Patents by Inventor Eric D. Crahen

Eric D. Crahen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11366870
    Abstract: The load level on a server system is regulated by determining time-to-live (TTL) values to provide to requesting devices that request a content resource from the server system, thereby affecting the frequency of subsequent requests. This dynamic determination of TTL values may provide resilience to system load, for example by using longer TTL values when the system is under greater load to reduce the rate at which subsequent requests are received. A dynamic TTL service may calculate a TTL value based on one or more factors, such as overall system load, resource load, hardware load, and/or software load.
    Type: Grant
    Filed: August 26, 2019
    Date of Patent: June 21, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: David C. Yanacek, David Killian, Krishnan Narayanan, Matthew Wren, Samuel J. Young, Eric D. Crahen
  • Patent number: 11356457
    Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
    Type: Grant
    Filed: June 3, 2020
    Date of Patent: June 7, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
  • Patent number: 10931442
    Abstract: Client requests may be directed through a secret holding proxy system such that the secret holding proxy system may insert a secret into a client request before arriving at the destination. The insertion of a secret may include inserting a digital signature, token or other information that includes a secret or information based upon a secret, which may include secret exchange or authentication protocols. The secret holding proxy system may also remove secrets and/or transform incoming messages such that the client may transparently receive the underlying content of the message.
    Type: Grant
    Filed: October 5, 2018
    Date of Patent: February 23, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Graeme D. Baer, Nathan R. Fitch, Eric D. Crahen, Eric J. Brandwine
  • Publication number: 20200296108
    Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
    Type: Application
    Filed: June 3, 2020
    Publication date: September 17, 2020
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
  • Patent number: 10721238
    Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
    Type: Grant
    Filed: March 16, 2018
    Date of Patent: July 21, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
  • Patent number: 10460004
    Abstract: Time to live (“TTL”) values are determined based on one or more factors. The TTL values may be included in responses to requests for resources, thereby affecting the frequency of subsequent requests. This dynamic determination of TTL values may provide resilience to system load, for example by using longer TTL values when the system is under greater load in order to reduce the rate at which subsequent requests are received. A dynamic TTL service may calculate a TTL value based on one or more factors, such as overall system load, resource load, hardware load, and/or software load. In various embodiments, a dynamic TTL service may act natively within a service, within a system framework, as a proxy, as a cluster, and/or as a broker.
    Type: Grant
    Filed: June 24, 2011
    Date of Patent: October 29, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: David C. Yanacek, David A. Killian, Krishnan Narayanan, Matthew J. Wren, Samuel J. Young, Eric D. Crahen
  • Patent number: 10103875
    Abstract: Client requests may be directed through a secret holding proxy system such that the secret holding proxy system may insert a secret into a client request before arriving at the destination. The insertion of a secret may include inserting a digital signature, token or other information that includes a secret or information based upon a secret, which may include secret exchange or authentication protocols. The secret holding proxy system may also remove secrets and/or transform incoming messages such that the client may transparently receive the underlying content of the message.
    Type: Grant
    Filed: December 20, 2011
    Date of Patent: October 16, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Graeme D. Baer, Nathan R. Fitch, Eric D. Crahen, Eric J. Brandwine
  • Publication number: 20180205738
    Abstract: A delegation request is submitted to a session-based authentication service, fulfilment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
    Type: Application
    Filed: March 16, 2018
    Publication date: July 19, 2018
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
  • Patent number: 9954866
    Abstract: A delegation request is submitted to a session-based authentication service, fulfilment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: April 24, 2018
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
  • Patent number: 9607162
    Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.
    Type: Grant
    Filed: May 18, 2015
    Date of Patent: March 28, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Eric D. Crahen, Graeme D. Baer, Eric J. Brandwine, Nathan R. Fitch
  • Publication number: 20160021118
    Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
    Type: Application
    Filed: September 25, 2015
    Publication date: January 21, 2016
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
  • Publication number: 20150347763
    Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.
    Type: Application
    Filed: May 18, 2015
    Publication date: December 3, 2015
    Inventors: Gregory B. Roth, Eric D. Crahen, Graeme D. Baer, Eric J. Brandwine, Nathan R. Fitch
  • Patent number: 9203613
    Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
    Type: Grant
    Filed: September 29, 2011
    Date of Patent: December 1, 2015
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
  • Patent number: 9197409
    Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
    Type: Grant
    Filed: September 29, 2011
    Date of Patent: November 24, 2015
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Bradley Jeffery Behm, Eric D. Crahen, Cristian M. Ilac, Nathan R. Fitch, Eric Jason Brandwine, Kevin Ross O'Neill
  • Patent number: 9178701
    Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
    Type: Grant
    Filed: September 29, 2011
    Date of Patent: November 3, 2015
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Bradley Jeffery Behm, Eric D. Crahen, Cristian M. Ilac, Nathan R. Fitch, Eric Jason Brandwine, Kevin Ross O'Neill
  • Patent number: 9037511
    Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.
    Type: Grant
    Filed: September 29, 2011
    Date of Patent: May 19, 2015
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Eric D. Crahen, Graeme D. Baer, Eric J. Brandwine, Nathan R. Fitch
  • Patent number: 8856957
    Abstract: A federated identity system is described. A federated identity broker registers a first customer as an identity provider and a second customer as an identity consumer. The federated identity broker acts as an intermediary between the first customer and the second customer, to broker an identity request from the first customer that is fulfilled by the second customer.
    Type: Grant
    Filed: December 22, 2011
    Date of Patent: October 7, 2014
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Kevin Ross O'Neill, Eric Jason Brandwine, Eric D. Crahen, Cristian M. Ilac
  • Publication number: 20130086661
    Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
    Type: Application
    Filed: September 29, 2011
    Publication date: April 4, 2013
    Applicant: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
  • Publication number: 20130085880
    Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.
    Type: Application
    Filed: September 29, 2011
    Publication date: April 4, 2013
    Applicant: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Eric D. Crahen, Graeme D. Baer, Eric J. Brandwine, Nathan R. Fitch
  • Publication number: 20130086663
    Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
    Type: Application
    Filed: September 29, 2011
    Publication date: April 4, 2013
    Applicant: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Bradley Jeffery Behm, Eric D. Crahen, Cristian M. Ilac, Nathan R. Fitch, Eric Jason Brandwine, Kevin Ross O'Neill