Patents by Inventor Peter Zachary Bowen
Peter Zachary Bowen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10320773Abstract: A customer can demonstrate control over an element, such as a domain, by receiving a certificate from a certificate authority. After receiving a request for a certificate for a certain domain name, the certificate authority uses a public key cryptography protocol to generate a request for information regarding the domain name. The request for information is submitted to a domain service which hosts that domain name, and the domain service will provide a response to the certificate authority which includes a public key and data for the domain name, with the data encrypted under an associated private key for the domain name. The certificate authority will issue a certificate specifying the domain name and utilizing the received public key, and the certificate is unable to be validated without access to the associated private key.Type: GrantFiled: August 10, 2017Date of Patent: June 11, 2019Assignee: AMAZON TECHNOLOGIES, INC.Inventor: Peter Zachary Bowen
-
Patent number: 10291605Abstract: A customer can demonstrate control over an element, such as a domain, by receiving a certificate from a certificate authority. The customer can utilize a device for sending a request relating to a specified domain and receiving a request token to be provided to a domain registry associated with the subject domain. Request token creation can entail generating at least one of a random string, a string generated based on information about a customer, a string generated based on information about the application, a password, or a key. After receiving the request token, the domain registry, in turn, will provide the token to the authority, which will verify that the request token received from the domain registry corresponds to the request token originally provided to the customer's device. If the two tokens match, the authority can act in accordance with the request, such as by issuing the certificate.Type: GrantFiled: August 10, 2017Date of Patent: May 14, 2019Assignee: AMAZON TECHNOLOGIES, INC.Inventor: Peter Zachary Bowen
-
Patent number: 10171495Abstract: Suspicious connection requests can be detected by analyzing connection parameters at multiple levels of a network framework. For Internet-based requests, unexpected combinations and/or ordering of Layer 6 (TLS) and Layer 7 (HTTP) parameters, for example, can be indicative of suspicious activity with respect to the connection. The connection parameters for a request can be compared against a set of determined signatures and/or analyzed using a trained probability model to determine a probability that the connection is improper. A probability value can be calculated and compared against at least one probability threshold to determine whether the connection is suspicious enough to cause a specified action to occur. The signatures can be updated through an offline or dynamic online process, and the thresholds can vary among the various embodiments.Type: GrantFiled: June 9, 2016Date of Patent: January 1, 2019Assignee: AMAZON TECHNOLOGIES, INC.Inventor: Peter Zachary Bowen
-
Patent number: 10127388Abstract: Techniques are disclosed for mitigating against registering a domain name that is confusingly similar to a pre-existing domain name, possibly for the purpose of fooling users. In embodiments, a domain name is presented for registration. The domain name is rendered as an image, and optical character recognition is performed on the image to extract the rendered text. This extracted text is compared against a list of domain names for which confusingly similar domain names cannot be registered, and when the extracted text matches a domain name in this list of domain names, registration of the domain name is denied.Type: GrantFiled: August 26, 2014Date of Patent: November 13, 2018Assignee: Amazon Technologies, Inc.Inventors: Stefan Popuveniuc, Peter Zachary Bowen, Alexander Edward Schoof, Andrew Jeffrey Doane, Todd Lawrence Cignetti, Robert Eric Fitzgerald
-
Publication number: 20180262347Abstract: A computer system associated with a certificate authority receives a request to obtain information that can be used to determine a validity status of a digital certificate. In response to the request, the computer system provides the information and updates usage information for the digital certificate to incorporate information obtained from the request. The usage information may be generated based at least in part on previous requests to obtain the information. Based at least in part on the usage information, the computer system will perform at least one operation associated with the digital certificate.Type: ApplicationFiled: March 8, 2017Publication date: September 13, 2018Inventors: Marcel Andrew Levy, Peter Zachary Bowen, Jonathan Kozolchyk, Nicholas Wexler
-
Publication number: 20180262346Abstract: A certificate authority receives a request to issue a digital certificate from a customer. In response to the request, the certificate authority determines a network endpoint to be specific to the digital certificate that is to serve information usable to determine whether the digital certificate is valid. The certificate authority issues, to the customer, a digital certificate that specifies a network address for the network endpoint and records information about requests made to the network endpoint to obtain the information usable to determine whether the digital certificate is valid.Type: ApplicationFiled: March 8, 2017Publication date: September 13, 2018Inventors: Marcel Andrew Levy, Peter Zachary Bowen, Jonathan Kozolchyk, Nicholas Wexler
-
Publication number: 20180102905Abstract: A certificate authority service receives a request to issue a long-duration digital certificate from an entity for validation purposes between the entity and the service. Upon issuance of the long-duration digital certificate, the entity submits a request to the service for issuance of a short-duration digital certificate that includes a shorter validity period than the long-duration digital certificate. The service may utilize the long-duration digital certificate to validate the entity and, upon validating the entity, issues the short-duration digital certificate to the entity. The entity may subsequently utilize the short-duration digital certificate to enable a user client to authenticate the entity and securely communicate with the entity.Type: ApplicationFiled: December 8, 2017Publication date: April 12, 2018Inventor: Peter Zachary Bowen
