Patents by Inventor ANDREW JEFFREY DOANE
ANDREW JEFFREY DOANE has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11829794Abstract: A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.Type: GrantFiled: December 6, 2022Date of Patent: November 28, 2023Assignee: Amazon Technologies, Inc.Inventors: Andrew Jeffrey Doane, Alexander Edward Schoof, Robert Eric Fitzgerald, Todd Lawrence Cignetti
-
Publication number: 20230099597Abstract: A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.Type: ApplicationFiled: December 6, 2022Publication date: March 30, 2023Inventors: Andrew Jeffrey Doane, Alexander Edward Schoof, Robert Eric Fitzgerald, Todd Lawrence Cignetti
-
Patent number: 11115223Abstract: A method and apparatus for distributing cryptographic material are disclosed. In the method and apparatus, cryptographic material is obtained and it is determined that the cryptographic material is to be made available for use by one or more computing resources. The cryptographic material is then sent to one or more secure modules, whereby a secure module of the one or more secure modules is programmatically accessible to a computing resource of the one or more computing resources and programmatic access enables the computing resource to request performance of one or more cryptographic operations using the cryptographic material while exporting the cryptographic material to the computing resource is denied.Type: GrantFiled: July 26, 2019Date of Patent: September 7, 2021Assignee: Amazon Technologies, Inc.Inventors: Todd Lawrence Cignetti, Andrew Jeffrey Doane, Stefan Popoveniuc, Matthew Allen Estes, Alexander Edward Schoof, Robert Eric Fitzgerald, Peter Zachary Bowen
-
Publication number: 20200326972Abstract: A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.Type: ApplicationFiled: June 26, 2020Publication date: October 15, 2020Inventors: Andrew Jeffrey Doane, Alexander Edward Schoof, Robert Eric Fitzgerald, Todd Lawrence Cignetti
-
Patent number: 10698710Abstract: A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.Type: GrantFiled: October 12, 2015Date of Patent: June 30, 2020Assignee: Amazon Technologies, Inc.Inventors: Andrew Jeffrey Doane, Alexander Edward Schoof, Robert Eric Fitzgerald, Todd Lawrence Cignetti
-
Publication number: 20190349206Abstract: A method and apparatus for distributing cryptographic material are disclosed. In the method and apparatus, cryptographic material is obtained and it is determined that the cryptographic material is to be made available for use by one or more computing resources. The cryptographic material is then sent to one or more secure modules, whereby a secure module of the one or more secure modules is programmatically accessible to a computing resource of the one or more computing resources and programmatic access enables the computing resource to request performance of one or more cryptographic operations using the cryptographic material while exporting the cryptographic material to the computing resource is denied.Type: ApplicationFiled: July 26, 2019Publication date: November 14, 2019Inventors: Todd Lawrence Cignetti, Andrew Jeffrey Doane, Stefan Popoveniuc, Matthew Allen Estes, Alexander Edward Schoof, Robert Eric Fitzgerald, Peter Zachary Bowen
-
Patent number: 10460114Abstract: Techniques are disclosed for mitigating against registering a domain name that is confusingly similar to a pre-existing domain name, possibly for the purpose of fooling users. In embodiments, a domain name is presented for registration. The domain name is rendered as an image, and optical character recognition is performed on the image to extract the rendered text. This extracted text is compared against a list of domain names for which confusingly similar domain names cannot be registered, and when the extracted text matches a domain name in this list of domain names, registration of the domain name is denied.Type: GrantFiled: November 9, 2018Date of Patent: October 29, 2019Assignee: Amazon Technologies, Inc.Inventors: Stefan Popuveniuc, Peter Zachary Bowen, Alexander Edward Schoof, Andrew Jeffrey Doane, Todd Lawrence Cignetti, Robert Eric Fitzgerald
-
Patent number: 10419205Abstract: Servers in datacenters, mobile devices and virtualized servers without human interaction may experience difficulties in establishing entropy in a virtualized computing environment. Entropy is an important foundation for cryptography and a lack of entropy has led to weaknesses that can be used to break cryptographic systems in the past.Type: GrantFiled: August 24, 2017Date of Patent: September 17, 2019Assignee: Amazon Technologies, Inc.Inventors: Andrew Jeffrey Doane, Todd Lawrence Cignetti
