Patents by Inventor Ashutosh Thakur
Ashutosh Thakur has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230142978Abstract: A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.Type: ApplicationFiled: January 6, 2023Publication date: May 11, 2023Inventors: Ramkishore Bhattacharyya, Amit J. Mhatre, Ashutosh Thakur, Atulya S. Beheray, Rameez Loladia
-
Patent number: 11552946Abstract: A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.Type: GrantFiled: April 17, 2020Date of Patent: January 10, 2023Assignee: Amazon Technologies, Inc.Inventors: Ramkishore Bhattacharyya, Amit J. Mhatre, Ashutosh Thakur, Atulya S. Beheray, Rameez Loladia
-
Patent number: 11128612Abstract: Techniques are disclosed for provisioning device-specific credentials to an Internet of Things device that accesses a cloud-based IoT service. The IoT service receives, from the IoT device, a request for device-specific credentials. The request comprises a provisioning certificate including information identifying a group of devices associated with the IoT device. The provisioning certificate is authenticated by evaluating the information with expected information. The device-specific credentials are generated based, at least in part, on the information provided in the provisioning certificate. The device-specific credentials are sent to the IoT device, and the IoT device installs and activates the device-specific credentials. The device-specific credentials are associated with the IoT device in a registry of the IoT service.Type: GrantFiled: September 25, 2019Date of Patent: September 21, 2021Assignee: Amazon Technologies, Inc.Inventors: Rameez Loladia, Ramkishore Bhattacharyya, Ashutosh Thakur, Atulya S. Beheray
-
Publication number: 20210092115Abstract: Systems and methods are disclosed herein for enforcing digital signature on a token useable by a network-addressable device to invoke service calls on services of a service provider. A device platform service of the service provider may receive service calls from the network-addressable device and cause one or more operations to be performed by other services of the service provider in response to receiving a notification that the request is authentic. An authentication service analyses a fingerprint associated with a request submitted by the device and determines whether it is a match to a fingerprint generated from cryptographic authentication information provided by the user in connection with registering the network-addressable device.Type: ApplicationFiled: December 7, 2020Publication date: March 25, 2021Inventors: Ramkishore Bhattacharyya, Rameez Loladia, William Alexander Stevenson, Ashutosh Thakur, Rodrigo Diaz Martin, Andrew John Kiggins, Xin Yi Liu
-
Patent number: 10862883Abstract: Systems and methods are disclosed herein for enforcing digital signature on a token useable by a network-addressable device to invoke service calls on services of a service provider. A device platform service of the service provider may receive service calls from the network-addressable device and cause one or more operations to be performed by other services of the service provider in response to receiving a notification that the request is authentic. An authentication service analyses a fingerprint associated with a request submitted by the device and determines whether it is a match to a fingerprint generated from cryptographic authentication information provided by the user in connection with registering the network-addressable device.Type: GrantFiled: October 9, 2017Date of Patent: December 8, 2020Assignee: Amazon Technologies, Inc.Inventors: Ramkishore Bhattacharyya, Rameez Loladia, William Alexander Stevenson, Ashutosh Thakur, Rodrigo Diaz Martin, Andrew John Kiggins, Xin Yi Liu
-
Publication number: 20200252396Abstract: A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.Type: ApplicationFiled: April 17, 2020Publication date: August 6, 2020Inventors: Ramkishore Bhattacharyya, Amit J. Mhatre, Ashutosh Thakur, Atulya S. Beheray, Rameez Loladia
-
Patent number: 10630682Abstract: A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.Type: GrantFiled: November 23, 2016Date of Patent: April 21, 2020Assignee: Amazon Technologies, Inc.Inventors: Ramkishore Bhattacharyya, Amit Mhatre, Ashutosh Thakur, Atulya S. Beheray, Rameez Loladia
-
Patent number: 10554636Abstract: A lightweight network protocol provides mutual authentication and encryption of a communication channel in environments where the amount of computing resources available to the networked devices is constrained. When a new device is added to a network, the device contacts a registration service and provides information that is published via a device directory. The network entity locates the device via information provided by the device directory, and establishes an encrypted network connection with the device. A shared secret is established between the device and the network entity using a key-exchange protocol. Consecutive messages that are sent or received are encrypted or decrypted with a sequence of cryptographic keys generated based at least in part on the shared secret. Key-exchange parameters are added to message exchanges between the device and the network entity to facilitate regenerating the shared secret.Type: GrantFiled: November 9, 2018Date of Patent: February 4, 2020Assignee: Amazon Technologies, Inc.Inventors: Ramkishore Bhattacharyya, Amit J. Mhatre, Ashutosh Thakur, Atulya S. Beheray, Rameez Loladia
-
