Patents by Inventor Ajith Harshana Ranabahu
Ajith Harshana Ranabahu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11924247Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.Type: GrantFiled: June 13, 2022Date of Patent: March 5, 2024Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Derek Avery Lyon, John Michael Morkel, Graeme David Baer, Ajith Harshana Ranabahu, Khaled Salah Sedky
-
Patent number: 11368403Abstract: Tags may be used in decisions by an access management service regarding access of computing resources (“resources”) by principals (e.g., users, roles, etc.). The tags may also be used to determine cost information, for grouping resources and/or principals, and for other reasons. The tags may be assigned to principals, to resources, or both. The resource may be a virtual or physical type of computing resource. Tags may be metadata, which may include a key-value pair. Tags may include email addresses, cost centers, project identifiers, location, team name, etc. The value may be a number, letters, or a combination of both. In some embodiments, the values may be limited to certain numbers or bytes, and some numbers and/or letter combinations may be excluded for special use.Type: GrantFiled: September 22, 2020Date of Patent: June 21, 2022Assignee: Amazon Technologies, Inc.Inventors: Jasmeet Chhabra, Jing Zhuang, Uzma Arjuman, Ajith Harshana Ranabahu, Travis William Hickey
-
Patent number: 11361063Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.Type: GrantFiled: May 8, 2019Date of Patent: June 14, 2022Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Derek Avery Lyon, John Michael Morkel, Graeme David Baer, Ajith Harshana Ranabahu, Khaled Salah Sedky
-
Patent number: 11252157Abstract: Various embodiments provide for a pre-validation of various aspects of an application deployment before any resources are provisioned in a user account. Pre-validation can perform checks on aspects such as connectivity and credential-based access for instances to be provisioned in a user account. A determination can also be made as to whether a role exists in the user account that has the appropriate policies and permissions to enable these instances, if provisioned, to have access to external services and resources needed to support the application. These checks can be performed through a launch wizard or deployment service that can collect information though a single console, and can ensure that these checks succeed before the requested instances are provisioned in the user account.Type: GrantFiled: March 12, 2020Date of Patent: February 15, 2022Assignee: Amazon Technologies, Inc.Inventors: Gaurav Khanna, Yunqi Wang, Ajith Harshana Ranabahu, Ajay Narang, Ruiyang Ding
-
Publication number: 20210014172Abstract: Tags may be used in decisions by an access management service regarding access of computing resources (“resources”) by principals (e.g., users, roles, etc.). The tags may also be used to determine cost information, for grouping resources and/or principals, and for other reasons. The tags may be assigned to principals, to resources, or both. The resource may be a virtual or physical type of computing resource. Tags may be metadata, which may include a key-value pair. Tags may include email addresses, cost centers, project identifiers, location, team name, etc. The value may be a number, letters, or a combination of both. In some embodiments, the values may be limited to certain numbers or bytes, and some numbers and/or letter combinations may be excluded for special use.Type: ApplicationFiled: September 22, 2020Publication date: January 14, 2021Inventors: Jasmeet Chhabra, Jing Zhuang, Uzma Arjuman, Ajith Harshana Ranabahu, Travis William Hickey
-
Patent number: 10819747Abstract: A system and method for generating a policy entitlement map usable to provide a visualization of policies based at least in part on a set of resources of a service of a computing resource service provider, a set of actions that can be taken with the set of resources, or one or more identities. The policy entitlement map may be generated to reflect a set of actions performable by identities of the one or more identities, a set of resources accessible by the identities, or a set of actions that may be performed on the resources.Type: GrantFiled: September 26, 2014Date of Patent: October 27, 2020Assignee: Amazon Technologies, Inc.Inventors: Khaled Salah Sedky, Kai Zhao, Jacob Andreas Kjelstrup, Ajith Harshana Ranabahu, Conor Patrick Cahill
-
