Patents by Inventor Colm MacCarthaigh
Colm MacCarthaigh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240095338Abstract: An instance secrets management isolated runtime environment is launched at a virtualization server, and utilizes a subset of memory assigned to a compute instance. The subset of memory is inaccessible from entities external to the runtime environment. A secrets manager of the runtime environment provides a security artifact to an application, running at the compute instance, which has requested access to a resource. The artifact is generated by the secrets manager using a security secret associated with the compute instance; the secret is not accessible to programs external to the runtime environment. In response to a determination that the artifact is valid, the application obtains access to the resource.Type: ApplicationFiled: June 30, 2022Publication date: March 21, 2024Applicant: Amazon Technologies, Inc.Inventors: Joshua Benjamin Levinson, Colm MacCarthaigh, Alexander Graf, Iulia-Daniela Doras-Prodan, Petre Eftime
-
Patent number: 11831638Abstract: Methods, systems, and computer-readable media for single-packet authorization using proof of work are disclosed. An access control service receives, from a client, a single-packet authorization (SPA) request. The (SPA) request comprises output of a proof-of-work task, wherein completion of the proof-of-work task requires computational resources or memory resources of the client. The access control service performs verification of the output of the proof-of-work task using fewer computational or memory resources of the access control service than were used by the client. In response to determining that verification of the output of the proof-of-work task succeeds, the access control service performs authentication of the SPA request. In response to determining that authentication of the SPA request succeeds, the access control service allows access by the client device to a service.Type: GrantFiled: April 19, 2021Date of Patent: November 28, 2023Assignee: Amazon Technologies, Inc.Inventors: Evgeniy Retyunskiy, Colm MacCárthaigh, Maciej Broda, Matthew Schwartz
-
Publication number: 20230283559Abstract: A network address assigned to a virtual network interface of a packet transformation node of a flow management service is identified. A packet of a particular network flow associated with an application implemented at an isolated virtual network is sent to the network address. Using a rewrite directive generated at a rewriting decisions node of the service and cached at the packet transformation node, a transformed packet corresponding to a packet received at the packet transformation node is generated and transmitted to a destination.Type: ApplicationFiled: March 10, 2023Publication date: September 7, 2023Applicant: Amazon Technologies, Inc.Inventor: Colm MacCarthaigh
-
Patent number: 11743325Abstract: Techniques for API-based endpoint discovery and centralized load balancing involving provider substrate extension resources are described. A discovery coordinator service located within a provider network can identify one or more endpoints from a set of potentially distributed endpoints for a client to utilize, where endpoints may be located within provider substrate extensions of the provider network. The discovery coordinator service can analyze the loads of these endpoints, via client lease information, to identify nearby, low-load resources that may be most optimal for the client to use via providing minimal latency of access.Type: GrantFiled: November 29, 2019Date of Patent: August 29, 2023Assignee: Amazon Technologies, Inc.Inventors: Devlin Roarke Dunsmore, Colm Maccarthaigh, Ishwardutt Parulkar, Dougal Stuart Ballantyne, Diwakar Gupta, Upendra Bhalchandra Shevade
-
Publication number: 20230254363Abstract: A system and method for the management of client computing device DNS queries and subsequent resource requests within a content delivery network service provider domain are provided. The management of the DNS queries can include the selection of computing devices corresponding to various Point of Presence locations for processing DNS queries. Additionally, the management of the content requests can include the selection of computing devices corresponding to resource cache components corresponding to various Point of Presence locations for providing requested content. The selection of the computing devices can incorporate logic related to geographic criteria, testing criteria, and the like.Type: ApplicationFiled: April 6, 2023Publication date: August 10, 2023Inventors: David R. Richardson, John Cormie, Colm MacCarthaigh, Benjamin W.S. Redman
-
Patent number: 11677853Abstract: Techniques are described for managing preloading of data for client computing systems. A client computing system may provide one or more persistent data storage caches on local storage, such as to support a particular software program executing on the client computing system (e.g., a Web browser program, with the persistent data storage cache designed to store browser cookies and other data for later access by the Web browser program). Additional data may be stored in such a persistent data storage cache by preloading those data groups before they are requested by the client computing system (e.g., based on interactions of a user of the client computing system with an executing program on the client computing system). Particular data groups to preload may be selected in various manners, including to provide a specified type of minimum functionality to a client computing system based on the preloaded data groups.Type: GrantFiled: April 20, 2020Date of Patent: June 13, 2023Assignee: Amazon Technologies, Inc.Inventors: Prashanth A. Acharya, Jonathan B. Corley, Craig W. Howard, Harvo R. Jones, John K. Loendorf, Colm MacCarthaigh, Bradley E. Marshall, Imran Patel, Lee B. Rosen, Ronald James Snyder, Jr., Ryan F. Watson
-
