Patents by Inventor Andrey Belenko
Andrey Belenko has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11165565Abstract: A secure key system is described that distributes a private key of a key server to an edge server for encryption on behalf of an owner of the private key when establishing a session with a client. To distribute the private key, the key server receives from the edge server a quote generated by a secure enclave of the edge server. The quote attests to code of the secure enclave. The key server verifies the quote to ensure that the code of the secure enclave is trusted code. The key server encrypts the private key using a key of the edge server and sends the encrypted private key to the code of the secure enclave. The code of the secure enclave decrypts the private key using its key. Untrusted code of the edge server then requests the code of the secure enclave to perform cryptographic actions using the private key.Type: GrantFiled: December 9, 2016Date of Patent: November 2, 2021Assignee: Microsoft Technology Licensing, LLCInventor: Andrey Belenko
-
Patent number: 10893076Abstract: A communication event is established between an initiating device and a responding device under the control of a remote communications controller. In a pre-session establishment phase: a compression dictionary or a dictionary link that identifies an addressable memory location, at which a compression dictionary is held, is received at the initiating device. The received compression dictionary or the received dictionary link is stored in electronic storage of the initiating device. In response to a communication event establishment instruction received at the initiating device after the dictionary or the dictionary link has been received and stored at the initiating device, a session is established between the initiating device and the communications controller by the initiating device transmitting an initial session establishment message—compressed using the dictionary—to the communications controller to establish the communication event.Type: GrantFiled: December 13, 2018Date of Patent: January 12, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Uladzimir A. Skuratovich, Namendra Kumar, Andrey Belenko, Timothy Mark Moore
-
Publication number: 20190334840Abstract: A computer system comprises computer storage holding a plurality of code modules, one or more processors and a communication system. The one or more processors are configured to execute the code modules and thereby implement the bots. The communication system comprises a message relay and an anonymized identifier generator. The message relay is configured to receive a message comprising an identifier of a user and an identifier of a target one of the bots. The anonymized identifier generator is configured to generate an anonymized identifier of the user unique to the target bot, by applying an anonymization function to the user identifier and the bot identifier in the message. The message relay is configured to transmit to the target bot a version of the message, which comprises the anonymized user identifier and does not include the user identifier, wherein the user identifier is not rendered accessible to the target bot.Type: ApplicationFiled: May 15, 2019Publication date: October 31, 2019Inventors: Farookh P. Mohammed, Krishnan Ananthanarayanan, Alexey Pikin, Mieszko G. MatkowskI, Andrey Belenko
-
Patent number: 10432590Abstract: A communication event is established between an initiating device and a responding device under the control of a remote communications controller. In a pre-communication event establishment phase, a secure connection is established between the initiating device and the communications controller, and session key negotiation messages are exchanged between the initiating device and the communications controller via the secure connection to obtain session key data in an electronic storage location accessible to the initiating device. The secure connection terminates once the session key data has been obtained. In a subsequent communication event establishment phase—after the session key data has been obtained and the secure connection has terminated in the pre-establishment phase—a communication event request is transmitted from the initiating device to the communications controller comprising a payload encrypted with the session key data.Type: GrantFiled: October 17, 2018Date of Patent: October 1, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Uladzimir A. Skuratovich, Namendra Kumar, Andrey Belenko, Timothy Mark Moore
-
Patent number: 10432591Abstract: A communication event is established between an initiating device and a responding device under the control of a remote communications controller. In a pre-communication event establishment phase, a secure connection is established between the initiating device and the communications controller, and session key negotiation messages are exchanged between the initiating device and the communications controller via the secure connection to obtain session key data in an electronic storage location accessible to the initiating device. The secure connection terminates once the session key data has been obtained. In a subsequent communication event establishment phase—after the session key data has been obtained and the secure connection has terminated in the pre-establishment phase—a communication event request is transmitted from the initiating device to the communications controller comprising a payload encrypted with the session key data.Type: GrantFiled: October 17, 2018Date of Patent: October 1, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Uladzimir A. Skuratovich, Namendra Kumar, Andrey Belenko, Timothy Mark Moore
-
