Patents by Inventor Eric Jason Brandwine

Eric Jason Brandwine has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10419287
    Abstract: Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present.
    Type: Grant
    Filed: July 28, 2017
    Date of Patent: September 17, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Kevin Christopher Miller, Eric Jason Brandwine, Andrew J. Doane
  • Patent number: 10412191
    Abstract: A trusted co-processor can provide a hardware-based observation point into the operation of a host machine owned by a resource provider or other such entity. The co-processor can be installed via a peripheral card on a fast bus, such as a PCI bus, on the host machine. The provider can provide the customer with expected information that the customer can verify through a request to an application programming interface (API) of the card, and after the customer verifies the information the customer can take logical ownership of the card and lock out the provider. The card can then function as a trusted but limited environment that is programmable by the customer. The customer can subsequently submit verification requests to the API to ensure that the host has not been unexpectedly modified or is otherwise operating as expected.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: September 10, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Eric Jason Brandwine, Gregory Alan Rubin, Matthew John Campagna, Matthew Shawn Wilson
  • Patent number: 10412059
    Abstract: Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.
    Type: Grant
    Filed: October 17, 2017
    Date of Patent: September 10, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine
  • Patent number: 10409985
    Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: September 10, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Nachiketh Rao Potlapally, Michael David Marr, Eric Jason Brandwine, Donald Lee Bailey
  • Patent number: 10412156
    Abstract: Systems and methods utilize network destination identifiers, such as IP addresses, that are simultaneously advertised from multiple locations. The network destination identifiers may be announced in multiple geographic regions. Network traffic routed to devices advertising the network destination identifiers may be routed to appropriate endpoints. When a device receives such traffic, it may send the traffic to an endpoint in a network served by the device. In some instances, such as when such an endpoint is not available, the network traffic may be sent to another network that is served by another device that advertises the network destination identifiers.
    Type: Grant
    Filed: July 22, 2016
    Date of Patent: September 10, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Andrew B. Dickinson, Eric Jason Brandwine
  • Publication number: 20190273757
    Abstract: An automated scanning service can be configured to dynamically determine potential firewall misconfigurations in a shared resource environment. The scanning service can interrogate one or more application programming interfaces (APIs) to determine the state of the relevant firewall ports. For each firewall port in a permitted state, a test or trace can be run to determine whether the corresponding host port is open. Similarly, information can be obtained indicating which host ports for the allocation are open, and a determination can be made as to whether the corresponding firewall ports are permitted. Once the determinations are made, any mismatch in port state can be reported as a potential misconfiguration.
    Type: Application
    Filed: May 16, 2019
    Publication date: September 5, 2019
    Inventor: Eric Jason Brandwine
  • Patent number: 10402252
    Abstract: A peripheral device may implement alternative reporting of errors and other events detected at the peripheral device. A peripheral device may monitor the operations of the peripheral device for reporting events. Upon detecting a reporting event, a notification of the reporting event may be generated and sent to a remote data store. The remote data store may store the reporting event and evaluate the reporting event for a responsive action that may be performed. If a responsive action is determined, then the remote data store may direct the performance of the responsive action. The remote data store may provide access to stored reporting events for a peripheral device.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: September 3, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Adi Habusha, Eric Jason Brandwine
  • Patent number: 10404670
    Abstract: A distributed computing environment utilizes a cryptography service. The cryptography service manages keys securely on behalf of one or more entities. The cryptography service is configured to receive and respond to requests to perform cryptographic operations, such as encryption and decryption. The requests may originate from entities using the distributed computing environment and/or subsystems of the distributed computing environment.
    Type: Grant
    Filed: January 19, 2017
    Date of Patent: September 3, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Matthew James Wren, Eric Jason Brandwine, Brian Irl Pratt
  • Patent number: 10389709
    Abstract: Methods and apparatus for securing client-specified credentials at cryptographically-attested resources are described. An indication is obtained that resources deployed for execution of a compute instance of a multi-tenant computing service at an instance host of a provider network meet a client's security criteria. An encrypted representation of credentials to be used at the compute instance to implement operations on behalf of a client is received at the instance host. The credentials are extracted from the encrypted representation using a private key unique to the instance host, used for the operations, and then removed from the instance host without being saved in persistent memory.
    Type: Grant
    Filed: February 24, 2014
    Date of Patent: August 20, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Nachiketh Rao Potlapally, Andrew Jeffrey Doane, Eric Jason Brandwine, Robert Eric Fitzgerald
  • Publication number: 20190250951
    Abstract: A customer having a deployment in a resource provider environment can request one or more changes to the deployment using one or more application programming interface (API) requests. Along with the one or more changes, the customer can specify one or more metrics or behaviors, or a function thereof, to be monitored for the deployment for at least a period of time after the change is implemented. The customer can also specify acceptable or unacceptable values or ranges for the metrics. If the value of a specified metric is determined during the monitoring to have an unacceptable value, the change can be automatically rolled back or undone. The roll back in some embodiments takes the form of a change in state to yet another state that will cause the deployment to operate similar to a state before the change was implemented.
    Type: Application
    Filed: April 25, 2019
    Publication date: August 15, 2019
    Inventor: Eric Jason Brandwine
  • Patent number: 10382561
    Abstract: A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.
