Patents by Inventor Jonathan Kozolchyk
Jonathan Kozolchyk has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20180262346Abstract: A certificate authority receives a request to issue a digital certificate from a customer. In response to the request, the certificate authority determines a network endpoint to be specific to the digital certificate that is to serve information usable to determine whether the digital certificate is valid. The certificate authority issues, to the customer, a digital certificate that specifies a network address for the network endpoint and records information about requests made to the network endpoint to obtain the information usable to determine whether the digital certificate is valid.Type: ApplicationFiled: March 8, 2017Publication date: September 13, 2018Inventors: Marcel Andrew Levy, Peter Zachary Bowen, Jonathan Kozolchyk, Nicholas Wexler
-
Patent number: 10020942Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.Type: GrantFiled: August 3, 2017Date of Patent: July 10, 2018Assignee: Amazon Technologies, Inc.Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
-
Publication number: 20180167220Abstract: In a distributed system, a computer system responsible, at least in part, for complying with a cryptographic key usage limit for a cryptographic key, obtains results of cryptographic operations generated based at least in part on the cryptographic key and transmits the obtained results over a network. The computer system digitally signs the results and provides the results with digital signatures of the results. Another device intercepts the results and allows the results to proceed to their destination contingent on successful validation of the digital signature.Type: ApplicationFiled: January 26, 2018Publication date: June 14, 2018Inventors: Marcel Andrew Levy, Darren Ernest Canavor, Zachary Ganwise Fewtrell, Andrew Alphus Kimbrough, Jonathan Kozolchyk, Darin Keith McAdams, Pradeep Ramarao, Gregory Branchek Roth
-
Patent number: 9985974Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.Type: GrantFiled: March 9, 2017Date of Patent: May 29, 2018Assignee: Amazon Technologies, Inc.Inventors: Jonathan Kozolchyk, Darin Keith McAdams, Jeffrey J. Fielding, Vaibhav Mallya, Darren E. Canavor
-
Patent number: 9882720Abstract: In a distributed system, a computer system responsible, at least in part, for complying with a cryptographic key usage limit for a cryptographic key, obtains results of cryptographic operations generated based at least in part on the cryptographic key and transmits the obtained results over a network. The computer system digitally signs the results and provides the results with digital signatures of the results. Another device intercepts the results and allows the results to proceed to their destination contingent on successful validation of the digital signature.Type: GrantFiled: June 27, 2014Date of Patent: January 30, 2018Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Marcel Andrew Levy, Darren Ernest Canavor, Zachary Ganwise Fewtrell, Andrew Alphus Kimbrough, Jonathan Kozolchyk, Darin Keith McAdams, Pradeep Ramarao, Gregory Branchek Roth
-
Patent number: 9853811Abstract: Nodes in a distributed system utilize the same cryptographic key, where the cryptographic key is subject to a usage limit. The usage limit is allowed to be temporarily exceeded. When the usage limit is exceeded, results of exceeding the usage limit are corrected to mitigate the effects of exceeding the usage limit.Type: GrantFiled: June 27, 2014Date of Patent: December 26, 2017Assignee: Amazon Technologies, Inc.Inventors: Marcel Andrew Levy, Darren Ernest Canavor, Zachary Ganwise Fewtrell, Andrew Alphus Kimbrough, Jonathan Kozolchyk, Darin Keith McAdams, Pradeep Ramarao, Gregory Branchek Roth
-
Publication number: 20170331629Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.Type: ApplicationFiled: August 3, 2017Publication date: November 16, 2017Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
-
Publication number: 20170272441Abstract: A resource owner or administrator submits a request to a permissions management service to create a permissions grant which may include a listing of actions a user may perform on a resource. Accordingly, the permissions management service may create the permissions grant and use a private cryptographic key to digitally sign the created permissions grant. The permissions management service may transmit this digitally signed permissions grant, as well as a digital certificate comprising a public cryptographic key for validating the permissions grant, to a target resource. The target resource may use the public cryptographic key to validate the digital signature of the permissions grant and determine whether a user is authorized to perform one or more actions based at least in part on a request from the user to perform these one or more actions on the resource.Type: ApplicationFiled: June 2, 2017Publication date: September 21, 2017Inventors: Jon Arron McClintock, Darren Ernest Canavor, Daniel Wade Hitchcock, Jonathan Kozolchyk
-
Patent number: 9756023Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, access policies define authorizations regarding which entities are able to resolve a token to access the actual sensitive data.Type: GrantFiled: August 12, 2016Date of Patent: September 5, 2017Assignee: Amazon Technologies, Inc.Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
