Patents by Inventor Pavel Zeman
Pavel Zeman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11630660Abstract: Disclosed are various examples for enforcing firmware profiles. First, it is determined that a device record associated with a client device fails to specify a firmware profile. A firmware profile is then generated for the client device. Subsequently, a command is generated that causes a firmware of the client device to be configured based at least in part on the firmware profile. The firmware profile is then stored in the device record.Type: GrantFiled: October 12, 2020Date of Patent: April 18, 2023Assignee: VMware, Inc.Inventors: Ahmad Bilal, Thanhy Mather, Tomas Vetrovsky, Pavel Zeman
-
Publication number: 20210042109Abstract: Disclosed are various examples for enforcing firmware profiles. First, it is determined that a device record associated with a client device fails to specify a firmware profile. A firmware profile is then generated for the client device. Subsequently, a command is generated that causes a firmware of the client device to be configured based at least in part on the firmware profile. The firmware profile is then stored in the device record.Type: ApplicationFiled: October 12, 2020Publication date: February 11, 2021Inventors: Ahmad Bilal, Thanhy Mather, Tomas Vetrovsky, Pavel Zeman
-
Patent number: 10802821Abstract: Disclosed are various examples for enforcing firmware profiles. First, it is determined that a device record associated with a client device fails to specify a firmware profile. A firmware profile is then generated for the client device. Subsequently, a command is generated that causes a firmware of the client device to be configured based at least in part on the firmware profile. The firmware profile is then stored in the device record.Type: GrantFiled: July 24, 2018Date of Patent: October 13, 2020Assignee: VMware, Inc.Inventors: Ahmad Bilal, Thanhy Mather, Tomas Vetrovsky, Pavel Zeman
-
Publication number: 20200034141Abstract: Disclosed are various examples for enforcing firmware profiles. First, it is determined that a device record associated with a client device fails to specify a firmware profile. A firmware profile is then generated for the client device. Subsequently, a command is generated that causes a firmware of the client device to be configured based at least in part on the firmware profile. The firmware profile is then stored in the device record.Type: ApplicationFiled: July 24, 2018Publication date: January 30, 2020Inventors: Ahmad Bilal, Thanhy Mather, Tomas Vetrovsky, Pavel Zeman
-
Patent number: 10158531Abstract: In various embodiments, a device may include a communications interface configured to receive, from the device management server, an indication to perform an action that requires access to a privileged user space. The device may include a processor configured to use a bridge service to perform the action, where the bridge service runs in a security context that enables the service to operate in the privileged user space. In various embodiments, a server may include a communications interface and a processor. The processor may be configured to receive an indication to perform a management action not within a native device management functionality. The processor may be further configured to invoke a bridge service running on the managed device to perform the action by sending a request via the communications interface, where the bridge service runs in a security context that enables the service to operate in the privileged user space.Type: GrantFiled: June 27, 2018Date of Patent: December 18, 2018Assignee: MOBILE IRON, INC.Inventors: Tomas Vetrovsky, Pavel Zeman, Thanhy Mather
-
Publication number: 20180316565Abstract: In various embodiments, a device may include a communications interface configured to receive, from the device management server, an indication to perform an action that requires access to a privileged user space. The device may include a processor configured to use a bridge service to perform the action, where the bridge service runs in a security context that enables the service to operate in the privileged user space. In various embodiments, a server may include a communications interface and a processor. The processor may be configured to receive an indication to perform a management action not within a native device management functionality. The processor may be further configured to invoke a bridge service running on the managed device to perform the action by sending a request via the communications interface, where the bridge service runs in a security context that enables the service to operate in the privileged user space.Type: ApplicationFiled: June 27, 2018Publication date: November 1, 2018Inventors: Tomas Vetrovsky, Pavel Zeman, Thanhy Mather
-
