Patents by Inventor Andrew Paul Mikulski
Andrew Paul Mikulski has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230283482Abstract: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).Type: ApplicationFiled: May 11, 2023Publication date: September 7, 2023Inventors: William Frederick Hingle Kruse, Conor Patrick Cahill, Jeffrey Cicero Canton, Dmitry Frenkel, Harshad Vasant Kulkarni, Colin Watson, Andrew Paul Mikulski
-
Patent number: 11695569Abstract: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).Type: GrantFiled: March 25, 2021Date of Patent: July 4, 2023Assignee: Amazon Technologies, Inc.Inventors: William Frederick Hingle Kruse, Conor Patrick Cahill, Jeffrey Cicero Canton, Dmitry Frenkel, Harshad Vasant Kulkarni, Colin Watson, Andrew Paul Mikulski
-
Patent number: 11621996Abstract: Methods and apparatus for a computing infrastructure for configurable-quality random data are disclosed. A storage medium stores program instructions that when executed on a processor designate some servers of a provider network as members of a pool of producers of random data usable by random data consumers. The instructions, when executed, determine a subset of the pool to be used to supply a collection of random data intended for a random data consumer, and one or more sources of random phenomena to be used to generate the collection of random data. The instructions, when executed, initiate a transmission of the collection of random data directed to the random data consumer.Type: GrantFiled: November 13, 2017Date of Patent: April 4, 2023Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Andrew Paul Mikulski, Donald Lee Bailey, Jr., Robert Eric Fitzgerald
-
Publication number: 20210211304Abstract: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).Type: ApplicationFiled: March 25, 2021Publication date: July 8, 2021Inventors: William Frederick Hingle Kruse, Conor Patrick Cahill, Jeffrey Cicero Canton, Dmitry Frenkel, Harshad Vasant Kulkarni, Colin Watson, Andrew Paul Mikulski
-
Patent number: 10972288Abstract: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).Type: GrantFiled: December 24, 2019Date of Patent: April 6, 2021Assignee: AMAZON TECHNOLOGIES, INC.Inventors: William Frederick Hingle Kruse, Conor Patrick Cahill, Jeffrey Cicero Canton, Dmitry Frenkel, Harshad Vasant Kulkarni, Colin Watson, Andrew Paul Mikulski
-
Patent number: 10834117Abstract: A system records use of values used in cryptographic algorithms where the values are subject to uniqueness constraints. As new values are received, the system checks whether violations of a unique constraint has occurred. If a violation occurs, the system performs actions to mitigate potential compromise caused by exploitation of a vulnerability caused by violation of the uniqueness constraint.Type: GrantFiled: March 6, 2017Date of Patent: November 10, 2020Assignee: Amazon Technologies, Inc.Inventors: Andrew Paul Mikulski, Gregory Branchek Roth, Matthew John Campagna
-
Publication number: 20200136834Abstract: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).Type: ApplicationFiled: December 24, 2019Publication date: April 30, 2020Inventors: William Frederick Hingle Kruse, Conor Patrick Cahill, Jeffrey Cicero Canton, Dmitry Frenkel, Harshad Vasant Kulkarni, Colin Watson, Andrew Paul Mikulski
-
Patent number: 10637855Abstract: A server obtains a challenge from another computer system during a negotiation with a client according to a protocol. The server injects the challenge into a message of the protocol to the client. The client uses the challenge in an authentication request. The server submits the authentication request to the other computer system for verification. The other computer system verifies the authentication request using a key registered to the client. The server operations are further dependent at least in part on whether verification of the authentication request was successful.Type: GrantFiled: June 26, 2017Date of Patent: April 28, 2020Assignee: Amazon Technologies, Inc.Inventors: Andrew Paul Mikulski, Nicholas Alexander Allen, Gregory Branchek Roth
-
Patent number: 10542005Abstract: The launching of new software code, virtual machines, and other such instances can undergo one or more scans before being fully available in an electronic environment. One or more policies may apply to such a launch, which can cause the launch to first be performed under a first network configuration, wherein the instance may not be granted access to resources other than scanning infrastructure. After one or more scans are performed, the results can be compared against the policies and, if the results pass, the instance can be caused to operate in a second network configuration, whether launching a new instance in a production environment, altering the configuration of the network, or other such tasks. The policies can be set by a provider of the relevant resources, an administrator of one or more affected resources, an administrator of the instance, or another appropriate party.Type: GrantFiled: February 28, 2019Date of Patent: January 21, 2020Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Gregory Branchek Roth, Andrew Paul Mikulski
-
Patent number: 10536277Abstract: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).Type: GrantFiled: December 22, 2015Date of Patent: January 14, 2020Assignee: AMAZON TECHNOLOGIES, INC.Inventors: William Frederick Hingle Kruse, Conor Patrick Cahill, Jeffrey Cicero Canton, Dmitry Frenkel, Harshad Vasant Kulkarni, Colin Watson, Andrew Paul Mikulski
-
Publication number: 20190199726Abstract: The launching of new software code, virtual machines, and other such instances can undergo one or more scans before being fully available in an electronic environment. One or more policies may apply to such a launch, which can cause the launch to first be performed under a first network configuration, wherein the instance may not be granted access to resources other than scanning infrastructure. After one or more scans are performed, the results can be compared against the policies and, if the results pass, the instance can be caused to operate in a second network configuration, whether launching a new instance in a production environment, altering the configuration of the network, or other such tasks. The policies can be set by a provider of the relevant resources, an administrator of one or more affected resources, an administrator of the instance, or another appropriate party.Type: ApplicationFiled: February 28, 2019Publication date: June 27, 2019Inventors: Gregory Branchek Roth, Andrew Paul Mikulski
-
