Patents by Inventor Benjamin M. Schultz
Benjamin M. Schultz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220147465Abstract: Memory is partitioned and isolated in container-based memory enclaves. The container-based memory enclaves have attestable security guarantees. During provisioning of the container-based memory enclaves from a container image, a purported link in the container to a memory address of the enclave is modified to verifiably link to an actual memory address of the host, such as partitioned memory enclave. In some instances, enclave attestation reports can be validated without transmitting corresponding attestation requests to remote attestation services, based on previous attestation of one or more previous container attestation reports from a similar container and without requiring end-to-end attestation between the container and remote attestation service for each new attestation request.Type: ApplicationFiled: January 20, 2022Publication date: May 12, 2022Inventors: Maxwell Christopher Renke, Taylor James Stark, Benjamin M. Schultz, Giridhar Viswanathan, Frederick Justus Smith, Deepu Chandy Thomas, Hari R. Pulapaka, Amber Tianqi Guo
-
Publication number: 20220131746Abstract: Disclosed herein are systems, methods, computer media, and apparatuses for providing resource tracking, such as in a data center environment. A control and monitoring node receives updates indicating instantiation of resources in the computing system network. The control and monitoring node determines that there are duplicate resources in the network, and then determines which of the duplicate resources to provide connectivity to. The control and monitoring node provides network configuration updates to various networking resources in the network to provide network connectivity to the one of the duplicate resources in the network.Type: ApplicationFiled: January 11, 2022Publication date: April 28, 2022Inventors: Mohit Garg, Benjamin M. Schultz, Poornananda R. Gaddehosur
-
Patent number: 11290488Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: GrantFiled: February 15, 2019Date of Patent: March 29, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
-
Patent number: 11256785Abstract: Memory is partitioned and isolated in container-based memory enclaves. The container-based memory enclaves have attestable security guarantees. During provisioning of the container-based memory enclaves from a container image, a purported link in the container to a memory address of the enclave is modified to verifiably link to an actual memory address of the host, such as partitioned memory enclave. In some instances, enclave attestation reports can be validated without transmitting corresponding attestation requests to remote attestation services, based on previous attestation of one or more previous container attestation reports from a similar container and without requiring end-to-end attestation between the container and remote attestation service for each new attestation request.Type: GrantFiled: September 9, 2019Date of Patent: February 22, 2022Assignee: MICROSOFT TECHNOLOGLY LICENSING, LLCInventors: Maxwell Christopher Renke, Taylor James Stark, Benjamin M. Schultz, Giridhar Viswanathan, Frederick Justus Smith, Deepu Chandy Thomas, Hari R. Pulapaka, Amber Tianqi Guo
-
Patent number: 11228483Abstract: Disclosed herein are systems, methods, computer media, and apparatuses for providing resource tracking, such as in a data center environment. A control and monitoring node receives updates indicating instantiation of resources in the computing system network. The control and monitoring node determines that there are duplicate resources in the network, and then determines which of the duplicate resources to provide connectivity to. The control and monitoring node provides network configuration updates to various networking resources in the network to provide network connectivity to the one of the duplicate resources in the network.Type: GrantFiled: April 28, 2021Date of Patent: January 18, 2022Assignee: MICROSOFT TECHNOLOGLY LICENSING, LLCInventors: Mohit Garg, Benjamin M. Schultz, Poornananda R. Gaddehosur
-
Publication number: 20220012044Abstract: Enacting a compliance action using an assessment that considers a mix of coldpatches and hotpatches includes identifying a policy defining the compliance condition based on patching status of a software component. A patching state of the software component is determined, including identifying evidence of coldpatched binary file(s) and hotpatch binary file(s) applicable to the software component, and using the evidence to determine whether or not the hotpatch binary file(s) have been applied to a memory image into which an instance of the software component is loaded. Based on the policy and on the patching state of the software component, a compliance action is enacted for the compliance condition. The compliance action includes generating a health report or a health attestation, initiating a patching action, initiating an execution control action, and the like.Type: ApplicationFiled: July 9, 2020Publication date: January 13, 2022Inventors: Maxwell Christopher RENKE, Benjamin M. SCHULTZ, Yevgeniy BAK, Vijaykumar SHARMA, Apurva Ashvinkumar THANKY, Hari R. PULAPAKA
