Patents by Inventor Christopher McCarron
Christopher McCarron has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10956321Abstract: A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.Type: GrantFiled: January 6, 2019Date of Patent: March 23, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Niels T. Ferguson, Yevgeniy Anatolievich Samsonov, Kinshumann, Samartha Chandrashekar, John Anthony Messec, Mark Fishel Novak, Christopher McCarron, Amitabh Prakash Tamhane, Qiang Wang, David Matthew Kruse, Nir Ben-Zvi, Anders Bertil Vinberg
-
Publication number: 20190155728Abstract: A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.Type: ApplicationFiled: January 6, 2019Publication date: May 23, 2019Inventors: Niels T. Ferguson, Yevgeniy Anatolievich Samsonov, Kinshumann, Samartha Chandrashekar, John Anthony Messec, Mark Fishel Novak, Christopher McCarron, Amitabh Prakash Tamhane, Qiang Wang, David Matthew Kruse, Nir Ben-Zvi, Anders Bertil Vinberg
-
Patent number: 10181037Abstract: Booting a machine in a secure fashion in a potentially unsecure environment. The method includes a target machine beginning a boot process. The method further includes the target machine determining that it needs provisioning data to continue booting. The target machine contacts a secure infrastructure to obtain the provisioning data. The target machine provides an identity claim that can be verified by the secure infrastructure. As a result of the secure infrastructure verifying the identity claim, the target machine receives a request from the secure infrastructure to establish a key sealed to the target machine. The target machine provides the established key to the secure infrastructure. The target machine receives the provisioning data from the secure infrastructure. The provisioning data is encrypted to the established key. The target machine decrypts the encrypted provisioning data, and uses the provisioning data to finish booting.Type: GrantFiled: November 9, 2016Date of Patent: January 15, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Mark Fishel Novak, Nir Ben-Zvi, John Anthony Messec, Kinshumann, Christopher McCarron
-
Patent number: 10176095Abstract: A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.Type: GrantFiled: August 22, 2016Date of Patent: January 8, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Niels T. Ferguson, Yevgeniy Anatolievich Samsonov, Kinshumann, Samartha Chandrashekar, John Anthony Messec, Mark Fishel Novak, Christopher McCarron, Amitabh Prakash Tamhane, Qiang Wang, David Matthew Kruse, Nir Ben-Zvi, Anders Bertil Vinberg
-
Patent number: 10177910Abstract: Obtaining a sealed secret. The method includes decrypting one or more BLOBs at a computing system from among a plurality of different BLOBs. Each of the BLOBs in the plurality of BLOBs contains the secret. Each of the BLOBs in the plurality of BLOBs is sealed to a different condition from among a plurality of conditions. A given condition is a reflection of a system state where the system state is indicative of whether or not the system can be trusted to receive the secret. The method further includes evaluating one or more of the conditions to determine if at least one of the one or more conditions is met. The method further includes, if at least one of the one or more conditions is met, then providing the secret to an external entity.Type: GrantFiled: August 31, 2016Date of Patent: January 8, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Kinshumann, Christopher McCarron, Yevgeniy Anatolievich Samsonov
-
Publication number: 20180062833Abstract: Obtaining a sealed secret. The method includes decrypting one or more BLOBs at a computing system from among a plurality of different BLOBs. Each of the BLOBs in the plurality of BLOBs contains the secret. Each of the BLOBs in the plurality of BLOBs is sealed to a different condition from among a plurality of conditions. A given condition is a reflection of a system state where the system state is indicative of whether or not the system can be trusted to receive the secret. The method further includes evaluating one or more of the conditions to determine if at least one of the one or more conditions is met. The method further includes, if at least one of the one or more conditions is met, then providing the secret to an external entity.Type: ApplicationFiled: August 31, 2016Publication date: March 1, 2018Inventors: Kinshumann, Christopher McCarron, Yevgeniy Anatolievich Samsonov
-
Patent number: 9864608Abstract: A mechanism for performing a network boot sequence and provisioning a device may generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The device may be provisioned with software applications.Type: GrantFiled: March 7, 2016Date of Patent: January 9, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Christopher McCarron, Varugis Kurien
-
