Patents by Inventor Loren M. Kohnfelder

Loren M. Kohnfelder has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Centralized enforcement of name-based computer system security rules
    Patent number: 7930760
    Abstract: This disclosure describes techniques of using a centralized rule database to control the abilities of software processes to perform actions with regard to resources provided by a computer. As described herein, each software process executing in a computer executes within a chamber and each resource provided by the computer is associated with a canonical name that uniquely identifies the resource. Furthermore, the computer stores a set of security rules in a centralized rule database. In addition, this disclosure describes techniques of enforcing the rules stored in the centralized rule database.
    Type: Grant
    Filed: June 27, 2008
    Date of Patent: April 19, 2011
    Assignee: Microsoft Corporation
    Inventors: Neil Coles, Yadhu Gopalan, Christopher Jordan, Matthew Lyons, Andrew Rogers, Upender Sandadi, Scott Shell, Zoheb Vacheri, Angelo Vals, Sharath Viswanathan, Loren M. Kohnfelder
  • Isolated persistent storage
    Patent number: 7620731
    Abstract: An isolated persistent storage object accesses an isolated persistent storage region using identities of the application, an underlying component of the application, and optionally the user. Direct access to the isolated persistent storage region is available only to the isolated persistent storage object and is unavailable to other components. Accordingly, other components access the isolated persistent storage region through the isolated persistent storage object, which determines the specific location (e.g., specified by an internally constructed path name) and performs the access operation on behalf of the calling component. The application identity and the component identity are converted to typed identity names for use in the construction of the path name.
    Type: Grant
    Filed: February 21, 2001
    Date of Patent: November 17, 2009
    Assignee: Microsoft Corporation
    Inventors: Shajan Dasan, Loren M. Kohnfelder, Michael J. Toutonghi
  • Centralized Enforcement of Name-Based Computer System Security Rules
    Publication number: 20090249436
    Abstract: This disclosure describes techniques of using a centralized rule database to control the abilities of software processes to perform actions with regard to resources provided by a computer. As described herein, each software process executing in a computer executes within a chamber and each resource provided by the computer is associated with a canonical name that uniquely identifies the resource. Furthermore, the computer stores a set of security rules in a centralized rule database. In addition, this disclosure describes techniques of enforcing the rules stored in the centralized rule database.
    Type: Application
    Filed: June 27, 2008
    Publication date: October 1, 2009
    Applicant: MICROSOFT CORPORATION
    Inventors: Neil Coles, Yadhu Gopalan, Christopher Jordan, Matthew Lyons, Andrew Rogers, Upender Sandadi, Scott Shell, Zoheb Vacheri, Angelo Vals, Sharath Viswanathan, Loren M. Kohnfelder
  • Computing system and method for allowing plurality of applications written in different programming languages to communicate and request resources or services via a common language runtime layer
    Patent number: 7581231
    Abstract: An application program interface (API) provides a set of functions for application developers who build Web applications on Microsoft Corporation's .NET™ platform.
    Type: Grant
    Filed: February 28, 2002
    Date of Patent: August 25, 2009
    Assignee: Microsoft Corporation
    Inventors: Adam W. Smith, Anthony J. Moore, Anders Hejlsberg, Brian A. LaMacchia, Blaine J. Dockter, Brian M. Grunkemeyer, Brian K. Pepin, Caleb L. Doise, Christopher W. Brumme, Chad W. Royal, Christopher L. Anderson, Corina E. Feuerstein, Craig T. Sinclair, Daniel Dedu-Constantin, Daniel Takacs, David S. Ebbo, David S. Mortenson, Erik B. Christensen, Erik B. Olson, Fabio A. Yeon, Giovanni M. Della-Libera, Gopala Krishna R. Kakivaya, Gregory D. Fee, Hany E. Ramadan, Jayanth V. Rajan, Jeffrey M. Cooperstein, Jonathan C. Hawkins, James H. Hogg, Joe D. Long, John I. McConnell, Jesus Ruiz-Scougall, James S. Miller, Julie D. Bennett, Jun Fang, Krzysztof J. Cwalina, Keith W. Ballinger, Lance E. Olson, Loren M. Kohnfelder, Luca Bolognese, Manu Vasandani, Mark T. Anders, Mark P. Ashton, Mark A. Boulter, Mark W. Fussell, Michael M. Magruder, Manish S. Prabhu, Neetu Rajpal, Nikhil Kothari, Nithyalakshmi Sampathkumar, Nicholas M. Kramer, Omri Gazitt, Radu Rares Palanca, Raja Krishnaswamy, Robert M. Howard, Ramasamy Krishnaswamy, Shawn P. Burke, Scott D. Guthrie, Sean E. Trowbridge, Seth M. Demsey, Shajan Dasan, Subhag P. Oak, Sreeram Nivarthi, Stefan H. Pharies, Suzanne M. Cook, Susan M. Warren, Tarun Anand, Travis J. Muhlestein, William A. Adams, Yan Leshinsky, Yann E. Christensen, Yung-shin Lin, Stephen J. Millet, Joseph Roxe, Alan Boshier, Henry L. Sanders, David Bau
  • Application program interface for network software platform
    Patent number: 7555757
    Abstract: An application program interface (API) provides a set of functions, including a set of base classes and types that are used in substantially all applications accessing the API, for application developers who build Web applications on Microsoft Corporation's .NET™ platform.
