Patents by Inventor Mark Joseph Cavage
Mark Joseph Cavage has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11658971Abstract: Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.Type: GrantFiled: May 30, 2019Date of Patent: May 23, 2023Assignee: Amazon Technologies, Inc.Inventors: Kevin Ross O'Neill, Mark Joseph Cavage, Nathan R. Fitch, Anders Samuelsson, Brian Irl Pratt, Yunong Jeff Xiao, Bradley Jeffery Behm, James E. Scharf, Jr.
-
Patent number: 10785037Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.Type: GrantFiled: November 19, 2018Date of Patent: September 22, 2020Assignee: Amazon Technologies, Inc.Inventors: David R. Richardson, Mustafa I. Abrar, Don Johnson, John Cormie, Bradley Eugene Marshall, Mark Joseph Cavage
-
Patent number: 10313346Abstract: Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.Type: GrantFiled: November 25, 2014Date of Patent: June 4, 2019Assignee: Amazon Technologies, Inc.Inventors: Kevin Ross O'Neill, Mark Joseph Cavage, Nathan R. Fitch, Anders Samuelsson, Brian Irl Pratt, Yunong Jeff Xiao, Bradley Jeffery Behm, James E. Scharf, Jr.
-
Patent number: 10263978Abstract: Systems and methods provide logic that validates a code generated by a user, and that executes a function of a programmatic interface after the user code is validated. In one implementation, a computer-implemented method performs a multifactor authentication of a user prior to executing a function of a programmatic interface. The method includes receiving, at a server, a user code through a programmatic interface. The server computes a server code in response to the user code, and compares the user code to the server code to determine that the user code corresponds to the server code. The server validates the user code and executes a function of the programmatic interface, after the user code is validated.Type: GrantFiled: July 3, 2014Date of Patent: April 16, 2019Assignee: Amazon Technologies, Inc.Inventors: Mark Joseph Cavage, Bradley Jeffery Behm, Luis Felipe Cabrera
-
Publication number: 20190089542Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.Type: ApplicationFiled: November 19, 2018Publication date: March 21, 2019Inventors: David R. Richardson, Mustafa I. Abrar, Don Johnson, John Cormie, Bradley Eugene Marshall, Mark Joseph Cavage
-
Patent number: 10216921Abstract: Systems and methods for attesting to information about a computing resource involve electronically signed documents. For a computing resource, a document containing information about the resource is generated and electronically signed. The document may be provided to one or more entities as an attestation to at least some of the information contained in the document. Attestation to information in the document may be a prerequisite for performance of one or more actions that may be taken in connection with the computing resource.Type: GrantFiled: September 7, 2016Date of Patent: February 26, 2019Assignee: Amazon Technologies, Inc.Inventors: Cornelle Christiaan Pretorius Janse Van Rensburg, Mark Joseph Cavage, Marc John Brooker, David Everard Brown, Abhinav Agrawal, Matthew S. Garman, Kevin Ross O'Neill, Eric Jason Brandwine, Christopher Richard Jacques de Kadt
-
Publication number: 20190036901Abstract: A plurality of virtual computing resources is detected to have been provisioned. Credentials are distributed to the plurality of virtual computing resources. A credentials map that maps the credentials to the plurality of virtual computing resources is updated. The credentials for the plurality of virtual computing resources are activated to enable the plurality of virtual computing resources to use the credentials to authenticate to a second computer system that manages a resource service, with the credentials being inaccessible to resources of the resource service. A virtual computing resource of the plurality of virtual computing resources is detected to been deprovisioned, and the credentials for the virtual computing resource are deactivated.Type: ApplicationFiled: October 4, 2018Publication date: January 31, 2019Inventors: Marc J. Brooker, Mark Joseph Cavage, David Brown, Kevin Ross O'Neill, Eric Jason Brandwine, Christopher Richard Jacques de Kadt
-
Patent number: 10135620Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.Type: GrantFiled: May 17, 2017Date of Patent: November 20, 2018Assignee: Amazon Technologis, Inc.Inventors: David R. Richardson, Mustafa I. Abrar, Don Johnson, John Cormie, Bradley Eugene Marshall, Mark Joseph Cavage
-
Patent number: 10097531Abstract: A plurality of virtual computing resources is detected to have been provisioned. Credentials are distributed to the plurality of virtual computing resources. A credentials map that maps the credentials to the plurality of virtual computing resources is updated. The credentials for the plurality of virtual computing resources are activated to enable the plurality of virtual computing resources to use the credentials to authenticate to a second computer system that manages a resource service, with the credentials being inaccessible to resources of the resource service. A virtual computing resource of the plurality of virtual computing resources is detected to been deprovisioned, and the credentials for the virtual computing resource are deactivated.Type: GrantFiled: September 26, 2016Date of Patent: October 9, 2018Assignee: Amazon Technologies, Inc.Inventors: Marc J. Brooker, Mark Joseph Cavage, David Brown, Kevin Ross O'Neill, Eric Jason Brandwine, Christopher Richard Jacques de Kadt
-
Patent number: 9985969Abstract: Techniques are described for managing access to computing-related resources that, for example, may enable multiple distinct parties to independently control access to the resources (e.g., such that a request to access a resource succeeds only if all of multiple associated parties approve that access). For example, an executing software application may, on behalf of an end user, make use of computing-related resources of one or more types that are provided by one or more remote third-party network services (e.g., data storage services provided by an online storage service)—in such a situation, both the developer user who created the software application and the end user may be allowed to independently specify access rights for one or more particular such computing-related resources (e.g., stored data files), such that neither the end user nor the software application developer user may later access those resources without the approval of the other party.Type: GrantFiled: March 29, 2013Date of Patent: May 29, 2018Assignee: Amazon Technologies, Inc.Inventors: Mark Joseph Cavage, John Cormie, Nathan R. Fitch, Don Johnson, Peter Sirota
