Patents by Inventor Mark Edward Stalzer
Mark Edward Stalzer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240089241Abstract: A computing resource service provider receives a request from a customer to establish a physical connection between a provider network device and a customer network device in a colocation center. Once the connection has been established, the customer may transmit cryptographic authentication information, through the physical connection, to the provider network device. The provider network device transmits this information to an authentication service operated by the computing resource service provider to verify the authenticity of the information. If the information is authentic, the authentication service may re-configure the provider network device to allow the customer to access one or more services provided by the computing resource service provider. The authentication service may transmit cryptographic authentication information to the customer to verify the identity of the computing resource service provider.Type: ApplicationFiled: November 18, 2023Publication date: March 14, 2024Inventors: Mark Edward Stalzer, Christian Arthur Arllen
-
Patent number: 11843589Abstract: A computing resource service provider receives a request from a customer to establish a physical connection between a provider network device and a customer network device in a colocation center. Once the connection has been established, the customer may transmit cryptographic authentication information, through the physical connection, to the provider network device. The provider network device transmits this information to an authentication service operated by the computing resource service provider to verify the authenticity of the information. If the information is authentic, the authentication service may re-configure the provider network device to allow the customer to access one or more services provided by the computing resource service provider. The authentication service may transmit cryptographic authentication information to the customer to verify the identity of the computing resource service provider.Type: GrantFiled: August 17, 2021Date of Patent: December 12, 2023Assignee: Amazon Technologies, Inc.Inventors: Mark Edward Stalzer, Christian Arthur Arllen
-
Publication number: 20230351458Abstract: Methods and apparatus for partitioned private interconnects to provider networks are described. At least a portion of available bandwidth of a private physical interconnect between a provider network and a connectivity intermediary's network is designated as the bandwidth limit of an interconnect partition set up on behalf of a customer at the request of the intermediary. The intermediary's network comprises one or more devices to which at least one of the customer's devices is connected. Access to one or more resources of the provider network via the interconnect is enabled. Traffic monitoring results associated with the interconnect are used to enforce the designated bandwidth limit of the partition.Type: ApplicationFiled: May 4, 2023Publication date: November 2, 2023Applicant: Amazon Technologies, Inc.Inventors: Shuai Ye, Mark Edward Stalzer, Patrick Brigham Cullen
-
Patent number: 11803766Abstract: An automated security assessment service of a service provider network may identify, and notify a customer of, misconfigured VM instances that can be access (e.g., via the Internet). A scanner tool may call an automated reasoning service to identify any VM instances of a customer that can be accessed, and may receive information from the automated reasoning service that is usable to exchange packets with those identified instances. The scanner tool can use the information to send requests to the identified instances. After receiving responses from the identified instances, the scanner tool can store, in storage of a network-based storage service, and in association with a customer account of the customer, encrypted data about the results of the scan (e.g., any VM instances that are vulnerable to attackers), and this encrypted data is thereby accessible to the customer with proper decrypt permissions.Type: GrantFiled: December 12, 2019Date of Patent: October 31, 2023Assignee: Amazon Technologies, Inc.Inventors: Preethi Srinivasan, Sreekanth Reddy Polaka, Christopher Wooram Yi, John David Backes, Everett Richard Anthony, Aparna Nagargadde, Mark Edward Stalzer
-
Publication number: 20230262087Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.Type: ApplicationFiled: April 25, 2023Publication date: August 17, 2023Applicant: Amazon Technologies, Inc.Inventors: Catherine Dodge, Nikhil Reddy Cheruku, John Byron Cook, Temesghen Kahsai Azene, William Jo Kocik, Sean McLaughlin, Mark Edward Stalzer, Blake Whaley, Yiwen Wu
-
Patent number: 11682055Abstract: Methods and apparatus for partitioned private interconnects to provider networks are described. At least a portion of available bandwidth of a private physical interconnect between a provider network and a connectivity intermediary's network is designated as the bandwidth limit of an interconnect partition set up on behalf of a customer at the request of the intermediary. The intermediary's network comprises one or more devices to which at least one of the customer's devices is connected. Access to one or more resources of the provider network via the interconnect is enabled. Traffic monitoring results associated with the interconnect are used to enforce the designated bandwidth limit of the partition.Type: GrantFiled: January 22, 2021Date of Patent: June 20, 2023Assignee: Amazon Technologies, Inc.Inventors: Shuai Ye, Mark Edward Stalzer, Patrick Brigham Cullen
-