    Type: Grant
    Filed: June 23, 2005
    Date of Patent: June 30, 2009
    Assignee: Microsoft Corporation
    Inventors: Adam W. Smith, Anthony J. Moore, Brian A. LaMacchia, Anders Hejlsberg, Brian M. Grunkemeyer, Caleb L. Doise, Christopher W. Brumme, Christopher L. Anderson, Corina E. Feuerstein, Craig T. Sinclair, Daniel Takacs, David S. Ebbo, David O. Driver, David S. Mortenson, Erik B. Christensen, Erik B. Olson, Fabio A. Yeon, Gopala Krishna R. Kakivaya, George D. Fee, Hany E. Ramadan, Henry L. Sanders, II, Jayanth V. Rajan, Jeffrey M. Cooperstein, Jonathan C. Hawkins, James H. Hogg, Joe D. Long, John I. McConnell, Jesus Ruiz-Scougall, James S. Miller, Julie D. Bennett, Krzysztof J. Cwalina, Lance E. Olson, Loren M. Kohnfelder, Michael M. Magruder, Manish S. Prabhu, Radu Rares Palanca, Raja Krishnaswamy, Shawn P. Burke, Sean E. Trowbridge, Seth M. Demsey, Shajan Dasan, Stefan H. Pharies, Suzanne M. Cook, Tarun Anand, Travis J. Muhlestein, Yann E. Christensen, Yung-shin Lin, Ramasamy Krishnaswamy, Joseph Roxe, Alan Boshier, David Bau
  • Filtering a permission set using permission requests associated with a code assembly
    Patent number: 7310822
    Abstract: A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly.
    Type: Grant
    Filed: November 14, 2005
    Date of Patent: December 18, 2007
    Assignee: Microsoft Corporation
    Inventors: Brian A. LaMacchia, Loren M. Kohnfelder, Gregory D. Fee, Michael J. Toutonghi
  • Filtering a permission set using permission requests associated with a code assembly
    Patent number: 7251834
    Abstract: A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly.
    Type: Grant
    Filed: October 20, 2005
    Date of Patent: July 31, 2007
    Assignee: Microsoft Corporation
    Inventors: Brian A. LaMacchia, Loren M. Kohnfelder, Gregory D. Fee, Michael J. Toutonghi
  • Rapid application security threat analysis
    Patent number: 7243374
    Abstract: The following subject matter provides for modeling an application's potential security threats at a logical component level early in the design phase of the application. Specifically, in a computer system, multiple model components are defined to represent respective logical elements of the application. Each model component includes a corresponding set of security threats that could potentially be of import not only to the component but also to the application as a whole in its physical implementation. The model components are interconnected to form a logical model of the application. One or more potential security threats are then analyzed in terms of the model components in the logical model.
    Type: Grant
    Filed: August 8, 2001
    Date of Patent: July 10, 2007
    Assignee: Microsoft Corporation
    Inventors: Michael Howard, Praerit Garg, Loren M. Kohnfelder
  • Evaluating initially untrusted evidence in an evidence-based security policy manager
    Patent number: 7131143
    Abstract: An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. Both code assemblies and evidence may be received from a local origin or from a remote resource location via a network (e.g., the Internet). Evidence having different levels of trust may be evaluated in combination so that a permission grant set is associated only with trusted code assemblies.
