Patents by Inventor David A. Baer
David A. Baer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20190268245Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.Type: ApplicationFiled: May 8, 2019Publication date: August 29, 2019Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Derek Avery Lyon, John Michael Morkel, Graeme David Baer, Ajith Harshana Ranabahu, Khaled Salah Sedky
-
Patent number: 10320624Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.Type: GrantFiled: September 30, 2013Date of Patent: June 11, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Derek Avery Lyon, John Michael Morkel, Graeme David Baer, Ajith Harshana Ranabahu, Khaled Salah Sedky
-
Patent number: 10320790Abstract: Functionality is disclosed herein for providing temporary access to a resource. A software product that is executing in response to a request from a customer may access one or more resources of a software provider. The resources that may be accessed by a software product may be identified within an access policy. The customer is prevented from accessing the resource when the software product is not executing.Type: GrantFiled: September 2, 2014Date of Patent: June 11, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Graeme David Baer, Jacques Daniel Thomas, Nicholas Andrew Gochenaur
-
Patent number: 10263792Abstract: An escrow platform is described that can be used to enable access to devices. The escrow platform can be used to sign cryptographic network protocol challenges on behalf of clients so that the secrets used to sign cryptographic network protocol challenges do not have to be exposed to the clients. The escrow platform can store or control access to private keys, and the corresponding public keys can be stored on respective target platforms. A client can attempt to access a target platform and in response the target platform can issue a challenge. The client platform can send the challenge to the escrow platform, which can use the corresponding private key to sign the challenge. The signed challenge can be sent back to the client, which can forward it to the target platform. The target platform can verify the expected private key and grant access.Type: GrantFiled: July 17, 2017Date of Patent: April 16, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Graeme David Baer
-
Patent number: 10225152Abstract: A method and apparatus for the evaluation and remediation of an access control policy is disclosed. In the method and apparatus, an intermediary service may make access request, on behalf of a customer, to one or more computing resources and the access control policy is evaluation to determine whether the request is authorized. Further, remediation options for the access control policy are offered for the request to be authorized.Type: GrantFiled: September 30, 2013Date of Patent: March 5, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Derek Avery Lyon, John Michael Morkel, Graeme David Baer, Ajith Harshana Ranabahu, Khaled Salah Sedky
-
Publication number: 20190044979Abstract: Customers can utilize resources of a multi-tenant environment to provide one or more services available to various users. In order to simplify the process for these customers, the multi-tenant environment can include an infrastructure wherein a portion of the resources provide an authentication and/or authorization service that can be leveraged by the customer services. These resources can logically sit in front of the resources used to provide the customer services, such that a user request must pass through the authorization and authentication service before being directed to the customer service. Such resources can provide other functionality as well, such as load balancing and metering.Type: ApplicationFiled: February 5, 2018Publication date: February 7, 2019Inventors: Gregory Branchek Roth, Graeme David Baer, Eric Jason Brandwine
-
Publication number: 20190007525Abstract: The present document describes systems and methods that authorize client resources such as computers, servers, computing appliances, and virtual machines to access online services provided by an online service provider. To authorize a client resource, a client submits a registration request on behalf of the client resource to an authorization service provided by the service provider. The authorization service returns an activation code to the client. The activation code may expire after an amount of time, or upon first use. The client provides the activation code to an agent running on the client resource. The agent establishes communication with the authorization service, and upon providing the activation code to the authorization service, receives an authorization token that can be used by the client resource to access online services in accordance with security roles or permissions specified with the registration request.Type: ApplicationFiled: September 10, 2018Publication date: January 3, 2019Inventors: Edward Bradford Smith, II, Graeme David Baer, Manivannan Sundaram
-
