Patents by Inventor Robert Eric Fitzgerald
Robert Eric Fitzgerald has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9680808Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. Signaling methods are used to notify virtual machine instances of serialization events in order to prevent keying material from being stored persistently.Type: GrantFiled: January 11, 2016Date of Patent: June 13, 2017Assignee: Amazon Technologies, Inc.Inventors: Todd Lawrence Cignetti, Eric Jason Brandwine, Robert Eric Fitzgerald, Andrew J. Doane
-
Patent number: 9584325Abstract: Systems and methods for scalably provisioning cryptographic devices in a distributed computing environment are described. In some embodiments, a cryptographic interface controller capable of generating a plurality of hardware-emulated cryptographic devices in response to requests is implemented. In some embodiments, a cryptographic interface controller may present hardware-emulated cryptographic devices to computing entities, such as standalone computer systems or virtual computing systems, as standard cryptographic devices, such as through a Universal Serial Bus interface.Type: GrantFiled: December 4, 2014Date of Patent: February 28, 2017Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Eric Jason Brandwine, Robert Eric Fitzgerald
-
Patent number: 9560010Abstract: A technology is described for transferring a file from an unsecure network to a secure network. An example method may include identifying an unsecure account profile and determining that a file is to be transmitted from an unsecure network to a secure network using a one-way transfer device. In response, the file may be obtained from a file storage location and an unsecure account profile name for the unsecure account profile may be identified. A request may be made that the one-way transfer device to transmit the file and the unsecure account profile name to the secure network. The file and the unsecure account profile name may then be transmitted to the secure network, where a secure account profile corresponding to the unsecure account profile may be identified in the secure network and the file may be placed in a folder associated with the secure account profile.Type: GrantFiled: March 30, 2015Date of Patent: January 31, 2017Assignee: Amazon Technologies, Inc.Inventors: Matthew Allen Estes, David Eugene Walter Koenig, Robert Eric Fitzgerald, Brent William Farrell
-
Patent number: 9560068Abstract: A network security system employing multiple levels of processing to identify security threats. Multiple host machines may each contain an agent that detects possibilities of security threats based on raw data sensed locally at that host. The hosts may share information obtained from local analysis and each host may use information generated at one or more other hosts, in combination with information generated locally, to identify a security concern, indicating with greater certainty that a security threat exists. Based on security concerns generated by multiple hosts, a security threat may be to indicated and protective action may be taken.Type: GrantFiled: July 12, 2013Date of Patent: January 31, 2017Assignee: MICROSOFT TECHNOLOGY LICENSING LLC.Inventors: Igal Figlin, Arthur Zavalkovsky, Lior Arzi, Efim Hudis, Jennifer R. Lemond, Robert Eric Fitzgerald, Khaja E. Ahmed, Jeffrey S. Williams, Edward W. Hardy
-
Patent number: 9552485Abstract: A method and apparatus for renewing cryptographic material are disclosed. In the method and apparatus a cryptographic material renewal entity of a computing resource service provider detects that cryptographic material stored by a secure module is to be renewed. Renewing the cryptographic material may include rekeying a private key associated with a certificate. Further, a digital certificate may be renewed, and the renewed certificate may be provided for use by the computing resource. The cryptographic material is used to fulfill requests made by a computing resource provisioned by the computing resource service provider for a customer. The renewed cryptographic material is provided to the secure module, whereby the renewed cryptographic material is used by the secure module to fulfill further requests made by the computing resource.Type: GrantFiled: October 21, 2014Date of Patent: January 24, 2017Assignee: Amazon Technologies, Inc.Inventors: Todd Lawrence Cignetti, Andrew Jeffrey Doane, Stefan Popoveniuc, Matthew Allen Estes, Alexander Edward Schoof, Robert Eric Fitzgerald, Peter Zachary Bowen
-
Publication number: 20160359853Abstract: Devices, such as hardware security modules, are provided as a service. A customer of a computing resource provider is able to request the addition of a device to a network of the customer hosted by the computing resource provider. The computing resource provider reconfigures a set of computing resources so that the devices of the customer are able to communicate with the device as if the device was in the customer's own network.Type: ApplicationFiled: August 22, 2016Publication date: December 8, 2016Inventors: Robert Eric Fitzgerald, Andrew J. Doane, Alexander Edward Schoof, Christopher Steven Helma, Rui Min, Matthew A. Estes, Anand Mishra
