Patents by Inventor Donald Lee Bailey, Jr.
Donald Lee Bailey, Jr. has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11621996Abstract: Methods and apparatus for a computing infrastructure for configurable-quality random data are disclosed. A storage medium stores program instructions that when executed on a processor designate some servers of a provider network as members of a pool of producers of random data usable by random data consumers. The instructions, when executed, determine a subset of the pool to be used to supply a collection of random data intended for a random data consumer, and one or more sources of random phenomena to be used to generate the collection of random data. The instructions, when executed, initiate a transmission of the collection of random data directed to the random data consumer.Type: GrantFiled: November 13, 2017Date of Patent: April 4, 2023Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Andrew Paul Mikulski, Donald Lee Bailey, Jr., Robert Eric Fitzgerald
-
Patent number: 10705904Abstract: Anomalous behavior in a multi-tenant computing environment may be identified by analyzing hardware sensor value data associated with hardware events on a host machine. A privileged virtual machine instance executing on a host machine acquires hardware sensor values and causes the values to be compared to other hardware sensor value data that may be indicative of anomalous behavior; for example, various threshold values, patterns, and/or signatures of hardware counter values generated by analyzing and correlating hardware event counter data. In this manner, potential anomalous behavior on an instance may be determined without having to access customer data or workloads associated with the instance.Type: GrantFiled: February 20, 2018Date of Patent: July 7, 2020Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Donald Lee Bailey, Jr., Richard Weatherly
-
Patent number: 10348759Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, a graph representing the relationship between the first resource and the second resource is generated. A threat model identifying potential risks to the computing environment is created from the graph.Type: GrantFiled: January 18, 2018Date of Patent: July 9, 2019Assignee: Amazon Technologies, Inc.Inventors: Hassan Sultan, John Schweitzer, Donald Lee Bailey, Jr., Gregory Branchek Roth, Nachiketh Rao Potlapally
-
Patent number: 10110629Abstract: A honeypot resource management service receives a request to provision one or more honeypot resources. In response to the request, the service identifies at least one computing resource service that is to be used to present the one or more honeypot resources. The service generates configuration information that is transmitted to the at least one computing resource service to cause the computing resource service to present the one or more honeypot resources to users in accordance with a set of parameters specified in the configuration information.Type: GrantFiled: March 24, 2016Date of Patent: October 23, 2018Assignee: Amazon Technologies, Inc.Inventors: William Frederick Hingle Kruse, Hassan Sultan, Nicholas Howard Brown, James Leon Irving, Jr., Donald Lee Bailey, Jr.
-
Publication number: 20180173579Abstract: Anomalous behavior in a multi-tenant computing environment may be identified by analyzing hardware sensor value data associated with hardware events on a host machine. A privileged virtual machine instance executing on a host machine acquires hardware sensor values and causes the values to be compared to other hardware sensor value data that may be indicative of anomalous behavior; for example, various threshold values, patterns, and/or signatures of hardware counter values generated by analyzing and correlating hardware event counter data. In this manner, potential anomalous behavior on an instance may be determined without having to access customer data or workloads associated with the instance.Type: ApplicationFiled: February 20, 2018Publication date: June 21, 2018Inventors: Nachiketh Rao Potlapally, Donald Lee Bailey, JR., Richard Weatherly
-
Publication number: 20180159891Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, a graph representing the relationship between the first resource and the second resource is generated. A threat model identifying potential risks to the computing environment is created from the graph.Type: ApplicationFiled: January 18, 2018Publication date: June 7, 2018Inventors: Hassan Sultan, John Schweitzer, Donald Lee Bailey, JR., Gregory Branchek Roth, Nachiketh Rao Potlapally
-
Publication number: 20180084032Abstract: Methods and apparatus for a computing infrastructure for configurable-quality random data are disclosed. A storage medium stores program instructions that when executed on a processor designate some servers of a provider network as members of a pool of producers of random data usable by random data consumers. The instructions, when executed, determine a subset of the pool to be used to supply a collection of random data intended for a random data consumer, and one or more sources of random phenomena to be used to generate the collection of random data. The instructions, when executed, initiate a transmission of the collection of random data directed to the random data consumer.Type: ApplicationFiled: November 13, 2017Publication date: March 22, 2018Applicant: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Andrew Paul Mikulski, Donald Lee Bailey, JR., Robert Eric Fitzgerald
-
Patent number: 9904587Abstract: Anomalous behavior in a multi-tenant computing environment may be identified by analyzing hardware sensor value data associated with hardware events on a host machine. A privileged virtual machine instance executing on a host machine acquires hardware sensor values and causes the values to be compared to other hardware sensor value data that may be indicative of anomalous behavior; for example, various threshold values, patterns, and/or signatures of hardware counter values generated by analyzing and correlating hardware event counter data. In this manner, potential anomalous behavior on an instance may be determined without having to access customer data or workloads associated with the instance.Type: GrantFiled: December 18, 2015Date of Patent: February 27, 2018Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Donald Lee Bailey, Jr., Richard Weatherly
-
Patent number: 9876815Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.Type: GrantFiled: September 2, 2016Date of Patent: January 23, 2018Assignee: Amazon Technologies, Inc.Inventors: Hassan Sultan, John Schweitzer, Donald Lee Bailey, Jr., Gregory Branchek Roth, Nachiketh Rao Potlapally
-
Patent number: 9819727Abstract: Methods and apparatus for a computing infrastructure for configurable-quality random data are disclosed. A storage medium stores program instructions that when executed on a processor designate some servers of a provider network as members of a pool of producers of random data usable by random data consumers. The instructions, when executed, determine a subset of the pool to be used to supply a collection of random data intended for a random data consumer, and one or more sources of random phenomena to be used to generate the collection of random data. The instructions, when executed, initiate a transmission of the collection of random data directed to the random data consumer.Type: GrantFiled: February 28, 2013Date of Patent: November 14, 2017Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Andrew Paul Mikulski, Donald Lee Bailey, Jr., Robert Eric Fitzgerald
-
Publication number: 20170235946Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.Type: ApplicationFiled: February 17, 2017Publication date: August 17, 2017Inventors: Nachiketh Rao Potlapally, Michael David Marr, Eric Jason Brandwine, Donald Lee Bailey, JR.