Publication number: 20170061128Abstract: Booting a machine in a secure fashion in a potentially unsecure environment. The method includes a target machine beginning a boot process. The method further includes the target machine determining that it needs provisioning data to continue booting. The target machine contacts a secure infrastructure to obtain the provisioning data. The target machine provides an identity claim that can be verified by the secure infrastructure. As a result of the secure infrastructure verifying the identity claim, the target machine receives a request from the secure infrastructure to establish a key sealed to the target machine. The target machine provides the established key to the secure infrastructure. The target machine receives the provisioning data from the secure infrastructure. The provisioning data is encrypted to the established key. The target machine decrypts the encrypted provisioning data, and uses the provisioning data to finish booting.Type: ApplicationFiled: November 9, 2016Publication date: March 2, 2017Inventors: Mark Fishel Novak, Nir Ben-Zvi, John Anthony Messec, Kinshuman Kinshumann, Christopher McCarron
-
Patent number: 9578017Abstract: Deploying an encrypted entity on a trusted entity is illustrated herein. A method includes, at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity. The untrusted entity is not trusted by the authority. At the trusted entity, a trust credential from the authority is used to obtain a key from a key distribution service. The key distribution service is trusted by the authority. The key is used to decrypt the encrypted entity to allow the encrypted entity to be deployed at the trusted entity.Type: GrantFiled: October 1, 2014Date of Patent: February 21, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Niels T. Ferguson, Yevgeniy Anatolievich Samsonov, Kinshuman Kinshumann, Samartha Chandrashekar, John Anthony Messec, Mark Fishel Novak, Christopher McCarron, Amitabh Prakash Tamhane, Qiang Wang, David Matthew Kruse, Nir Ben-Zvi, Anders Bertil Vinberg
-
Patent number: 9519787Abstract: Booting a machine in a secure fashion in a potentially unsecure environment. The method includes a target machine beginning a boot process. The method further includes the target machine determining that it needs provisioning data to continue booting. The target machine contacts a secure infrastructure to obtain the provisioning data. The target machine provides an identity claim that can be verified by the secure infrastructure. As a result of the secure infrastructure verifying the identity claim, the target machine receives a request from the secure infrastructure to establish a key sealed to the target machine. The target machine provides the established key to the secure infrastructure. The target machine receives the provisioning data from the secure infrastructure. The provisioning data is encrypted to the established key. The target machine decrypts the encrypted provisioning data, and uses the provisioning data to finish booting.Type: GrantFiled: November 14, 2014Date of Patent: December 13, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Mark Fishel Novak, Nir Ben-Zvi, John Anthony Messec, Kinshuman Kinshumann, Christopher McCarron
-
Publication number: 20160357988Abstract: A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.Type: ApplicationFiled: August 22, 2016Publication date: December 8, 2016Inventors: Niels T. Ferguson, Yevgeniy Anatolievich Samsonov, Kinshuman Kinshumann, Samartha Chandrashekar, John Anthony Messec, Mark Fishel Novak, Christopher McCarron, Amitabh Prakash Tamhane, Qiang Wang, David Matthew Kruse, Nir Ben-Zvi, Anders Bertil Vinberg
-
Publication number: 20160188349Abstract: A mechanism for performing a network boot sequence and provisioning a device may generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The device may be provisioned with software applications.Type: ApplicationFiled: March 7, 2016Publication date: June 30, 2016Inventors: Christopher McCarron, Varugis Kurien
-
Publication number: 20160140343Abstract: Booting a machine in a secure fashion in a potentially unsecure environment. The method includes a target machine beginning a boot process. The method further includes the target machine determining that it needs provisioning data to continue booting. The target machine contacts a secure infrastructure to obtain the provisioning data. The target machine provides an identity claim that can be verified by the secure infrastructure. As a result of the secure infrastructure verifying the identity claim, the target machine receives a request from the secure infrastructure to establish a key sealed to the target machine. The target machine provides the established key to the secure infrastructure. The target machine receives the provisioning data from the secure infrastructure. The provisioning data is encrypted to the established key. The target machine decrypts the encrypted provisioning data, and uses the provisioning data to finish booting.Type: ApplicationFiled: November 14, 2014Publication date: May 19, 2016Inventors: Mark Fishel Novak, Nir Ben-Zvi, John Anthony Messec, Kinshuman Kinshumann, Christopher McCarron