Patent number: 10447683Abstract: Techniques are disclosed for provisioning device-specific credentials to an Internet of Things device that accesses a cloud-based IoT service. The IoT service receives, from the IoT device, a request for device-specific credentials. The request comprises a provisioning certificate including information identifying a group of devices associated with the IoT device. The provisioning certificate is authenticated by evaluating the information with expected information. The device-specific credentials are generated based, at least in part, on the information provided in the provisioning certificate. The device-specific credentials are sent to the IoT device, and the IoT device installs and activates the device-specific credentials. The device-specific credentials are associated with the IoT device in a registry of the IoT service.Type: GrantFiled: November 17, 2016Date of Patent: October 15, 2019Assignee: Amazon Technologies, Inc.Inventors: Rameez Loladia, Ramkishore Bhattacharyya, Ashutosh Thakur, Atulya S. Beheray
-
Patent number: 10382203Abstract: A three-way pairing handshake may include an internet-of-things (IoT) service sending an encrypted token to an IoT device in response to a request for a token from that IoT device. The encrypted token may store a service managed client identifier and a device identifier. The IoT device may share the encrypted token with a companion application on a mobile device. In turn, the companion application sends a pairing request to the IoT service which includes the encrypted token, along with a copy of the device identifier and the client identifier. The IoT service may validate the pairing request by decrypting the encrypted token included in the pairing request and verifying that the device identifier and the client identifier recovered from the decrypted token matches the device identifier and client identifier received in the pairing request.Type: GrantFiled: November 22, 2016Date of Patent: August 13, 2019Assignee: Amazon Technologies, Inc.Inventors: Rameez Loladia, Ashutosh Thakur, Julian Embry Herwitz
-
Patent number: 10382213Abstract: A technology is provided for certificate authentication for registering a certificate in computing service environment. A request may be received to register a certificate authority (CA) certificate. A registration token associated with a customer account in a service provider environment may be generated to enable association of the customer account with the CA certificate and to authenticate a registration of the CA certificate. The registration token may be sent to a requester desiring to register the CA certificate. A verification certificate that contains the registration token and that is signed by a certificate authority (CA) of the CA certificate and the CA certificate that is signed by the CA may be received to register the CA certificate with the customer account within a service provider environment The CA certificate is persisted with the service provider environment after verifying the registration token is associated with the customer account and the CA certificate is signed by the CA.Type: GrantFiled: August 29, 2016Date of Patent: August 13, 2019Assignee: Amazon Technologies, Inc.Inventors: Mark Edward Rafn, Ashutosh Thakur, Rameez Loladia, James Christopher Sorenson, III, Christoph Saalfeld
-
Publication number: 20190097982Abstract: A lightweight network protocol provides mutual authentication and encryption of a communication channel in environments where the amount of computing resources available to the networked devices is constrained. When a new device is added to a network, the device contacts a registration service and provides information that is published via a device directory. The network entity locates the device via information provided by the device directory, and establishes an encrypted network connection with the device. A shared secret is established between the device and the network entity using a key-exchange protocol. Consecutive messages that are sent or received are encrypted or decrypted with a sequence of cryptographic keys generated based at least in part on the shared secret. Key-exchange parameters are added to message exchanges between the device and the network entity to facilitate regenerating the shared secret.Type: ApplicationFiled: November 9, 2018Publication date: March 28, 2019Inventors: Ramkishore Bhattacharyya, Amit J. Mhatre, Ashutosh Thakur, Atulya S. Beheray, Rameez Loladia
-
Patent number: 10129223Abstract: A lightweight network protocol provides mutual authentication and encryption of a communication channel in environments where the amount of computing resources available to the networked devices is constrained. When a new device is added to a network, the device contacts a registration service and provides information that is published via a device directory. The network entity locates the device via information provided by the device directory, and establishes an encrypted network connection with the device. A shared secret is established between the device and the network entity using a key-exchange protocol. Consecutive messages that are sent or received are encrypted or decrypted with a sequence of cryptographic keys generated based at least in part on the shared secret. Key-exchange parameters are added to message exchanges between the device and the network entity to facilitate regenerating the shared secret.Type: GrantFiled: November 23, 2016Date of Patent: November 13, 2018Assignee: Amazon Technologies, Inc.Inventors: Ramkishore Bhattacharyya, Amit Mhatre, Ashutosh Thakur, Atulya S. Beheray, Rameez Loladia
-
Publication number: 20180278607Abstract: A technology is described for resolving device credentials for a device. An example method may include receiving device credentials for management by a service provider. The device credentials may include authentication credentials and a device policy document that specifies permissions used to authorize resource actions requested by the device. In response to receiving a message requesting that a resource perform a resource action associated with the device, the device may be authenticated using the authentication credentials, and the resource action may be authorized using the permissions specified in the device policy document.Type: ApplicationFiled: March 22, 2017Publication date: September 27, 2018Inventors: Rameez Loladia, Ashutosh Thakur, William Alexander Stevenson, Ramkishore Bhattacharyya