Patent number: 10819652Abstract: Tags may be used in decisions by an access management service regarding access of computing resources (“resources”) by principals (e.g., users, roles, etc.). The tags may also be used to determine cost information, for grouping resources and/or principals, and for other reasons. The tags may be assigned to principals, to resources, or both. The resource may be a virtual or physical type of computing resource. Tags may be metadata, which may include a key-value pair. Tags may include email addresses, cost centers, project identifiers, location, team name, etc. The value may be a number, letters, or a combination of both. In some embodiments, the values may be limited to certain numbers or bytes, and some numbers and/or letter combinations may be excluded for special use.Type: GrantFiled: November 7, 2018Date of Patent: October 27, 2020Assignee: Amazon Technologies, Inc.Inventors: Jasmeet Chhabra, Jing Zhuang, Uzma Arjuman, Ajith Harshana Ranabahu, Travis William Hickey
-
Patent number: 10747390Abstract: A customer of a policy management service may use an interface to access a graphical composer and generate one or more graphical representations of policies that may be applicable to the customer's one or more resources. Once the customer has created a graphical representation of a policy, the policy management service may generate a permission model based at least on the graphical representation of the policy to perform one or more simulations and determine whether the requested policy includes any errors or conflicts. If the one or more simulations result in the requested policy including no errors or conflicts, the policy management service may serialize the permission model to create a representation of the policy in a policy language. This representation of the policy may then be used to control access to the customer's one or more resources in accordance with the policy.Type: GrantFiled: March 27, 2014Date of Patent: August 18, 2020Assignee: Amazon Technologies, Inc.Inventors: Ajith Harshana Ranabahu, Khaled Salah Sedky
-
Patent number: 10592068Abstract: A customer of a computing resource service provider may use an interface to access a graphical composer and generate one or more graphical representations of applications that may be provided to a variety of users of the customer's one or more resources. Once the customer has created a graphical representation of an application, a domain specific language model based at least on the graphical representation of the application may be created such that one or more simulations may be performed to determine whether the requested application includes any errors or conflicts. If the one or more simulations result in the application including no errors or conflicts, the domain specific language model may be compiled in an executable programming language to create the application. The application may then be provided to users who may utilize devices capable of understanding the executable programming language to install the application.Type: GrantFiled: March 27, 2014Date of Patent: March 17, 2020Assignee: Amazon Technologies, Inc.Inventors: Khaled Salah Sedky, Ajith Harshana Ranabahu
-
Publication number: 20200007455Abstract: Tags may be used in decisions by an access management service regarding access of computing resources (“resources”) by principals (e.g., users, roles, etc.). The tags may also be used to determine cost information, for grouping resources and/or principals, and for other reasons. The tags may be assigned to principals, to resources, or both. The resource may be a virtual or physical type of computing resource. Tags may be metadata, which may include a key-value pair. Tags may include email addresses, cost centers, project identifiers, location, team name, etc. The value may be a number, letters, or a combination of both. In some embodiments, the values may be limited to certain numbers or bytes, and some numbers and/or letter combinations may be excluded for special use.Type: ApplicationFiled: November 7, 2018Publication date: January 2, 2020Inventors: Jasmeet Chhabra, Jing Zhuang, Uzma Arjuman, Ajith Harshana Ranabahu, Travis William Hickey
-
Publication number: 20190268245Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.Type: ApplicationFiled: May 8, 2019Publication date: August 29, 2019Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Derek Avery Lyon, John Michael Morkel, Graeme David Baer, Ajith Harshana Ranabahu, Khaled Salah Sedky
-
Patent number: 10320624Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.Type: GrantFiled: September 30, 2013Date of Patent: June 11, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Derek Avery Lyon, John Michael Morkel, Graeme David Baer, Ajith Harshana Ranabahu, Khaled Salah Sedky
-
Patent number: 10225152Abstract: A method and apparatus for the evaluation and remediation of an access control policy is disclosed. In the method and apparatus, an intermediary service may make access request, on behalf of a customer, to one or more computing resources and the access control policy is evaluation to determine whether the request is authorized. Further, remediation options for the access control policy are offered for the request to be authorized.Type: GrantFiled: September 30, 2013Date of Patent: March 5, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Derek Avery Lyon, John Michael Morkel, Graeme David Baer, Ajith Harshana Ranabahu, Khaled Salah Sedky