Patents by Inventor Ashok Chandrasekaran
Ashok Chandrasekaran has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11762980Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution. A secrets management service (“SMS”) can be utilized to store, renew and distribute secrets in a distributed computing environment. The secrets are initially deployed, after which, SMS can automatically renew the secrets according to a specified rollover policy, and polling agents can fetch updates from SMS. In various embodiments, SMS can autonomously rollover client certificates for authentication of users who access a security critical service, autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored. In this manner, secrets can be automatically renewed without any manual orchestration and/or the need to redeploy services.Type: GrantFiled: March 14, 2018Date of Patent: September 19, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Brian S. Lounsberry, Ashok Chandrasekaran, Chetan S. Shankar, Chandan R. Reddy, Chuang Wang, Kahren Tevosyan, Mark Eugene Russinovich, Vyom P. Munshi, Pavel Zakharov, Abhishek Pratap Singh Chauhan
-
Publication number: 20220353256Abstract: Usage-limited passcodes support authentication when onboarding new employees, when recovering access after an enrolled device is lost or temporarily unavailable, or when registering passwordless authentication methods for new devices during an out of the box setup, among other scenarios. Usage-limited passcodes are also referred to as “temporary access passes” or TAPs. TAP usage may be limited to a specific number of uses, particular kinds of uses, certain time periods, or a combination thereof. A TAP includes a code string and an implementation of corresponding tokens, rights, and other identity aspects within an enhanced access control infrastructure. TAP usage may supplement or replace other authentication, and in particular may replace authentication through a username and password combination, thereby enhancing both usability and security. Self-service identity confirmation may be used to obtain a TAP. Redirection to a federated domain identity provider may be avoided during TAP authentication.Type: ApplicationFiled: April 29, 2021Publication date: November 3, 2022Inventors: Inbar CIZER KOBRINSKY, Anirban BASU, Ananda SINHA, Sarat SUBRAMANIAM, Alexander T. WEINERT, Nitika GUPTA, Kamen MOUTAFOV, Ashok CHANDRASEKARAN
-
Patent number: 11451405Abstract: Various methods and systems are provided for providing on-demand emergency management. On-demand emergency management includes emergency management operations (e.g., certificate update operations or managed-secrets rollover operations) for accelerated deployment and expedited installation of certificates or secrets. In operation, a host secret manager on a host machine communicates with client secret managers on virtual machines running the host machine, to provide expedited installation of secrets on the virtual machines. During the certificate update operations, the host secret manager communicates the certificate update secret package having a new secret state to a client secret manager that installs the new certificate state on the virtual machine.Type: GrantFiled: February 14, 2019Date of Patent: September 20, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Brian Scott Lounsberry, Saurav Sinha, Chuanxin Fang, Ashok Chandrasekaran
-
Publication number: 20220083643Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution. A secrets management service (“SMS”) can be utilized to store, renew and distribute secrets in a distributed computing environment. The secrets are initially deployed, after which, SMS can automatically renew the secrets according to a specified rollover policy, and polling agents can fetch updates from SMS. In various embodiments, SMS can autonomously rollover client certificates for authentication of users who access a security critical service, autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored. In this manner, secrets can be automatically renewed without any manual orchestration and/or the need to redeploy services.Type: ApplicationFiled: November 30, 2021Publication date: March 17, 2022Inventors: Brian S. LOUNSBERRY, Ashok CHANDRASEKARAN, Chetan S. SHANKAR, Chandan R. REDDY, Chuang WANG, Kahren TEVOSYAN, Mark Eugene RUSSINOVICH, Vyom P. MUNSHI, Pavel ZAKHAROV, Abhishek CHAUHAN
-
Patent number: 10965457Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution across scope boundaries. A cross-scope secrets management service (“SMS”) can be utilized to store, renew and distribute secrets across boundaries in a distributed computing environment such as regional boundaries. In some embodiments, locally scoped secrets management services subscribe to receive updates from the cross-scope secrets management service. As secrets are renewed, they are automatically propagated to a subscribing local scope and distributed by the local secrets management service. In various embodiments, SMS can autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored.Type: GrantFiled: March 14, 2018Date of Patent: March 30, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Brian S. Lounsberry, Ashok Chandrasekaran, Chandan R. Reddy, Chuang Wang, Kahren Tevosyan, Mark Eugene Russinovich, Srinivas S. Nidadavolu, Vyom P. Munshi