-
Publication number: 20170366538Abstract: A customer can demonstrate control over an element, such as a domain, by receiving a certificate from a certificate authority. The customer can utilize a device for sending a request relating to a specified domain and receiving a request token to be provided to a domain registry associated with the subject domain. Request token creation can entail generating at least one of a random string, a string generated based on information about a customer, a string generated based on information about the application, a password, or a key. After receiving the request token, the domain registry, in turn, will provide the token to the authority, which will verify that the request token received from the domain registry corresponds to the request token originally provided to the customer's device. If the two tokens match, the authority can act in accordance with the request, such as by issuing the certificate.Type: ApplicationFiled: August 10, 2017Publication date: December 21, 2017Inventor: Peter Zachary Bowen
-
Publication number: 20170366539Abstract: A customer can demonstrate control over an element, such as a domain, by receiving a certificate from a certificate authority. After receiving a request for a certificate for a certain domain name, the certificate authority uses a public key cryptography protocol to generate a request for information regarding the domain name. The request for information is submitted to a domain service which hosts that domain name, and the domain service will provide a response to the certificate authority which includes a public key and data for the domain name, with the data encrypted under an associated private key for the domain name. The certificate authority will issue a certificate specifying the domain name and utilizing the received public key, and the certificate is unable to be validated without access to the associated private key.Type: ApplicationFiled: August 10, 2017Publication date: December 21, 2017Inventor: Peter Zachary Bowen
-
Patent number: 9843452Abstract: A certificate authority service receives a request to issue a long-duration digital certificate from an entity for validation purposes between the entity and the service. Upon issuance of the long-duration digital certificate, the entity submits a request to the service for issuance of a short-duration digital certificate that includes a shorter validity period than the long-duration digital certificate. The service may utilize the long-duration digital certificate to validate the entity and, upon validating the entity, issues the short-duration digital certificate to the entity. The entity may subsequently utilize the short-duration digital certificate to enable a user client to authenticate the entity and securely communicate with the entity.Type: GrantFiled: December 15, 2014Date of Patent: December 12, 2017Assignee: Amazon Technologies, Inc.Inventor: Peter Zachary Bowen
-
Patent number: 9805190Abstract: Functionality is disclosed herein for monitoring an execution environment to determine if the execution environment is in an approved configuration. Memory used by the execution environment may be scanned from outside of the execution environment to determine whether the execution environment is in an unapproved configuration. The scanning may include examining the memory for abnormalities or other irregular or unapproved data. When the execution environment is in the unapproved configuration, actions may be performed that change how the execution environment accesses resources or performing other types of functionality.Type: GrantFiled: March 16, 2017Date of Patent: October 31, 2017Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Peter Zachary Bowen
-
Patent number: 9769153Abstract: A customer can demonstrate control over an element, such as a domain, by receiving a certificate from a certificate authority. A customer can submit a request and receive a request token. The customer can generate a cryptographic hash of the request using the token, which a service provider can compare against an expected hash similarly generated. If the hashes match, an action can be taken such as a certificate issued. A customer can request one or more request tokens up front, whereby the tokens can be used to submit hashes with requests at the appropriate time. In some embodiments a customer can submit a request specifying one or more domains, and a service provider can provide a list of confirmatory email addresses from which the customer can select. The service provider can then send a message to that address that include a link for requesting a certificate.Type: GrantFiled: August 7, 2015Date of Patent: September 19, 2017Assignee: AMAZON TECHNOLOGIES, INC.Inventor: Peter Zachary Bowen
-
Patent number: 9712621Abstract: An endpoint may share client information as part of a negotiation of a secure connection with an application such that connections terminated by the endpoint may have client information reported to the application. An endpoint may include termination points of communication, such as a proxy. For example, a client may connect to a load balancer through a protocol, such as transport layer security (TLS). By connecting to the load balancer, client data becomes known to the load balancer. The load balancer may then connect to an application server through TLS. During the negotiation phase of TLS, the load balancer may send client data using an extension to TLS. In some embodiments, the application may use the client data to determine whether or not to accept the client connection, such as client encryption parameters that indicate sufficient encryption strength.Type: GrantFiled: February 11, 2013Date of Patent: July 18, 2017Assignee: Amazon Technologies, Inc.Inventor: Peter Zachary Bowen
-
