Patents by Inventor Marc R. Barbour
Marc R. Barbour has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11671425Abstract: A request is obtained for accessing a resource in a different region from a region indicated by a session token included with the request. The session token is re-encrypted using secret information of the second region. The request to access the resource in the different region can be fulfilled using the re-encrypted session token.Type: GrantFiled: June 25, 2020Date of Patent: June 6, 2023Assignee: Amazon Technologies, Inc.Inventors: Srikanth Mandadi, Khaled Salah Sedky, Slavka Praus, Marc R. Barbour
-
Patent number: 11146541Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: GrantFiled: July 15, 2019Date of Patent: October 12, 2021Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffery Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Patent number: 10951618Abstract: Security credentials issued by an entity, such as an identity broker, can have a limited lifetime. Access to resources or content under those credentials then can only be obtained for a limited period of time, limiting the ability of an unauthorized entity obtaining the credentials to utilize those credentials for access. Along with the credentials, a refresh token can be issued to a requesting client that can enable the limited lifetime of the credentials to be renewed up to a maximum lifetime of the credentials and/or the token. A service providing access can determine that the client has a valid copy of the refresh token when the credentials are about to expire, and if so can cause the lifetime of the credentials to be extended another credential lifetime. This renewal can be done transparent to a user and without again contacting the identity broker.Type: GrantFiled: December 5, 2019Date of Patent: March 16, 2021Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Graeme David Baer, Dmitry Frenkel, Marc R. Barbour
-
Publication number: 20200329041Abstract: A request is obtained for accessing a resource in a different region from a region indicated by a session token included with the request. The session token is re-encrypted using secret information of the second region. The request to access the resource in the different region can be fulfilled using the re-encrypted session token.Type: ApplicationFiled: June 25, 2020Publication date: October 15, 2020Inventors: Srikanth Mandadi, Khaled Salah Sedky, Slavka Praus, Marc R. Barbour
-
Patent number: 10701071Abstract: A request is received by a user in a second region. The request, which is digitally signed with credential associated with the user in the second region causes the generation of a session credential that includes a session key. The user in the second region can use the session credentials to access the resources in the first region.Type: GrantFiled: February 7, 2018Date of Patent: June 30, 2020Assignee: Amazon Technologies, Inc.Inventors: Srikanth Mandadi, Khaled Salah Sedky, Slavka Praus, Marc R. Barbour
-
Patent number: 10680827Abstract: Techniques for using short-term credentials using asymmetric session keys are described herein. A request for a short-term credential is received that is digitally signed with a different credential. In response to the request, short-term credential data is generated and populated with a public session key corresponding to a private session key. The short-term credential data is then encrypted with a session encryption key to produce the short-term credential token, which can then be used by the requester as a short-term credential for subsequent requests.Type: GrantFiled: January 19, 2018Date of Patent: June 9, 2020Assignee: Amazon Technologies, Inc.Inventors: Marc R. Barbour, Khaled Salah Sedky, Srikanth Mandadi, Slavka Praus
-
Publication number: 20200153831Abstract: Security credentials issued by an entity, such as an identity broker, can have a limited lifetime. Access to resources or content under those credentials then can only be obtained for a limited period of time, limiting the ability of an unauthorized entity obtaining the credentials to utilize those credentials for access. Along with the credentials, a refresh token can be issued to a requesting client that can enable the limited lifetime of the credentials to be renewed up to a maximum lifetime of the credentials and/or the token. A service providing access can determine that the client has a valid copy of the refresh token when the credentials are about to expire, and if so can cause the lifetime of the credentials to be extended another credential lifetime. This renewal can be done transparent to a user and without again contacting the identity broker.Type: ApplicationFiled: December 5, 2019Publication date: May 14, 2020Inventors: Graeme David Baer, Dmitry Frenkel, Marc R. Barbour
-
Publication number: 20200112550Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: ApplicationFiled: July 15, 2019Publication date: April 9, 2020Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffery Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Patent number: 10567381Abstract: Security credentials issued by an entity, such as an identity broker, can have a limited lifetime. Access to resources or content under those credentials then can only be obtained for a limited period of time, limiting the ability of an unauthorized entity obtaining the credentials to utilize those credentials for access. Along with the credentials, a refresh token can be issued to a requesting client that can enable the limited lifetime of the credentials to be renewed up to a maximum lifetime of the credentials and/or the token. A service providing access can determine that the client has a valid copy of the refresh token when the credentials are about to expire, and if so can cause the lifetime of the credentials to be extended another credential lifetime. This renewal can be done transparent to a user and without again contacting the identity broker.Type: GrantFiled: December 17, 2015Date of Patent: February 18, 2020Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Graeme David Baer, Dmitry Frenkel, Marc R. Barbour
-
Patent number: 10536436Abstract: A computer-implemented service uses information associated with a client device to generate a first shared secret. The service receives, from the client, a claim of access to a second shared secret and determines whether the first shared secret and the second shared secret match. If the shared secrets match, the service uses the first shared secret to encrypt a one-time password. The service provides the encrypted one-time password to the client device. The client device transmits a claim of access to the one-time password, which the service uses to determine whether the claim of access to the one-time password indicates access to the one-time password. If the claim of access to the one-time password indicates that the client device has access to the one-time password, the service allows the client device to access the service.Type: GrantFiled: June 24, 2016Date of Patent: January 14, 2020Assignee: Amazon Technologies, Inc.Inventors: Marc R. Barbour, Ruchith Udayanga Fernando