-
Patent number: 11210106Abstract: To provide a hierarchical visual paradigm while maintaining the communication advantages of sibling extensions, a visual hierarchy simulation extension generates and maintains placeholders in a visually hierarchical manner, with the visual positioning of such placeholders informing the visual positioning of overlays of frames hosting the visual output of sibling extensions. Such a visual hierarchy simulation extension is utilized to layout and establish a desired visual hierarchy. One or more modules of computer-executable instructions are invoked to provide the relevant functionality, including the obtaining of the visual positioning of placeholders, the relevant visual translation between the visual positioning of placeholders and the visual overlaying of corresponding frames, the generation and movement of the corresponding frames, and the instantiation of extension content within the corresponding frames. The visual hierarchy simulation extension is hosted independently from the one or more modules.Type: GrantFiled: January 28, 2020Date of Patent: December 28, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Julia Margaret Binger, Timothy Daniel Barber, Masato Maeda, Matthew James Wilson, Rayman Faruk Aeron, Amber Tianqi Guo, Shanmugha Priya Satheesh, Benjamin M Schultz, Jyotirmaya Tripathi, Jong Gyu Lee
-
Patent number: 11200300Abstract: Techniques for secure sharing of data in computing systems are disclosed herein. In one embodiment, a method includes when exchanging data between the host operating system and the guest operating system, encrypting, at a trusted platform module (TPM) of the host, data to be exchanged with a first key to generate encrypted data. The method also includes transmitting the encrypted data from the host operating system to the guest operating system and decrypting, at the guest operating system, the transmitted encrypted data using a second key previously exchanged between the TPM of the host and a virtual TPM of the guest operating system.Type: GrantFiled: June 20, 2018Date of Patent: December 14, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Giridhar Viswanathan, Sudeep Kumar Ghosh, Ankit Srivastava, Michael Trevor Pashniak, Benjamin M Schultz, Balaji Balasubramanyan, Hari R Pulapaka, Tushar Suresh Sugandhi, Matthew David Kurjanowicz, Ahmed Saruhan Karademir
-
Publication number: 20210382739Abstract: A fine-grain selectable partially privileged container virtual computing environment provides a vehicle by which processes that are directed to modifying specific aspects of a host computing environment can be delivered to, and executed upon, the host computing environment while simultaneously maintaining the advantageous and desirable protections and isolations between the remaining aspects of the host computing environment and the partially privileged container computing environment. Such partial privilege is provided based upon directly or indirectly delineated actions that are allowed to be undertaken on the host computing environment by processes executing within the partially privileged container virtual computing environment and actions which are not allowed.Type: ApplicationFiled: June 4, 2020Publication date: December 9, 2021Inventors: Amber Tianqi GUO, Frederick J. SMITH, IV, John STARKS, Lars REUTHER, Deepu THOMAS, Hari R. PULAPAKA, Benjamin M. SCHULTZ, Judy J. LIU
-
Publication number: 20210266221Abstract: Disclosed herein are systems, methods, computer media, and apparatuses for providing resource tracking, such as in a data center environment. A control and monitoring node receives updates indicating instantiation of resources in the computing system network. The control and monitoring node determines that there are duplicate resources in the network, and then determines which of the duplicate resources to provide connectivity to. The control and monitoring node provides network configuration updates to various networking resources in the network to provide network connectivity to the one of the duplicate resources in the network.Type: ApplicationFiled: April 28, 2021Publication date: August 26, 2021Inventors: Mohit Garg, Benjamin M. Schultz, Poornananda R. Gaddehosur
-