-
Patent number: 10389709Abstract: Methods and apparatus for securing client-specified credentials at cryptographically-attested resources are described. An indication is obtained that resources deployed for execution of a compute instance of a multi-tenant computing service at an instance host of a provider network meet a client's security criteria. An encrypted representation of credentials to be used at the compute instance to implement operations on behalf of a client is received at the instance host. The credentials are extracted from the encrypted representation using a private key unique to the instance host, used for the operations, and then removed from the instance host without being saved in persistent memory.Type: GrantFiled: February 24, 2014Date of Patent: August 20, 2019Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Andrew Jeffrey Doane, Eric Jason Brandwine, Robert Eric Fitzgerald
-
Patent number: 10367646Abstract: A method and apparatus for distributing cryptographic material are disclosed. In the method and apparatus, cryptographic material is obtained and it is determined that the cryptographic material is to be made available for use by one or more computing resources. The cryptographic material is then sent to one or more secure modules, whereby a secure module of the one or more secure modules is programmatically accessible to a computing resource of the one or more computing resources and programmatic access enables the computing resource to request performance of one or more cryptographic operations using the cryptographic material while exporting the cryptographic material to the computing resource is denied.Type: GrantFiled: October 21, 2014Date of Patent: July 30, 2019Assignee: Amazon Technologies, Inc.Inventors: Todd Lawrence Cignetti, Andrew Jeffrey Doane, Stefan Popoveniuc, Matthew Allen Estes, Alexander Edward Schoof, Robert Eric Fitzgerald, Peter Zachary Bowen
-
Patent number: 10127388Abstract: Techniques are disclosed for mitigating against registering a domain name that is confusingly similar to a pre-existing domain name, possibly for the purpose of fooling users. In embodiments, a domain name is presented for registration. The domain name is rendered as an image, and optical character recognition is performed on the image to extract the rendered text. This extracted text is compared against a list of domain names for which confusingly similar domain names cannot be registered, and when the extracted text matches a domain name in this list of domain names, registration of the domain name is denied.Type: GrantFiled: August 26, 2014Date of Patent: November 13, 2018Assignee: Amazon Technologies, Inc.Inventors: Stefan Popuveniuc, Peter Zachary Bowen, Alexander Edward Schoof, Andrew Jeffrey Doane, Todd Lawrence Cignetti, Robert Eric Fitzgerald
-
Patent number: 10069908Abstract: Methods and apparatus for interfaces to manage last-mile connectivity and dynamic reconfiguration for direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements an interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator determines a connectivity provider to provide last-mile connectivity to the requester, and transmits a notification identifying the selected connectivity provider.Type: GrantFiled: July 31, 2017Date of Patent: September 4, 2018Assignee: Amazon Technologies, Inc.Inventors: Kevin Christopher Miller, Krishna P. Balasubramanian, Andrew Jeffrey Doane, Jeremy T. Hall, David Brian Lennon
-
Publication number: 20170373833Abstract: Servers in datacenters, mobile devices and virtualized servers without human interaction may experience difficulties in establishing entropy in a virtualized computing environment. Entropy is an important foundation for cryptography and a lack of entropy has led to weaknesses that can be used to break cryptographic systems in the past.Type: ApplicationFiled: August 24, 2017Publication date: December 28, 2017Inventors: Andrew Jeffrey Doane, Todd Lawrence Cignetti
-
Publication number: 20170359413Abstract: Methods and apparatus for interfaces to manage last-mile connectivity and dynamic reconfiguration for direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements an interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator determines a connectivity provider to provide last-mile connectivity to the requester, and transmits a notification identifying the selected connectivity provider.Type: ApplicationFiled: July 31, 2017Publication date: December 14, 2017Applicant: Amazon Technologies, Inc.Inventors: KEVIN CHRISTOPHER MILLER, KRISHNA P. BALASUBRAMANIAN, ANDREW JEFFREY DOANE, JEREMY T. HALL, DAVID BRIAN LENNON