Patent number: 10038598Abstract: In various embodiments, a device may include a communications interface configured to receive, from the device management server, an indication to perform an action that requires access to a privileged user space. The device may include a processor configured to use a bridge service to perform the action, where the bridge service runs in a security context that enables the service to operate in the privileged user space. In various embodiments, a server may include a communications interface and a processor. The processor may be configured to receive an indication to perform a management action not within a native device management functionality. The processor may be further configured to invoke a bridge service running on the managed device to perform the action by sending a request via the communications interface, where the bridge service runs in a security context that enables the service to operate in the privileged user space.Type: GrantFiled: May 24, 2017Date of Patent: July 31, 2018Assignee: MOBILE IRON, INC.Inventors: Tomas Vetrovsky, Pavel Zeman, Thanhy Mather
-
Publication number: 20170366402Abstract: In various embodiments, a device may include a communications interface configured to receive, from the device management server, an indication to perform an action that requires access to a privileged user space. The device may include a processor configured to use a bridge service to perform the action, where the bridge service runs in a security context that enables the service to operate in the privileged user space. In various embodiments, a server may include a communications interface and a processor. The processor may be configured to receive an indication to perform a management action not within a native device management functionality. The processor may be further configured to invoke a bridge service running on the managed device to perform the action by sending a request via the communications interface, where the bridge service runs in a security context that enables the service to operate in the privileged user space.Type: ApplicationFiled: May 24, 2017Publication date: December 21, 2017Inventors: Tomas Vetrovsky, Pavel Zeman, Thanhy Mather
-
Patent number: 7861306Abstract: A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. An activation site provides an activation certificate and a secure repository executable to consumer content-rendering devices which enables those content rendering devices to render content having an enhanced level of copy-resistance. The activation site “activates” client-reading devices in a way that binds them to a persona, and limits the number of devices that may be activated for a particular persona, or the rate at which such devices may be activated for a particular persona.Type: GrantFiled: June 2, 2004Date of Patent: December 28, 2010Assignee: Microsoft CorporationInventors: Marco A. DeMello, Yoram Yaacovi, Pavel Zeman
-
Patent number: 7430542Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.Type: GrantFiled: November 10, 2004Date of Patent: September 30, 2008Assignee: Microsoft CorporationInventors: Marco A. DeMello, Attila Narin, Venkateshaiah Setty, Pavel Zeman, Vinay Krishnaswamy, John L. Manferdelli, Frank D. Byrum, Leroy Bertrand Keely, Yoram Yaacovi, Jeffrey A. Alger
-
Patent number: 7383443Abstract: A technique for obfuscating code. A list of one-byte instructions for a particular processor is created. Bytes in a function to be obfuscated are randomly selected, and these bytes are replaced with one-byte instructions from the list. A table that identifies the replaced bytes and their original values is inserted into the executable that contains the function. When the function is called, the function is deobfuscated by consulting the table to restore the replaced bytes to their original values.Type: GrantFiled: June 27, 2002Date of Patent: June 3, 2008Assignee: Microsoft CorporationInventors: Pavel Zeman, Michael D. Marr
-
Patent number: 7293251Abstract: Bifurcated processes, in which a shadow process in a first environment is controlling thread scheduling for a trusted agent in a second, high assurance environment, can be debugged via a two-phase initialization of the debugger. In the first phase, initial set up is accomplished for the trusted agent, but no shadow process will schedule execution for any thread of the trusted agent. The debugger will then be attached. In a second phase, the shadow process will begin scheduling threads for the trusted agent. In order to allow the debugger access to the process memory of the trusted agent or to set or get information regarding a particular thread of the trusted agent, a thread which is either a thread belonging to the trusted agent or belonging to the second execution environment and matched with the trusted agent is used.Type: GrantFiled: January 16, 2004Date of Patent: November 6, 2007Assignee: Microsoft CorporationInventors: Pavel Zeman, Nathan T. Lewis, Kenneth D. Ray
