Patents by Inventor Andrew John Layman
Andrew John Layman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9268492Abstract: A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.Type: GrantFiled: June 23, 2014Date of Patent: February 23, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Mark F. Novak, Andrew John Layman, Magnus Nyström, Stefan Thom
-
Patent number: 8954965Abstract: Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.Type: GrantFiled: August 3, 2012Date of Patent: February 10, 2015Assignee: Microsoft CorporationInventors: Mark F. Novak, Andrew John Layman, Magnus Nyström, Stefan Thom
-
Publication number: 20140304506Abstract: A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.Type: ApplicationFiled: June 23, 2014Publication date: October 9, 2014Inventors: Mark F. Novak, Andrew John Layman, Magnus Nyström, Stefan Thom
-
Patent number: 8782423Abstract: A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.Type: GrantFiled: June 19, 2012Date of Patent: July 15, 2014Assignee: Microsoft CorporationInventors: Mark F. Novak, Andrew John Layman, Magnus Nyström, Stefan Thom
-
Patent number: 8763093Abstract: The subject disclosure relates to authorization based on a determination of permissions that can be granted for an action(s) to be performed on a resource. The determination of the permission is based on a set of rules that represent a theory including a notion of trust that has been divided into different sized tables. The tables are utilized to evaluate two or more input claims and to facilitate a determination of whether access to at least one system resource is to be granted. The evaluation can include matching the two or more input claims to rows in the table, wherein access is allowed if a match is found.Type: GrantFiled: September 12, 2011Date of Patent: June 24, 2014Assignee: Microsoft CorporationInventors: David E. Langworthy, Qian Wang, Andrew John Layman, John Peter Shewchuk, Jr., Shiung-Vei Yong, Charles Edgar Passmore, Hervey Oliver Wilson, Caleb Geoffrey Baker
-
Publication number: 20140040890Abstract: Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.Type: ApplicationFiled: August 3, 2012Publication date: February 6, 2014Applicant: Microsoft CorporationInventors: Mark F. Novak, Andrew John Layman, Magnus Nyström, Stefan Thom
-
Publication number: 20130339729Abstract: A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.Type: ApplicationFiled: June 19, 2012Publication date: December 19, 2013Applicant: Microsoft CorporationInventors: Mark F. Novak, Andrew John Layman, Magnus Nyström, Stefan Thom
-
Publication number: 20130067539Abstract: The subject disclosure relates to authorization based on a determination of permissions that can be granted for an action(s) to be performed on a resource. The determination of the permission is based on a set of rules that represent a theory including a notion of trust that has been divided into different sized tables. The tables are utilized to evaluate two or more input claims and to facilitate a determination of whether access to at least one system resource is to be granted. The evaluation can include matching the two or more input claims to rows in the table, wherein access is allowed if a match is found.Type: ApplicationFiled: September 12, 2011Publication date: March 14, 2013Applicant: MICROSOFT CORPORATIONInventors: David E. Langworthy, Qian Wang, Andrew John Layman, John Peter Shewchuk, JR., Shiung-Vei Yong, Charles Edgar Passmore, Hervey Oliver Wilson, Caleb Geoffrey Baker