Patent number: 11632420Abstract: A system and method for the management of client computing device DNS queries and subsequent resource requests within a content delivery network service provider domain are provided. The management of the DNS queries can include the selection of computing devices corresponding to various Point of Presence locations for processing DNS queries. Additionally, the management of the content requests can include the selection of computing devices corresponding to resource cache components corresponding to various Point of Presence locations for providing requested content. The selection of the computing devices can incorporate logic related to geographic criteria, testing criteria, and the like.Type: GrantFiled: May 11, 2022Date of Patent: April 18, 2023Assignee: Amazon Technologies, Inc.Inventors: David R. Richardson, John Cormie, Colm MacCarthaigh, Benjamin W. S. Redman
-
Publication number: 20230080776Abstract: The present disclosure generally relates to managing a failover service. The failover service can receive a list of regions and a list of rules that must be satisfied for a region to be considered available for failover. The failover service can then determine the regions that satisfy each rule of the list of rules and are available for failover. The failover service can then deliver this information to a client. The failover service can determine the regions that do not satisfy one or more of the rules from the list of rules and deliver this information to a client. The failover service can perform automatic remediation to the unavailable failover regions and client remediation to the unavailable failover regions.Type: ApplicationFiled: July 25, 2022Publication date: March 16, 2023Inventors: Nathan Dye, Colm MacCarthaigh, Narjala Prakash Bhasker, Mikhail Ivanovich Golovnykh
-
Patent number: 11606300Abstract: A network address assigned to a virtual network interface of a packet transformation node of a flow management service is identified. A packet of a particular network flow associated with an application implemented at an isolated virtual network is sent to the network address. Using a rewrite directive generated at a rewriting decisions node of the service and cached at the packet transformation node, a transformed packet corresponding to a packet received at the packet transformation node is generated and transmitted to a destination.Type: GrantFiled: April 9, 2020Date of Patent: March 14, 2023Assignee: Amazon Technologies, Inc.Inventor: Colm MacCarthaigh
-
Publication number: 20220272146Abstract: A system and method for the management of client computing device DNS queries and subsequent resource requests within a content delivery network service provider domain are provided. The management of the DNS queries can include the selection of computing devices corresponding to various Point of Presence locations for processing DNS queries. Additionally, the management of the content requests can include the selection of computing devices corresponding to resource cache components corresponding to various Point of Presence locations for providing requested content. The selection of the computing devices can incorporate logic related to geographic criteria, testing criteria, and the like.Type: ApplicationFiled: May 11, 2022Publication date: August 25, 2022Inventors: David R. Richardson, John Cormie, Colm MacCarthaigh, Benjamin W.S. Redman
-
Patent number: 11411808Abstract: The present disclosure generally relates to managing a failover service for regions in an active-active configuration. The failover service can receive a list of regions and a list of rules that must be satisfied for a region to be considered available for failover. For each primary region of a plurality of primary regions, the failover service can then determine the regions that satisfy each rule of the list of rules and are available for failover. The failover service can then deliver this information to a client. The failover service can determine the regions that do not satisfy one or more of the rules from the list of rules and deliver this information to a client. The failover service can perform automatic remediation and client remediation to the unavailable failover regions.Type: GrantFiled: March 27, 2020Date of Patent: August 9, 2022Assignee: Amazon Technologies, Inc.Inventors: Colm MacCarthaigh, Nathan Dye
-
Patent number: 11397652Abstract: The present disclosure generally relates to managing a failover service. The regional management service can receive a list of primary regions and a list of rules for each primary region that must be satisfied for a primary region to be considered available for failover from the respective primary region. The regional management service can then determine the primary regions that satisfy each rule of the list of rules for one or more primary regions and are available for failover of the respective primary regions. The regional management service can then deliver this information to a client. The regional management service can determine the primary regions that do not satisfy one or more of the rules from the list of rules for one or more primary regions and deliver this information to a client. The regional management service can perform automatic remediation and client remediation to the unavailable primary regions.Type: GrantFiled: March 27, 2020Date of Patent: July 26, 2022Assignee: Amazon Technologies, Inc.Inventors: Colm MacCarthaigh, Nathan Dye
-
Patent number: 11397651Abstract: The present disclosure generally relates to managing a failover service. The failover service can receive a list of regions and a list of rules that must be satisfied for a region to be considered available for failover. The failover service can then determine the regions that satisfy each rule of the list of rules and are available for failover. The failover service can then deliver this information to a client. The failover service can determine the regions that do not satisfy one or more of the rules from the list of rules and deliver this information to a client. The failover service can perform automatic remediation to the unavailable failover regions and client remediation to the unavailable failover regions.Type: GrantFiled: March 27, 2020Date of Patent: July 26, 2022Assignee: Amazon Technologies, Inc.Inventors: Nathan Dye, Colm MacCarthaigh, Narjala Prakash Bhasker, Mikhail Ivanovich Golovnykh
-