    Type: Grant
    Filed: June 21, 2000
    Date of Patent: October 31, 2006
    Assignee: Microsoft Corporation
    Inventors: Brian A. LaMacchia, Loren M. Kohnfelder, Gregory Darrell Fee
  • Applying a permission grant set to a call stack during runtime
    Patent number: 7076557
    Abstract: A system and method determine whether a called code frame has a requested permission available to it, so as to be able to execute a protected operation. A code frame is contained within a code assembly received from a remote or local resource location. A policy manager generates a permission grant set containing permission grant objects associated with the code assembly. Both the permission grant set and the code assembly are loaded into a runtime call stack for runtime execution of one or more code frames. Calls to other code frames may involve loading additional code assemblies and permission grant sets into the runtime call stack. In order for a called code frame to perform a protected operation, the code frame demands a requested permission from its calling code frame and all code frames preceding the calling code frame on the runtime call stack as part of a stack walk operation.
    Type: Grant
    Filed: July 10, 2000
    Date of Patent: July 11, 2006
    Assignee: Microsoft Corporation
    Inventors: Brian A. LaMacchia, Gregory Darrell Fee, Loren M. Kohnfelder, Ashok Cholpady Kamath
  • Evidence-based security policy manager
    Patent number: 7051366
    Abstract: An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. Both code assemblies and evidence may be received from a local origin or from a remote resource location via a network (e.g., the Internet). The policy manager may comprise execution modules for parsing a security policy specification, generating a one or more code hierarchies, evaluating membership of the received code assembly in one or more code groups, and generating a permission grant set based upon this membership evaluation.
    Type: Grant
    Filed: June 21, 2000
    Date of Patent: May 23, 2006
    Assignee: Microsoft Corporation
    Inventors: Brian A LaMacchia, Loren M. Kohnfelder, Gregory Darrell Fee, Michael J. Toutonghi
  • Application program interface for network software platform
    Patent number: 7017162
    Abstract: An application program interface (API) provides a set of functions, including a set of base classes and types that are used in substantially all applications accessing the API, for application developers who build Web applications on Microsoft Corporation's .NET™ platform.
    Type: Grant
    Filed: July 10, 2001
    Date of Patent: March 21, 2006
    Assignee: Microsoft Corporation
    Inventors: Adam W. Smith, Anthony J. Moore, Brian A. LaMacchia, Anders Hejlsberg, Brian M. Grunkemeyer, Caleb L. Doise, Christopher W. Brumme, Christopher L. Anderson, Corina E. Feuerstein, Craig T. Sinclair, Daniel Takacs, David S. Ebbo, David O. Driver, David S. Mortenson, Erik B. Christensen, Erik B. Olson, Fabio A. Yeon, Gopala Krishna R. Kakivaya, Gregory D. Fee, Hany E. Ramadan, Henry L. Sanders, Jayanth V. Rajan, Jeffrey M. Cooperstein, Jonathan C. Hawkins, James H. Hogg, Joe D. Long, John I. McConnell, Jesus Ruiz-Scougall, James S. Miller, Julie D. Bennett, Krzysztof J. Cwalina, Lance E. Olson, Loren M. Kohnfelder, Michael M. Magruder, Manish S. Prabhu, Radu Rares Palanca, Raja Krishnaswamy, Shawn P. Burke, Sean E. Trowbridge, Seth M. Demsey, Shajan Dasan, Stefan H. Pharies, Suzanne M. Cook, Tarun Anand, Travis J. Muhlestein, Yann E. Christensen, Yung-shin Lin, Ramasamy Krishnaswamy, Joseph Roxe, Alan Boshier, David Bau
  • Application program interface for network software platform
    Patent number: 7013469
    Abstract: An application program interface (API) provides a set of functions, including a set of base classes and types that are used in substantially all applications accessing the API, for application developers who build Web applications on Microsoft Corporation's .NET™ platform.