-
Patent number: 10819701Abstract: Various methods and systems are provided for autonomous management for a managed service identity. A first token request, for a secret, is generated at a managed service. The secret supports authenticating the managed service for performing operations in a distributed computing environment. The first token request includes an identity identifier of the managed service. The first token request is communicated to a credentials manager which is associated with a secrets management service (“SMS”) that can be utilized to store, renew and distribute secrets in the distributed computing environment. Based on communicating the first token request to credentials manager, the token is received, via the credentials manager, from the secret token service. The token is received based in part on the credentials manager generating a second token request for the token and communicating the second token request and a secret associated with the managed service to the secret token service.Type: GrantFiled: March 14, 2018Date of Patent: October 27, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Abhinav Bose, Kahren Tevosyan, Chandan R. Reddy, Ashok Chandrasekaran
-
Publication number: 20200267004Abstract: Various methods and systems are provided for providing on-demand emergency management. On-demand emergency management includes emergency management operations (e.g., certificate update operations or managed-secrets rollover operations) for accelerated deployment and expedited installation of certificates or secrets. In operation, a host secret manager on a host machine communicates with client secret managers on virtual machines running the host machine, to provide expedited installation of secrets on the virtual machines. During the certificate update operations, the host secret manager communicates the certificate update secret package having a new secret state to a client secret manager that installs the new certificate state on the virtual machine.Type: ApplicationFiled: February 14, 2019Publication date: August 20, 2020Inventors: Brian Scott LOUNSBERRY, Saurav SINHA, Chuanxin FANG, Ashok CHANDRASEKARAN
-
Patent number: 10722789Abstract: In various embodiments, methods and systems for game development based on an integrated game development cloud computing platform are provided. Development components that facilitate game development using an integrated game-cloud component are initiated. An input is received to perform a game development task. The game development task is associated with one or more games. The game development task is executed using the integrated game-cloud component. The integrated game-cloud component comprises a game-development-platform development component and a cloud-computing-platform development component combined into an integrated development component supported on the integrated game development cloud computing platform. The game development task can be associated with a first game-platform and a second game-platform of a selected game. The game-platform functions with a cross-platform support component having an integrated core module and an integrated game-platform module.Type: GrantFiled: January 31, 2014Date of Patent: July 28, 2020Inventors: George M. Moore, John Peter Bruno, Jr., Donald McNamara, Ashok Chandrasekaran, David R. Reed, Chad Curtis Gibson
-
Publication number: 20190286812Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution. A secrets management service (“SMS”) can be utilized to store, renew and distribute secrets in a distributed computing environment. The secrets are initially deployed, after which, SMS can automatically renew the secrets according to a specified rollover policy, and polling agents can fetch updates from SMS. In various embodiments, SMS can autonomously rollover client certificates for authentication of users who access a security critical service, autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored. In this manner, secrets can be automatically renewed without any manual orchestration and/or the need to redeploy services.Type: ApplicationFiled: March 14, 2018Publication date: September 19, 2019Inventors: Brian S. LOUNSBERRY, Ashok CHANDRASEKARAN, Chetan S. SHANKAR, Chandan R. REDDY, Chuang WANG, Kahren TEVOSYAN, Mark Eugene RUSSINOVICH, Vyom P. MUNSHI, Pavel ZAKHAROV, Abhishek Pratap Singh CHAUHAN
-
Publication number: 20190288839Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution across scope boundaries. A cross-scope secrets management service (“SMS”) can be utilized to store, renew and distribute secrets across boundaries in a distributed computing environment such as regional boundaries. In some embodiments, locally scoped secrets management services subscribe to receive updates from the cross-scope secrets management service. As secrets are renewed, they are automatically propagated to a subscribing local scope and distributed by the local secrets management service. In various embodiments, SMS can autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored.Type: ApplicationFiled: March 14, 2018Publication date: September 19, 2019Inventors: Brian S. LOUNSBERRY, Ashok CHANDRASEKARAN, Chandan R. REDDY, Chuang WANG, Kahren TEVOSYAN, Mark Eugene RUSSINOVICH, Srinivas S. NIDADAVOLU, Vyom P. MUNSHI
