Patents by Inventor David Garfield Thaler, III
David Garfield Thaler, III has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11962694Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.Type: GrantFiled: November 29, 2021Date of Patent: April 16, 2024Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: David Garfield Thaler, III, Joerg-Thomas Pfenning, Gerardo Diaz-Cuellar
-
Publication number: 20230035007Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.Type: ApplicationFiled: May 11, 2022Publication date: February 2, 2023Inventors: Daniel Stelian MIHAI, Brian Clifford TELFER, David Garfield THALER, III, Stefan THOM, Torsten STEIN
-
Patent number: 11411933Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.Type: GrantFiled: March 23, 2018Date of Patent: August 9, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Daniel Stelian Mihai, Brian Clifford Telfer, David Garfield Thaler, III, Stefan Thom, Torsten Stein
-
Publication number: 20220085995Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.Type: ApplicationFiled: November 29, 2021Publication date: March 17, 2022Inventors: David Garfield THALER, III, Joerg-Thomas PFENNING, Gerardo DIAZ-CUELLAR
-
Patent number: 11190356Abstract: Before a composition is ingested into a runtime environment at a runtime device, the composition may be verified at an authoring trusted execution environment (TEE) operating on an authoring device. A user can operate an untrusted computing platform (e.g., a personal computer, laptop computer, tablet computer, etc.) to write code, generate data, or create some other composition. Since this composition is created on an untrusted device, the authoring TEE may output the composition on a trusted peripheral device to a user for review and approval. Responsive to receiving approval at the trusted peripheral device, the authoring TEE can sign the composition with a local key and forward the composition for execution by the runtime device. The signature can be utilized by the runtime device to prove that it was reviewed and verified by an authorized user operating the authoring device.Type: GrantFiled: March 8, 2019Date of Patent: November 30, 2021Assignee: Microsoft Technology Licensing, LLCInventors: David Garfield Thaler, III, Stefan Thom, Brian Clifford Telfer
-
Patent number: 11190352Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.Type: GrantFiled: November 27, 2018Date of Patent: November 30, 2021Assignee: Microsoft Technology Licensing, LLCInventors: David Garfield Thaler, III, Joerg-Thomas Pfenning, Gerardo Diaz-Cuellar
-
Patent number: 10872153Abstract: A secure terminal configured to support a trusted execution environment that utilizes policy enforcement to filter and authorize transmissions received from a host device and destined for a remote device. Upon receiving a transmission from the host device, the secure terminal verifies that the instruction, message, or request contained within the transmission satisfy parameters set by a policy. If the transmission satisfies the parameters, then the secure terminal signs the transmission with a key unique to the trusted platform module associated with the secure terminal and forwards the signed transmission to the remote device. If the transmission fails one or more parameters within the policy, a message that details the instruction or operation contained within the transmission is exposed to a user at an output device, in which the user can authorize or reject the transmission using an input device.Type: GrantFiled: April 20, 2018Date of Patent: December 22, 2020Assignee: Microsoft Technology Licensing, LLCInventors: David Garfield Thaler, III, Brian Clifford Telfer, Stefan Thom, Torsten Stein, Robert Solomon, Christopher Glenn Kaler
-
Patent number: 10713212Abstract: A mobile local computing device is configured to access memories or storage devices associated with a remote computing device using remote direct memory access (RDMA) over a wireless fifth generation (5G) network link that provides high bandwidth and low latency relative to previous wireless network protocols. The mobile local computing device utilizes a local compute context that is unique to the local environment and which may be facilitated by devices, components, or functionalities that are local to the mobile local computing device, but which are not available with the same context to the remote computing device. The 5G network link supports high bandwidth and low latency so that the mobile local computing device can access and utilize the remote data in large datasets in a similar manner to how it would for locally stored data, while still being able to leverage the local I/O and maintain its unique local compute context.Type: GrantFiled: May 30, 2018Date of Patent: July 14, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING LLCInventors: John David Bruner, David Garfield Thaler, III
-
Publication number: 20200169400Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.Type: ApplicationFiled: November 27, 2018Publication date: May 28, 2020Inventors: David Garfield THALER, III, Joerg-Thomas PFENNING, Gerardo DIAZ-CUELLAR
-
