Patents by Inventor Jonathan D. Schwartz
Jonathan D. Schwartz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9531703Abstract: Single sign-on techniques via an application or browser are described. In one or more implementations, a single instance of entry of authentication information is received that is entered via interaction with an application or browser of a computing device. Responsive to this receipt, the single instance of the entry of authentication information is used by the computing device automatically and without user intervention to cause authentication to obtain access to one or more network services that are accessible via a network by the application and the browser.Type: GrantFiled: December 8, 2014Date of Patent: December 27, 2016Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Jonathan D. Schwartz, Karanbir Singh, Christopher L. Walstad, Sainath Narendranath Thadkal, Aleksandr Radutskiy, Yifan Wang, Vishal Agarwal, Octavian T. Ureche
-
Publication number: 20160112402Abstract: Single sign-on techniques via an application or browser are described. In one or more implementations, a single instance of entry of authentication information is received that is entered via interaction with an application or browser of a computing device. Responsive to this receipt, the single instance of the entry of authentication information is used by the computing device automatically and without user intervention to cause authentication to obtain access to one or more network services that are accessible via a network by the application and the browser.Type: ApplicationFiled: December 8, 2014Publication date: April 21, 2016Inventors: Jonathan D. Schwartz, Karanbir Singh, Christopher L. Walstad, Sainath Narendranath Thadkal, Aleksandr Radutskiy, Yifan Wang, Vishal Agarwal, Octavian T. Ureche
-
Patent number: 9189605Abstract: A method of establishing a protected environment within a computing device including validating a kernel component loaded into a kernel of the computing device, establishing a security state for the kernel based on the validation, creating a secure process and loading a software component into the secure process, periodically checking the security state of the kernel, and notifying the secure process when the security state of the kernel has changed.Type: GrantFiled: February 23, 2009Date of Patent: November 17, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Sumedh N. Barde, Jonathan D. Schwartz, Reid Joseph Kuhn, Alexandre Vicktorovich Grigorovitch, Kirt A. Debique, Chadd B. Knowlton, James M. Alkove, Geoffrey T. Dunbar, Michael J. Grier, Ming Ma, Chaitanya D. Upadhyay, Adil Ahmed Sherwani, Arun Upadhyaya Kishan
-
Patent number: 8943579Abstract: A method to identify a child process to a parent process in an operating system includes obtaining a token and login identifier from the operating system. The parent process creates a remote procedure call communications endpoint to communicate with the child process. Thereafter, a child process is spawned by the parent process. A child-initiated request to communicate with the parent process is then received by the parent process. In order to verify the identity of the child-initiated request, the parent process impersonates the child process and receives as identifier that identifies the requestor child process. The requestor process identifier and the spawned child identifier are compared. Based on the comparison, the parent process responds to the child-initiated request. In another embodiment, process identifiers are used by the parent process to verify the identity of a child process the requests communication with the parent process.Type: GrantFiled: March 14, 2012Date of Patent: January 27, 2015Assignee: Microsoft CorporationInventors: Kedarnath Atmaram Dubhashi, Jonathan D. Schwartz, Sambavi Muthukrishnan, Simon Skaria
-
Patent number: 8225390Abstract: The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.Type: GrantFiled: June 27, 2008Date of Patent: July 17, 2012Assignee: Microsoft CorporationInventors: Kenneth D. Ray, Pankaj M. Kamat, Charles W. Kaufman, Paul J. Leach, William R. Tipton, Andrew Herron, Krassimir E. Karamfilov, Duncan G. Bryce, Jonathan D. Schwartz, Matthew C. Setzer, John McDowell
-