Patent number: 10110578Abstract: Access to resources or data can be managed based at least in part upon a validation of credentials. A customer can have customer credentials, such as a username and password pair, that can be used to obtain access according to terms of a customer account. A computing device used to gain the access can also have device credentials, which can be based upon identifying information from the device or provided to the device upon a successful login. The customer account might be locked for a period of time if a number of unsuccessful login attempts are received over a designated period of time. If, however, a request is received with device credentials for a trusted and/or recognized device, at least one additional login attempt might be granted in order to prevent a customer from being locked out of the account due to actions of other persons and/or devices.Type: GrantFiled: March 12, 2013Date of Patent: October 23, 2018Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Graeme David Baer, Gregory Branchek Roth
-
Patent number: 10075557Abstract: The present document describes systems and methods that authorize client resources such as computers, servers, computing appliances, and virtual machines to access online services provided by an online service provider. To authorize a client resource, a client submits a registration request on behalf of the client resource to an authorization service provided by the service provider. The authorization service returns an activation code to the client. The activation code may expire after an amount of time, or upon first use. The client provides the activation code to an agent running on the client resource. The agent establishes communication with the authorization service, and upon providing the activation code to the authorization service, receives an authorization token that can be used by the client resource to access online services in accordance with security roles or permissions specified with the registration request.Type: GrantFiled: December 30, 2015Date of Patent: September 11, 2018Assignee: Amazon Technologies, Inc.Inventors: Edward Bradford Smith, II, Graeme David Baer, Manivannan Sundaram
-
Publication number: 20180241742Abstract: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.Type: ApplicationFiled: April 20, 2018Publication date: August 23, 2018Inventors: Gregory Branchek Roth, Graeme David Baer, Brian Irl Pratt
-
Patent number: 9970387Abstract: The exit area of a nozzle assembly is varied by translating a ring assembly located at a rear of the engine nacelle. The ring may be axially translatable along the axis of the engine. As the ring translates, the trailing edge of the ring defines a variable nozzle exit area. Translation of the ring creates an upstream exit at a leading edge of the ring assembly. The upstream exit can be used to bleed or otherwise spill flow excess from the engine bypass duct. As the engine operates in various flight conditions, the ring can be translated to obtain lower fan pressure ratios and thereby increase the efficiency of the engine. Fairings partially enclose actuator components for reduced drag.Type: GrantFiled: August 7, 2008Date of Patent: May 15, 2018Assignees: ROHR, INC., GOODRICH ACTUATION SYSTEMTS LIMITEDInventors: Joel Hudson Frank, Norman John James, Shunshen Richard Wang, Bryant Lynoel McKleny, David A. Baer, Tony Jones, John H. Harvey, Peter W. Bacon, Mark Hubberstey, Brett J. Wharton, Neil C. Davies, Stephen Michael Roberts, Steven Andrew Wylie
-
Patent number: 9954856Abstract: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.Type: GrantFiled: December 21, 2015Date of Patent: April 24, 2018Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Gregory Branchek Roth, Graeme David Baer, Brian Irl Pratt
-
Patent number: 9888041Abstract: Customers can utilize resources of a multi-tenant environment to provide one or more services available to various users. In order to simplify the process for these customers, the multi-tenant environment can include an infrastructure wherein a portion of the resources provide an authentication and/or authorization service that can be leveraged by the customer services. These resources can logically sit in front of the resources used to provide the customer services, such that a user request must pass through the authorization and authentication service before being directed to the customer service. Such resources can provide other functionality as well, such as load balancing and metering.Type: GrantFiled: September 9, 2016Date of Patent: February 6, 2018Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Graeme David Baer, Eric Jason Brandwine
-
Patent number: 9847983Abstract: Technologies are disclosed herein for epoch-based expiration of temporary security credentials. A temporary security credential is issued that identifies one or more epochs and that specifies one or more versions of the identified epochs during which the temporary security credential is valid. The temporary security credential may then be utilized to request access to another system, service or component. In order to determine whether such a request may be granted, current epoch versions for the epochs identified in the temporary security credential are obtained. The current epoch versions for the identified epochs are then compared to epoch versions specified in the temporary security credential to determine if the request can be granted. The current epoch versions may be periodically modified in order to expire previously issued temporary security credentials. A temporary security credential might also specify an expiration time after which the temporary security credential is no longer valid.Type: GrantFiled: April 29, 2014Date of Patent: December 19, 2017Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Benjamin Tillman Farley, Graeme David Baer
-
