Patents by Inventor Eric D. Crahen
Eric D. Crahen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11366870Abstract: The load level on a server system is regulated by determining time-to-live (TTL) values to provide to requesting devices that request a content resource from the server system, thereby affecting the frequency of subsequent requests. This dynamic determination of TTL values may provide resilience to system load, for example by using longer TTL values when the system is under greater load to reduce the rate at which subsequent requests are received. A dynamic TTL service may calculate a TTL value based on one or more factors, such as overall system load, resource load, hardware load, and/or software load.Type: GrantFiled: August 26, 2019Date of Patent: June 21, 2022Assignee: Amazon Technologies, Inc.Inventors: David C. Yanacek, David Killian, Krishnan Narayanan, Matthew Wren, Samuel J. Young, Eric D. Crahen
-
Patent number: 11356457Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.Type: GrantFiled: June 3, 2020Date of Patent: June 7, 2022Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Patent number: 10931442Abstract: Client requests may be directed through a secret holding proxy system such that the secret holding proxy system may insert a secret into a client request before arriving at the destination. The insertion of a secret may include inserting a digital signature, token or other information that includes a secret or information based upon a secret, which may include secret exchange or authentication protocols. The secret holding proxy system may also remove secrets and/or transform incoming messages such that the client may transparently receive the underlying content of the message.Type: GrantFiled: October 5, 2018Date of Patent: February 23, 2021Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Graeme D. Baer, Nathan R. Fitch, Eric D. Crahen, Eric J. Brandwine
-
Publication number: 20200296108Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.Type: ApplicationFiled: June 3, 2020Publication date: September 17, 2020Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Patent number: 10721238Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.Type: GrantFiled: March 16, 2018Date of Patent: July 21, 2020Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Patent number: 10460004Abstract: Time to live (“TTL”) values are determined based on one or more factors. The TTL values may be included in responses to requests for resources, thereby affecting the frequency of subsequent requests. This dynamic determination of TTL values may provide resilience to system load, for example by using longer TTL values when the system is under greater load in order to reduce the rate at which subsequent requests are received. A dynamic TTL service may calculate a TTL value based on one or more factors, such as overall system load, resource load, hardware load, and/or software load. In various embodiments, a dynamic TTL service may act natively within a service, within a system framework, as a proxy, as a cluster, and/or as a broker.Type: GrantFiled: June 24, 2011Date of Patent: October 29, 2019Assignee: Amazon Technologies, Inc.Inventors: David C. Yanacek, David A. Killian, Krishnan Narayanan, Matthew J. Wren, Samuel J. Young, Eric D. Crahen
-
Patent number: 10103875Abstract: Client requests may be directed through a secret holding proxy system such that the secret holding proxy system may insert a secret into a client request before arriving at the destination. The insertion of a secret may include inserting a digital signature, token or other information that includes a secret or information based upon a secret, which may include secret exchange or authentication protocols. The secret holding proxy system may also remove secrets and/or transform incoming messages such that the client may transparently receive the underlying content of the message.Type: GrantFiled: December 20, 2011Date of Patent: October 16, 2018Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Graeme D. Baer, Nathan R. Fitch, Eric D. Crahen, Eric J. Brandwine
-
Publication number: 20180205738Abstract: A delegation request is submitted to a session-based authentication service, fulfilment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.Type: ApplicationFiled: March 16, 2018Publication date: July 19, 2018Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Patent number: 9954866Abstract: A delegation request is submitted to a session-based authentication service, fulfilment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.Type: GrantFiled: September 25, 2015Date of Patent: April 24, 2018Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Patent number: 9607162Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.Type: GrantFiled: May 18, 2015Date of Patent: March 28, 2017Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Eric D. Crahen, Graeme D. Baer, Eric J. Brandwine, Nathan R. Fitch
-
Publication number: 20160021118Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.Type: ApplicationFiled: September 25, 2015Publication date: January 21, 2016Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Publication number: 20150347763Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.Type: ApplicationFiled: May 18, 2015Publication date: December 3, 2015Inventors: Gregory B. Roth, Eric D. Crahen, Graeme D. Baer, Eric J. Brandwine, Nathan R. Fitch
-
Patent number: 9203613Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.Type: GrantFiled: September 29, 2011Date of Patent: December 1, 2015Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Patent number: 9197409Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.Type: GrantFiled: September 29, 2011Date of Patent: November 24, 2015Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Bradley Jeffery Behm, Eric D. Crahen, Cristian M. Ilac, Nathan R. Fitch, Eric Jason Brandwine, Kevin Ross O'Neill
-
Patent number: 9178701Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.Type: GrantFiled: September 29, 2011Date of Patent: November 3, 2015Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Bradley Jeffery Behm, Eric D. Crahen, Cristian M. Ilac, Nathan R. Fitch, Eric Jason Brandwine, Kevin Ross O'Neill
-
Patent number: 9037511Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.Type: GrantFiled: September 29, 2011Date of Patent: May 19, 2015Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Eric D. Crahen, Graeme D. Baer, Eric J. Brandwine, Nathan R. Fitch
-
Patent number: 8856957Abstract: A federated identity system is described. A federated identity broker registers a first customer as an identity provider and a second customer as an identity consumer. The federated identity broker acts as an intermediary between the first customer and the second customer, to broker an identity request from the first customer that is fulfilled by the second customer.Type: GrantFiled: December 22, 2011Date of Patent: October 7, 2014Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Kevin Ross O'Neill, Eric Jason Brandwine, Eric D. Crahen, Cristian M. Ilac
-
Publication number: 20130086661Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.Type: ApplicationFiled: September 29, 2011Publication date: April 4, 2013Applicant: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
-
Publication number: 20130085880Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.Type: ApplicationFiled: September 29, 2011Publication date: April 4, 2013Applicant: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Eric D. Crahen, Graeme D. Baer, Eric J. Brandwine, Nathan R. Fitch
-
Publication number: 20130086663Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.Type: ApplicationFiled: September 29, 2011Publication date: April 4, 2013Applicant: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Bradley Jeffery Behm, Eric D. Crahen, Cristian M. Ilac, Nathan R. Fitch, Eric Jason Brandwine, Kevin Ross O'Neill