Patent number: 11100243Abstract: Technologies are described for selective persistence of data utilized by software containers. A configuration policy is defined that includes data that specifies one or more data stores for which data is not to be persisted following accesses to a software container and one or more data stores for which data is to be persisted following accesses to the software container. When the software container is first accessed, the data stores identified in the configuration policy are attached to the software container. Upon a subsequent access to the container, such as at the conclusion of a user session or upon destruction of the container, the data in the attached data stores is persisted or deleted based upon the configuration policy. When the software container is once again accessed, the data store containing the persisted data can be re-attached to the software container.Type: GrantFiled: January 15, 2018Date of Patent: August 24, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Margarit Simeonov Chenchev, Benjamin M. Schultz, Giridhar Viswanathan, Balaji Balasubramanyan, Yanan Zhang, Frederick Justus Smith, Hari R. Pulapaka, David Weston
-
Publication number: 20210232408Abstract: To provide a hierarchical visual paradigm while maintaining the communication advantages of sibling extensions, a visual hierarchy simulation extension generates and maintains placeholders in a visually hierarchical manner, with the visual positioning of such placeholders informing the visual positioning of overlays of frames hosting the visual output of sibling extensions. Such a visual hierarchy simulation extension is utilized to layout and establish a desired visual hierarchy. One or more modules of computer-executable instructions are invoked to provide the relevant functionality, including the obtaining of the visual positioning of placeholders, the relevant visual translation between the visual positioning of placeholders and the visual overlaying of corresponding frames, the generation and movement of the corresponding frames, and the instantiation of extension content within the corresponding frames. The visual hierarchy simulation extension is hosted independently from the one or more modules.Type: ApplicationFiled: January 28, 2020Publication date: July 29, 2021Applicant: Microsoft Technology Licensing, LLCInventors: Julia Margaret BINGER, Timothy Daniel BARBER, Masato MAEDA, Matthew James WILSON, Rayman Faruk AERON, Amber Tianqi GUO, Shanmugha Priya SATHEESH, Benjamin M SCHULTZ, Jyotirmaya TRIPATHI, Jong Gyu LEE
-
Patent number: 11074323Abstract: Securely performing file operations. A method includes determining a licensing characteristic assigned to a file. When the licensing characteristic assigned to the file meets or exceeds a predetermined licensing condition, then the method includes performing a file operation on the file in a host operating system while preventing the file operation from being performed in the guest operating system. When the licensing characteristic assigned to the file does not meet or exceed the predetermined licensing condition, then the method includes performing the file operation on the file in the guest operating system while preventing the file operation from being performed directly in the host operating system.Type: GrantFiled: June 21, 2018Date of Patent: July 27, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Benjamin M. Schultz, Balaji Balasubramanyan, Giridhar Viswanathan, Ankit Srivastava, Margarit Simeonov Chenchev, Hari R. Pulapaka, Nived Kalappuraikal Sivadas, Raphael Gianotti Serrano dos Santo, Narasimhan Ramasubramanian, Frederick Justus Smith, Matthew David Kurjanowicz, Prakhar Srivastava, Jonathan Schwartz
-
Publication number: 20210182078Abstract: A layered composite boot device, and a corresponding layered composite file system, can be implemented by a boot manager. Requests directed to the layered composite boot device and file system, can be serviced from a primary device and file system that are encapsulated by the layered composite boot device and file system. The primary device and file system can correspond to a virtualized file system within a container environment, thereby enabling changes within the container environment to affect early stages of operating system booting in the container environment. Should such requests not be serviceable from the primary layers, the composite device and file system can comprise secondary layers that can correspond to a container host connection and the host file system, providing fallback to existing data if changes within the container environment were not made, thereby enabling booting to proceed in a traditional manner.Type: ApplicationFiled: December 16, 2019Publication date: June 17, 2021Inventors: Axel RIETSCHIN, Margarit Simeonov CHENCHEV, Frederick J. SMITH, IV, Benjamin M. SCHULTZ, Hari R. PULAPAKA
-
Patent number: 11005710Abstract: Disclosed herein are systems, methods, computer media, and apparatuses for providing resource tracking, such as in a data center environment. A control and monitoring node receives updates indicating instantiation of resources in the computing system network. The control and monitoring node determines that there are duplicate resources in the network, and then determines which of the duplicate resources to provide connectivity to. The control and monitoring node provides network configuration updates to various networking resources in the network to provide network connectivity to the one of the duplicate resources in the network.Type: GrantFiled: October 30, 2015Date of Patent: May 11, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Mohit Garg, Benjamin M. Schultz, Poornananda R. Gaddehosur