Publication number: 20190354506Abstract: A mobile local computing device is configured to access memories or storage devices associated with a remote computing device using remote direct memory access (RDMA) over a wireless fifth generation (5G) network link that provides high bandwidth and low latency relative to previous wireless network protocols. The mobile local computing device utilizes a local compute context that is unique to the local environment and which may be facilitated by devices, components, or functionalities that are local to the mobile local computing device, but which are not available with the same context to the remote computing device. The 5G network link supports high bandwidth and low latency so that the mobile local computing device can access and utilize the remote data in large datasets in a similar manner to how it would for locally stored data, while still being able to leverage the local I/O and maintain its unique local compute context.Type: ApplicationFiled: May 30, 2018Publication date: November 21, 2019Inventors: John David BRUNER, David Garfield THALER, III
-
Publication number: 20190268161Abstract: Before a composition is ingested into a runtime environment at a runtime device, the composition may be verified at an authoring trusted execution environment (TEE) operating on an authoring device. A user can operate an untrusted computing platform (e.g., a personal computer, laptop computer, tablet computer, etc.) to write code, generate data, or create some other composition. Since this composition is created on an untrusted device, the authoring TEE may output the composition on a trusted peripheral device to a user for review and approval. Responsive to receiving approval at the trusted peripheral device, the authoring TEE can sign the composition with a local key and forward the composition for execution by the runtime device. The signature can be utilized by the runtime device to prove that it was reviewed and verified by an authorized user operating the authoring device.Type: ApplicationFiled: March 8, 2019Publication date: August 29, 2019Inventors: David Garfield THALER, III, Stefan THOM, Brian Clifford TELFER
-
Publication number: 20190268311Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.Type: ApplicationFiled: March 23, 2018Publication date: August 29, 2019Inventors: Daniel Stelian MIHAI, Brian Clifford TELFER, David Garfield THALER, III, Stefan THOM, Torsten STEIN
-
Publication number: 20190266330Abstract: A secure terminal configured to support a trusted execution environment that utilizes policy enforcement to filter and authorize transmissions received from a host device and destined for a remote device. Upon receiving a transmission from the host device, the secure terminal verifies that the instruction, message, or request contained within the transmission satisfy parameters set by a policy. If the transmission satisfies the parameters, then the secure terminal signs the transmission with a key unique to the trusted platform module associated with the secure terminal and forwards the signed transmission to the remote device. If the transmission fails one or more parameters within the policy, a message that details the instruction or operation contained within the transmission is exposed to a user at an output device, in which the user can authorize or reject the transmission using an input device.Type: ApplicationFiled: April 20, 2018Publication date: August 29, 2019Inventors: David Garfield THALER, III, Brian Clifford TELFER, Stefan THOM, Torsten STEIN, Robert SOLOMON, Christopher Glenn KALER
-
Patent number: 9866398Abstract: In various embodiments, methods and systems for managing wake-enabled transport connections of wake-enabled applications is provided. A set of ports is designated as a wake-enabled port set. An operating system (OS) of a computing device running applications plumbs the multiport wake pattern to the one or more network interface controllers (NIC) of the computing device. A wake-enabled application acquires a port from the wake-enabled port set. The OS makes a determination that the application is wake-enabled and as such, assigns a port, from the wake-enable port set, to the wake-enabled application. Upon receiving a packet at the NIC, a determination is made whether the packet corresponds to a wake-enabled transport connection based on comparing the packet to the multiport wake pattern. Upon matching the packet to the multiport wake pattern, the NIC communicates with the OS to wake a portion of the wake-enabled application associated with the wake-enabled transport connection.Type: GrantFiled: October 19, 2016Date of Patent: January 9, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Praveen Balasubramanian, Poornananda R. Gaddehosur, David Garfield Thaler, III, Dmitry A. Anipko, Christopher Benjamin Palmer
-
Patent number: 9686229Abstract: One or more techniques and/or systems are disclosed for identifying a list of destination servers ordered by round-trip time (RTT) for a requesting machine. When a client interacts with an address, such as an IP address, when accessing a remote service, an RTT is collected for the address, or the RTT may be derived for a range of addresses, and saved in a database. When the client subsequently requests access to a remote service, a list of destination servers are returned, respectively identified by corresponding addresses. The destination servers can be sorted in order of efficiency by determining an expected RTT associated with a matching address, or range, in the database, and sorting the destination servers by their respective expected RTTs.Type: GrantFiled: November 11, 2013Date of Patent: June 20, 2017Assignee: Microsoft Technology Licensing, LLCInventor: David Garfield Thaler, III
-