Patent number: 10362069Abstract: A session is established between an initiating device and a remote device. A session request is transmitted from the initiating device to the remote device according to a preferred networking protocol. If no provisional response to the request is received at the initiating device within an initial duration, the initiating device transmits another session request to the other device according to a non-preferred protocol. If a provisional response to the request is received within the initial duration, the initiating device continues to monitor the elapsed time for an so extended duration. If no final response to the request is received within the extended duration, the initiating device transmits another session request to the other device according to a non-preferred protocol. If a final response is received within the extended duration, a session between the initiating device and the other device is established according to the preferred networking protocol.Type: GrantFiled: December 3, 2015Date of Patent: July 23, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Uladzimir A. Skuratovich, Namendra Kumar, Andrey Belenko, Timothy Mark Moore
-
Patent number: 10341267Abstract: A computer system comprises computer storage holding a plurality of code modules, one or more processors and a communication system. The one or more processors are configured to execute the code modules and thereby implement the bots. The communication system comprises a message relay and an anonymized identifier generator. The message relay is configured to receive a message comprising an identifier of a user and an identifier of a target one of the bots. The anonymized identifier generator is configured to generate an anonymized identifier of the user unique to the target bot, by applying an anonymization function to the user identifier and the bot identifier in the message. The message relay is configured to transmit to the target bot a version of the message, which comprises the anonymized user identifier and does not include the user identifier, wherein the user identifier is not rendered accessible to the target bot.Type: GrantFiled: June 20, 2016Date of Patent: July 2, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Farookh Mohammed, Krishnan Ananthanarayanan, Alexey Pikin, Mieszko G. Matkowski, Andrey Belenko
-
Publication number: 20190132365Abstract: A communication event is established between an initiating device and a responding device under the control of a remote communications controller. In a pre-session establishment phase: a compression dictionary or a dictionary link that identifies an addressable memory location, at which a compression dictionary is held, is received at the initiating device. The received compression dictionary or the received dictionary link is stored in electronic storage of the initiating device. In response to a communication event establishment instruction received at the initiating device after the dictionary or the dictionary link has been received and stored at the initiating device, a session is established between the initiating device and the communications controller by the initiating device transmitting an initial session establishment message—compressed using the dictionary—to the communications controller to establish the communication event.Type: ApplicationFiled: December 13, 2018Publication date: May 2, 2019Inventors: Uladzimir A. Skuratovich, Namendra Kumar, Andrey Belenko, Timothy Mark Moore
-
Publication number: 20190052608Abstract: A communication event is established between an initiating device and a responding device under the control of a remote communications controller. In a pre-communication event establishment phase, a secure connection is established between the initiating device and the communications controller, and session key negotiation messages are exchanged between the initiating device and the communications controller via the secure connection to obtain session key data in an electronic storage location accessible to the initiating device. The secure connection terminates once the session key data has been obtained. In a subsequent communication event establishment phase—after the session key data has been obtained and the secure connection has terminated in the pre-establishment phase—a communication event request is transmitted from the initiating device to the communications controller comprising a payload encrypted with the session key data.Type: ApplicationFiled: October 17, 2018Publication date: February 14, 2019Inventors: Uladzimir A. Skuratovich, Namendra Kumar, Andrey Belenko, Timothy Mark Moore
-
Publication number: 20190052609Abstract: A communication event is established between an initiating device and a responding device under the control of a remote communications controller. In a pre-communication event establishment phase, a secure connection is established between the initiating device and the communications controller, and session key negotiation messages are exchanged between the initiating device and the communications controller via the secure connection to obtain session key data in an electronic storage location accessible to the initiating device. The secure connection terminates once the session key data has been obtained. In a subsequent communication event establishment phase—after the session key data has been obtained and the secure connection has terminated in the pre-establishment phase—a communication event request is transmitted from the initiating device to the communications controller comprising a payload encrypted with the session key data.Type: ApplicationFiled: October 17, 2018Publication date: February 14, 2019Inventors: Uladzimir A. Skuratovich, Namendra Kumar, Andrey Belenko, Timothy Mark Moore
-
Patent number: 10193934Abstract: A communication event is established between an initiating device and a responding device under the control of a remote communications controller. In a pre-session establishment phase: a compression dictionary or a dictionary link that identifies an addressable memory location, at which a compression dictionary is held, is received at the initiating device. The received compression dictionary or the received dictionary link is stored in electronic storage of the initiating device. In response to a communication event establishment instruction received at the initiating device after the dictionary or the dictionary link has been received and stored at the initiating device, a session is established between the initiating device and the communications controller by the initiating device transmitting an initial session establishment message—compressed using the dictionary—to the communications controller to establish the communication event.Type: GrantFiled: December 3, 2015Date of Patent: January 29, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Uladzimir A. Skuratovich, Namendra Kumar, Andrey Belenko, Timothy Mark Moore
