Patents by Inventor Navin Narayan Pai
Navin Narayan Pai has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10855725Abstract: A host operating system running on a computing device monitors network communications for the computing device to identify network resources that are requested by the computing device. The host operating system compares requested network resources against security policies to determine if the requested network resources are trusted. When an untrusted network resource is identified, the host operating system accesses the untrusted network resource within a container that is isolated from the host operating system kernel using techniques discussed herein. By restricting access to untrusted network resources to isolated containers, the host operating system is protected from even kernel-level attacks or infections that may result from an untrusted network resource.Type: GrantFiled: June 2, 2016Date of Patent: December 1, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Navin Narayan Pai, Charles G. Jeffries, Giridhar Viswanathan, Benjamin M. Schultz, Frederick J. Smith, Lars Reuther, Michael B. Ebersol, Gerardo Diaz Cuellar, Ivan Dimitrov Pashov, Poornananda R. Gaddehosur, Hari R. Pulapaka, Vikram Mangalore Rao
-
Patent number: 10666655Abstract: Providing access control by a first operating system. A method includes receiving at the first operating system, from the second operating system, a request for a bounding reference to a set having at least one resource. A bounding reference for the set is obtained. The bounding reference comprises a reference created from a first operating system resolvable reference to the set. The method further includes providing the obtained bounding reference for the obtained provided bounding reference to the second operating system. A request, including the obtained bounding reference and an identifier identifying the second operating system for the set, is received from the second operating system. The obtained bounding reference and the identifier identifying the second operating system are evaluated. As a result of evaluating the obtained bounding reference and the identifier identifying the second operating system, a resource control action is performed.Type: GrantFiled: November 20, 2017Date of Patent: May 26, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Gerardo Diaz Cuellar, Navin Narayan Pai, Ivan Dimitrov Pashov, Giridhar Viswanathan, Benjamin M. Schultz, Hari R. Pulapaka
-
Patent number: 10438019Abstract: A second operating system accessing resources from an external service. A method includes sending an anonymized request, for an anonymized user corresponding to an authorized user, for resources, through a broker. A request for proof indicating that the anonymized user is authorized to obtain the resources is received from the broker. As a result, a request is send to a first operating system for the proof that the anonymized user is authorized to obtain the resources. Proof is received from the first operating system, based on the anonymized user being associated with the authorized user, that the anonymized user is authorized to obtain the resources. The proof is provided to the broker. As a result, the resources are obtained by the second operating system from the service.Type: GrantFiled: June 30, 2017Date of Patent: October 8, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Giridhar Viswanathan, Gerardo Diaz Cuellar, Hari R. Pulapaka, Ivan Dimitrov Pashov, Navin Narayan Pai, Benjamin M. Schultz
-
Publication number: 20190158497Abstract: Providing access control by a first operating system. A method includes receiving at the first operating system, from the second operating system, a request for a bounding reference to a set having at least one resource. A bounding reference for the set is obtained. The bounding reference comprises a reference created from a first operating system resolvable reference to the set. The method further includes providing the obtained bounding reference for the obtained provided bounding reference to the second operating system. A request, including the obtained bounding reference and an identifier identifying the second operating system for the set, is received from the second operating system. The obtained bounding reference and the identifier identifying the second operating system are evaluated. As a result of evaluating the obtained bounding reference and the identifier identifying the second operating system, a resource control action is performed.Type: ApplicationFiled: November 20, 2017Publication date: May 23, 2019Inventors: Gerardo DIAZ CUELLAR, Navin Narayan PAI, Ivan Dimitrov PASHOV, Giridhar VISWANATHAN, Benjamin M. SCHULTZ, Hari R. PULAPAKA
-
Publication number: 20180322307Abstract: A second operating system accessing resources from an external service. A method includes sending an anonymized request, for an anonymized user corresponding to an authorized user, for resources, through a broker. A request for proof indicating that the anonymized user is authorized to obtain the resources is received from the broker. As a result, a request is send to a first operating system for the proof that the anonymized user is authorized to obtain the resources. Proof is received from the first operating system, based on the anonymized user being associated with the authorized user, that the anonymized user is authorized to obtain the resources. The proof is provided to the broker. As a result, the resources are obtained by the second operating system from the service.Type: ApplicationFiled: June 30, 2017Publication date: November 8, 2018Inventors: Giridhar VISWANATHAN, Gerardo DIAZ CUELLAR, Hari R. PULAPAKA, Ivan Dimitrov PASHOV, Navin Narayan PAI, Benjamin M. SCHULTZ
-
Publication number: 20170353496Abstract: A host operating system running on a computing device monitors network communications for the computing device to identify network resources that are requested by the computing device. The host operating system compares requested network resources against security policies to determine if the requested network resources are trusted. When an untrusted network resource is identified, the host operating system accesses the untrusted network resource within a container that is isolated from the host operating system kernel using techniques discussed herein. By restricting access to untrusted network resources to isolated containers, the host operating system is protected from even kernel-level attacks or infections that may result from an untrusted network resource.Type: ApplicationFiled: June 2, 2016Publication date: December 7, 2017Applicant: Microsoft Technology Licensing, LLCInventors: Navin Narayan Pai, Charles G. Jeffries, Giridhar Viswanathan, Benjamin M. Schultz, Frederick J. Smith, Lars Reuther, Michael B. Ebersol, Gerardo Diaz Cuellar, Ivan Dimitrov Pashov, Poornananda R. Gaddehosur, Hari R. Pulapaka, Vikram Mangalore Rao
-
Patent number: 9021587Abstract: The subject disclosure is directed towards detecting software vulnerabilities in an isolated computing environment. In order to evaluate each input submission from an external computer, a plurality of tasks are automatically generated for execution on one or more computing units running within the isolated computing environment. Various configurations of the one or more computing units are defined in which each computing unit executes the plurality of tasks. A report is produced comprising results associated with such an execution.Type: GrantFiled: October 27, 2011Date of Patent: April 28, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Nitin Kumar Goel, Kenneth D. Johnson, Matthew Ryan Miller, Navin Narayan Pai, Grzegorz M. Wroblewski, Gregory Justice Riggs
-
Publication number: 20130111587Abstract: The subject disclosure is directed towards detecting software vulnerabilities in an isolated computing environment. In order to evaluate each input submission from an external computer, a plurality of tasks are automatically generated for execution on one or more computing units running within the isolated computing environment. Various configurations of the one or more computing units are defined in which each computing unit executes the plurality of tasks. A report is produced comprising results associated with such an execution.Type: ApplicationFiled: October 27, 2011Publication date: May 2, 2013Applicant: MICROSOFT CORPORATIONInventors: Nitin Kumar Goel, Kenneth D. Johnson, Matthew Ryan Miller, Navin Narayan Pai, Grzegorz M. Wroblewski, Gregory Justice Riggs