Publication number: 20120174210Abstract: A method to identify a child process to a parent process in an operating system includes obtaining a token and login identifier from the operating system. The parent process creates a remote procedure call communications endpoint to communicate with the child process. Thereafter, a child process is spawned by the parent process. A child-initiated request to communicate with the parent process is then received by the parent process. In order to verify the identity of the child-initiated request, the parent process impersonates the child process and receives as identifier that identifies the requestor child process. The requestor process identifier and the spawned child identifier are compared. Based on the comparison, the parent process responds to the child-initiated request. In another embodiment, process identifiers are used by the parent process to verify the identity of a child process the requests communication with the parent process.Type: ApplicationFiled: March 14, 2012Publication date: July 5, 2012Applicant: MICROSOFT CORPORATIONInventors: Kedarnath Atmaram Dubhashi, Jonathan D. Schwartz, Sambavi Muthukrishnan, Simon Skaria
-
Patent number: 8161544Abstract: A method to identify a child process to a parent process in an operating system includes obtaining a token and login identifier from the operating system. The parent process creates a remote procedure call communications endpoint to communicate with the child process. Thereafter, a child process is spawned by the parent process. A child-initiated request to communicate with the parent process is then received by the parent process. In order to verify the identity of the child-initiated request, the parent process impersonates the child process and receives as identifier that identifies the requestor child process. The requestor process identifier and the spawned child identifier are compared. Based on the comparison, the parent process responds to the child-initiated request. In another embodiment, process identifiers are used by the parent process to verify the identity of a child process the requests communication with the parent process.Type: GrantFiled: July 19, 2006Date of Patent: April 17, 2012Assignee: Microsoft CorporationInventors: Kedarnath Atmaram Dubhashi, Jonathan D. Schwartz, Sambavi Muthukrishnan, Simon Skaria
-
Patent number: 8024813Abstract: Systems and/or methods are described that enable a user to elevate his or her rights. In one embodiment, these systems and/or methods detect a task which is not authorized for a user account. Responsive to detecting the task, the embodiment presents a different user account that is authorized to allow the task and information relating to the task.Type: GrantFiled: March 10, 2006Date of Patent: September 20, 2011Assignee: Microsoft CorporationInventors: James H. Hong, Jonathan D Schwartz, Michael G. Sheldon, Zeke B. Odins-Lucas
-
Patent number: 7941861Abstract: System(s), method(s), and/or technique(s) (“tools”) are described that enable a user to permit multiple tasks requiring elevated rights with as little as one rights elevation. For example, the tools may enable an installation wizard operating within a limited-rights context to perform multiple tasks that require a higher-rights context with a single rights elevation by the user. The tools may do so using an object agent, an instance of which may be created by the installation wizard following a single rights elevation. This instance of the object agent then creates instances of other objects without requiring that the user elevate his or her rights. These other objects' instances may then run the tasks that require the higher-rights context.Type: GrantFiled: February 17, 2006Date of Patent: May 10, 2011Assignee: Microsoft CorporationInventors: Giles Edward van der Bogert, John E. Brezak, Jonathan D Schwartz, Michael G. Sheldon
-
Patent number: 7832004Abstract: A computing device has a user desktop on which a relatively less-secure user application is executed and a secure desktop elevated from the user desktop on which a relatively more-secure secure application is executed upon a request thereto from the user application. To securely collect information from a user at the computer device with regard to the secure application at the secure desktop, an access interface is securely executed on the secure desktop and is visually presented in conjunction with the requesting user application of the user desktop such that the access interface is visually coupled to the requesting user application and is visually perceived by the user along with such requesting user application.Type: GrantFiled: August 10, 2006Date of Patent: November 9, 2010Assignee: Microsoft CorporationInventors: Jonathan D. Schwartz, Eric C. Perlin, James H. Hong, Stephen F. Scallen, Sermet Iskin
-
Publication number: 20090328134Abstract: The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.Type: ApplicationFiled: June 27, 2008Publication date: December 31, 2009Applicant: Microsoft CorporationInventors: Kenneth D. Ray, Pankaj M. Kamat, Charles W. Kaufman, Paul J. Leach, William R. Tipton, Andrew Herron, Krassimir E. Karamifilov, Duncan G. Bryce, Jonathan D. Schwartz, Matthew C. Setzer, John McDowell