-
Patent number: 7225400Abstract: A method and apparatus for invoking system resources directly from within a mark-up language document. Links referencing a pre-defined system command to be invoked may be embedded within the document. The specific system command may be identified in the link by an alias, such as, for example, a numeric code. By clicking on the link, the system will analyze the contents of the link. If the link calls for invoking a system command, the system will extract the alias, determine the appropriate pre-defined system command referred to by the alias, and execute the system command.Type: GrantFiled: June 18, 2004Date of Patent: May 29, 2007Assignee: Microsoft CorporationInventors: John L Beezer, David M Silver, Pavel Zeman
-
Patent number: 7171692Abstract: A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site. The fulfillment site includes an asynchronous fulfillment pipeline which logs information about processed transactions using a store-and-forward messaging service. The fulfillment site may be implemented as several server devices, each having a cache which stores frequently downloaded content items, in which case the asynchronous fulfillment pipeline may also be used to invalidate the cache if a change is made at one server that affects the cached content items.Type: GrantFiled: June 27, 2000Date of Patent: January 30, 2007Assignee: Microsoft CorporationInventors: Marco A. DeMello, Pavel Zeman, Vinay Krishnaswamy, Prashant Malik, Kathryn E. Hughes, Frank D. Byrum
-
Patent number: 7158953Abstract: A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. An activation site provides an activation certificate and a secure repository executable to consumer content-rendering devices which enables those content rendering devices to render content having an enhanced level of copy-resistance. The activation site “activates” client-reading devices in a way that binds them to a persona, and limits the number of devices that may be activated for a particular persona, or the rate at which such devices may be activated for a particular persona.Type: GrantFiled: June 27, 2000Date of Patent: January 2, 2007Assignee: Microsoft CorporationInventors: Marco A. DeMello, Yoram Yaacovi, Pavel Zeman, Kathryn E. Hughes, Frank D. Byrum
-
Publication number: 20060123025Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.Type: ApplicationFiled: January 25, 2006Publication date: June 8, 2006Applicant: Microsoft CorporationInventors: Marco DeMello, Attila Narin, Venkateshaiah Setty, Pavel Zeman, Vinay Krishnaswamy, John Manferdelli, Frank Byrum, Leroy Keely, Yoram Yaacovi, Jeffrey Alger
-
Patent number: 7047411Abstract: A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. Each retail site is equipped with a URL encryption object, which encrypts, according to a secret symmetric key shared between the retail site and the fulfillment site, information that is needed by the fulfillment site to process an order for content sold by the retail site. Upon selling a content items, the retail site transmits to the purchase a web page having a link to a URL comprising the address of the fulfillment site and a parameter having the encrypted information.Type: GrantFiled: June 27, 2000Date of Patent: May 16, 2006Assignee: Microsoft CorporationInventors: Marco A. DeMello, Pavel Zeman, Vinay Krishnaswamy, Frank D. Byrum
-
Patent number: 7017189Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and filly-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.Type: GrantFiled: June 27, 2000Date of Patent: March 21, 2006Assignee: Microsoft CorporationInventors: Marco A. DeMello, Attila Narin, Venkateshaiah Setty, Pavel Zeman, Vinay Krishnaswamy, John L. Manferdelli, Frank D. Byrum, Leroy B. Keely, Yoram Yaacovi, Jeffrey H. Alger
-
Patent number: 6970849Abstract: A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. Each retail site is equipped with a URL encryption object, which encrypts, according to a secret symmetric key shared between the retail site and the fulfillment site, information that is needed by the fulfillment site to process an order for content sold by the retail site. Upon selling a content item, the retail site transmits to the purchaser a web page having a link to a URL comprising the address of the fulfillment site and a parameter having the encrypted information.Type: GrantFiled: June 27, 2000Date of Patent: November 29, 2005Assignee: Microsoft CorporationInventors: Marco A. DeMello, Pavel Zeman, Vinay Krishnaswamy, Frank D. Byrum
-
Publication number: 20050097057Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.Type: ApplicationFiled: November 10, 2004Publication date: May 5, 2005Applicant: Microsoft CorporationInventors: Marco DeMello, Attila Narin, Venkateshaiah Setty, Pavel Zeman, Vinay Krishnaswamy, John Manferdelli, Frank Byrum, Leroy Keely, Yoram Yaacovi, Jeffrey Alger