    Type: Grant
    Filed: June 23, 2005
    Date of Patent: March 14, 2006
    Assignee: Microsoft Corporation
    Inventors: Adam W. Smith, Anthony J. Moore, Brian A. LaMacchia, Anders Hejlsberg, Brian M. Grunkemeyer, Caleb L. Doise, Christopher W. Brumme, Christopher L. Anderson, Corina E. Feuerstein, Craig T. Sinclair, Daniel Takacs, David S. Ebbo, David O. Driver, David S. Mortenson, Erik B. Christensen, Erik B. Olson, Fabio A. Yeon, Gopala Krishna R. Kakivaya, Gregory D. Fee, Hany E. Ramadan, Henry L. Sanders, Jayanth V. Rajan, Jeffrey M. Cooperstein, Jonathan C. Hawkins, James H. Hogg, Joe D. Long, John I. McConnell, Jesus Ruiz-Scougall, James S. Miller, Julie D. Bennett, Krzysztof J. Cwalina, Lance E. Olson, Loren M. Kohnfelder, Michael M. Magruder, Manish S. Prabhu, Radu Rares Palanca, Raja Krishnaswamy, Shawn P. Burke, Sean E. Trowbridge, Seth M. Demsey, Shajan Dasan, Stefan H. Pharies, Suzanne M. Cook, Tarun Anand, Travis J. Muhlestein, Yann E. Christensen, Yung-shin Lin, Ramasamy Krishnaswamy, Joseph Roxe, Alan Boshier, David Bau
  • Filtering a permission set using permission requests associated with a code assembly
    Patent number: 6981281
    Abstract: A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly.
    Type: Grant
    Filed: June 21, 2000
    Date of Patent: December 27, 2005
    Assignee: Microsoft Corporation
    Inventors: Brian A. LaMacchia, Loren M. Kohnfelder, Gregory Darrell Fee, Michael J. Toutonghi
  • Method and apparatus for writing a windows application in HTML
    Patent number: 6662341
    Abstract: A method, apparatus, and computer-readable medium for authoring and executing HTML application files is disclosed. An HTML application file is basically a standard HTML file that runs in its own window outside of the browser, and is thus not bound by the security restrictions of the browser. The author of an HTML application file can take advantage of the relaxed security. The author of the HTML application file designates the file as an HTML application file by doing one or more of the following: defining the MIME type as an HTML application MIME type; or using an HTML application file extension for the file. When a browser, such as the Internet Explorer, encounters one of the above, it processes the file as an HTML application file rather than a standard HTML file by creating a main window independent of the browser, and rendering the HTML in the main window.
    Type: Grant
    Filed: May 20, 1999
    Date of Patent: December 9, 2003
    Assignee: Microsoft Corporation
    Inventors: Phillip R. Cooper, Loren M. Kohnfelder, Roderick A. Chavez
  • Application program interface for network software platform
    Publication number: 20030167356
    Abstract: An application program interface (API) provides a set of functions, including a set of base classes and types that are used in substantially all applications accessing the API, for application developers who build Web applications on Microsoft Corporation's .NET™ platform.
    Type: Application
    Filed: July 10, 2001
    Publication date: September 4, 2003
    Inventors: Adam W. Smith, Anthony J. Moore, Brian A. LaMacchia, Anders Hejlsberg, Brian M. Grunkemeyer, Caleb L. Doise, Christopher W. Brumme, Christopher L. Anderson, Corina E. Feuerstein, Craig T. Sinclair, Daniel Takacs, David S. Ebbo, David O. Driver, David S. Mortenson, Erik B. Christensen, Erik B. Olson, Fabio A. Yeon, Gopala Krishna R. Kakivaya, Gregory D. Fee, Hany E. Ramadan, Henry L. Sanders, Jayanth V. Rajan, Jeffrey M. Cooperstein, Jonathan C. Hawkins, James H. Hogg, Joe D. Long, John I. McConnell, Jesus Ruiz-Scougall, James S. Miller, Julie D. Bennett, Krzysztof J. Cwalina, Lance E. Olson, Loren M. Kohnfelder, Michael M. Magruder, Manish S. Prabhu, Radu Rares Palanca, Raja Krishnaswamy, Shawn P. Burke, Sean E. Trowbridge, Seth M. Demsey, Shajan Dasan, Stefan H. Pharies, Suzanne M. Cook, Tarun Anand, Travis J. Muhlestein, Yann E. Christensen, Yung-shin Lin, Ramasamy Krishnaswamy, Joseph Roxe, Alan Boshier, David Bau
  • Saved Web page security system and method
    Patent number: 6567918
    Abstract: A system and method of saving a Web page from a Web site on an Internet to a computer-readable medium is disclosed. A Web page is downloaded from the Internet to the computer-readable medium. The Internet address for the Web page is stored on the computer-readable medium. When the Web page is opened from the computer-readable medium, the Internet address is used to identify a security context for the Web page. By using the Internet address to identify the security context for the Web page, the system and method of the present invention allows users to securely view and execute Web pages downloaded from the Internet.
