Patents by Inventor Nachiketh Rao Potlapally
Nachiketh Rao Potlapally has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9864636Abstract: Techniques are described for allocating computing resources to a task from a shared hardware structure. The techniques may involve receiving a request to execute a task for a tenant on shared hardware resources, and determining a set of computing resources for allocation to the task based on a service level agreement associated with the tenant. The set of computing resources can be allocated to the task based on the service level agreement associated with the tenant. In some aspects, one or more performance counters associated with one or more of the computing resources can be monitored to determine an activity level for the one or more computing resources during execution of the task, and one or more allocations of the computing resources for execution of the task can be adjusted based on the activity level for the one or more computing resources.Type: GrantFiled: December 10, 2014Date of Patent: January 9, 2018Assignee: Amazon Technologies, Inc.Inventors: Rahul Gautam Patel, Nachiketh Rao Potlapally, William John Earl
-
Patent number: 9836354Abstract: A service provider system may implement ECC-like features when executing computations on GPUs that do not include sufficient error detection and recovery for computations that are sensitive to bit errors. During execution of critical computations on behalf of customers, the system may automatically instrument program instructions received from the customers to cause each computation to be executed using multiple sets of hardware resources (e.g., different host machines, processor cores, or internal hardware resources). The service may provide APIs with which customers may instrument their code for execution using redundant resource instances, or specify parameters for applying the ECC-like features. The service or customer may instrument code to perform (or cause the system to perform) checkpointing operations at particular points in the code, and to compare intermediate results produced by different hardware resources.Type: GrantFiled: April 28, 2014Date of Patent: December 5, 2017Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, John Merrill Phillips, Nicholas Patrick Wilt, Deepak Singh, Scott Michael Le Grand
-
Patent number: 9819727Abstract: Methods and apparatus for a computing infrastructure for configurable-quality random data are disclosed. A storage medium stores program instructions that when executed on a processor designate some servers of a provider network as members of a pool of producers of random data usable by random data consumers. The instructions, when executed, determine a subset of the pool to be used to supply a collection of random data intended for a random data consumer, and one or more sources of random phenomena to be used to generate the collection of random data. The instructions, when executed, initiate a transmission of the collection of random data directed to the random data consumer.Type: GrantFiled: February 28, 2013Date of Patent: November 14, 2017Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Andrew Paul Mikulski, Donald Lee Bailey, Jr., Robert Eric Fitzgerald
-
Publication number: 20170308696Abstract: Techniques are described for allocating resources to a task from a shared hardware structure. A plurality of tasks may execute on a processor, wherein the processor may include one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for allocating resources to a task from a shared hardware structure amongst multiple tasks, aspects of the disclosure describe assigning a first identifier to a first task from the plurality of tasks, associating a portion of the shared hardware resource with the first identifier, and restricting access and/or observability for computer executable instructions executed from any other task than the first task to the portion of the hardware resource associated with the first identifier.Type: ApplicationFiled: July 6, 2017Publication date: October 26, 2017Inventors: Rahul Gautam Patel, Nachiketh Rao Potlapally, William John Earl, Matthew Shawn Wilson
-
Patent number: 9792143Abstract: The performing of virtual machine (VM)-based secure operations is enabled using a trusted co-processor that is able to operate in a secure mode to perform operations in a multi-tenant environment that are protected from other VMs and DOM-0, among other domains and components. A customer VM can contact a VM manager (VMM) to perform an operation with respect to sensitive data. The VMM can trigger secure mode operation, whereby memory pages are marked and access blocked to entities outside a trusted enclave. The trusted co-processer can measure the VMM and compare the result against an earlier result to ensure that the VMM has not been compromised. Once the operations are performed, the trusted co-processor can return the results, and the VMM can exit the secure mode such that access to the marked pages and customer data is restored.Type: GrantFiled: October 23, 2015Date of Patent: October 17, 2017Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Nachiketh Rao Potlapally, Derek Del Miller, Mark Bradley Davis, Matthew Shawn Wilson, Eric Jason Brandwine, Anthony Nicholas Liguori, Rahul Gautam Patel
-
Publication number: 20170255472Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.Type: ApplicationFiled: April 10, 2017Publication date: September 7, 2017Inventors: Nachiketh Rao Potlapally, Rachit Chawla, Jeremy Ryan Volkman, Michael David Marr
-
Patent number: 9754103Abstract: Techniques are described for injecting noise in a timer value provided to an instruction requesting the timer value. A plurality of tasks may execute on a processor, wherein the processor may comprise one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for injecting noise in the timer value, in response to a request for a timer value, an artificial and indeterminate amount of delay may be introduced before accessing of the timer value from the hardware timer. In one implementation, access to the hardware timer for the timer value may be gated by one or more artificially injected micro-architectural events.Type: GrantFiled: October 8, 2014Date of Patent: September 5, 2017Assignee: Amazon Technologies, Inc.Inventors: Rahul Gautam Patel, William John Earl, Nachiketh Rao Potlapally
-
Publication number: 20170235946Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.Type: ApplicationFiled: February 17, 2017Publication date: August 17, 2017Inventors: Nachiketh Rao Potlapally, Michael David Marr, Eric Jason Brandwine, Donald Lee Bailey, JR.