-
Patent number: 7577848Abstract: Systems and methods for validating integrity of an executable file are described. In one aspect, multiple partial image hashes are generated, the combination of which represent a digest of an entire executable file. Subsequent to loading the executable file on a computing device, a request to page a portion of the executable file into memory for execution is intercepted. Responsive to intercepting the request, and prior to paging the portion into memory for execution, a validation hash of the portion is computed. The validation hash is compared to a partial hash of the multiple partial image hashes to determine code integrity of the portion. The partial hash represents a same code segment as the portion.Type: GrantFiled: January 18, 2005Date of Patent: August 18, 2009Assignee: Microsoft CorporationInventors: Jonathan D. Schwartz, Yu Lin Sie, Philip Joseph Hallin
-
Publication number: 20090158036Abstract: A method of establishing a protected environment within a computing device including validating a kernel component loaded into a kernel of the computing device, establishing a security state for the kernel based on the validation, creating a secure process and loading a software component into the secure process, periodically checking the security state of the kernel, and notifying the secure process when the security state of the kernel has changed.Type: ApplicationFiled: February 23, 2009Publication date: June 18, 2009Applicant: Microsoft CorporationInventors: Sumedh N. Barde, Jonathan D. Schwartz, Reid Joseph Kuhn, Alexandre Vicktorovich Grigorovitch, Kirt A. Debique, Chabd B. Knowlton, James M. Alkove, Geoffery T. Dunbar, Michael J. Grier, Ming Ma, Chaitanya D. Upadhyay, Adil Ahmed Sherwani, Arun Upadhyaya Kishan
-
Patent number: 7490352Abstract: Systems and methods for validating integrity of an executable file are described. In one aspect, the systems and methods determine that an executable file is being introduced into a path of execution. The executable file is then automatically evaluated in view of multiple malware checks to detect if the executable file represents a type of malware. The multiple malware checks are integrated into an operating system trust verification process along the path of execution.Type: GrantFiled: April 7, 2005Date of Patent: February 10, 2009Assignee: Microsoft CorporationInventors: Michael Kramer, Kenneth D. Ray, Paul England, Scott A. Field, Jonathan D. Schwartz
-
Publication number: 20080040797Abstract: A computing device has a user desktop on which a relatively less-secure user application is executed and a secure desktop elevated from the user desktop on which a relatively more-secure secure application is executed upon a request thereto from the user application. To securely collect information from a user at the computer device with regard to the secure application at the secure desktop, an access interface is securely executed on the secure desktop and is visually presented in conjunction with the requesting user application of the user desktop such that the access interface is visually coupled to the requesting user application and is visually perceived by the user along with such requesting user application.Type: ApplicationFiled: August 10, 2006Publication date: February 14, 2008Applicant: Microsoft CorporationInventors: Jonathan D. Schwartz, Eric C. Perlin, James H. Hong, Stephen F. Scallen, Sermet Iskin
-
Publication number: 20080022281Abstract: A method to identify a child process to a parent process in an operating system includes obtaining a token and login identifier from the operating system. The parent process creates a remote procedure call communications endpoint to communicate with the child process. Thereafter, a child process is spawned by the parent process. A child-initiated request to communicate with the parent process is then received by the parent process. In order to verify the identity of the child-initiated request, the parent process impersonates the child process and receives as identifier that identifies the requestor child process. The requestor process identifier and the spawned child identifier are compared. Based on the comparison, the parent process responds to the child-initiated request. In another embodiment, process identifiers are used by the parent process to verify the identity of a child process the requests communication with the parent process.Type: ApplicationFiled: July 19, 2006Publication date: January 24, 2008Applicant: Microsoft CorporationInventors: Kedarnath Atmaram Dubhashi, Jonathan D. Schwartz, Sambavi Muthukrishnan, Simon Skaria