    Type: Grant
    Filed: January 28, 1999
    Date of Patent: May 20, 2003
    Assignee: Microsoft Corporation
    Inventors: Sean L. Flynn, Loren M. Kohnfelder, Eric J. Hennings, Ray Sun, Michael J. Wallent, Eric R. Berman, Sanjay G. Shenoy
  • Rapid application security threat analysis
    Publication number: 20030033516
    Abstract: The following subject matter provides for modeling an application's potential security threats at a logical component level early in the design phase of the application. Specifically, in a computer system, multiple model components are defined to represent respective logical elements of the application. Each model component includes a corresponding set of security threats that could potentially be of import not only to the component but also to the application as a whole in its physical implementation. The model components are interconnected to form a logical model of the application. One or more potential security threats are then analyzed in terms of the model components in the logical model.
    Type: Application
    Filed: August 8, 2001
    Publication date: February 13, 2003
    Inventors: Michael Howard, Praerit Garg, Loren M. Kohnfelder
  • Application program interface for network software platform
    Publication number: 20030028685
    Abstract: An application program interface (API) provides a set of functions for application developers who build Web applications on Microsoft Corporation's .NET™ platform.
    Type: Application
    Filed: February 28, 2002
    Publication date: February 6, 2003
    Inventors: Adam W. Smith, Anthony J. Moore, Anders Hejlsberg, Brian A. LaMacchia, Blaine J. Dockter, Brian M. Grunkemeyer, Brian K. Pepin, Caleb L. Doise, Christopher W. Brumme, Chad W. Royal, Christopher L. Anderson, Corina E. Feuerstein, Craig T. Sinclair, Daniel Dedu-Constantin, Daniel Takacs, David S. Ebbo, David S. Mortenson, Erik B. Christensen, Erik B. Olson, Fabio A. Yeon, Giovanni M. Della-Libera, Gopala Krishna R. Kakivaya, Gregory D. Fee, Hany E. Ramadan, Jayanth V. Rajan, Jeffrey M. Cooperstein, Jonathan C. Hawkins, James H. Hogg, Joe D. Long, John I. McConnell, Jesus Ruiz-Scougall, James S. Miller, Julie D. Bennett, Jun Fang, Krzysztof J. Cwalina, Keith W. Ballinger, Lance E. Olson, Loren M. Kohnfelder, Luca Bolognese, Manu Vasandani, Mark T. Anders, Mark P. Ashton, Mark A. Boulter, Mark W. Fussell, Michael M. Magruder, Manish S. Prabhu, Neetu Rajpal, Nikhil Kothari, Nithyalakshmi Sampathkumar, Nicholas M. Kramer, Omri Gazitt, Radu Rares Palanca, Raja Krishnaswamy, Robert M. Howard, Ramasamy Krishnaswamy, Shawn P. Burke, Scott D. Guthrie, Sean E. Trowbridge, Seth M. Demsey, Shajan Dasan, Subhag P. Oak, Sreeram Nivarthi, Stefan H. Pharies, Suzanne M. Cook, Susan M. Warren, Tarun Anand, Travis J. Muhlestein, William A. Adams, Yan Leshinsky, Yann E. Christensen, Yung-shin Lin, Stephen J. Miller, Joseph Roxe, Alan Boshier, Henry L. Sanders, David Bau
  • Network security zones
    Patent number: 6366912
    Abstract: A computer based system and method of providing security when receiving digital data at a client computer from one or more Web sites is disclosed. The method includes receiving security configuration information that specifies multiple security zones, each zone corresponding to a set of Web sites. The security configuration information also includes information specifying a set of security settings corresponding to each security zone. A security setting is a specification indicating an action to perform when a Web page from one of the security zones requests a protected operation to be performed. During a Web browsing session, the mechanism of the invention determines the security zone corresponding to the Web site currently being browsed.
    Type: Grant
    Filed: April 6, 1998
    Date of Patent: April 2, 2002
    Assignee: Microsoft Corporation
    Inventors: Michael J. Wallent, Rajeev Dujari, Anand Ramakrishna, Loren M. Kohnfelder, Lewis Geer