Patents by Inventor Cristian M. Ilac
Cristian M. Ilac has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11356457Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.Type: GrantFiled: June 3, 2020Date of Patent: June 7, 2022Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Patent number: 11146541Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: GrantFiled: July 15, 2019Date of Patent: October 12, 2021Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffery Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Publication number: 20200296108Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.Type: ApplicationFiled: June 3, 2020Publication date: September 17, 2020Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Patent number: 10721238Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.Type: GrantFiled: March 16, 2018Date of Patent: July 21, 2020Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Patent number: 10652232Abstract: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.Type: GrantFiled: January 18, 2017Date of Patent: May 12, 2020Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Gregory B. Roth, Nicholas Alexander Allen, Cristian M. Ilac
-
Patent number: 10621366Abstract: A tiered credentialing approach provides assurance to customers having virtual machines running in a remote environment that the virtual images for these machines are in a pristine state and running in a trusted execution environment. The environment can be divided into multiple subsystems, each having its own cryptographic boundary, secure storage, and trusted computing capabilities. A trusted, limited subsystem can handle the administrative tasks for virtual machines running on the main system of a host computing device. The limited system can receive a certificate from a certificate authority, and can act as a certificate authority to provide credentials to the main system. Upon an attestation request, the subsystems can provide attestation information using the respective credentials as well as the certificate chain. An entity having the appropriate credentials can determine the state of the system from the response and verify the state is as expected.Type: GrantFiled: January 1, 2019Date of Patent: April 14, 2020Assignee: Amazon Technologies, Inc.Inventors: Matthew John Campagna, Gregory Alan Rubin, Eric Jason Brandwine, Matthew Shawn Wilson, Cristian M. Ilac
-
Publication number: 20200112550Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: ApplicationFiled: July 15, 2019Publication date: April 9, 2020Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffery Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Patent number: 10447678Abstract: Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.Type: GrantFiled: May 25, 2017Date of Patent: October 15, 2019Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Gregory Branchek Roth, Cristian M. Ilac
-
Patent number: 10425223Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: GrantFiled: May 18, 2018Date of Patent: September 24, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffrey Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Patent number: 10356062Abstract: A plurality of keys is obtained, with each obtained key of the plurality of keys being based at least in part on an information set for the plurality of keys and at least one other key distinct from the plurality of keys. A signing key is calculated by inputting a combination of the plurality of keys into a function with the information set for the plurality of keys, and the signing key is used to evaluate whether access to one or more computing resources is to be granted, with the information set preventing access from being granted when a request for the access is submitted out of compliance with the information set for the plurality of keys.Type: GrantFiled: November 11, 2015Date of Patent: July 16, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffrey Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Patent number: 10341359Abstract: Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.Type: GrantFiled: August 10, 2015Date of Patent: July 2, 2019Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Gregory B. Roth, Cristian M. Ilac
-
Publication number: 20190138736Abstract: A tiered credentialing approach provides assurance to customers having virtual machines running in a remote environment that the virtual images for these machines are in a pristine state and running in a trusted execution environment. The environment can be divided into multiple subsystems, each having its own cryptographic boundary, secure storage, and trusted computing capabilities. A trusted, limited subsystem can handle the administrative tasks for virtual machines running on the main system of a host computing device. The limited system can receive a certificate from a certificate authority, and can act as a certificate authority to provide credentials to the main system. Upon an attestation request, the subsystems can provide attestation information using the respective credentials as well as the certificate chain. An entity having the appropriate credentials can determine the state of the system from the response and verify the state is as expected.Type: ApplicationFiled: January 1, 2019Publication date: May 9, 2019Inventors: Matthew John Campagna, Gregory Alan Rubin, Eric Jason Brandwine, Matthew Shawn Wilson, Cristian M. Ilac
-
Patent number: 10169591Abstract: A tiered credentialing approach provides assurance to customers having virtual machines running in a remote environment that the virtual images for these machines are in a pristine state and running in a trusted execution environment. The environment can be divided into multiple subsystems, each having its own cryptographic boundary, secure storage, and trusted computing capabilities. A trusted, limited subsystem can handle the administrative tasks for virtual machines running on the main system of a host computing device. The limited system can receive a certificate from a certificate authority, and can act as a certificate authority to provide credentials to the main system. Upon an attestation request, the subsystems can provide attestation information using the respective credentials as well as the certificate chain. An entity having the appropriate credentials can determine the state of the system from the response and verify the state is as expected.Type: GrantFiled: December 7, 2015Date of Patent: January 1, 2019Assignee: Amazon Technologies, Inc.Inventors: Matthew John Campagna, Gregory Alan Rubin, Eric Jason Brandwine, Matthew Shawn Wilson, Cristian M. Ilac
-
Patent number: 10148629Abstract: An application executing on a user device can receive a request to access a remote computer system. The application can automatically obtain an authentication code that is generated based at least in part on a seed value, which can be stored in the user device. The application can automatically generate an authentication request based at least in part on the access information and the authentication code, and transmit the authentication request to remote computer system.Type: GrantFiled: September 23, 2013Date of Patent: December 4, 2018Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Ian Nicholas Wesley-Smith, Cristian M. Ilac, Patrick James Ward
-
Publication number: 20180270051Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: ApplicationFiled: May 18, 2018Publication date: September 20, 2018Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffrey Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Patent number: 10044503Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: GrantFiled: November 14, 2014Date of Patent: August 7, 2018Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffery Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Publication number: 20180205738Abstract: A delegation request is submitted to a session-based authentication service, fulfilment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.Type: ApplicationFiled: March 16, 2018Publication date: July 19, 2018Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Patent number: 9954866Abstract: A delegation request is submitted to a session-based authentication service, fulfilment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.Type: GrantFiled: September 25, 2015Date of Patent: April 24, 2018Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Patent number: 9872067Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: GrantFiled: March 7, 2016Date of Patent: January 16, 2018Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffery Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Publication number: 20170264602Abstract: Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.Type: ApplicationFiled: May 25, 2017Publication date: September 14, 2017Inventors: Gregory Branchek Roth, Cristian M. Ilac