee: Amazon Technologies, Inc.Inventors: Wesley Marlin Sutton, Raviprasad Venkatesha Murthy Mummidi, Karthikeyan Natarajan, Long Kim Do, Derek Avery Lyon, Keshav Sethi Attrey, Hariharan Subramanian
-
Patent number: 9648040Abstract: An authorization check web service request is disclosed. The web service request can include a parameter controlling whether or not to perform the action associated with the web service request. The parameter can be included in the web service request itself, or it can be separated therefrom, such as being included in a customer account. Using this parameter, the requestor can perform an authorization check without actually performing the action. Thus, customers can determine the authorization result of a request without actually processing the request itself. Customers and other services can use this parameter to determine their effective permissions.Type: GrantFiled: September 19, 2013Date of Patent: May 9, 2017Assignee: Amazon Technologies, Inc.Inventors: John Michael Morkel, Derek Avery Lyon
-
Publication number: 20170099299Abstract: A computing resource service provider may receive, from a user client connected to an on-premises network, a security document specifying one or more user roles defining a level of access to customer resources within the on-premises network. In response, the service provider may generate and provide the user client with a cookie specifying the user roles and including an address for an interface within the service provider network. The service provider may receive a request from the user client to access one or more customer resources hosted by the service provider. The request may include the cookie previously provided to the user client. Accordingly, the service provider may extract the user roles from the cookie and determine, based at least in part on these user roles, whether to fulfill the user client request.Type: ApplicationFiled: December 19, 2016Publication date: April 6, 2017Inventors: Wesley Marlin Sutton, Apolak Borthakur, Derek Avery Lyon, Raviprasad Venkatesha Murthy Mummidi, Karthikeyan Natarajan
-
Publication number: 20170093640Abstract: A network-based discovery system and service are disclosed that provide client discovery services to a number of clients over a network. The network-based discovery system includes a database that stores discovery information of client network-based resource configurations. The discovery information may be obtained from client resources by client-side discovery components that are placed on client resources, obtain the discovery information and that send the information to the discovery system. The discovery system analyzes the discovery information to determine the client network-based resource configurations and generates client network-based resource configuration representations for the respective clients. The client network-based resource configuration representation may include a description of, and dependencies among, a plurality of computer-based resources.Type: ApplicationFiled: September 30, 2015Publication date: March 30, 2017Applicant: AMAZON TECHNOLOGIES, INC.Inventors: HARIHARAN SUBRAMANIAN, DAVID SAMUEL ZIPKIN, DEREK AVERY LYON, CRISTIAN GABRIEL GAFTON
-
Patent number: 9531719Abstract: A computing resource service provider may receive, from a user client connected to an on-premises network, a security document specifying one or more user roles defining a level of access to customer resources within the on-premises network. In response, the service provider may generate and provide the user client with a cookie specifying the user roles and including an address for an interface within the service provider network. The service provider may receive a request from the user client to access one or more customer resources hosted by the service provider. The request may include the cookie previously provided to the user client. Accordingly, the service provider may extract the user roles from the cookie and determine, based at least in part on these user roles, whether to fulfill the user client request.Type: GrantFiled: April 29, 2014Date of Patent: December 27, 2016Assignee: Amazon Technologies, Inc.Inventors: Wesley Marlin Sutton, Apolak Borthakur, Derek Avery Lyon, Raviprasad Venkatesha Murthy Mummidi, Karthikeyan Natarajan