-
Publication number: 20190288995Abstract: Various methods and systems are provided for autonomous management for a managed service identity. A first token request, for a secret, is generated at a managed service. The secret supports authenticating the managed service for performing operations in a distributed computing environment. The first token request includes an identity identifier of the managed service. The first token request is communicated to a credentials manager which is associated with a secrets management service (“SMS”) that can be utilized to store, renew and distribute secrets in the distributed computing environment. Based on communicating the first token request to credentials manager, the token is received, via the credentials manager, from the secret token service. The token is received based in part on the credentials manager generating a second token request for the token and communicating the second token request and a secret associated with the managed service to the secret token service.Type: ApplicationFiled: March 14, 2018Publication date: September 19, 2019Inventors: Abhinav BOSE, Kahren TEVOSYAN, Chandan R. REDDY, Ashok CHANDRASEKARAN
-
Patent number: 10374974Abstract: Embodiments of the present invention monitor and dynamically allocate computing resources to a game service. A game service provides a remote gaming environments to which users connect over a wide area network, such as the internet. A game session runs a single instance of a game title. The game session runs the video game code responsible for creating the playing experience for the users. In another embodiment, the number of active game sessions is monitored and computing resources are allocated dynamically as the number of sessions increases or decreases.Type: GrantFiled: March 17, 2017Date of Patent: August 6, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: John Peter Bruno, Donald James McNamara, Ashok Chandrasekaran, Christopher Lane Boedigheimer, Per-Ola Anders Orvendal, Joseph Cusimano, Scott Q. Longstreet
-
Publication number: 20170195251Abstract: Embodiments of the present invention monitor and dynamically allocate computing resources to a game service. A game service provides a remote gaming environments to which users connect over a wide area network, such as the internet. A game session runs a single instance of a game title. The game session runs the video game code responsible for creating the playing experience for the users. In another embodiment, the number of active game sessions is monitored and computing resources are allocated dynamically as the number of sessions increases or decreases.Type: ApplicationFiled: March 17, 2017Publication date: July 6, 2017Inventors: JOHN PETER BRUNO, DONALD JAMES MCNAMARA, ASHOK CHANDRASEKARAN, CHRISTOPHER LANE BOEDIGHEIMER, PER-OLA ANDERS ORVENDAL, JOSEPH CUSIMANO, SCOTT Q. LONGSTREET
-
Patent number: 9628332Abstract: Embodiments of the present invention monitor and dynamically allocate computing resources to a game service. A game service provides a remote gaming environments to which users connect over a wide area network, such as the internet. A game session runs a single instance of a game title. The game session runs the video game code responsible for creating the playing experience for the users. In another embodiment, the number of active game sessions is monitored and computing resources are allocated dynamically as the number of sessions increases or decreases.Type: GrantFiled: May 20, 2013Date of Patent: April 18, 2017Assignee: Microsoft Technology Licensing, LLCInventors: John Peter Bruno, Jr., Donald James McNamara, Ashok Chandrasekaran, Christopher Lane Boedigheimer, Per-Ola Anders Orvendal, Joseph Cusimano, Scott Q. Longstreet
-
Patent number: 9544400Abstract: Embodiments provide automated access policy enforcement, content rule enforcement, and data transformations in a binary large object (blob) storage service. Verified and unverified clients are allowed varying degrees of access to stored blobs. In response to a read request associated with a target blob of a particular blob type, criteria from the read request are used to execute one or more transformation functions defined by the blob type to create transformed data, and the transformed data is provided to the client. In response to a write request including a target blob of a particular blob type, a set of content rules associated with the blob type is executed against the target blob. The target blob is stored based on the content rules being successfully executed.Type: GrantFiled: July 13, 2015Date of Patent: January 10, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Michael Alyn Miller, Christopher Lane Boedigheimer, David James Whiteford, Ashok Chandrasekaran
-