Patent number: 11671442Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.Type: GrantFiled: August 27, 2021Date of Patent: June 6, 2023Assignee: Amazon Technologies, Inc.Inventors: Catherine Dodge, Nikhil Reddy Cheruku, John Byron Cook, Temesghen Kahsai Azene, William Jo Kocik, Sean McLaughlin, Mark Edward Stalzer, Blake Whaley, Yiwen Wu
-
Publication number: 20210392157Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.Type: ApplicationFiled: August 27, 2021Publication date: December 16, 2021Applicant: Amazon Technologies, Inc.Inventors: Catherine Dodge, Nikhil Reddy Cheruku, John Byron Cook, Temesghen Kahsai Azene, William Jo Kocik, Sean McLaughlin, Mark Edward Stalzer, Blake Whaley, Yiwen Wu
-
Publication number: 20210392122Abstract: A computing resource service provider receives a request from a customer to establish a physical connection between a provider network device and a customer network device in a colocation center. Once the connection has been established, the customer may transmit cryptographic authentication information, through the physical connection, to the provider network device. The provider network device transmits this information to an authentication service operated by the computing resource service provider to verify the authenticity of the information. If the information is authentic, the authentication service may re-configure the provider network device to allow the customer to access one or more services provided by the computing resource service provider. The authentication service may transmit cryptographic authentication information to the customer to verify the identity of the computing resource service provider.Type: ApplicationFiled: August 17, 2021Publication date: December 16, 2021Inventors: Mark Edward Stalzer, Christian Arthur Arllen
-
Patent number: 11122022Abstract: A computing resource service provider receives a request from a customer to establish a physical connection between a provider network device and a customer network device in a colocation center. Once the connection has been established, the customer may transmit cryptographic authentication information, through the physical connection, to the provider network device. The provider network device transmits this information to an authentication service operated by the computing resource service provider to verify the authenticity of the information. If the information is authentic, the authentication service may re-configure the provider network device to allow the customer to access one or more services provided by the computing resource service provider. The authentication service may transmit cryptographic authentication information to the customer to verify the identity of the computing resource service provider.Type: GrantFiled: June 23, 2017Date of Patent: September 14, 2021Assignee: Amazon Technologies, Inc.Inventors: Mark Edward Stalzer, Christian Arthur Arllen
-
Patent number: 11108805Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.Type: GrantFiled: June 27, 2018Date of Patent: August 31, 2021Assignee: Amazon Technologies, Inc.Inventors: Catherine Dodge, Nikhil Reddy Cheruku, John Byron Cook, Temesghen Kahsai Azene, William Jo Kocik, Sean McLaughlin, Mark Edward Stalzer, Blake Whaley, Yiwen Wu
-
Patent number: 11088933Abstract: A system includes a provider network and a client network connected via a dedicated physical connection. The client network and the provider network exchange routing information using routing protocol messages, such as border gateway protocol (BGP) update messages exchanged during a BGP session. A provider network includes tag field values in outgoing routing protocol messages that indicate a portion of the provider network wherein resources of the provider network associated with a corresponding route are located. The client network may use the tag field value to determine whether to add the route to a routing table of the client network. A client network may also include tag field values in outgoing routing protocol messages to a provider network. The tag field values may indicate what portions of the provider network are to receive the routes from the client network. For example a tag field value may indicate that a route is to be propagated within a limited portion of the provider network.Type: GrantFiled: January 18, 2019Date of Patent: August 10, 2021Assignee: Amazon Technologies, Inc.Inventors: Po-Chun Chen, Mark Edward Stalzer, Marco Eulenfeld
-
Publication number: 20210142374Abstract: Methods and apparatus for partitioned private interconnects to provider networks are described. At least a portion of available bandwidth of a private physical interconnect between a provider network and a connectivity intermediary's network is designated as the bandwidth limit of an interconnect partition set up on behalf of a customer at the request of the intermediary. The intermediary's network comprises one or more devices to which at least one of the customer's devices is connected. Access to one or more resources of the provider network via the interconnect is enabled. Traffic monitoring results associated with the interconnect are used to enforce the designated bandwidth limit of the partition.Type: ApplicationFiled: January 22, 2021Publication date: May 13, 2021Applicant: Amazon Technologies, Inc.Inventors: Shuai Ye, Mark Edward Stalzer, Patrick Brigham Cullen
-
Patent number: 10909592Abstract: Methods and apparatus for partitioned private interconnects to provider networks are described. At least a portion of available bandwidth of a private physical interconnect between a provider network and a connectivity intermediary's network is designated as the bandwidth limit of an interconnect partition set up on behalf of a customer at the request of the intermediary. The intermediary's network comprises one or more devices to which at least one of the customer's devices is connected. Access to one or more resources of the provider network via the interconnect is enabled. Traffic monitoring results associated with the interconnect are used to enforce the designated bandwidth limit of the partition.Type: GrantFiled: February 22, 2019Date of Patent: February 2, 2021Assignee: Amazon Technologies, Inc.Inventors: Shuai Ye, Mark Edward Stalzer, Patrick Brigham Cullen
