Search

Graeme Baer Phones & Addresses

  • 4416 167Th Pl SE, Bellevue, WA 98006
  • 2300 Elliott Ave, Seattle, WA 98121

Work

Company: Amazon web services Oct 2017 Position: Principal engineer

Education

Degree: Bachelor of Science In Engineering, Bachelors School / High School: University of Waterloo 2001 to 2006 Specialities: Software Engineering

Industries

Information Technology And Services

Resumes

Resumes

Graeme Baer Photo 1

Principal Engineer

View page
Location:
Seattle, WA
Industry:
Information Technology And Services
Work:
Amazon Web Services
Principal Engineer

Amazon Web Services
Senior Software Development Engineer

Amazon Jul 2006 - Jan 2011
Software Development Engineer
Education:
University of Waterloo 2001 - 2006
Bachelor of Science In Engineering, Bachelors, Software Engineering

Publications

Us Patents

Implementation Of Secure Communications In A Support System

View page
US Patent:
20130085880, Apr 4, 2013
Filed:
Sep 29, 2011
Appl. No.:
13/248980
Inventors:
Gregory B. Roth - Seattle WA, US
Eric D. Crahen - Seattle WA, US
Graeme D. Baer - Seattle WA, US
Eric J. Brandwine - Haymarket VA, US
Nathan R. Fitch - Seattle WA, US
Assignee:
Amazon Technologies, Inc. - Reno NV
International Classification:
G06Q 30/06
H04L 9/32
US Classification:
705 261, 713170, 713151
Abstract:
A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.

Policy Compliance-Based Secure Data Access

View page
US Patent:
20130081101, Mar 28, 2013
Filed:
Sep 27, 2011
Appl. No.:
13/246445
Inventors:
Graeme D. Baer - Seattle WA, US
Gregory B. Roth - Seattle WA, US
Assignee:
Amazon Technologies, Inc. - Reno NV
International Classification:
G06F 21/00
US Classification:
726 1
Abstract:
Access control techniques relate to verifying compliance with security policies before enabling access to the computing resources. An application is provided on a client that generates verification codes using an authentication seed. Prior to granting the client the authentication seed necessary to generate a verification code, a server may perform a policy check on the client. Some embodiments ensure that the client complies with security policies imposed by an authenticating party by retrieving a number of parameter values from the client and then determining whether those parameter values comply with the security policies. Upon determining that the client complies, the authentication seed is issued to the client. In some embodiments, the authentication seed is provided such that a policy check is performed upon the generation of a verification code. The client is given access to secure information when the client is determined to comply with the security policies.

Provisioning A Device To Be An Authentication Device

View page
US Patent:
20210211419, Jul 8, 2021
Filed:
Nov 2, 2020
Appl. No.:
17/087347
Inventors:
- Seattle WA, US
Nathan R. Fitch - Seattle WA, US
Graeme D. Baer - Seattle WA, US
International Classification:
H04L 29/06
H04Q 5/22
H04W 12/06
G06F 21/36
G06F 21/35
H04L 9/32
H04W 12/30
Abstract:
In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.

Token Based One-Time Password Security

View page
US Patent:
20200336479, Oct 22, 2020
Filed:
Jul 6, 2020
Appl. No.:
16/921172
Inventors:
- Reno NV, US
Graeme David Baer - Seattle WA, US
Brian Irl Pratt - Seattle WA, US
International Classification:
H04L 29/06
G06F 21/34
Abstract:
A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.

Access Control Policy Simulation And Testing

View page
US Patent:
20190268245, Aug 29, 2019
Filed:
May 8, 2019
Appl. No.:
16/406758
Inventors:
- Seattle WA, US
Daniel Stephen Popick - Seattle WA, US
Derek Avery Lyon - Palo Alto CA, US
John Michael Morkel - Cape Town, ZA
Graeme David Baer - Seattle WA, US
Ajith Harshana Ranabahu - Shoreline WA, US
Khaled Salah Sedky - Sammamish WA, US
International Classification:
H04L 12/24
G06F 21/62
H04L 29/06
Abstract:
A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.

Virtual Communication Endpoint Services

View page
US Patent:
20190044979, Feb 7, 2019
Filed:
Feb 5, 2018
Appl. No.:
15/888722
Inventors:
- Reno NV, US
Graeme David Baer - Seattle WA, US
Eric Jason Brandwine - Haymarket VA, US
International Classification:
H04L 29/06
H04L 29/08
G06F 21/62
Abstract:
Customers can utilize resources of a multi-tenant environment to provide one or more services available to various users. In order to simplify the process for these customers, the multi-tenant environment can include an infrastructure wherein a portion of the resources provide an authentication and/or authorization service that can be leveraged by the customer services. These resources can logically sit in front of the resources used to provide the customer services, such that a user request must pass through the authorization and authentication service before being directed to the customer service. Such resources can provide other functionality as well, such as load balancing and metering.

Flexibly Configurable Data Modification Services

View page
US Patent:
20190036973, Jan 31, 2019
Filed:
Sep 24, 2018
Appl. No.:
16/140393
Inventors:
- Seattle WA, US
Graeme D. Baer - Seattle WA, US
Eric Jason Brandwine - Haymarket VA, US
International Classification:
H04L 29/06
G06F 15/173
Abstract:
Techniques for processing data according to customer-defined rules are disclosed. In particular, methods and systems for implementing a data alteration service using one or resources of a distributed computing system are described. The data alteration service is flexibly configurable by entities using the distributed computing system, and may be used to augment, compress, filter or otherwise modify data crossing a customer boundary.

Service Authorization Handshake

View page
US Patent:
20190007525, Jan 3, 2019
Filed:
Sep 10, 2018
Appl. No.:
16/127140
Inventors:
- Seattle WA, US
Graeme David Baer - Bellevue WA, US
Manivannan Sundaram - Bothell WA, US
International Classification:
H04L 29/08
H04L 29/06
Abstract:
The present document describes systems and methods that authorize client resources such as computers, servers, computing appliances, and virtual machines to access online services provided by an online service provider. To authorize a client resource, a client submits a registration request on behalf of the client resource to an authorization service provided by the service provider. The authorization service returns an activation code to the client. The activation code may expire after an amount of time, or upon first use. The client provides the activation code to an agent running on the client resource. The agent establishes communication with the authorization service, and upon providing the activation code to the authorization service, receives an authorization token that can be used by the client resource to access online services in accordance with security roles or permissions specified with the registration request.
Graeme D Baer from Bellevue, WA, age ~41 Get Report