-
Patent number: 9703951Abstract: Techniques are described for allocating resources to a task from a shared hardware structure. A plurality of tasks may execute on a processor, wherein the processor may include one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for allocating resources to a task from a shared hardware structure amongst multiple tasks, aspects of the disclosure describe assigning a first identifier to a first task from the plurality of tasks, associating a portion of the shared hardware resource with the first identifier, and restricting access and/or observability for computer executable instructions executed from any other task than the first task to the portion of the hardware resource associated with the first identifier.Type: GrantFiled: September 30, 2014Date of Patent: July 11, 2017Assignee: Amazon Technologies, Inc.Inventors: Rahul Gautam Patel, Nachiketh Rao Potlapally, William John Earl, Matthew Shawn Wilson
-
Patent number: 9684630Abstract: Disclosed are various embodiments of a first computing device for obtaining an authentication credential for a cryptographic module of a second computing device. The authentication credential is obtained via a communication session with a module interface of the second computing device. Configuration data is determined for the cryptographic module based at least in part upon the authentication credential. The configuration data is transmitted to the second computing device via the communication session.Type: GrantFiled: December 5, 2012Date of Patent: June 20, 2017Assignee: Amazon Technologies, Inc.Inventors: Michael David Marr, Nachiketh Rao Potlapally, Matthew David Klein
-
Patent number: 9674162Abstract: A computing device has a processor and a first memory, e.g., a fuse-based memory, storing a first cryptographic key. The processor is configured to receive information related to a second cryptographic key from a cryptographic key provisioning system. The processor derives the second cryptographic key from the information related to a second cryptographic key. The first cryptographic key has fewer bits than the second cryptographic key. The processor is also configured to encrypt the second cryptographic key using the first cryptographic key, and store the encrypted second cryptographic key in a second memory, e.g., a flash memory.Type: GrantFiled: March 13, 2015Date of Patent: June 6, 2017Assignee: Amazon Technologies, Inc.Inventors: Derek Del Miller, Nachiketh Rao Potlapally
-
Publication number: 20170139462Abstract: Methods and apparatus for datacenter power management optimization are disclosed. Metrics, including workload data, thermal measurements and the like are collected from numerous endpoints within a datacenter. System profiles of a plurality of servers, and application workload profiles for various workloads, are stored. Based on analysis of collected metrics, power optimization operations comprising either workload scheduling operations, power configuration change operations, or both, are initiated.Type: ApplicationFiled: January 30, 2017Publication date: May 18, 2017Applicant: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, James R. Hamilton
-
Patent number: 9619238Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.Type: GrantFiled: April 15, 2013Date of Patent: April 11, 2017Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Rachit Chawla, Jeremy Ryan Volkman, Michael David Marr
-
Patent number: 9594638Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.Type: GrantFiled: April 15, 2013Date of Patent: March 14, 2017Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Rachit Chawla, Jeremy Ryan Volkman, Michael David Marr
-
Patent number: 9578034Abstract: A trusted peripheral device can be utilized with an electronic resource, such as a host machine, in order to enable the secured performance of security and remote management in the electronic environment, where various users might be provisioned on, or otherwise have access to, the electronic resource. The peripheral can have a secure channel for communicating with a centralized management system or service, whereby the management service can remotely connect to this trusted peripheral, using a secure and authenticated network connection, in order to run the above-described functionality on the host to which the peripheral is attached.Type: GrantFiled: January 28, 2016Date of Patent: February 21, 2017Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Michael David Marr
-
Patent number: 9576155Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.Type: GrantFiled: September 28, 2015Date of Patent: February 21, 2017Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Michael David Marr, Eric Jason Brandwine, Donald Lee Bailey, Jr.
-
Patent number: 9557792Abstract: Methods and apparatus for datacenter power management optimization are disclosed. Metrics, including workload data, thermal measurements and the like are collected from numerous endpoints within a datacenter. System profiles of a plurality of servers, and application workload profiles for various workloads, are stored. Based on analysis of collected metrics, power optimization operations comprising either workload scheduling operations, power configuration change operations, or both, are initiated.Type: GrantFiled: May 31, 2013Date of Patent: January 31, 2017Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, James R. Hamilton
-
Publication number: 20160373481Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.Type: ApplicationFiled: September 2, 2016Publication date: December 22, 2016Inventors: Hassan Sultan, John Schweitzer, Donald Lee Bailey, JR., Gregory Branchek Roth, Nachiketh Rao Potlapally
-
Patent number: 9514324Abstract: A computer-implemented method includes restricting access to customer data to certain geographic regions authorized by the customer. The restriction can be managed by associating policy information with the customer data that identifies the geographic regions authorized by the customer. Resources attempting to access the customer data can evaluate the policy information associated with the customer data with respect to the geographic location in which the resource is located to determine whether the resource is permitted to access the customer data. The restriction can also be managed by encrypting the customer data with a cryptographic key that corresponds to the customer and/or the authorized geographic regions.Type: GrantFiled: June 20, 2014Date of Patent: December 6, 2016Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Jonathan Matthew Miller, Eric Jason Brandwine, Stephen Edward Schmidt, Donald Lee Bailey, Jr.
-
Patent number: 9491112Abstract: Techniques are described for accumulating unused computing resources. The techniques may involve receiving a request to execute a task for a tenant on shared hardware resources and assigning a task identifier to the task. A baseline resource credit per time interval of a computing resource can be determined based on a service level agreement associated with the tenant. The techniques may further involve monitoring a performance counter associated with the computing resource to determine a utilization amount of the computing resource by the task during a first time interval, determining an unused amount of the computing resource in the first time interval based on a difference between the utilization amount and the baseline resource credit and incrementing a resource credit balance associated with the task identifier by the unused amount of the computing resource.Type: GrantFiled: December 10, 2014Date of Patent: November 8, 2016Assignee: Amazon Technologies, Inc.Inventors: Rahul Gautam Patel, William John Earl, Nachiketh Rao Potlapally