-
Publication number: 20180167203Abstract: A secure key system is described that distributes a private key of a key server to an edge server for encryption on behalf of an owner of the private key when establishing a session with a client. To distribute the private key, the key server receives from the edge server a quote generated by a secure enclave of the edge server. The quote attests to code of the secure enclave. The key server verifies the quote to ensure that the code of the secure enclave is trusted code. The key server encrypts the private key using a key of the edge server and sends the encrypted private key to the code of the secure enclave. The code of the secure enclave decrypts the private key using its key. Untrusted code of the edge server then requests the code of the secure enclave to perform cryptographic actions using the private key.Type: ApplicationFiled: December 9, 2016Publication date: June 14, 2018Inventor: Andrey Belenko
-
Publication number: 20170366478Abstract: A computer system comprises computer storage holding a plurality of code modules, one or more processors and a communication system. The one or more processors are configured to execute the code modules and thereby implement the bots. The communication system comprises a message relay and an anonymized identifier generator. The message relay is configured to receive a message comprising an identifier of a user and an identifier of a target one of the bots. The anonymized identifier generator is configured to generate an anonymized identifier of the user unique to the target bot, by applying an anonymization function to the user identifier and the bot identifier in the message. The message relay is configured to transmit to the target bot a version of the message, which comprises the anonymized user identifier and does not include the user identifier, wherein the user identifier is not rendered accessible to the target bot.Type: ApplicationFiled: June 20, 2016Publication date: December 21, 2017Applicant: Microsoft Technology Licensing, LLCInventors: Farookh P. Mohammed, Krishnan Ananthanarayanan, Alexey Pikin, Mieszko G. Matkowski, Andrey Belenko
-
Publication number: 20170163693Abstract: A session is established between an initiating device and a remote device. A session request is transmitted from the initiating device to the remote device according to a preferred networking protocol. If no provisional response to the request is received at the initiating device within an initial duration, the initiating device transmits another session request to the other device according to a non-preferred protocol. If a provisional response to the request is received within the initial duration, the initiating device continues to monitor the elapsed time for an so extended duration. If no final response to the request is received within the extended duration, the initiating device transmits another session request to the other device according to a non-preferred protocol. If a final response is received within the extended duration, a session between the initiating device and the other device is established according to the preferred networking protocol.Type: ApplicationFiled: December 3, 2015Publication date: June 8, 2017Inventors: Uladzimir A. Skuratovich, Namendra Kumar, Andrey Belenko, Timothy Mark Moore
-
Publication number: 20170163607Abstract: A communication event is established between an initiating device and a responding device under the control of a remote communications controller. In a pre-communication event establishment phase, a secure connection is established between the initiating device and the communications controller, and session key negotiation messages are exchanged between the initiating device and the communications controller via the secure connection to obtain session key data in an electronic storage location accessible to the initiating device. The secure connection terminates once the session key data has been obtained. In a subsequent communication event establishment phase—after the session key data has been obtained and the secure connection has terminated in the pre-establishment phase—a communication event request is transmitted from the initiating device to the communications controller comprising a payload encrypted with the session key data.Type: ApplicationFiled: December 3, 2015Publication date: June 8, 2017Inventors: Uladzimir A. Skuratovich, Namendra Kumar, Andrey Belenko, Timothy Mark Moore
-
Publication number: 20170163694Abstract: A communication event is established between an initiating device and a responding device under the control of a remote communications controller. In a pre-session establishment phase: a compression dictionary or a dictionary link that identifies an addressable memory location, at which a compression dictionary is held, is received at the initiating device. The received compression dictionary or the received dictionary link is stored in electronic storage of the initiating device. In response to a communication event establishment instruction received at the initiating device after the dictionary or the dictionary link has been received and stored at the initiating device, a session is established between the initiating device and the communications controller by the initiating device transmitting an initial session establishment message—compressed using the dictionary—to the communications controller to establish the communication event.Type: ApplicationFiled: December 3, 2015Publication date: June 8, 2017Inventors: Uladzimir A. Skuratovich, Namendra Kumar, Andrey Belenko, Timothy Mark Moore