Patents by Inventor Nachiketh Rao Potlapally

Nachiketh Rao Potlapally has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220197683
    Abstract: Aspects of the present application relate to systems, methods and non-transitory computer readable media for network virtualization in a rack-based switch. The method can include sending a communication from a first virtual machine (“VM”) instantiated on a first host machine to a first network virtualization Top of Rack (“ToR”) switch. The first network virtualization ToR can include a peripheral component interconnect express (“PCIe”) switch coupled to a plurality of host-side Ethernet ports, a virtualization device communicatingly coupled to the PCIe switch, which virtualization device can include a plurality of virtualization functions, and a switching ASIC coupled to the virtualization device and to a network-side Ethernet port. The method can include forming the communication into an Internet Protocol (“IP”) packet with a first virtualization function of the virtualization device, and sending the IP packet to a second VM with the switching ASIC.
    Type: Application
    Filed: December 22, 2020
    Publication date: June 23, 2022
    Applicant: Oracle International Corporation
    Inventors: Nachiketh Rao Potlapally, Pradeep Vincent, Jagwinder Singh Brar
  • Publication number: 20220200801
    Abstract: A network interface card, such as a SmartNIC, is used to provide encryption, such as network encryption virtual function (NEVF), for a virtual machine, so that a customer can control network keys in a virtual cloud network. The NEVF includes a memory device (e.g., SRAM) and a crypto processor (e.g., a crypto core). The memory device stores a crypto key. The crypto processor uses the crypto key to encrypt data to and from a virtual machine in the virtual cloud network. A key management system can be used to securely transfer crypto keys to the NEVF. Having one NEVF per virtual machine can enable a customer to manage the crypto key for a virtual cloud network.
    Type: Application
    Filed: December 23, 2020
    Publication date: June 23, 2022
    Applicant: Oracle International Corporation
    Inventors: Nachiketh Rao Potlapally, Pradeep Vincent, Jagwinder Singh Brar
  • Publication number: 20220200972
    Abstract: For end-to-end encryption of a virtual cloud network, a VPN tunnel from a customer device is terminated at a host network headend device using encryption keys secured in hardware and managed by the customer. The network headend device can be a card in a bare-metal server with one or more network virtualization devices. The network headend device is configured to receive a first key provisioned by a customer; receive a first data packet sent from a device of the customer; and decrypt the first data packet using the first key to obtain information. A network virtualization device is configured to receive the information from the network headend device; ascertain that the information is to be sent to a virtual machine in a virtual cloud network; ascertain that data in the virtual cloud network is configured to be encrypted; and encrypt the information with a second key to generate a second data packet before routing the second data packet to the virtual machine.
    Type: Application
    Filed: December 23, 2020
    Publication date: June 23, 2022
    Applicant: Oracle International Corporation
    Inventors: Nachiketh Rao Potlapally, Pradeep Vincent, Jagwinder Singh Brar
  • Publication number: 20220060517
    Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.
    Type: Application
    Filed: August 3, 2021
    Publication date: February 24, 2022
    Applicant: Oracle International Corporation
    Inventors: Igor Dozorets, Thoulfekar Alrahem, Jun Tong, Leonid Kuperman, Nachiketh Rao Potlapally, Bala Ganesh Chandran, Brian Pratt, Nathaniel Martin Glass, Girish Nagaraja, Jonathan Jorge Nadal
  • Patent number: 11258769
    Abstract: A device is provisioned and authorized for use on a network. The device may generate a cryptographic key and provide a digital certificate the cryptographic key, a hardware identifier, and attribute information and provide such information to an authorization host as part of the provisioning process. The authorization host may use attribute information to determine whether to authorize the device for use on the network, and whether the generated cryptographic key should be trusted for use on the network.
    Type: Grant
    Filed: June 24, 2019
    Date of Patent: February 22, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Matthew John Campagna, Derek Del Miller, Nachiketh Rao Potlapally, Gregory Branchek Roth
  • Patent number: 10810015
    Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.