-
Publication number: 20170180389Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.Type: ApplicationFiled: March 9, 2017Publication date: June 22, 2017Inventors: Jonathan Kozolchyk, Darin Keith McAdams, Jeffrey J. Fielding, Vaibhav Mallya, Darren E. Canavor
-
Patent number: 9674194Abstract: A resource owner or administrator submits a request to a permissions management service to create a permissions grant which may include a listing of actions a user may perform on a resource. Accordingly, the permissions management service may create the permissions grant and use a private cryptographic key to digitally sign the created permissions grant. The permissions management service may transmit this digitally signed permissions grant, as well as a digital certificate comprising a public cryptographic key for validating the permissions grant, to a target resource. The target resource may use the public cryptographic key to validate the digital signature of the permissions grant and determine whether a user is authorized to perform one or more actions based at least in part on a request from the user to perform these one or more actions on the resource.Type: GrantFiled: March 12, 2014Date of Patent: June 6, 2017Assignee: Amazon Technologies, Inc.Inventors: Jon Arron McClintock, Darren Ernest Canavor, Daniel Wade Hitchcock, Jonathan Kozolchyk
-
Patent number: 9596244Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.Type: GrantFiled: June 16, 2011Date of Patent: March 14, 2017Assignee: Amazon Technologies, Inc.Inventors: Jonathan Kozolchyk, Darin Keith McAdams, Jeffrey J Fielding, Vaibhav Mallya, Darren E. Canavor
-
Publication number: 20160352695Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, access policies define authorizations regarding which entities are able to resolve a token to access the actual sensitive data.Type: ApplicationFiled: August 12, 2016Publication date: December 1, 2016Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
-
Patent number: 9419841Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, access policies define authorizations regarding which entities are able to resolve a token to access the actual sensitive data.Type: GrantFiled: June 29, 2011Date of Patent: August 16, 2016Assignee: Amazon Technologies, Inc.Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
-
Patent number: 9250088Abstract: Disclosed are various embodiments for discovery of public points of interest. Data identifying points of interest is obtained. Each point of interest is associated with a respective user and specifies a respective name and a respective geographic location. A public point of interest is determined based at least in part on a similarity of the respective names of a subset of the points of interest, a proximity of the respective geographic locations of the subset of the points of interest, and a number of different users associated with the subset of the points of interest.Type: GrantFiled: October 2, 2013Date of Patent: February 2, 2016Assignee: Amazon Technologies, Inc.Inventors: Jonathan Kozolchyk, Darren E. Canavor, Blake P. Hess, Jeffrey J. Fielding
-
Patent number: 8625757Abstract: A monitoring service may receive, from a plurality of service providers, log information pertaining to access calls made by service consumers to services or APIs provided by the service providers. The monitoring service aggregates and analyzes the log information for use in monitoring performance of the services, identifying anomalies, and the like. In some instances, the monitoring service may identify multiple services that are behaviorally interrelated based on at least one performance metric, and may group these services together into service groups for monitoring purposes. A service relationship model may be generated for each of the service groups that predicts how each service will behave relative to the other services in the service group. The monitoring service may monitor performance and use of the services based, at least in part, on the one or more service groups and the service relationship model for each group.Type: GrantFiled: June 24, 2011Date of Patent: January 7, 2014Assignee: Amazon Technologies, Inc.Inventors: Alexandre Karpov, Darin Keith McAdams, Jonathan Kozolchyk, Peter S Ding, Jeffrey J Fielding
-
Patent number: 8566014Abstract: Disclosed are various embodiments for discovery of public points of interest. Data identifying points of interest is obtained. Each point of interest is associated with a respective user and specifies a respective name and a respective geographic location. A public point of interest is determined based at least in part on a similarity of the respective names of a subset of the points of interest, a proximity of the respective geographic locations of the subset of the points of interest, and a number of different users associated with the subset of the points of interest.Type: GrantFiled: May 17, 2012Date of Patent: October 22, 2013Assignee: Amazon Technologies, Inc.Inventors: Jonathan Kozolchyk, Darren E. Canavor, Blake P. Hess, Jeffrey J. Fielding