Patents by Inventor Andrew A. Baumann

Andrew A. Baumann has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9425965
    Abstract: Implementations for providing a persistent secure execution environment with a hosted computer are described. A host operating system of a computing system provides an encrypted checkpoint to a persistence module that executes in a secure execution environment of a hardware-protected memory area initialized by a security-enabled processor. The encrypted checkpoint is derived at least partly from another secure execution environment that is cryptographically certifiable as including another hardware-protected memory area established in an activation state to refrain from executing software not trusted by the client system.
    Type: Grant
    Filed: February 13, 2012
    Date of Patent: August 23, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Andrew A. Baumann, Galen C. Hunt, Marcus Peinado
  • Patent number: 9413538
    Abstract: Implementations for providing a secure execution environment with a hosted computer are described. A security-enabled processor establishes a hardware-protected memory area with an activation state that executes only software identified by a client system. The hardware-protected memory area is inaccessible by code that executes outside the hardware-protected memory area. A certification is transmitted to the client system to indicate that the secure execution environment is established, in its activation state, with only the software identified by the request.
    Type: Grant
    Filed: December 12, 2011
    Date of Patent: August 9, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Andrew A. Baumann, Galen C. Hunt, Marcus Peinado
  • Patent number: 9389933
    Abstract: Described herein are implementations for providing a platform adaptation layer that enables applications to execute inside a user-mode hardware-protected isolation container while utilizing host platform resources that reside outside of the isolation container. The platform adaptation layer facilitates a system service request interaction between the application and the host platform. As part of the facilitating, a secure services component of the platform adaptation layer performs a security-relevant action.
    Type: Grant
    Filed: December 12, 2011
    Date of Patent: July 12, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Andrew A. Baumann, Galen C. Hunt, Marcus Peinado
  • Patent number: 8875160
    Abstract: A library operating system is employed in conjunction with an application in a virtual environment to facilitate dynamic application migration. An application executing in a virtual environment with a library operating system on a first machine can be suspended, and application state can be captured. Subsequently, the state can be restored and execution resumed on the first machine or a second machine.
    Type: Grant
    Filed: January 6, 2012
    Date of Patent: October 28, 2014
    Assignee: Microsoft Corporation
    Inventors: Galen C. Hunt, Reuben R. Olinsky, Adam B. Anderson, Paul G. Mayfield, William Street, Russell T. Young, Barry Bond, Andrew A. Baumann
  • Publication number: 20130151848
    Abstract: Implementations for providing a persistent secure execution environment with a hosted computer are described. A host operating system of a computing system provides an encrypted checkpoint to a persistence module that executes in a secure execution environment of a hardware-protected memory area initialized by a security-enabled processor. The encrypted checkpoint is derived at least partly from another secure execution environment that is cryptographically certifiable as including another hardware-protected memory area established in an activation state to refrain from executing software not trusted by the client system.
    Type: Application
    Filed: February 13, 2012
    Publication date: June 13, 2013
    Applicant: MICROSOFT CORPORATION
    Inventors: Andrew A. Baumann, Galen C. Hunt, Marcus Peinado
  • Publication number: 20130151846
    Abstract: Implementations for providing a secure execution environment with a hosted computer are described. A security-enabled processor establishes a hardware-protected memory area with an activation state that executes only software identified by a client system. The hardware-protected memory area is inaccessible by code that executes outside the hardware-protected memory area. A certification is transmitted to the client system to indicate that the secure execution environment is established, in its activation state, with only the software identified by the request.
    Type: Application
    Filed: December 12, 2011
    Publication date: June 13, 2013
    Applicant: MICROSOFT CORPORATION
    Inventors: Andrew A. Baumann, Galen C. Hunt, Marcus Peinado
  • Publication number: 20130152209
    Abstract: Described herein are implementations for providing a platform adaptation layer that enables applications to execute inside a user-mode hardware-protected isolation container while utilizing host platform resources that reside outside of the isolation container. The platform adaptation layer facilitates a system service request interaction between the application and the host platform. As part of the facilitating, a secure services component of the platform adaptation layer performs a security-relevant action.
    Type: Application
    Filed: December 12, 2011
    Publication date: June 13, 2013
    Applicant: MICROSOFT CORPORATION
    Inventors: Andrew A. Baumann, Galen C. Hunt, Marcus Peinado
  • Publication number: 20120227058
    Abstract: A library operating system is employed in conjunction with an application in a virtual environment to facilitate dynamic application migration. An application executing in a virtual environment with a library operating system on a first machine can be suspended, and application state can be captured. Subsequently, the state can be restored and execution resumed on the first machine or a second machine.
    Type: Application
    Filed: January 6, 2012
    Publication date: September 6, 2012
    Applicant: MICROSOFT CORPORATION
    Inventors: Galen C. Hunt, Reuben R. Olinsky, Adam B. Anderson, Paul G. Mayfield, William Street, Russell T. Young, Barry Bond, Andrew A. Baumann