Patent number: 9838430Abstract: Functionality is disclosed herein for providing temporary access to a resource. A software product that is executing in response to a request from a customer may access one or more resources of a software provider. The resources that may be accessed by a software product may be identified within an access policy. The customer is prevented from accessing the resource when the software product is not executing.Type: GrantFiled: September 2, 2014Date of Patent: December 5, 2017Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Graeme David Baer, Jacques Daniel Thomas, Nicholas Andrew Gochenaur
-
Publication number: 20170324568Abstract: An escrow platform is described that can be used to enable access to devices. The escrow platform can be used to sign cryptographic network protocol challenges on behalf of clients so that the secrets used to sign cryptographic network protocol challenges do not have to be exposed to the clients. The escrow platform can store or control access to private keys, and the corresponding public keys can be stored on respective target platforms. A client can attempt to access a target platform and in response the target platform can issue a challenge. The client platform can send the challenge to the escrow platform, which can use the corresponding private key to sign the challenge. The signed challenge can be sent back to the client, which can forward it to the target platform. The target platform can verify the expected private key and grant access.Type: ApplicationFiled: July 17, 2017Publication date: November 9, 2017Applicant: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Graeme David Baer
-
Patent number: 9712329Abstract: An escrow platform is described that can be used to enable access to devices. The escrow platform can be used to sign cryptographic network protocol challenges on behalf of clients so that the secrets used to sign cryptographic network protocol challenges do not have to be exposed to the clients. The escrow platform can store or control access to private keys, and the corresponding public keys can be stored on respective target platforms. A client can attempt to access a target platform and in response the target platform can issue a challenge. The client platform can send the challenge to the escrow platform, which can use the corresponding private key to sign the challenge. The signed challenge can be sent back to the client, which can forward it to the target platform. The target platform can verify the expected private key and grant access.Type: GrantFiled: March 14, 2016Date of Patent: July 18, 2017Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Graeme David Baer
-
Publication number: 20170195457Abstract: The present document describes systems and methods that authorize client resources such as computers, servers, computing appliances, and virtual machines to access online services provided by an online service provider. To authorize a client resource, a client submits a registration request on behalf of the client resource to an authorization service provided by the service provider. The authorization service returns an activation code to the client. The activation code may expire after an amount of time, or upon first use. The client provides the activation code to an agent running on the client resource. The agent establishes communication with the authorization service, and upon providing the activation code to the authorization service, receives an authorization token that can be used by the client resource to access online services in accordance with security roles or permissions specified with the registration request.Type: ApplicationFiled: December 30, 2015Publication date: July 6, 2017Inventors: Edward Bradford Smith, II, Graeme David Baer, Manivannan Sundaram
-
Publication number: 20170126746Abstract: Customers can utilize resources of a multi-tenant environment to provide one or more services available to various users. In order to simplify the process for these customers, the multi-tenant environment can include an infrastructure wherein a portion of the resources provide an authentication and/or authorization service that can be leveraged by the customer services. These resources can logically sit in front of the resources used to provide the customer services, such that a user request must pass through the authorization and authentication service before being directed to the customer service. Such resources can provide other functionality as well, such as load balancing and metering.Type: ApplicationFiled: September 9, 2016Publication date: May 4, 2017Inventors: Gregory Branchek Roth, Graeme David Baer, Eric Jason Brandwine
-
Patent number: 9521000Abstract: A service provider manages access control to multiple services through an authentication system. One or more services are able to fulfill requests at least in part by submitting requests to other services of the service provider. Such a service is able to obtain, from the authentication system, information that can be passed on to one or more other services to enable the one or more other services to determine request validity without having to contact the authentication system. The information may include, for example, one or more responses that the one or more other services would have received had the one or more services contacted the authentication system themselves.Type: GrantFiled: July 17, 2013Date of Patent: December 13, 2016Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Graeme David Baer