-
Patent number: 9306945Abstract: A mechanism for performing a network boot sequence and provisioning a device may generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The device may be provisioned with software applications.Type: GrantFiled: March 11, 2015Date of Patent: April 5, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Christopher McCarron, Varugis Kurien
-
Publication number: 20150319160Abstract: Deploying an encrypted entity on a trusted entity is illustrated herein. A method includes, at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity. The untrusted entity is not trusted by the authority. At the trusted entity, a trust credential from the authority is used to obtain a key from a key distribution service. The key distribution service is trusted by the authority. The key is used to decrypt the encrypted entity to allow the encrypted entity to be deployed at the trusted entity.Type: ApplicationFiled: October 1, 2014Publication date: November 5, 2015Inventors: Niels T. Ferguson, Yevgeniy Anatolievich Samsonov, Kinshuman Kinshumann, Samartha Chandrashekar, John Anthony Messec, Mark Fishel Novak, Christopher McCarron, Amitabh Prakash Tamhane, Qiang Wang, David Matthew Kruse, Nir Ben-Zvi, Anders Bertil Vinberg
-
Publication number: 20150188917Abstract: A mechanism for performing a network boot sequence and provisioning a device may generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The device may be provisioned with software applications.Type: ApplicationFiled: March 11, 2015Publication date: July 2, 2015Inventors: Christopher McCarron, Varugis Kurien
-
Patent number: 8990902Abstract: A secure mechanism for performing a network boot sequence and provisioning a remote device may use a private key of a public key/private key encryption mechanism to generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the remote device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The remote device may be provisioned with software applications. One mechanism for performing the initial encrypted commands is through a Trusted Platform Module. In many embodiments, the public key for the initial encrypted communication may be provided through a trusted second channel.Type: GrantFiled: September 23, 2013Date of Patent: March 24, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Christopher McCarron, Varugis Kurien
-
Publication number: 20140025359Abstract: A secure mechanism for performing a network boot sequence and provisioning a remote device may use a private key of a public key/private key encryption mechanism to generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the remote device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The remote device may be provisioned with software applications. One mechanism for performing the initial encrypted commands is through a Trusted Platform Module. In many embodiments, the public key for the initial encrypted communication may be provided through a trusted second channel.Type: ApplicationFiled: September 23, 2013Publication date: January 23, 2014Applicant: Microsoft CorporationInventors: Christopher McCarron, Varugis Kurien
-
Patent number: 8543799Abstract: A secure mechanism for performing a network boot sequence and provisioning a remote device may use a private key of a public key/private key encryption mechanism to generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the remote device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The remote device may be provisioned with software applications. One mechanism for performing the initial encrypted commands is through a Trusted Platform Module. In many embodiments, the public key for the initial encrypted communication may be provided through a trusted second channel.Type: GrantFiled: May 2, 2008Date of Patent: September 24, 2013Assignee: Microsoft CorporationInventors: Christopher McCarron, Varugis Kurien
-
Publication number: 20090276620Abstract: A secure mechanism for performing a network boot sequence and provisioning a remote device may use a private key of a public key/private key encryption mechanism to generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the remote device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The remote device may be provisioned with software applications. One mechanism for performing the initial encrypted commands is through a Trusted Platform Module. In many embodiments, the public key for the initial encrypted communication may be provided through a trusted second channel.Type: ApplicationFiled: May 2, 2008Publication date: November 5, 2009Applicant: MICROSOFT CORPORATIONInventors: Christopher McCarron, Varugis Kurien