-
Patent number: 9426154Abstract: Devices, such as hardware security modules, are provided as a service. A customer of a computing resource provider is able to request the addition of a device to a network of the customer hosted by the computing resource provider. The computing resource provider reconfigures a set of computing resources so that the devices of the customer are able to communicate with the device as if the device was in the customer's own network.Type: GrantFiled: March 14, 2013Date of Patent: August 23, 2016Assignee: Amazon Technologies, Inc.Inventors: Robert Eric Fitzgerald, Andrew J. Doane, Alexander Edward Schoof, Christopher Steven Helma, Rui Min, Matthew A. Estes, Anand Mishra
-
Publication number: 20160127336Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. Signaling methods are used to notify virtual machine instances of serialization events in order to prevent keying material from being stored persistently.Type: ApplicationFiled: January 11, 2016Publication date: May 5, 2016Inventors: Todd Lawrence Cignetti, Eric Jason Brandwine, Robert Eric Fitzgerald, Andrew J. Doane
-
Publication number: 20160112387Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.Type: ApplicationFiled: December 28, 2015Publication date: April 21, 2016Inventors: Todd Lawrence Cignetti, Andrew J. Doane, Eric Jason Brandwine, Robert Eric Fitzgerald
-
Publication number: 20160034298Abstract: A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.Type: ApplicationFiled: October 12, 2015Publication date: February 4, 2016Inventors: Andrew Jeffrey Doane, Alexander Edward Schoof, Robert Eric Fitzgerald, Todd Lawrence Cignetti
-
Patent number: 9235714Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. Signaling methods are used to notify virtual machine instances of serialization events in order to prevent keying material from being stored persistently.Type: GrantFiled: November 12, 2013Date of Patent: January 12, 2016Assignee: Amazon Technologies, Inc.Inventors: Todd Lawrence Cignetti, Eric Jason Brandwine, Robert Eric Fitzgerald, Andrew J. Doane
-
Patent number: 9231923Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.Type: GrantFiled: November 12, 2013Date of Patent: January 5, 2016Assignee: Amazon Technologies, Inc.Inventors: Todd Lawrence Cignetti, Andrew J. Doane, Eric Jason Brandwine, Robert Eric Fitzgerald
-
Patent number: 9158909Abstract: A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.Type: GrantFiled: March 4, 2014Date of Patent: October 13, 2015Assignee: Amazon Technologies, Inc.Inventors: Andrew Jeffrey Doane, Alexander Edward Schoof, Robert Eric Fitzgerald, Todd Lawrence Cignetti
-
Publication number: 20150254451Abstract: A vendor of virtual machine images accesses a virtual computer system service to upload a digitally signed virtual machine image to a data store usable by customers of the virtual computer system service to select an image for creating a virtual machine instance. If a digital certificate is uploaded along with the virtual machine image, the virtual computer system service may determine whether the digital certificate has been trusted for use. If the digital certificate has been trusted for use, the virtual computer system service may use a public cryptographic key to decrypt a hash signature included with the image to obtain a first hash value. The service may additionally apply a hash function to the image itself to obtain a second hash value. If the two hash values match, then the virtual machine image may be deemed to be authentic.Type: ApplicationFiled: March 4, 2014Publication date: September 10, 2015Applicant: Amazon Technologies, Inc.Inventors: Andrew Jeffrey Doane, Alexander Edward Schoof, Robert Eric Fitzgerald, Todd Lawrence Cignetti
-
Publication number: 20150244716Abstract: Methods and apparatus for securing client-specified credentials at cryptographically-attested resources are described. An indication is obtained that resources deployed for execution of a compute instance of a multi-tenant computing service at an instance host of a provider network meet a client's security criteria. An encrypted representation of credentials to be used at the compute instance to implement operations on behalf of a client is received at the instance host. The credentials are extracted from the encrypted representation using a private key unique to the instance host, used for the operations, and then removed from the instance host without being saved in persistent memory.Type: ApplicationFiled: February 24, 2014Publication date: August 27, 2015Applicant: Amazon Technologies, Inc.Inventors: NACHIKETH RAO POTLAPALLY, ANDREW JEFFREY DOANE, ERIC JASON BRANDWINE, ROBERT ERIC FITZGERALD