Publication number: 20170041154Abstract: In various embodiments, methods and systems for managing wake-enabled transport connections of wake-enabled applications is provided. A set of ports is designated as a wake-enabled port set. An operating system (OS) of a computing device running applications plumbs the multiport wake pattern to the one or more network interface controllers (NIC) of the computing device. A wake-enabled application acquires a port from the wake-enabled port set. The OS makes a determination that the application is wake-enabled and as such, assigns a port, from the wake-enable port set, to the wake-enabled application. Upon receiving a packet at the NIC, a determination is made whether the packet corresponds to a wake-enabled transport connection based on comparing the packet to the multiport wake pattern. Upon matching the packet to the multiport wake pattern, the NIC communicates with the OS to wake a portion of the wake-enabled application associated with the wake-enabled transport connection.Type: ApplicationFiled: October 19, 2016Publication date: February 9, 2017Inventors: Praveen Balasubramanian, Poornananda R. Gaddehosur, David Garfield Thaler, III, Dmitry A. Anipko, Christopher Benjamin Palmer
-
Patent number: 9491032Abstract: In various embodiments, methods and systems for managing wake-enabled transport connections of wake-enabled applications is provided. A set of ports is designated as a wake-enabled port set. An operating system (OS) of a computing device running applications plumbs the multiport wake pattern to the one or more network interface controllers (NIC) of the computing device. A wake-enabled application acquires a port from the wake-enabled port set. The OS makes a determination that the application is wake-enabled and as such, assigns a port, from the wake-enable port set, to the wake-enabled application. Upon receiving a packet at the NIC, a determination is made whether the packet corresponds to a wake-enabled transport connection based on comparing the packet to the multiport wake pattern. Upon matching the packet to the multiport wake pattern, the NIC communicates with the OS to wake a portion of the wake-enabled application associated with the wake-enabled transport connection.Type: GrantFiled: September 5, 2013Date of Patent: November 8, 2016Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Praveen Balasubramanian, Poornananda R. Gaddehosur, David Garfield Thaler, III, Dmitry A. Anipko, Christopher Benjamin Palmer
-
Publication number: 20140359167Abstract: In various embodiments, methods and systems for managing wake-enabled transport connections of wake-enabled applications is provided. A set of ports is designated as a wake-enabled port set. An operating system (OS) of a computing device running applications plumbs the multiport wake pattern to the one or more network interface controllers (NIC) of the computing device. A wake-enabled application acquires a port from the wake-enabled port set. The OS makes a determination that the application is wake-enabled and as such, assigns a port, from the wake-enable port set, to the wake-enabled application. Upon receiving a packet at the NIC, a determination is made whether the packet corresponds to a wake-enabled transport connection based on comparing the packet to the multiport wake pattern. Upon matching the packet to the multiport wake pattern, the NIC communicates with the OS to wake a portion of the wake-enabled application associated with the wake-enabled transport connection.Type: ApplicationFiled: September 5, 2013Publication date: December 4, 2014Applicant: MICROSOFT CORPORATIONInventors: PRAVEEN BALASUBRAMANIAN, POORNANANDA R. GADDEHOSUR, DAVID GARFIELD THALER, III, DMITRY A. ANIPKO, CHRISTOPHER BENJAMIN PALMER
-
Patent number: 8800002Abstract: Systems and methods that facilitate inter-process networking are described that can provide inter-process communication, firewall restrictions, process and host mobility, as well as parallelization of task performance. In various embodiments, a computer process can be provided with its own internet protocol address and network stack to facilitate inter-process networking. In further embodiments, a gateway process can facilitate process mobility, host mobility, and parallelization of task performance, as well as management of a host area network by facilitating inter-process communication between suitably configured processes.Type: GrantFiled: February 18, 2008Date of Patent: August 5, 2014Assignee: Microsoft CorporationInventors: Brian Don Zill, David Garfield Thaler, III, Parveen K. Patel, Rebecca Isaacs, Yongguang Zhang
-
Publication number: 20140075050Abstract: One or more techniques and/or systems are disclosed for identifying a list of destination servers ordered by round-trip time (RTT) for a requesting machine. When a client interacts with an address, such as an IP address, when accessing a remote service, an RTT is collected for the address, or the RTT may be derived for a range of addresses, and saved in a database. When the client subsequently requests access to a remote service, a list of destination servers are returned, respectively identified by corresponding addresses. The destination servers can be sorted in order of efficiency by determining an expected RTT associated with a matching address, or range, in the database, and sorting the destination servers by their respective expected RTTs.Type: ApplicationFiled: November 11, 2013Publication date: March 13, 2014Applicant: Microsoft CorporationInventor: David Garfield Thaler, III