Patents by Inventor Darin Keith McAdams
Darin Keith McAdams has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11451392Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.Type: GrantFiled: July 6, 2018Date of Patent: September 20, 2022Assignee: Amazon Technologies, Inc.Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
-
Patent number: 11212291Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.Type: GrantFiled: June 26, 2019Date of Patent: December 28, 2021Assignee: Amazon Technologies, Inc.Inventors: Jonathan Kozolchyk, Darin Keith McAdams, Jeffrey J. Fielding, Vaibhav Mallya, Darren E. Canavor
-
Patent number: 11196732Abstract: An identity provider receives a request to configure authentication for enabling single sign-on to a service provider. The identity provider identifies the authentication protocols supported by the service provider and determines whether it is compatible with these authentication protocols. As a result of the identity provider being compatible with at least some of the authentication protocols, the identity provider generates configuration information that is usable by the service provider to configure the authentication. The identity provider transmits, to a computer system, a response that causes the computer system to be redirected to the service provider in order to provide information usable by the service provider to obtain the configuration information.Type: GrantFiled: March 12, 2020Date of Patent: December 7, 2021Assignee: Amazon Technologies, Inc.Inventors: Dick Clarence Hardt, Darin Keith McAdams
-
Patent number: 11018874Abstract: A client obtains, in response to a request to a server, a response that includes data for fulfillment of the request, a digital signature that can be verified using a digital certificate, and location information that specifies a location where the digital certificate can be obtained. The client uses the location information to access the location and obtains the digital certificate. Using the digital certificate, the client evaluates the digital signature provided in the response to determine whether the digital signature is valid. If the digital signature is valid, the client accepts the data included in the response for fulfillment of the request.Type: GrantFiled: July 29, 2019Date of Patent: May 25, 2021Assignee: Amazon Technologies, Inc.Inventors: Arjun Dasarakothapalli, Morgan Akers, David Alan Blunt, Darin Keith McAdams
-
Patent number: 10986081Abstract: A managed directory service receives a request from a first service to link a directory of a contractor service to the first service's directory. The managed directory service identifies a group within the directory of the contractor service and links the directories using this group. Through the link, the managed directory service enables users in the group to authenticate to the first service's directory using credentials for the directory of the contractor service.Type: GrantFiled: September 28, 2017Date of Patent: April 20, 2021Assignee: Amazon Technologies, Inc.Inventors: Darin Keith McAdams, Dick Clarence Hardt
-
Publication number: 20200220854Abstract: An identity provider receives a request to configure authentication for enabling single sign-on to a service provider. The identity provider identifies the authentication protocols supported by the service provider and determines whether it is compatible with these authentication protocols. As a result of the identity provider being compatible with at least some of the authentication protocols, the identity provider generates configuration information that is usable by the service provider to configure the authentication. The identity provider transmits, to a computer system, a response that causes the computer system to be redirected to the service provider in order to provide information usable by the service provider to obtain the configuration information.Type: ApplicationFiled: March 12, 2020Publication date: July 9, 2020Inventors: Dick Clarence Hardt, Darin Keith McAdams
-
Patent number: 10630668Abstract: An identity provider receives a request to configure authentication for enabling single sign-on to a service provider. The identity provider identifies the authentication protocols supported by the service provider and determines whether it is compatible with these authentication protocols. As a result of the identity provider being compatible with at least some of the authentication protocols, the identity provider generates configuration information that is usable by the service provider to configure the authentication. The identity provider transmits, to a computer system, a response that causes the computer system to be redirected to the service provider in order to provide information usable by the service provider to obtain the configuration information.Type: GrantFiled: August 15, 2017Date of Patent: April 21, 2020Assignee: Amazon Technologies, Inc.Inventors: Dick Clarence Hardt, Darin Keith McAdams
-
Patent number: 10491403Abstract: In a distributed system, a computer system responsible, at least in part, for complying with a cryptographic key usage limit for a cryptographic key, obtains results of cryptographic operations generated based at least in part on the cryptographic key and transmits the obtained results over a network. The computer system digitally signs the results and provides the results with digital signatures of the results. Another device intercepts the results and allows the results to proceed to their destination contingent on successful validation of the digital signature.Type: GrantFiled: January 26, 2018Date of Patent: November 26, 2019Assignee: Amazon Technologies, Inc.Inventors: Marcel Andrew Levy, Darren Ernest Canavor, Zachary Ganwise Fewtrell, Andrew Alphus Kimbrough, Jonathan Kozolchyk, Darin Keith McAdams, Pradeep Ramarao, Gregory Branchek Roth
-