-
Patent number: 10771309Abstract: A technology is described for updating an Autonomous System Number (ASN) in a Border Gateway Protocol (BGP) routing configuration. An example method may include receiving a request to update a BGP routing configuration on a gateway with an ASN associated with a customer. In response to the request, the BGP routing configuration on the gateway may be updated to replace a default ASN associated with a computing service provider with the ASN associated with the customer. The BGP routing configuration on the gateway may also be updated to allow the ASN associated with the customer to appear in an Autonomous System (AS) path at least twice, thereby allowing for BGP routes to be exchanged between gateways.Type: GrantFiled: March 20, 2018Date of Patent: September 8, 2020Inventors: Po-Chun Chen, Mark Edward Stalzer, Andrew Hemstreet Redmon
-
Publication number: 20200007569Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.Type: ApplicationFiled: June 27, 2018Publication date: January 2, 2020Applicant: Amazon Technologies, Inc.Inventors: Catherine Dodge, Nikhil Reddy Cheruku, John Byron Cook, Temesghen Kahsai Azene, William Jo Kocik, Sean McLaughlin, Mark Edward Stalzer, Blake Whaley, Yiwen Wu
-
Publication number: 20190188763Abstract: Methods and apparatus for partitioned private interconnects to provider networks are described. At least a portion of available bandwidth of a private physical interconnect between a provider network and a connectivity intermediary's network is designated as the bandwidth limit of an interconnect partition set up on behalf of a customer at the request of the intermediary. The intermediary's network comprises one or more devices to which at least one of the customer's devices is connected. Access to one or more resources of the provider network via the interconnect is enabled. Traffic monitoring results associated with the interconnect are used to enforce the designated bandwidth limit of the partition.Type: ApplicationFiled: February 22, 2019Publication date: June 20, 2019Applicant: Amazon Technologies, Inc.Inventors: Shuai Ye, Mark Edward Stalzer, Patrick Brigham Cullen
-
Patent number: 10326710Abstract: Methods and apparatus that automatically propagate access rules for access groups within clients' virtual networks on a provider network. A peering protocol may be used to advertise routes from a gateway of a client's external network to a virtual gateway of the client's virtual network via direct and/or virtual connections. The advertised routes may be automatically propagated into the virtual network so that traffic can flow between the source address ranges of the advertised routes and the virtual network. Access group information may be included as metadata with at least some route advertisements. Access rules for access groups on the virtual network may be automatically created or updated according to the metadata included with the advertised routes to allow access from network addresses on the client's external network to the client's resources in the access groups.Type: GrantFiled: September 2, 2015Date of Patent: June 18, 2019Assignee: Amazon Technologies, Inc.Inventors: Omer Hashmi, Mark Edward Stalzer
-
Publication number: 20190173774Abstract: A system includes a provider network and a client network connected via a dedicated physical connection. The client network and the provider network exchange routing information using routing protocol messages, such as border gateway protocol (BGP) update messages exchanged during a BGP session. A provider network includes tag field values in outgoing routing protocol messages that indicate a portion of the provider network wherein resources of the provider network associated with a corresponding route are located. The client network may use the tag field value to determine whether to add the route to a routing table of the client network. A client network may also include tag field values in outgoing routing protocol messages to a provider network. The tag field values may indicate what portions of the provider network are to receive the routes from the client network. For example a tag field value may indicate that a route is to be propagated within a limited portion of the provider network.Type: ApplicationFiled: January 18, 2019Publication date: June 6, 2019Applicant: Amazon Technologies, Inc.Inventors: Po-Chun Chen, Mark Edward Stalzer, Marco Eulenfeld
-
Patent number: 10217145Abstract: Methods and apparatus for partitioned private interconnects to provider networks are described. At least a portion of available bandwidth of a private physical interconnect between a provider network and a connectivity intermediary's network is designated as the bandwidth limit of an interconnect partition set up on behalf of a customer at the request of the intermediary. The intermediary's network comprises one or more devices to which at least one of the customer's devices is connected. Access to one or more resources of the provider network via the interconnect is enabled. Traffic monitoring results associated with the interconnect are used to enforce the designated bandwidth limit of the partition.Type: GrantFiled: February 18, 2014Date of Patent: February 26, 2019Assignee: Amazon Technologies, Inc.Inventors: Shuai Ye, Mark Edward Stalzer, Patrick Brigham Cullen