Patents by Inventor Bradley Jeffrey Behm
Bradley Jeffrey Behm has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11411888Abstract: A request is obtained that, if fulfilled, is operable to access a computing resource, with the request including an indication to evaluate the request in a verification mode while inhibiting fulfilment of the request. Responsive to the request, a policy applicable to the request is determined, decision data that is relevant to the policy is obtained, and the request is evaluated based at least in part on the policy and the decision data to produce an evaluation result. Further responsive to the request, fulfillment of the request is inhibited, a verification report is generated based at least in part on the evaluation result, and a notification is provided indicating that the verification report is generated.Type: GrantFiled: June 24, 2020Date of Patent: August 9, 2022Assignee: Amazon Technologies, Inc.Inventors: Mark Cavage, Yunong Xiao, Bradley Jeffrey Behm
-
Patent number: 11245681Abstract: Techniques are described for enabling a Kerberos-based authentication system to provide a client with access to a plurality of unmodifiable components that require plain text passwords. Such an approach enables a user to sign into a distributed computer system using a single password, and access multiple components that require different passwords without the need to enter a second password. By using Kerberos based authentication, passwords are not unnecessarily sent throughout distributed computing system where they may be vulnerable. A proxy key distribution center can be used to manage passwords or other credentials on behalf of various clients, which can be used with various processes discussed herein.Type: GrantFiled: May 11, 2018Date of Patent: February 8, 2022Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Bradley Jeffrey Behm
-
Publication number: 20200328985Abstract: A request is obtained that, if fulfilled, is operable to access a computing resource, with the request including an indication to evaluate the request in a verification mode while inhibiting fulfilment of the request. Responsive to the request, a policy applicable to the request is determined, decision data that is relevant to the policy is obtained, and the request is evaluated based at least in part on the policy and the decision data to produce an evaluation result. Further responsive to the request, fulfillment of the request is inhibited, a verification report is generated based at least in part on the evaluation result, and a notification is provided indicating that the verification report is generated.Type: ApplicationFiled: June 24, 2020Publication date: October 15, 2020Inventors: Mark Cavage, Yunong Xiao, Bradley Jeffrey Behm
-
Patent number: 10721184Abstract: A policy is incorporated into a first set of policies at least in part by generating a second set of policies corresponding to the policy. An index of the first set of policies is generated based at least in part on a policy element of a normal form. Based at least in part on the index, a subset of the first set of policies that is relevant to at least one of a plurality of policy enforcement components is identified and provided to at least one of the plurality of policy enforcement components of a virtual resource provider identified as relevant. A request subject to the policy is received, and the policy is enforced at least in part by evaluating the request with respect to the subset of the first set of policies.Type: GrantFiled: January 11, 2016Date of Patent: July 21, 2020Assignee: Amazon Technologies, Inc.Inventors: Mark Cavage, Yunong Xiao, Bradley Jeffrey Behm
-
Patent number: 10425223Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: GrantFiled: May 18, 2018Date of Patent: September 24, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffrey Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Patent number: 10356062Abstract: A plurality of keys is obtained, with each obtained key of the plurality of keys being based at least in part on an information set for the plurality of keys and at least one other key distinct from the plurality of keys. A signing key is calculated by inputting a combination of the plurality of keys into a function with the information set for the plurality of keys, and the signing key is used to evaluate whether access to one or more computing resources is to be granted, with the information set preventing access from being granted when a request for the access is submitted out of compliance with the information set for the plurality of keys.Type: GrantFiled: November 11, 2015Date of Patent: July 16, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffrey Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Publication number: 20180270051Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: ApplicationFiled: May 18, 2018Publication date: September 20, 2018Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffrey Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Publication number: 20180262485Abstract: Techniques are described for enabling a Kerberos-based authentication system to provide a client with access to a plurality of unmodifiable components that require plain text passwords. Such an approach enables a user to sign into a distributed computer system using a single password, and access multiple components that require different passwords without the need to enter a second password. By using Kerberos based authentication, passwords are not unnecessarily sent throughout distributed computing system where they may be vulnerable. A proxy key distribution center can be used to manage passwords or other credentials on behalf of various clients, which can be used with various processes discussed herein.Type: ApplicationFiled: May 11, 2018Publication date: September 13, 2018Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Bradley Jeffrey Behm
-
Patent number: 9973488Abstract: Techniques are described for enabling a Kerberos-based authentication system to provide a client with access to a plurality of unmodifiable components that require plain text passwords. Such an approach enables a user to sign into a distributed computer system using a single password, and access multiple components that require different passwords without the need to enter a second password. By using Kerberos based authentication, passwords are not unnecessarily sent throughout distributed computing system where they may be vulnerable. A proxy key distribution center can be used to manage passwords or other credentials on behalf of various clients, which can be used with various processes discussed herein.Type: GrantFiled: December 4, 2013Date of Patent: May 15, 2018Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Bradley Jeffrey Behm
-
Publication number: 20160127265Abstract: A policy is incorporated into a first set of policies at least in part by generating a second set of policies corresponding to the policy. An index of the first set of policies is generated based at least in part on a policy element of a normal form. Based at least in part on the index, a subset of the first set of policies that is relevant to at least one of a plurality of policy enforcement components is identified and provided to at least one of the plurality of policy enforcement components of a virtual resource provider identified as relevant. A request subject to the policy is received, and the policy is enforced at least in part by evaluating the request with respect to the subset of the first set of policies.Type: ApplicationFiled: January 11, 2016Publication date: May 5, 2016Inventors: Mark Cavage, Yunong Xiao, Bradley Jeffrey Behm
-
Publication number: 20160065549Abstract: A plurality of keys is obtained, with each obtained key of the plurality of keys being based at least in part on an information set for the plurality of keys and at least one other key distinct from the plurality of keys. A signing key is calculated by inputting a combination of the plurality of keys into a function with the information set for the plurality of keys, and the signing key is used to evaluate whether access to one or more computing resources is to be granted, with the information set preventing access from being granted when a request for the access is submitted out of compliance with the information set for the plurality of keys.Type: ApplicationFiled: November 11, 2015Publication date: March 3, 2016Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffrey Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Patent number: 9256762Abstract: A database access system may protect a field by storing the field as one or more underlying fields within a database. The database engine may not have access to keys used to protect the underlying fields within the database, such as by encryption, while the database access system may have access to the keys. Underlying fields may be used to store protected data and aid in the querying of protected data. The database access system may modify queries to use the underlying fields, which may include encrypting query terms and/or modifying query terms to fit the use of the underlying fields. The database access system may modify query results to match the format of the original query, which may include decrypting protected results and/or removing underlying fields.Type: GrantFiled: December 20, 2011Date of Patent: February 9, 2016Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Nathan R. Fitch, Bradley Jeffrey Behm, Patrick J. Ward, Graeme Baer, Eric Jason Brandwine