Patents by Inventor Matthew T. Corddry
Matthew T. Corddry has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11216414Abstract: Systems and methods are provided for managing objects. In one implementation, a computer-implemented method is provided. The method includes receiving a query comprising a tag and executing the query. An object identifier is retrieved from a data table, based on the tag. The method further returns a result of the query. The result includes the object identifier that was retrieved from the data table. The method further performing an action related to an object having the retrieved object identifier.Type: GrantFiled: November 6, 2017Date of Patent: January 4, 2022Assignee: Amazon Technologies, Inc.Inventors: Eric J. Brandwine, Matthew T. Corddry
-
Patent number: 10678555Abstract: Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.Type: GrantFiled: October 2, 2017Date of Patent: June 9, 2020Assignee: Amazon Technologies, Inc.Inventors: Jesper M. Johansson, Matthew T. Corddry, Tom F. Hansen, Luke F. Kearney
-
Patent number: 10003597Abstract: In an environment such as a cloud computing environment where various guests can be provisioned on a host machine or other hardware device, it can be desirable to prevent those users from rebooting or otherwise restarting the machine or other resources using unauthorized information or images that can be obtained from across the network. A cloud manager can cause one or more network switches or other routing or communication processing components to deny communication access between user-accessible ports on a machine or device and the provisioning systems, or other specific network resources, such that the user cannot cause the host machine to pull information from those resources upon a restart or reboot of the machine. Further, various actions can be taken upon a reboot or attempted reboot, such as to isolate the host machine or even power off the specific machine.Type: GrantFiled: August 12, 2014Date of Patent: June 19, 2018Assignee: Amazon Technologies, Inc.Inventors: Matthew T. Corddry, Michael David Marr, James R. Hamilton, Peter N. DeSantis
-
Patent number: 9934022Abstract: When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. For example, a clock or a timer mechanism can be used by a network interface card to define a mutability period. During the mutability period, firmware update to a peripheral device can be allowed. Once the mutability period has expired, firmware update to a peripheral device will no longer be allowed.Type: GrantFiled: September 25, 2015Date of Patent: April 3, 2018Assignee: Amazon Technologies, Inc.Inventors: Michael David Marr, Matthew T. Corddry, James R. Hamilton
-
Publication number: 20180067951Abstract: Systems and methods are provided for managing objects. In one implementation, a computer-implemented method is provided. The method includes receiving a query comprising a tag and executing the query. An object identifier is retrieved from a data table, based on the tag. The method further returns a result of the query. The result includes the object identifier that was retrieved from the data table. The method further performing an action related to an object having the retrieved object identifier.Type: ApplicationFiled: November 6, 2017Publication date: March 8, 2018Inventors: Eric J. Brandwine, Matthew T. Corddry
-
Publication number: 20180046469Abstract: Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.Type: ApplicationFiled: October 2, 2017Publication date: February 15, 2018Inventors: Jesper M. Johansson, Matthew T. Corddry, Tom F. Hansen, Luke F. Kearney
-
Patent number: 9836466Abstract: Systems and methods are provided for managing objects. In one implementation, a computer-implemented method is provided. The method includes receiving a query comprising a tag and executing the query. An object identifier is retrieved from a data table, based on the tag. The method further returns a result of the query. The result includes the object identifier that was retrieved from the data table. The method further performing an action related to an object having the retrieved object identifier.Type: GrantFiled: October 29, 2009Date of Patent: December 5, 2017Assignee: Amazon Technologies, Inc.Inventors: Eric J. Brandwine, Matthew T. Corddry
-
Patent number: 9778939Abstract: Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.Type: GrantFiled: August 4, 2016Date of Patent: October 3, 2017Assignee: Amazon Technologies, Inc.Inventors: Jesper M. Johansson, Matthew T. Corddry, Tom F. Hansen, Luke F. Kearney
-
Patent number: 9686078Abstract: The state of firmware for devices on a provisioned host machine can be validated independent of the host CPU(s) or other components exposed to the user. A port that is not fully exposed or accessible to the user can be used to perform a validation process on firmware without accessing a CPU of the host device. The firmware can be scanned and a hashing or similar algorithm can be used to determine validation information, such as hash values, for the firmware, which can be compared to validation information stored in a secure location. If the current and stored validation information do not match, one or more remedial actions can be taken to address the firmware being in an unknown or unintended state.Type: GrantFiled: March 2, 2015Date of Patent: June 20, 2017Assignee: Amazon Technologies, Inc.Inventors: Michael David Marr, Pradeep Vincent, Matthew T. Corddry, James R. Hamilton
-