-
Patent number: 9049232Abstract: Methods and apparatus for a configurable-quality random data service are disclosed. A method includes implementing programmatic interfaces enabling a determination of respective characteristics of random data to be delivered to one or more clients of a random data service of a provider network. The method includes implementing security protocols for transmission of random data to the clients, including a protocol for transmission of random data to trusted clients at devices within the provider network. The method further includes obtaining, on behalf of a particular client and in accordance with the determined characteristics, random data from one or more servers of the provider network, and initiating a transmission of the random data directed to a destination associated with the particular client.Type: GrantFiled: February 28, 2013Date of Patent: June 2, 2015Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Donald Lee Bailey, Jr., Andrew Paul Mikulski, Robert Eric Fitzgerald
-
Publication number: 20130305371Abstract: A network security system employing multiple levels of processing to identify security threats. Multiple host machines may each contain an agent that detects possibilities of security threats based on raw data sensed locally at that host. The hosts may share information obtained from local analysis and each host may use information generated at one or more other hosts, in combination with information generated locally, to identify a security concern, indicating with greater certainty that a security threat exists. Based on security concerns generated by multiple hosts, a security threat may be to indicated and protective action may be taken.Type: ApplicationFiled: July 12, 2013Publication date: November 14, 2013Applicant: MICROSOFT CORPORATIONInventors: Igal Figlin, Arthur Zavalkovsky, Lior Arzi, Efim Hudis, Jennifer R. Lemond, Robert Eric Fitzgerald, Khaja E. Ahmed, Jeffrey S. Williams, Edward W. Hardy
-
Patent number: 8516576Abstract: A network security system employing multiple levels of processing to identify security threats. Multiple host machines may each contain an agent that detects possibilities of security threats based on raw data sensed locally at that host. The hosts may share information obtained from local analysis and each host may use information generated at one or more other hosts, in combination with information generated locally, to identify a security concern, indicating with greater certainty that a security threat exists. Based on security concerns generated by multiple hosts, a security threat may be indicated and protective action may be taken.Type: GrantFiled: January 13, 2010Date of Patent: August 20, 2013Assignee: Microsoft CorporationInventors: Igal Figlin, Arthur Zavalkovsky, Lior Arzi, Efim Hudis, Jennifer R. LeMond, Robert Eric Fitzgerald, Khaja E. Ahmed, Jeffrey S. Williams, Edward W. Hardy
-
Publication number: 20110173699Abstract: A network security system employing multiple levels of processing to identify security threats. Multiple host machines may each contain an agent that detects possibilities of security threats based on raw data sensed locally at that host. The hosts may share information obtained from local analysis and each host may use information generated at one or more other hosts, in combination with information generated locally, to identify a security concern, indicating with greater certainty that a security threat exists. Based on security concerns generated by multiple hosts, a security threat may be indicated and protective action may be taken.Type: ApplicationFiled: January 13, 2010Publication date: July 14, 2011Inventors: Igal Figlin, Arthur Zavalkovsky, Lior Arzi, Efim Hudis, Jennifer R. LeMond, Robert Eric Fitzgerald, Khaja E. Ahmed, Jeffrey S. Williams, Edward W. Hardy
-
Patent number: 7739721Abstract: System performance may be optimized, and extraneous audit noise reduced, by providing the capability of exercising a fine degree of control over individual audit events. A user such as an auditor interested in an individual audit event can obtain desired results without also obtaining results of all other individual audit events in the category containing the individual audit event. Additionally, audits may be obtained on either a per-user basis or on a system-wide basis. In this way, the auditor may tailor auditing events without regard to the auditing events established for other users of the system. Thus, there is a capability of establishing auditing policies for the entire system, in which case all users of the system may obtain results of the system-wide auditing.Type: GrantFiled: November 10, 2005Date of Patent: June 15, 2010Assignee: Microsoft CorporationInventors: Raghavendra Malpani, Robert Eric Fitzgerald