-
Patent number: 10425223Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: GrantFiled: May 18, 2018Date of Patent: September 24, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffrey Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Patent number: 10356062Abstract: A plurality of keys is obtained, with each obtained key of the plurality of keys being based at least in part on an information set for the plurality of keys and at least one other key distinct from the plurality of keys. A signing key is calculated by inputting a combination of the plurality of keys into a function with the information set for the plurality of keys, and the signing key is used to evaluate whether access to one or more computing resources is to be granted, with the information set preventing access from being granted when a request for the access is submitted out of compliance with the information set for the plurality of keys.Type: GrantFiled: November 11, 2015Date of Patent: July 16, 2019Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffrey Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Patent number: 10277569Abstract: Techniques for using short-term session credentials across regions are described herein. A first request for resources generated using a short-term session credentials and digitally signed with a digital signature. The request is generated in a first region and received in a second region. In response to the request, a second request is generated in the second region to validate the first request. A new session token that is usable in the second region is generated and returned to the second region. The new session token can then be used in the second region to fulfill the first request.Type: GrantFiled: December 3, 2015Date of Patent: April 30, 2019Assignee: Amazon Technologies, Inc.Inventors: Marc R. Barbour, Khaled Salah Sedky, Slavka Praus, Srikanth Mandadi
-
Patent number: 10182044Abstract: Techniques for personalizing short-term session credentials are described herein. A global session key is provided to a plurality of regions of a computing resource service provider and an account key is also provided to one or more of the plurality of regions based at least in part on those regions being trusted by a customer of the computing resource service provider. When a request for short-term session credentials is received at the trusted region by that customer, a session token is generated and encrypted with a combination of the global session key and the account key, thereby creating a session token that can be uniquely associated with the customer and that may only be used in regions that that customer has designated as trusted regions.Type: GrantFiled: December 3, 2015Date of Patent: January 15, 2019Assignee: Amazon Technologies, Inc.Inventors: Slavka Praus, Khaled Salah Sedky, Srikanth Mandadi, Marc R. Barbour
-
Publication number: 20180270051Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: ApplicationFiled: May 18, 2018Publication date: September 20, 2018Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffrey Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Patent number: 10044503Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.Type: GrantFiled: November 14, 2014Date of Patent: August 7, 2018Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffery Behm, Cristian M. Ilac, Eric Jason Brandwine
-
Publication number: 20180183793Abstract: A request is received by a user in a second region. The request, which is digitally signed with credential associated with the user in the second region causes the generation of a session credential that includes a session key. The user in the second region can use the session credentials to access the resources in the first region.Type: ApplicationFiled: February 7, 2018Publication date: June 28, 2018Inventors: Srikanth Mandadi, Khaled Salah Sedky, Slavka Praus, Marc R. Barbour
-
Publication number: 20180145835Abstract: Techniques for using short-term credentials using asymmetric session keys are described herein. A request for a short-term credential is received that is digitally signed with a different credential. In response to the request, short-term credential data is generated and populated with a public session key corresponding to a private session key. The short-term credential data is then encrypted with a session encryption key to produce the short-term credential token, which can then be used by the requester as a short-term credential for subsequent requests.Type: ApplicationFiled: January 19, 2018Publication date: May 24, 2018Inventors: Marc R. Barbour, Khaled Salah Sedky, Srikanth Mandadi, Slavka Praus
-
Patent number: 9900160Abstract: Techniques for using short-term credentials using asymmetric session keys are described herein. A request for a short-term credential is received that is digitally signed with a different credential. In response to the request, short-term credential data is generated and populated with a public session key corresponding to a private session key. The short-term credential data is then encrypted with a session encryption key to produce the short-term credential token, which can then be used by the requester as a short-term credential for subsequent requests.Type: GrantFiled: December 3, 2015Date of Patent: February 20, 2018Assignee: Amazon Technologies, Inc.Inventors: Marc R. Barbour, Khaled Salah Sedky, Srikanth Mandadi, Slavka Praus
-
Patent number: 9894067Abstract: Techniques for using short-term credentials with access roles across regions are described herein. A request to assume a role associated with resources in a first region is received by a user in a second region. The request, which is digitally signed with credential associated with the user in the second region causes the generation of a short-term session credential that includes a session key and that can be used to assume the role. The user in the second region then assumes the role and, accordingly, can use the short-term session credentials to access the resources in the first region.Type: GrantFiled: December 3, 2015Date of Patent: February 13, 2018Assignee: Amazon Technologies, Inc.Inventors: Srikanth Mandadi, Khaled Salah Sedky, Slavka Praus, Marc R. Barbour