-
Patent number: 9749127Abstract: Servers in datacenters, mobile devices and virtualized servers without human interaction may experience difficulties in establishing entropy in a virtualized computing environment. Entropy is an important foundation for cryptography and a lack of entropy has led to weaknesses that can be used to break cryptographic systems in the past.Type: GrantFiled: June 3, 2014Date of Patent: August 29, 2017Assignee: Amazon Technologies, Inc.Inventors: Andrew Jeffrey Doane, Todd Lawrence Cignetti
-
Patent number: 9723072Abstract: Methods and apparatus for interfaces to manage last-mile connectivity and dynamic reconfiguration for direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements an interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator determines a connectivity provider to provide last-mile connectivity to the requester, and transmits a notification identifying the selected connectivity provider.Type: GrantFiled: August 10, 2015Date of Patent: August 1, 2017Assignee: Amazon Technologies, Inc.Inventors: Kevin Christopher Miller, Krishna P. Balasubramanian, Andrew Jeffrey Doane, Jeremy T. Hall, David Brian Lennon
-
Patent number: 9552485Abstract: A method and apparatus for renewing cryptographic material are disclosed. In the method and apparatus a cryptographic material renewal entity of a computing resource service provider detects that cryptographic material stored by a secure module is to be renewed. Renewing the cryptographic material may include rekeying a private key associated with a certificate. Further, a digital certificate may be renewed, and the renewed certificate may be provided for use by the computing resource. The cryptographic material is used to fulfill requests made by a computing resource provisioned by the computing resource service provider for a customer. The renewed cryptographic material is provided to the secure module, whereby the renewed cryptographic material is used by the secure module to fulfill further requests made by the computing resource.Type: GrantFiled: October 21, 2014Date of Patent: January 24, 2017Assignee: Amazon Technologies, Inc.Inventors: Todd Lawrence Cignetti, Andrew Jeffrey Doane, Stefan Popoveniuc, Matthew Allen Estes, Alexander Edward Schoof, Robert Eric Fitzgerald, Peter Zachary Bowen
-
Patent number: 9525672Abstract: A compute instance of a virtual computing service (VCS) is assigned first and second cryptographically verifiable identities (CVIs) within respective namespaces. A cryptographic key pair associated with the first CVI includes a non-transferable private key managed by a secure key store which does not permit the private key to be copied. The VCS enables the instance to use the private key for asserting the CVIs. In response to a first identity query, the instance indicates the first CVI. In response to a second identity query, the instance indicates the second CVI.Type: GrantFiled: December 19, 2014Date of Patent: December 20, 2016Assignee: Amazon Technologies, Inc.Inventors: Todd Lawrence Cignetti, Peter Zachary Bowen, Andrew Jeffrey Doane, Alexander Edward Schoof
-
Publication number: 20160182473Abstract: A compute instance of a virtual computing service (VCS) is assigned first and second cryptographically verifiable identities (CVIs) within respective namespaces. A cryptographic key pair associated with the first CVI includes a non-transferable private key managed by a secure key store which does not permit the private key to be copied. The VCS enables the instance to use the private key for asserting the CVIs. In response to a first identity query, the instance indicates the first CVI. In response to a second identity query, the instance indicates the second CVI.Type: ApplicationFiled: December 19, 2014Publication date: June 23, 2016Applicant: AMAZON TECHNOLOGIES, INC.Inventors: TODD LAWRENCE CIGNETTI, PETER ZACHARY BOWEN, ANDREW JEFFREY DOANE, ALEXANDER EDWARD SCHOOF
-
Publication number: 20160034298Abstract: A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.Type: ApplicationFiled: October 12, 2015Publication date: February 4, 2016Inventors: Andrew Jeffrey Doane, Alexander Edward Schoof, Robert Eric Fitzgerald, Todd Lawrence Cignetti