-
Publication number: 20170250821Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.Type: ApplicationFiled: May 17, 2017Publication date: August 31, 2017Inventors: David R. Richardson, Mustafa I. Abrar, Don Johnson, John Cormie, Bradley Eugene Marshall, Mark Joseph Cavage
-
Patent number: 9712325Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.Type: GrantFiled: July 15, 2015Date of Patent: July 18, 2017Assignee: Amazon Technologies, Inc.Inventors: David R. Richardson, Mustafa I. Abrar, Don Johnson, John Cormie, Bradley Eugene Marshall, Mark Joseph Cavage
-
Publication number: 20170012958Abstract: A plurality of virtual computing resources is detected to have been provisioned. Credentials are distributed to the plurality of virtual computing resources. A credentials map that maps the credentials to the plurality of virtual computing resources is updated. The credentials for the plurality of virtual computing resources are activated to enable the plurality of virtual computing resources to use the credentials to authenticate to a second computer system that manages a resource service, with the credentials being inaccessible to resources of the resource service. A virtual computing resource of the plurality of virtual computing resources is detected to been deprovisioned, and the credentials for the virtual computing resource are deactivated.Type: ApplicationFiled: September 26, 2016Publication date: January 12, 2017Inventors: Marc J. Brooker, Mark Joseph Cavage, David Brown, Kevin Ross O'Neill, Eric Jason Brandwine, Christopher Richard Jacques de Kadt
-
Patent number: 9455975Abstract: Systems and methods for managing credentials distribute the credentials to subsets of a set of collectively managed computing resources. The collectively managed computing resources may include one or more virtual machine instances. The credentials distributed to the computing resources may be used by the computing resources to perform one or more actions. Actions may include performing one or more functions in connection with configuration, management, and/or operation of the one or more resources, and/or access of other computing resources. The ability to use credentials may be changed based at least in part on the occurrence of one or more events.Type: GrantFiled: March 11, 2014Date of Patent: September 27, 2016Assignee: Amazon Technologies, Inc.Inventors: Marc J. Brooker, Mark Joseph Cavage, David Brown, Kevin Ross O'Neill, Eric Jason Brandwine, Christopher Richard Jacques de Kadt
-
Patent number: 9443074Abstract: Systems and methods for attesting to information about a computing resource involve electronically signed documents. For a computing resource, a document containing information about the resource is generated and electronically signed. The document may be provided to one or more entities as an attestation to at least some of the information contained in the document. Attestation to information in the document may be a prerequisite for performance of one or more actions that may be taken in connection with the computing resource.Type: GrantFiled: December 6, 2013Date of Patent: September 13, 2016Assignee: Amazon Technologies, Inc.Inventors: Cornelle Christiaan Pretorius Janse Van Rensburg, Mark Joseph Cavage, Marc John Brooker, David Everard Brown, Abhinav Agrawal, Matthew S. Garman, Kevin Ross O'Neill, Eric Jason Brandwine, Christopher Richard Jacques de Kadt
-
Publication number: 20150319194Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.Type: ApplicationFiled: July 15, 2015Publication date: November 5, 2015Inventors: David R. Richardson, Mustafa I. Abrar, Don Johnson, John Cormie, Bradley Eugene Marshall, Mark Joseph Cavage
-
Patent number: 9130756Abstract: A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.Type: GrantFiled: March 11, 2013Date of Patent: September 8, 2015Assignee: Amazon Technologies, Inc.Inventors: David R. Richardson, Mustafa I. Abrar, Don Johnson, John Cormie, Bradley E. Marshall, Mark Joseph Cavage
-
Patent number: 8904511Abstract: Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.Type: GrantFiled: August 23, 2010Date of Patent: December 2, 2014Assignee: Amazon Technologies, Inc.Inventors: Kevin Ross O'Neill, Mark Joseph Cavage, Nathan R. Fitch, Anders Samuelsson, Brian Irl Pratt, Yunong Jeff Xiao, Bradley Jeffery Behm, James E. Scharf, Jr.
-
Publication number: 20140196130Abstract: Systems and methods for managing credentials distribute the credentials to subsets of a set of collectively managed computing resources. The collectively managed computing resources may include one or more virtual machine instances. The credentials distributed to the computing resources may be used by the computing resources to perform one or more actions. Actions may include performing one or more functions in connection with configuration, management, and/or operation of the one or more resources, and/or access of other computing resources. The ability to use credentials may be changed based at least in part on the occurrence of one or more events.Type: ApplicationFiled: March 11, 2014Publication date: July 10, 2014Applicant: Amazon Technologies, Inc.Inventors: Marc J. Brooker, Mark Joseph Cavage, David Brown, Kevin Ross O'Neill, Eric Jason Brandwine, Christopher Richard Jacques de Kadt
-
Patent number: 8776190Abstract: Systems and methods provide logic that validates a code generated by a user, and that executes a function of a programmatic interface after the user code is validated. In one implementation, a computer-implemented method performs a multifactor authentication of a user prior to executing a function of a programmatic interface. The method includes receiving, at a server, a user code through a programmatic interface. The server computes a server code in response to the user code, and compares the user code to the server code to determine that the user code corresponds to the server code. The server validates the user code and executes a function of the programmatic interface, after the user code is validated.Type: GrantFiled: November 29, 2010Date of Patent: July 8, 2014Assignee: Amazon Technologies, Inc.Inventors: Mark Joseph Cavage, Bradley Jeffery Behm, Luis Felipe Cabrera