Patent number: 11366728Abstract: The first computing system may interface with an operator of the application and a plurality of hosts of the application distributed between different partitions. The second and third computing systems may host first and second portion of the application in first and second partitions, respectively. The second and third computing systems may poll the first computing system to identify first and second value, respectively, representing state conditions of the first and second partitions, respectively, wherein the first and second partition state conditions are the active state, the passive state, and the fenced state. The second and third computing systems may receive responses from the first computing system comprising the first and second values, respectively, and based on the respective values, initiate a transition to the corresponding partition state condition. The first computing system may assign one of the first and second values to indicate which is the active state.Type: GrantFiled: November 27, 2019Date of Patent: June 21, 2022Assignee: Amazon Technologies, Inc.Inventors: Colm MacCarthaigh, Grant A. McAlister
-
Patent number: 11336712Abstract: A system and method for the management of client computing device DNS queries and subsequent resource requests within a content delivery network service provider domain are provided. The management of the DNS queries can include the selection of computing devices corresponding to various Point of Presence locations for processing DNS queries. Additionally, the management of the content requests can include the selection of computing devices corresponding to resource cache components corresponding to various Point of Presence locations for providing requested content. The selection of the computing devices can incorporate logic related to geographic criteria, testing criteria, and the like.Type: GrantFiled: June 20, 2018Date of Patent: May 17, 2022Assignee: Amazon Technologies, Inc.Inventors: David R. Richardson, John Cormie, Colm MacCarthaigh, Benjamin W. S. Redman
-
Patent number: 11206207Abstract: Managed multicast communications may be implemented across isolated networks. A virtual traffic hub may be implemented that connects different isolated networks. A control plane for the virtual traffic hub may accept requests to enable a multicast group between different isolated networks connected to the virtual traffic hub. The multicast group may then be enabled at the virtual traffic hub so that requests to add members to the multicast group and data packets directed to the multicast group can be handled according to multicast protocols by the virtual traffic hub.Type: GrantFiled: January 29, 2019Date of Patent: December 21, 2021Assignee: Amazon Technologies, Inc.Inventors: Bashuman Deb, Anoop Dawani, Colm MacCarthaigh
-
Patent number: 11146569Abstract: Systems and methods are described for providing escalation-resistant network-accessible services by providing the service through a set of service instances, each executing in an environment with privileges scoped based on a user requesting to access the service. Each service instance can be implemented by code on a serverless code system, executed in response to a user request to access the service. Because the code is executed in an environment with privileges scoped to those of a requesting user, the code itself need not attempt to limit the privileges or a requesting user. For that reason, potential for privilege escalations of the service are reduced, even if vulnerabilities in the code might otherwise allow for such escalations.Type: GrantFiled: June 28, 2018Date of Patent: October 12, 2021Assignee: Amazon Technologies, Inc.Inventors: Marc John Brooker, Ajay Nair, Colm MacCárthaigh
-
Publication number: 20210303423Abstract: The present disclosure generally relates to managing a failover service. The regional management service can receive a list of primary regions and a list of rules for each primary region that must be satisfied for a primary region to be considered available for failover from the respective primary region. The regional management service can then determine the primary regions that satisfy each rule of the list of rules for one or more primary regions and are available for failover of the respective primary regions. The regional management service can then deliver this information to a client. The regional management service can determine the primary regions that do not satisfy one or more of the rules from the list of rules for one or more primary regions and deliver this information to a client. The regional management service can perform automatic remediation and client remediation to the unavailable primary regions.Type: ApplicationFiled: March 27, 2020Publication date: September 30, 2021Inventors: Colm MacCarthaigh, Nathan Dye
-
Publication number: 20210303422Abstract: The present disclosure generally relates to managing a failover service. The failover service can receive a list of regions and a list of rules that must be satisfied for a region to be considered available for failover. The failover service can then determine the regions that satisfy each rule of the list of rules and are available for failover. The failover service can then deliver this information to a client. The failover service can determine the regions that do not satisfy one or more of the rules from the list of rules and deliver this information to a client. The failover service can perform automatic remediation to the unavailable failover regions and client remediation to the unavailable failover regions.Type: ApplicationFiled: March 27, 2020Publication date: September 30, 2021Inventors: Nathan Dye, Colm MacCarthaigh, Narjala Prakash Bhasker, Mikhail Ivanovich Golovnykh
-
Publication number: 20210306205Abstract: The present disclosure generally relates to managing a failover service for regions in an active-active configuration. The failover service can receive a list of regions and a list of rules that must be satisfied for a region to be considered available for failover. For each primary region of a plurality of primary regions, the failover service can then determine the regions that satisfy each rule of the list of rules and are available for failover. The failover service can then deliver this information to a client. The failover service can determine the regions that do not satisfy one or more of the rules from the list of rules and deliver this information to a client. The failover service can perform automatic remediation and client remediation to the unavailable failover regions.Type: ApplicationFiled: March 27, 2020Publication date: September 30, 2021Inventors: Colm MacCarthaigh, Nathan Dye