Patent number: 10250603Abstract: The launching of new software code, virtual machines, and other such instances can undergo one or more scans before being fully available in an electronic environment. One or more policies may apply to such a launch, which can cause the launch to first be performed under a first network configuration, wherein the instance may not be granted access to resources other than scanning infrastructure. After one or more scans are performed, the results can be compared against the policies and, if the results pass, the instance can be caused to operate in a second network configuration, whether launching a new instance in a production environment, altering the configuration of the network, or other such tasks. The policies can be set by a provider of the relevant resources, an administrator of one or more affected resources, an administrator of the instance, or another appropriate party.Type: GrantFiled: March 30, 2015Date of Patent: April 2, 2019Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Gregory Branchek Roth, Andrew Paul Mikulski
-
Patent number: 9935940Abstract: Techniques are disclosed for increasing the security of a database. A database is coupled with an access manager to limit certain applications that use the database to store user password information to queries that return at most one row. Additionally, returning a record may be limited to a case where the query includes the hash of the user name and password that is stored in the database. Other techniques may be implemented for other user account operations, such as password resets.Type: GrantFiled: September 9, 2014Date of Patent: April 3, 2018Assignee: Amazon Technologies, Inc.Inventors: Matthew Daniel DeMoss, Gregory Branchek Roth, Andrew Paul Mikulski
-
Publication number: 20180084032Abstract: Methods and apparatus for a computing infrastructure for configurable-quality random data are disclosed. A storage medium stores program instructions that when executed on a processor designate some servers of a provider network as members of a pool of producers of random data usable by random data consumers. The instructions, when executed, determine a subset of the pool to be used to supply a collection of random data intended for a random data consumer, and one or more sources of random phenomena to be used to generate the collection of random data. The instructions, when executed, initiate a transmission of the collection of random data directed to the random data consumer.Type: ApplicationFiled: November 13, 2017Publication date: March 22, 2018Applicant: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Andrew Paul Mikulski, Donald Lee Bailey, JR., Robert Eric Fitzgerald
-
Publication number: 20170331822Abstract: A server obtains a challenge from another computer system during a negotiation with a client according to a protocol. The server injects the challenge into a message of the protocol to the client. The client uses the challenge in an authentication request. The server submits the authentication request to the other computer system for verification. The other computer system verifies the authentication request using a key registered to the client. The server operates further dependent at least in part on whether verification of the authentication request was successful.Type: ApplicationFiled: June 26, 2017Publication date: November 16, 2017Inventors: Andrew Paul Mikulski, Nicholas Alexander Allen, Gregory Branchek Roth
-
Patent number: 9819727Abstract: Methods and apparatus for a computing infrastructure for configurable-quality random data are disclosed. A storage medium stores program instructions that when executed on a processor designate some servers of a provider network as members of a pool of producers of random data usable by random data consumers. The instructions, when executed, determine a subset of the pool to be used to supply a collection of random data intended for a random data consumer, and one or more sources of random phenomena to be used to generate the collection of random data. The instructions, when executed, initiate a transmission of the collection of random data directed to the random data consumer.Type: GrantFiled: February 28, 2013Date of Patent: November 14, 2017Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Andrew Paul Mikulski, Donald Lee Bailey, Jr., Robert Eric Fitzgerald
-
Patent number: 9692757Abstract: A server obtains a challenge from another computer system during a negotiation with a client according to a protocol. The server injects the challenge into a message of the protocol to the client. The client uses the challenge in an authentication request. The server submits the authentication request to the other computer system for verification. The other computer system verifies the authentication request using a key registered to the client. The server operates further dependent at least in part on whether verification of the authentication request was successful.Type: GrantFiled: May 20, 2015Date of Patent: June 27, 2017Assignee: Amazon Technologies, Inc.Inventors: Andrew Paul Mikulski, Nicholas Alexander Allen, Gregory Branchek Roth
-
Publication number: 20170180412Abstract: A system records use of values used in cryptographic algorithms where the values are subject to uniqueness constraints. As new values are received, the system checks whether violations of a unique constraint has occurred. If a violation occurs, the system performs actions to mitigate potential compromise caused by exploitation of a vulnerability caused by violation of the uniqueness constraint.Type: ApplicationFiled: March 6, 2017Publication date: June 22, 2017Inventors: Andrew Paul Mikulski, Gregory Branchek Roth, Matthew John Campagna
-
Patent number: 9602288Abstract: A system records use of values used in cryptographic algorithms where the values are subject to uniqueness constraints. As new values are received, the system checks whether violations of a unique constraint has occurred. If a violation occurs, the system performs actions to mitigate potential compromise caused by exploitation of a vulnerability caused by violation of the uniqueness constraint.Type: GrantFiled: March 27, 2015Date of Patent: March 21, 2017Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Andrew Paul Mikulski, Gregory Branchek Roth, Matthew John Campagna
-
Patent number: 9544292Abstract: A credential management system is described that provides a way to disable and/or rotate credentials, such as when a credential is suspected to have been compromised, while minimizing potential impact to various systems that may depend on such credentials. The credentials may be disabled temporarily at first and the availability of various resources is monitored for changes. If no significant drop of availability in the resources has occurred, the credential may be disabled for a longer period of time. In this manner, the credentials may be disabled and re-enabled for increasingly longer time intervals until it is determined with sufficient confidence/certainty that disabling the credential will not adversely impact critical systems, at which point the credential can be rotated and/or permanently disabled. This process also enables the system to determine which systems are affected by a credential in cases where such information is not known.Type: GrantFiled: December 9, 2015Date of Patent: January 10, 2017Assignee: Amazon Technologies, Inc.Inventors: James Leon Irving, Jr., Andrew Paul Mikulski, Gregory Branchek Roth, William Frederick Kruse