Publication number: 20190356495Abstract: A client obtains, in response to a request to a server, a response that includes data for fulfillment of the request, a digital signature that can be verified using a digital certificate, and location information that specifies a location where the digital certificate can be obtained. The client uses the location information to access the location and obtains the digital certificate. Using the digital certificate, the client evaluates the digital signature provided in the response to determine whether the digital signature is valid. If the digital signature is valid, the client accepts the data included in the response for fulfillment of the request.Type: ApplicationFiled: July 29, 2019Publication date: November 21, 2019Inventors: Arjun Dasarakothapalli, Morgan Akers, David Alan Blunt, Darin Keith McAdams
-
Publication number: 20190319963Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.Type: ApplicationFiled: June 26, 2019Publication date: October 17, 2019Inventors: Jonathan Kozolchyk, Darin Keith McAdams, Jeffrey J. Fielding, Vaibhav Mallya, Darren E. Canavor
-
Patent number: 10374809Abstract: A server obtains response data for an asynchronous response to a request from a client. The server generates, in response to obtaining the response data, a digital signature for the response data. The server makes available the response data, the digital signature, and location information that indicates a location from which a digital certificate usable to verify the digital signature can be obtained.Type: GrantFiled: December 13, 2016Date of Patent: August 6, 2019Assignee: Amazon Technologies, Inc.Inventors: Arjun Dasarakothapalli, Morgan Akers, David Alan Blunt, Darin Keith McAdams
-
Patent number: 10356104Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.Type: GrantFiled: May 25, 2018Date of Patent: July 16, 2019Assignee: Amazon Technologies, Inc.Inventors: Jonathan Kozolchyk, Darin Keith McAdams, Jeffrey J. Fielding, Vaibhav Mallya, Darren E. Canavor
-
Publication number: 20180316501Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.Type: ApplicationFiled: July 6, 2018Publication date: November 1, 2018Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
-
Publication number: 20180316657Abstract: An identity provider receives a request to configure authentication for enabling single sign-on to a service provider. The identity provider identifies the authentication protocols supported by the service provider and determines whether it is compatible with these authentication protocols. As a result of the identity provider being compatible with at least some of the authentication protocols, the identity provider generates configuration information that is usable by the service provider to configure the authentication. The identity provider transmits, to a computer system, a response that causes the computer system to be redirected to the service provider in order to provide information usable by the service provider to obtain the configuration information.Type: ApplicationFiled: August 15, 2017Publication date: November 1, 2018Inventors: Dick Clarence Hardt, Darin Keith McAdams
-
Publication number: 20180278621Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.Type: ApplicationFiled: May 25, 2018Publication date: September 27, 2018Inventors: Jonathan Kozolchyk, Darin Keith McAdams, Jeffrey J. Fielding, Vaibhav Mallya, Darren E. Canavor
-
Patent number: 10020942Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.Type: GrantFiled: August 3, 2017Date of Patent: July 10, 2018Assignee: Amazon Technologies, Inc.Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
-
Patent number: 10007779Abstract: Methods and systems are provided to enable gradual expiration of credentials. Instead of depriving a user of all his access rights upon expiration of his credential (e.g., password), the user's access rights may be gradually restricted during a grace period after an expected or initial expiration time and/or before a final expiration time. The access right may be determined based on a duration from a time of the access request to the final expiration time or to the initial expiration time.Type: GrantFiled: September 29, 2015Date of Patent: June 26, 2018Assignee: Amazon Technologies, Inc.Inventors: Jon Arron McClintock, Yogesh Vilas Golwalkar, Bharath Kumar Bhimanaik, Darin Keith McAdams, Tushaar Sethi
-
Publication number: 20180167220Abstract: In a distributed system, a computer system responsible, at least in part, for complying with a cryptographic key usage limit for a cryptographic key, obtains results of cryptographic operations generated based at least in part on the cryptographic key and transmits the obtained results over a network. The computer system digitally signs the results and provides the results with digital signatures of the results. Another device intercepts the results and allows the results to proceed to their destination contingent on successful validation of the digital signature.Type: ApplicationFiled: January 26, 2018Publication date: June 14, 2018Inventors: Marcel Andrew Levy, Darren Ernest Canavor, Zachary Ganwise Fewtrell, Andrew Alphus Kimbrough, Jonathan Kozolchyk, Darin Keith McAdams, Pradeep Ramarao, Gregory Branchek Roth
-
Patent number: 9985974Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.Type: GrantFiled: March 9, 2017Date of Patent: May 29, 2018Assignee: Amazon Technologies, Inc.Inventors: Jonathan Kozolchyk, Darin Keith McAdams, Jeffrey J. Fielding, Vaibhav Mallya, Darren E. Canavor
-
Patent number: 9923927Abstract: Methods and systems are provided to enable access control based on credential properties. Besides authenticating a credential, an authentication service can provide additional credential-related information with respect to a credential such as last updated time. An entity receiving such additional credential-related information can implement access control policies based on the credential-related information. For instance, a user's access rights may be gradually restricted after an initial expiration time and towards a final expiration time. In an example, such access control may be implemented by a client application or client website of the authentication service. Alternatively or additionally, such access control may be implemented by an authorization service used by the client application or client website.Type: GrantFiled: September 29, 2015Date of Patent: March 20, 2018Assignee: Amazon Technologies, Inc.Inventors: Jon Arron McClintock, Yogesh Vilas Golwalkar, Bharath Kumar Bhimanaik, Darin Keith McAdams, Tushaar Sethi