Patent number: 9565207Abstract: When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. In some embodiments, an asymmetric keying approach can be used to encrypt or sign the firmware. In other cases access can be controlled by enabling firmware updates only through a channel or port that is not exposed to the customer, or by mapping only those portions of the hardware that are to be accessible to the user. In other embodiments, the user can be prevented from modifying firmware by only provisioning the user on a machine after an initial mutability period wherein firmware can be modified, such that the user never has access to a device when firmware can be updated. Combinations and variations of the above also can be used.Type: GrantFiled: September 4, 2009Date of Patent: February 7, 2017Assignee: Amazon Technologies, Inc.Inventors: Michael David Marr, Matthew T. Corddry, James R. Hamilton
-
Patent number: 9547575Abstract: Systems and methods are disclosed which facilitate the management of host computing devices through the utilization of a host computing device control component. The host computing device control component includes a state monitoring component that monitors operating states of the control component. Based on monitoring the operating of the control component, the state monitoring component causes the generation of one or more visual indicator indicative of the operating state of the control component.Type: GrantFiled: August 30, 2011Date of Patent: January 17, 2017Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Matthew T. Corddry, Wyatt D. Camp, Jacob Gabrielson
-
Publication number: 20160342429Abstract: Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.Type: ApplicationFiled: August 4, 2016Publication date: November 24, 2016Inventors: Jesper M. Johansson, Matthew T. Corddry, Tom F. Hansen, Luke F. Kearney
-
Patent number: 9432356Abstract: Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.Type: GrantFiled: May 5, 2009Date of Patent: August 30, 2016Assignee: Amazon Technologies, Inc.Inventors: Jesper M. Johansson, Matthew T. Corddry, Tom F. Hansen, Luke F. Kearney
-
Patent number: 9349010Abstract: Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.Type: GrantFiled: March 27, 2015Date of Patent: May 24, 2016Assignee: Amazon Technologies, Inc.Inventors: Michael David Marr, Pradeep Vincent, Matthew T. Corddry, James R. Hamilton
-
Publication number: 20160019050Abstract: When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. For example, a clock or a timer mechanism can be used by a network interface card to define a mutability period. During the mutability period, firmware update to a peripheral device can be allowed. Once the mutability period has expired, firmware update to a peripheral device will no longer be allowed.Type: ApplicationFiled: September 25, 2015Publication date: January 21, 2016Inventors: Michael David Marr, Matthew T. Corddry, James R. Hamilton
-
Patent number: 9148413Abstract: When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. In some embodiments, an asymmetric keying approach can be used to encrypt or sign the firmware. In other cases access can be controlled by enabling firmware updates only through a channel or port that is not exposed to the customer, or by mapping only those portions of the hardware that are to be accessible to the user. In other embodiments, the user can be prevented from modifying firmware by only provisioning the user on a machine after an initial mutability period wherein firmware can be modified, such that the user never has access to a device when firmware can be updated. Combinations and variations of the above also can be used.Type: GrantFiled: June 29, 2012Date of Patent: September 29, 2015Assignee: Amazon Technologies, Inc.Inventors: Michael David Marr, Matthew T. Corddry, James R. Hamilton
-
Publication number: 20150199519Abstract: Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.Type: ApplicationFiled: March 27, 2015Publication date: July 16, 2015Inventors: Michael David Marr, Pradeep Vincent, Matthew T. Corddry, James R. Hamilton
-
Patent number: 8996744Abstract: Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.Type: GrantFiled: December 2, 2013Date of Patent: March 31, 2015Assignee: Amazon Technologies, Inc.Inventors: Michael David Marr, Pradeep Vincent, Matthew T. Corddry, James R. Hamilton
-
Patent number: 8994213Abstract: A method of maintaining electrical power to electrical systems in operation during reconfiguration or maintenance of a power distribution system for the electrical systems includes providing a Y-connection in a set of electrical power lines. The Y-connection includes an input, a primary output, and a feed output. The set of electrical power lines supplies electrical power from a power source to the electrical systems through the primary output. To establish a feed for maintenance or reconfiguration of the power feed, power is fed from the power source through the feed output of the Y-connection to the electrical systems while power is being supplied to the electrical systems through the primary output.Type: GrantFiled: March 24, 2011Date of Patent: March 31, 2015Assignee: Amazon Technologies, Inc.Inventors: Michael P. Czamara, Peter N. De Santis, Frank A. Glynn, Osvaldo P. Morales, Matthew T. Corddry
-
Patent number: 8971538Abstract: The state of firmware for devices on a provisioned host machine can be validated independent of the host CPU(s) or other components exposed to the user. A port that is not fully exposed or accessible to the user can be used to perform a validation process on firmware without accessing a CPU of the host device. The firmware can be scanned and a hashing or similar algorithm can be used to determine validation information, such as hash values, for the firmware, which can be compared to validation information stored in a secure location. If the current and stored validation information do not match, one or more remedial actions can be taken to address the firmware being in an unknown or unintended state.Type: GrantFiled: September 8, 2009Date of Patent: March 3, 2015Assignee: Amazon Technologies, Inc.Inventors: Michael David Marr, Pradeep Vincent, Matthew T. Corddry, James R. Hamilton