Patent number: 9600664Abstract: Functionality is disclosed herein for monitoring an execution environment to determine if the execution environment is in an approved configuration. Memory used by the execution environment may be scanned from outside of the execution environment to determine whether the execution environment is in an unapproved configuration. The scanning may include examining the memory for abnormalities or other irregular or unapproved data. When the execution environment is in the unapproved configuration, actions may be performed that change how the execution environment accesses resources or performing other types of functionality.Type: GrantFiled: September 3, 2014Date of Patent: March 21, 2017Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Peter Zachary Bowen
-
Patent number: 9552485Abstract: A method and apparatus for renewing cryptographic material are disclosed. In the method and apparatus a cryptographic material renewal entity of a computing resource service provider detects that cryptographic material stored by a secure module is to be renewed. Renewing the cryptographic material may include rekeying a private key associated with a certificate. Further, a digital certificate may be renewed, and the renewed certificate may be provided for use by the computing resource. The cryptographic material is used to fulfill requests made by a computing resource provisioned by the computing resource service provider for a customer. The renewed cryptographic material is provided to the secure module, whereby the renewed cryptographic material is used by the secure module to fulfill further requests made by the computing resource.Type: GrantFiled: October 21, 2014Date of Patent: January 24, 2017Assignee: Amazon Technologies, Inc.Inventors: Todd Lawrence Cignetti, Andrew Jeffrey Doane, Stefan Popoveniuc, Matthew Allen Estes, Alexander Edward Schoof, Robert Eric Fitzgerald, Peter Zachary Bowen
-
Patent number: 9525672Abstract: A compute instance of a virtual computing service (VCS) is assigned first and second cryptographically verifiable identities (CVIs) within respective namespaces. A cryptographic key pair associated with the first CVI includes a non-transferable private key managed by a secure key store which does not permit the private key to be copied. The VCS enables the instance to use the private key for asserting the CVIs. In response to a first identity query, the instance indicates the first CVI. In response to a second identity query, the instance indicates the second CVI.Type: GrantFiled: December 19, 2014Date of Patent: December 20, 2016Assignee: Amazon Technologies, Inc.Inventors: Todd Lawrence Cignetti, Peter Zachary Bowen, Andrew Jeffrey Doane, Alexander Edward Schoof
-
Patent number: 9485101Abstract: A method for provisioning digital certificates in a compute service environment may include authorizing a customer entity for using and/or controlling a network resource in the compute service environment. Upon completing the authorization, a digital certificate may be issued to the customer entity. The digital certificate may be associated with the network resource and may be issued for a limited duration period. The use and/or control of the network resource by the customer entity may be monitored. Reissuance of the digital certificate may be conditioned on whether the customer entity is still using and/or controlling the network resource in the compute service environment. If the customer entity is still using and/or controlling the network resource in the multi-tenant environment, the digital certificate may be automatically reissued for another limited duration period. The automatically reissuing may take place without receiving a certificate reissue request from the customer entity.Type: GrantFiled: March 30, 2016Date of Patent: November 1, 2016Assignee: Amazon Technologies, Inc.Inventor: Peter Zachary Bowen
-
Patent number: 9407505Abstract: A computing resource is loaded with the code or data, and an audited record of the loaded code or data is generated. Furthermore, a configuration integrity is generated based on the record of the loaded code or data. The configuration integrity verifier is sent to a requestor for verification of the code or data, the configuration integrity verifier being usable as a trusted verification of the loaded code or data.Type: GrantFiled: March 4, 2013Date of Patent: August 2, 2016Assignee: Amazon Technologies, Inc.Inventor: Peter Zachary Bowen
-
Publication number: 20160211978Abstract: A method for provisioning digital certificates in a compute service environment may include authorizing a customer entity for using and/or controlling a network resource in the compute service environment. Upon completing the authorization, a digital certificate may be issued to the customer entity. The digital certificate may be associated with the network resource and may be issued for a limited duration period. The use and/or control of the network resource by the customer entity may be monitored. Reissuance of the digital certificate may be conditioned on whether the customer entity is still using and/or controlling the network resource in the compute service environment. If the customer entity is still using and/or controlling the network resource in the multi-tenant environment, the digital certificate may be automatically reissued for another limited duration period. The automatically reissuing may take place without receiving a certificate reissue request from the customer entity.Type: ApplicationFiled: March 30, 2016Publication date: July 21, 2016Applicant: Amazon Technologies, Inc.Inventor: Peter Zachary Bowen
-
Publication number: 20160182473Abstract: A compute instance of a virtual computing service (VCS) is assigned first and second cryptographically verifiable identities (CVIs) within respective namespaces. A cryptographic key pair associated with the first CVI includes a non-transferable private key managed by a secure key store which does not permit the private key to be copied. The VCS enables the instance to use the private key for asserting the CVIs. In response to a first identity query, the instance indicates the first CVI. In response to a second identity query, the instance indicates the second CVI.Type: ApplicationFiled: December 19, 2014Publication date: June 23, 2016Applicant: AMAZON TECHNOLOGIES, INC.Inventors: TODD LAWRENCE CIGNETTI, PETER ZACHARY BOWEN, ANDREW JEFFREY DOANE, ALEXANDER EDWARD SCHOOF