    Type: Grant
    Filed: February 28, 2019
    Date of Patent: October 20, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Nachiketh Rao Potlapally, Rachit Chawla, Jeremy Ryan Volkman, Michael David Marr
  • Patent number: 10705904
    Abstract: Anomalous behavior in a multi-tenant computing environment may be identified by analyzing hardware sensor value data associated with hardware events on a host machine. A privileged virtual machine instance executing on a host machine acquires hardware sensor values and causes the values to be compared to other hardware sensor value data that may be indicative of anomalous behavior; for example, various threshold values, patterns, and/or signatures of hardware counter values generated by analyzing and correlating hardware event counter data. In this manner, potential anomalous behavior on an instance may be determined without having to access customer data or workloads associated with the instance.
    Type: Grant
    Filed: February 20, 2018
    Date of Patent: July 7, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Nachiketh Rao Potlapally, Donald Lee Bailey, Jr., Richard Weatherly
  • Patent number: 10579405
    Abstract: A processor on a host machine can concurrently operate a standard virtual machine manager (VMM) and a security VMM (SVMM), where the SVMM has a higher privilege level and manages access to a hardware TPM or other trusted source on the host machine. Such a configuration prevents a compromised VMM from gaining access to secrets stored in the hardware TPM. The SVMM can create a virtual TPM (vTPM) for each guest VM, and can seal information in each vTPM to the hardware TPM. A guest VM or the standard VMM can access information in the corresponding vTPM only through the corresponding SVMM. Such an approach enables the host to securely implement critical security functionality that can be exposed to customers, and provides protection against leakage of customer secrets in case of a security compromise.
    Type: Grant
    Filed: March 13, 2013
    Date of Patent: March 3, 2020
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Nachiketh Rao Potlapally, Michael David Marr
  • Publication number: 20190312851
    Abstract: A device is provisioned and authorized for use on a network. The device may generate a cryptographic key and provide a digital certificate the cryptographic key, a hardware identifier, and attribute information and provide such information to an authorization host as part of the provisioning process. The authorization host may use attribute information to determine whether to authorize the device for use on the network, and whether the generated cryptographic key should be trusted for use on the network.
    Type: Application
    Filed: June 24, 2019
    Publication date: October 10, 2019
    Inventors: Matthew John Campagna, Derek Del Miller, Nachiketh Rao Potlapally, Gregory Branchek Roth
  • Patent number: 10429921
    Abstract: Methods and apparatus for datacenter power management optimization are disclosed. Metrics, including workload data, thermal measurements and the like are collected from numerous endpoints within a datacenter. System profiles of a plurality of servers, and application workload profiles for various workloads, are stored. Based on analysis of collected metrics, power optimization operations comprising either workload scheduling operations, power configuration change operations, or both, are initiated.
    Type: Grant
    Filed: January 30, 2017
    Date of Patent: October 1, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Nachiketh Rao Potlapally, James R. Hamilton
  • Patent number: 10409985
    Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: September 10, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Nachiketh Rao Potlapally, Michael David Marr, Eric Jason Brandwine, Donald Lee Bailey
  • Patent number: 10389709
    Abstract: Methods and apparatus for securing client-specified credentials at cryptographically-attested resources are described. An indication is obtained that resources deployed for execution of a compute instance of a multi-tenant computing service at an instance host of a provider network meet a client's security criteria. An encrypted representation of credentials to be used at the compute instance to implement operations on behalf of a client is received at the instance host. The credentials are extracted from the encrypted representation using a private key unique to the instance host, used for the operations, and then removed from the instance host without being saved in persistent memory.
    Type: Grant
    Filed: February 24, 2014
    Date of Patent: August 20, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Nachiketh Rao Potlapally, Andrew Jeffrey Doane, Eric Jason Brandwine, Robert Eric Fitzgerald
  • Patent number: 10348759
    Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, a graph representing the relationship between the first resource and the second resource is generated. A threat model identifying potential risks to the computing environment is created from the graph.