    Type: Grant
    Filed: September 19, 2016
    Date of Patent: August 13, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Arijit Ganguly, Andrew B. Dickinson, Christopher J. Lefelhocz, Manish Agarwal, Ian R. Searle, Eric Jason Brandwine
  • Patent number: 10382195
    Abstract: Generally described, physical computing devices in a virtual network can be configured to host a number of virtual machine instances. The physical computing devices can be operably coupled with offload devices. In accordance with an aspect of the present disclosure, a security component can be incorporated into an offload device. The security component can be a physical device including a microprocessor and storage. The security component can include a set of instructions configured to validate an operational configuration of the offload device or the physical computing device to establish that they are configured in accordance with a secure or trusted configuration. In one example, a first security component on the offload device can validate the operational computing environment on the offload device and a second security component on the physical computing device can validate the operational computing environment on the physical computing device.
    Type: Grant
    Filed: May 23, 2017
    Date of Patent: August 13, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Eric Jason Brandwine, David R. Richardson, Matthew Shawn Wilson, Ian Paul Nowland, Anthony Nicholas Liguori, Brian William Barrett
  • Patent number: 10382449
    Abstract: Permissions can be delegated to enable access to resources associated with one or more different accounts, which might be associated with one or more different entities. Accordingly, approaches for delegating security rights and privileges for services and resources in an electronic and/or multi-tenant environment are provided. In particular, various embodiments provide approaches for dynamically determining and authorizing delegation of permissions to perform actions in, on, or against one or more secured accounts, where those accounts may be associated with a number of different entities and/or resource providers.
    Type: Grant
    Filed: July 17, 2017
    Date of Patent: August 13, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventor: Eric Jason Brandwine
  • Patent number: 10373218
    Abstract: Techniques are described for facilitating use of software components by software applications in a configurable manner. In some situations, the software components are fee-based components that are made available by providers of the components for use by others in exchange for fees defined by the components providers, and in at least some situations, the software components may have various associated restrictions or other non-price conditions related to their use. The described techniques facilitate use of such software components by software applications in a configured manner. Furthermore, in at least some situation, the execution of such software applications is managed by an application deployment system that controls and tracks the execution of the software application on one or more computing nodes, including to manage the execution of any software components that are part of the software application.
    Type: Grant
    Filed: December 28, 2010
    Date of Patent: August 6, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Jonathan A. Jenkins, Benjamin W. Mercier, Marvin M. Theimer, Eric Jason Brandwine, Joseph E. Fitzgerald
  • Patent number: 10375103
    Abstract: An automated scanning service can be configured to dynamically determine potential firewall misconfigurations in a shared resource environment. The scanning service can interrogate one or more application programming interfaces (APIs) to determine the state of the relevant firewall ports. For each firewall port in a permitted state, a test or trace can be run to determine whether the corresponding host port is open. Similarly, information can be obtained indicating which host ports for the allocation are open, and a determination can be made as to whether the corresponding firewall ports are permitted. Once the determinations are made, any mismatch in port state can be reported as a potential misconfiguration.
    Type: Grant
    Filed: September 26, 2016
    Date of Patent: August 6, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventor: Eric Jason Brandwine
  • Patent number: 10367791
    Abstract: Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.
    Type: Grant
    Filed: October 17, 2017
    Date of Patent: July 30, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine
  • Patent number: 10361911
    Abstract: Techniques are described for managing communications for a managed computer network by using a defined pool of alternative computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module associated with a source computing node may select a particular alternative intermediate destination computing node from a defined pool to use for one or more particular communications from the source computing node to an indicated final destination, such as based on a configured logical network topology for the managed computer network and/or on one or more other selection criteria (e.g., to enable load balancing between the alternative computing nodes). The manager module then forwards those communications to the selected intermediate destination computing node for further handling.
    Type: Grant
    Filed: March 4, 2016
    Date of Patent: July 23, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric Jason Brandwine, Kevin Christopher Miller
  • Patent number: 10356062
    Abstract: A plurality of keys is obtained, with each obtained key of the plurality of keys being based at least in part on an information set for the plurality of keys and at least one other key distinct from the plurality of keys. A signing key is calculated by inputting a combination of the plurality of keys into a function with the information set for the plurality of keys, and the signing key is used to evaluate whether access to one or more computing resources is to be granted, with the information set preventing access from being granted when a request for the access is submitted out of compliance with the information set for the plurality of keys.
    Type: Grant
    Filed: November 11, 2015
    Date of Patent: July 16, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffrey Behm, Cristian M. Ilac, Eric Jason Brandwine
  • Patent number: 10355991
    Abstract: Techniques are described for managing communications for a managed virtual computer network overlaid on a distinct substrate computer network, including for communications involving computing nodes of the managed virtual computer network that use an alternative addressing scheme to direct network packets and other network communications to intended destination locations by using textual network node monikers instead of numeric IP addresses to represent computing nodes at a layer 3 or “network layer” of a corresponding computer networking stack in use by the computing nodes. The techniques are provided without modifying or configuring the network devices of the substrate computer network, by using configured modules to manage and modify communications from the logical edge of the substrate network.
    Type: Grant
    Filed: September 26, 2013
    Date of Patent: July 16, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Swaminathan Sivasubramanian, Eric Jason Brandwine, Tate Andrew Certain, Bradley E. Marshall
  • Patent number: 10346623
    Abstract: A computing resource service provider may operate one or more services configured to provide customers with access to computing resources. Attackers may attempt to exfiltrate customer data from the one or more services. In order to prevent attackers from obtaining customer data the one or more services may provide specious data in response to an attack. The attack may be detected based at least in part on a set of triggers that indicate a likelihood of attack. The specious data may be configured to appear to the attacker as authentic customer data and/or that the attack is successful. Additionally, the specious data may be detectable by the one or more service, enabling the one or more service to collect additional data corresponding to the attack and/or attacker.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: July 9, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric Jason Brandwine, Stephen Edward Schmidt