Patents by Inventor Cristian M. Ilac
Cristian M. Ilac has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9756031Abstract: Systems and methods provide a storage media on a portable physical object associated with a set of credentials that enables access to a set of computing resources associated with a set of Web services. In some embodiments, information including a set of credentials is prepackaged onto the storage media of the portable physical object. A pre-activated subscription to the set of Web services in a distributed system is provisioned. Access to the set of Web services is enabled when the portable physical object is coupled with a computing device and the set of credentials is authenticated. In some embodiments, the portable physical object is purchased by a user on a prepaid basis without requiring the user to register an account with the set of Web services, allowing the user to remain anonymous with respect to interaction with the set of Web services.Type: GrantFiled: October 13, 2014Date of Patent: September 5, 2017Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Cristian M. Ilac, James E. Scharf, Jr., Nathan R. Fitch, Graeme D. Baer, Brian Irl Pratt, Kevin Ross O'Neill
-
Publication number: 20170161505Abstract: A tiered credentialing approach provides assurance to customers having virtual machines running in a remote environment that the virtual images for these machines are in a pristine state and running in a trusted execution environment. The environment can be divided into multiple subsystems, each having its own cryptographic boundary, secure storage, and trusted computing capabilities. A trusted, limited subsystem can handle the administrative tasks for virtual machines running on the main system of a host computing device. The limited system can receive a certificate from a certificate authority, and can act as a certificate authority to provide credentials to the main system. Upon an attestation request, the subsystems can provide attestation information using the respective credentials as well as the certificate chain. An entity having the appropriate credentials can determine the state of the system from the response and verify the state is as expected.Type: ApplicationFiled: December 7, 2015Publication date: June 8, 2017Inventors: Matthew John Campagna, Gregory Alan Rubin, Eric Jason Brandwine, Matthew Shawn Wilson, Cristian M. Ilac
-
Patent number: 9674170Abstract: Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.Type: GrantFiled: May 30, 2014Date of Patent: June 6, 2017Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Cristian M. Ilac
-
Patent number: 9571488Abstract: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.Type: GrantFiled: November 30, 2015Date of Patent: February 14, 2017Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Nicholas Alexander Allen, Cristian M. Ilac
-
Publication number: 20160191993Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: ApplicationFiled: March 7, 2016Publication date: June 30, 2016Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffery Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Patent number: 9305177Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: GrantFiled: May 20, 2014Date of Patent: April 5, 2016Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffery Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Publication number: 20160080367Abstract: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.Type: ApplicationFiled: November 30, 2015Publication date: March 17, 2016Inventors: Gregory B. Roth, Nicholas Alexander Allen, Cristian M. Ilac
-
Publication number: 20160065549Abstract: A plurality of keys is obtained, with each obtained key of the plurality of keys being based at least in part on an information set for the plurality of keys and at least one other key distinct from the plurality of keys. A signing key is calculated by inputting a combination of the plurality of keys into a function with the information set for the plurality of keys, and the signing key is used to evaluate whether access to one or more computing resources is to be granted, with the information set preventing access from being granted when a request for the access is submitted out of compliance with the information set for the plurality of keys.Type: ApplicationFiled: November 11, 2015Publication date: March 3, 2016Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffrey Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Publication number: 20160021118Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.Type: ApplicationFiled: September 25, 2015Publication date: January 21, 2016Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Patent number: 9215076Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: GrantFiled: March 27, 2012Date of Patent: December 15, 2015Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffery Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Publication number: 20150350226Abstract: Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.Type: ApplicationFiled: August 10, 2015Publication date: December 3, 2015Inventors: Gregory B. Roth, Cristian M. Ilac
-
Patent number: 9203613Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.Type: GrantFiled: September 29, 2011Date of Patent: December 1, 2015Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Patent number: 9203818Abstract: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.Type: GrantFiled: August 23, 2012Date of Patent: December 1, 2015Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Nicholas Alexander Allen, Cristian M. Ilac
-
Patent number: 9197409Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.Type: GrantFiled: September 29, 2011Date of Patent: November 24, 2015Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Bradley Jeffery Behm, Eric D. Crahen, Cristian M. Ilac, Nathan R. Fitch, Eric Jason Brandwine, Kevin Ross O'Neill
-
Patent number: 9178701Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.Type: GrantFiled: September 29, 2011Date of Patent: November 3, 2015Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Bradley Jeffery Behm, Eric D. Crahen, Cristian M. Ilac, Nathan R. Fitch, Eric Jason Brandwine, Kevin Ross O'Neill
-
Patent number: 9106405Abstract: Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.Type: GrantFiled: June 25, 2012Date of Patent: August 11, 2015Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Cristian M. Ilac
-
Patent number: 9058497Abstract: Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys.Type: GrantFiled: December 23, 2010Date of Patent: June 16, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Vijay G. Bharadwaj, Niels T Ferguson, Carl M. Ellison, Magnus Bo Gustaf Nyström, Dayi Zhou, Denis Issoupov, Octavian T. Ureche, Peter J. Novotney, Cristian M. Ilac
-
Patent number: 9038148Abstract: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.Type: GrantFiled: August 23, 2012Date of Patent: May 19, 2015Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Nicholas Alexander Allen, Cristian M. Ilac
-
Patent number: 8996860Abstract: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.Type: GrantFiled: August 23, 2012Date of Patent: March 31, 2015Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Nicholas Alexander Allen, Cristian M. Ilac
-
Patent number: 8892865Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: GrantFiled: March 27, 2012Date of Patent: November 18, 2014Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffery Behm, Cristian M. Ilac, Eric Jason Brandwine