    Type: Grant
    Filed: January 18, 2018
    Date of Patent: July 9, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Hassan Sultan, John Schweitzer, Donald Lee Bailey, Jr., Gregory Branchek Roth, Nachiketh Rao Potlapally
  • Publication number: 20190196843
    Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.
    Type: Application
    Filed: February 28, 2019
    Publication date: June 27, 2019
    Inventors: Nachiketh Rao Potlapally, Rachit Chawla, Jeremy Ryan Volkman, Michael David Marr
  • Patent number: 10333903
    Abstract: A device is provisioned and authorized for use on a network. The device may be required to generate a cryptographic key and provide a digital certificate the cryptographic key, a hardware identifier, and attribute information to an authorization host as part of the provisioning process. The authorization host may use attribute information to determine whether to authorize the device for use on the network, and whether the generated cryptographic key should be trusted for use on the network.
    Type: Grant
    Filed: June 16, 2015
    Date of Patent: June 25, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Matthew John Campagna, Derek Del Miller, Nachiketh Rao Potlapally, Gregory Branchek Roth
  • Patent number: 10303879
    Abstract: A multi-tenant trusted platform module (MTTPM) is attached to a communication bus of a virtualization host. The MTTPM includes a plurality of per-guest-virtual-machine (per-GVM) memory location sets. In response to an indication of a first trusted computing request (TCR) associated with a first GVM of a plurality of GVMs instantiated at the virtualization host, a first memory location of a first per-GVM memory location set is accessed to generate a first response indicative of a configuration of the first GVM. In response to an indication of a second TCR associated with a second GVM, a second memory location of a second-per-GVM memory location set is accessed to generate a second response, wherein the second response is indicative of a different configuration of the second GVM.
    Type: Grant
    Filed: November 6, 2014
    Date of Patent: May 28, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Nachiketh Rao Potlapally, Uwe Dannowski, Derek Del Miller, David James Borland, Rahul Gautam Patel, William John Earl
  • Patent number: 10241804
    Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.
    Type: Grant
    Filed: April 10, 2017
    Date of Patent: March 26, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Nachiketh Rao Potlapally, Rachit Chawla, Jeremy Ryan Volkman, Michael David Marr
  • Patent number: 10154013
    Abstract: A computing device has a processor and a first memory, e.g., a fuse-based memory, storing a first cryptographic key. The processor is configured to receive information related to a second cryptographic key from a cryptographic key provisioning system. The processor derives the second cryptographic key from the information related to a second cryptographic key. The first cryptographic key has fewer bits than the second cryptographic key. The processor is also configured to encrypt the second cryptographic key using the first cryptographic key, and store the encrypted second cryptographic key in a second memory, e.g., a flash memory.
    Type: Grant
    Filed: May 31, 2017
    Date of Patent: December 11, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Derek Del Miller, Nachiketh Rao Potlapally
  • Patent number: 10146935
    Abstract: Techniques are described for injecting noise in a timer value provided to an instruction requesting the timer value. A plurality of tasks may execute on a processor, wherein the processor may comprise one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for injecting noise in the timer value, a request for a first timer value is received by one or more computer executable instructions belonging to a first task from the plurality of tasks, and in response, a second timer value is provided to the first task instead of the first timer value, wherein the second timer value is derived from the first timer value and a random number.
    Type: Grant
    Filed: June 22, 2016
    Date of Patent: December 4, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Rahul Gautam Patel, William John Earl, Nachiketh Rao Potlapally
  • Patent number: 10116645
    Abstract: A computing device includes a processor and a persistent memory for storing information about a first public key associated with a first asymmetric key pair for authenticating the source of a digital certificate. The computing device also includes a second memory for storing one or more current key version indicators. Each of the current key version indicators is associated with a corresponding secondary public key, and the one or more current key version indicators are used by the processor to determine the trust of the corresponding secondary public key.
    Type: Grant
    Filed: October 20, 2016
    Date of Patent: October 30, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Derek Del Miller, Nachiketh Rao Potlapally, Rahul Gautam Patel