Patent number: 9433862Abstract: Embodiments of the present invention monitor and dynamically allocate computing resources to game sessions running within a game service. A game service provides a remote gaming environments to which users connect over a wide area network, such as the internet. A game session runs a single instance of a game title. The game session runs the video game code responsible for creating the playing experience for the users. Various characteristics of the game session may be monitored and used to allocate computing resources. Usage of computing resources, such as central processing unit (“CPU”) may be monitored directly. In another embodiment, the number of players connected to the game session is monitored and computing resources are allocated dynamically as the number of players increases or decreases.Type: GrantFiled: February 12, 2013Date of Patent: September 6, 2016Assignee: Microsoft Technology Licensing, LLCInventors: John Peter Bruno, Jr., Donald James McNamara, Scott Q. Longstreet, Ashok Chandrasekaran, Christopher Lane Boedigheimer, Per-Ola Anders Orvendal, Joseph Cusimano
-
Publication number: 20160028858Abstract: Embodiments provide automated access policy enforcement, content rule enforcement, and data transformations in a binary large object (blob) storage service. Verified and unverified clients are allowed varying degrees of access to stored blobs. In response to a read request associated with a target blob of a particular blob type, criteria from the read request are used to execute one or more transformation functions defined by the blob type to create transformed data, and the transformed data is provided to the client. In response to a write request including a target blob of a particular blob type, a set of content rules associated with the blob type is executed against the target blob. The target blob is stored based on the content rules being successfully executed.Type: ApplicationFiled: July 13, 2015Publication date: January 28, 2016Inventors: Michael Alyn Miller, Christopher Lane Boedigheimer, David James Whiteford, Ashok Chandrasekaran
-
Patent number: 9182978Abstract: Embodiments provide rule-based application configuration using a network service. A configuration parameter associated with an application includes a rule that specifies configuration data based on one or more criteria, such as by selecting a configuration value from a plurality of available configuration values. A request for configuration data corresponding to the configuration parameter is received from a client. The request includes one or more criteria describing a user associated with the client. Customized configuration data is determined based on the rule and the criteria of the request, and the customized configuration data is provided to the client. The client executes the application (e.g., a game) based on the customized configuration data.Type: GrantFiled: December 13, 2012Date of Patent: November 10, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Michael Alyn Miller, Christopher Lane Boedigheimer, David James Whiteford, Ashok Chandrasekaran
-
Patent number: 9112935Abstract: Embodiments provide automated access policy enforcement, content rule enforcement, and data transformations in a binary large object (blob) storage service. Verified and unverified clients are allowed varying degrees of access to stored blobs. In response to a read request associated with a target blob of a particular blob type, criteria from the read request are used to execute one or more transformation functions defined by the blob type to create transformed data, and the transformed data is provided to the client. In response to a write request including a target blob of a particular blob type, a set of content rules associated with the blob type is executed against the target blob. The target blob is stored based on the content rules being successfully executed.Type: GrantFiled: December 13, 2012Date of Patent: August 18, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Michael Alyn Miller, Christopher Lane Boedigheimer, David James Whiteford, Ashok Chandrasekaran
-
Publication number: 20150057078Abstract: In various embodiments, methods and systems for game development based on an integrated game development cloud computing platform are provided. Development components that facilitate game development using an integrated game-cloud component are initiated. An input is received to perform a game development task. The game development task is associated with one or more games. The game development task is executed using the integrated game-cloud component. The integrated game-cloud component comprises a game-development-platform development component and a cloud-computing-platform development component combined into an integrated development component supported on the integrated game development cloud computing platform. The game development task can be associated with a first game-platform and a second game-platform of a selected game. The game-platform functions with a cross-platform support component having an integrated core module and an integrated game-platform module.Type: ApplicationFiled: January 31, 2014Publication date: February 26, 2015Applicant: MICROSOFT CORPORATIONInventors: GEORGE M. MOORE, JOHN PETER BRUNO, JR., DONALD MCNAMARA, ASHOK CHANDRASEKARAN, DAVID R. REED, CHAD CURTIS GIBSON