-
Patent number: 9576155Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.Type: GrantFiled: September 28, 2015Date of Patent: February 21, 2017Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Michael David Marr, Eric Jason Brandwine, Donald Lee Bailey, Jr.
-
Publication number: 20160373481Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.Type: ApplicationFiled: September 2, 2016Publication date: December 22, 2016Inventors: Hassan Sultan, John Schweitzer, Donald Lee Bailey, JR., Gregory Branchek Roth, Nachiketh Rao Potlapally
-
Patent number: 9514324Abstract: A computer-implemented method includes restricting access to customer data to certain geographic regions authorized by the customer. The restriction can be managed by associating policy information with the customer data that identifies the geographic regions authorized by the customer. Resources attempting to access the customer data can evaluate the policy information associated with the customer data with respect to the geographic location in which the resource is located to determine whether the resource is permitted to access the customer data. The restriction can also be managed by encrypting the customer data with a cryptographic key that corresponds to the customer and/or the authorized geographic regions.Type: GrantFiled: June 20, 2014Date of Patent: December 6, 2016Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Jonathan Matthew Miller, Eric Jason Brandwine, Stephen Edward Schmidt, Donald Lee Bailey, Jr.
-
Patent number: 9438618Abstract: A system and method for threat detection and mitigation through run-time introspection. The system and method comprising receiving a request to monitor a computing environment. Based on the received request, the system and method further includes determining a set of introspection points for monitoring the computing environment. receive a request to monitor a computing environment, measuring at individual introspection points of the set of introspection points to obtain a set of measurements, generating a graph of a set of resources in the computing environment, wherein the graph correlates individual resources in the set of resources to other resources based on at based at least in part on the set of measurements, and determining whether to perform a security action based at least in part on whether an evaluation of the graph indicates a threat to the computing environment.Type: GrantFiled: March 30, 2015Date of Patent: September 6, 2016Assignee: Amazon Technologies, Inc.Inventors: Hassan Sultan, John Schweitzer, Donald Lee Bailey, Jr., Gregory Branchek Roth, Nachiketh Rao Potlapally
-
Patent number: 9425966Abstract: Methods and apparatus for a security mechanism evaluation service are disclosed. A storage medium stores program instructions that when executed on a processor define a programmatic interface enabling a client to submit an evaluation request for a security mechanism. On receiving an evaluation request from a client indicating a particular security mechanism using public-key encryption, the instructions when executed, identify resources of a provider network to be used to respond. The instructions, when executed, provide to the client, one or more of: (a) a trustworthiness indicator for a certificate authority that issued a public-key certificate in accordance with the particular security mechanism; (b) a result of a syntax analysis of the public-key certificate; or (c) a vulnerability indicator for a key pair.Type: GrantFiled: March 14, 2013Date of Patent: August 23, 2016Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Eric Jason Brandwine, Gregory Alan Rubin, Patrick James Ward, James Leon Irving, Jr., Andrew Paul Mikulski, Donald Lee Bailey, Jr.
-
Publication number: 20160070929Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.Type: ApplicationFiled: September 28, 2015Publication date: March 10, 2016Inventors: Nachiketh Rao Potlapally, Michael David Marr, Eric Jason Brandwine, Donald Lee Bailey, JR.
-
Patent number: 9147086Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.Type: GrantFiled: June 7, 2013Date of Patent: September 29, 2015Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Michael David Marr, Eric Jason Brandwine, Donald Lee Bailey, Jr.
-
Patent number: 9049232Abstract: Methods and apparatus for a configurable-quality random data service are disclosed. A method includes implementing programmatic interfaces enabling a determination of respective characteristics of random data to be delivered to one or more clients of a random data service of a provider network. The method includes implementing security protocols for transmission of random data to the clients, including a protocol for transmission of random data to trusted clients at devices within the provider network. The method further includes obtaining, on behalf of a particular client and in accordance with the determined characteristics, random data from one or more servers of the provider network, and initiating a transmission of the random data directed to a destination associated with the particular client.Type: GrantFiled: February 28, 2013Date of Patent: June 2, 2015Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Donald Lee Bailey, Jr., Andrew Paul Mikulski, Robert Eric Fitzgerald