-
Publication number: 20210133312Abstract: Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.Type: ApplicationFiled: November 1, 2019Publication date: May 6, 2021Inventors: Tushar Suresh SUGANDHI, Amber Tianqi GUO, Balaji BALASUBRAMANYAN, Abhijat SINGH, Ahmed Saruhan KARADEMIR, Benjamin M. SCHULTZ, Hari R. PULAPAKA, Gupta SHUBHAM, Chase THOMAS, Carlos Ernesto Peza RAMIREZ
-
Publication number: 20210109774Abstract: A virtualization partition (VP) is executed by a virtualization layer. The VP contains guest software that executes in isolation within the VP. The guest software has a background task (BT) that needs to be performed in the future. The BT is virtualized by a BT service that executes outside of the VP. The guest software registers the BT, through the virtualization layer, with a BT virtualization service. An event occurs outside of the VP that triggers the BT. The BT virtualization service responds to the event by assuring that the VP is available (executing), and optionally triggers (possibly indirectly) the execution of code in the application.Type: ApplicationFiled: October 14, 2019Publication date: April 15, 2021Inventors: Margarit CHENCHEV, Benjamin M. SCHULTZ, Gopikrishna KANNAN, Graham WONG, Harish SRINIVASAN, Arup ROY, Hari PULAPAKA
-
Patent number: 10922123Abstract: Techniques of migrating containerized software packages between source and destination computing devices are disclosed herein. In one embodiment, a method includes receiving, at a destination device, a request to migrate a source container currently executing on the source device to the destination device. The method also includes synchronizing a list of handles utilized by the source container on the source device between the destination device and the source device and instantiating, in the destination device, a destination container using a copy of an image, a memory snapshot, and the synchronized list of handles of the source container on the source device. Upon completion of instantiating the destination container, the destination device can transmit a remote display output of the application to be surfaced on the source device in place of the local display output generated by the source container.Type: GrantFiled: December 12, 2018Date of Patent: February 16, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Frederick Justus Smith, IV, Paul Bozzay, Benjamin M. Schultz, Margarit Chenchev, Hari R. Pulapaka
-
Publication number: 20210042141Abstract: Computing systems, devices, and methods of dynamic image composition for container deployment are disclosed herein. One example technique includes receiving a request for accessing a file from a container process. In response to receiving the request, the technique includes querying a mapping table corresponding to the container process to locate an entry corresponding to a file identifier of the requested file. The entry also includes data identifying a file location on the storage device from which the requested file is accessible. The technique further includes retrieving a copy of the requested file according to the file location identified by the data in the located entry in the mapping table and providing the retrieved copy of the requested file to the container process, thereby allowing the container process to access the requested file.Type: ApplicationFiled: October 9, 2019Publication date: February 11, 2021Inventors: Jonathan De Marco, Benjamin M. Schultz, Frederick Justus Smith, IV, Hari R. Pulapaka, Mehmet Iyigun, Amber Tianqi Guo
-
Publication number: 20210011984Abstract: Memory is partitioned and isolated in container-based memory enclaves. The container-based memory enclaves have attestable security guarantees. During provisioning of the container-based memory enclaves from a container image, a purported link in the container to a memory address of the enclave is modified to verifiably link to an actual memory address of the host, such as partitioned memory enclave. In some instances, enclave attestation reports can be validated without transmitting corresponding attestation requests to remote attestation services, based on previous attestation of one or more previous container attestation reports from a similar container and without requiring end-to-end attestation between the container and remote attestation service for each new attestation request.Type: ApplicationFiled: September 9, 2019Publication date: January 14, 2021Inventors: Maxwell Christopher Renke, Taylor James Stark, Benjamin M. Schultz, Giridhar Viswanathan, Frederick Justus Smith, Deepu Chandy Thomas, Hari R. Pulapaka, Amber Tianqi Guo