Patents by Inventor Benjamin M. Schultz

Benjamin M. Schultz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10855725
    Abstract: A host operating system running on a computing device monitors network communications for the computing device to identify network resources that are requested by the computing device. The host operating system compares requested network resources against security policies to determine if the requested network resources are trusted. When an untrusted network resource is identified, the host operating system accesses the untrusted network resource within a container that is isolated from the host operating system kernel using techniques discussed herein. By restricting access to untrusted network resources to isolated containers, the host operating system is protected from even kernel-level attacks or infections that may result from an untrusted network resource.
    Type: Grant
    Filed: June 2, 2016
    Date of Patent: December 1, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Navin Narayan Pai, Charles G. Jeffries, Giridhar Viswanathan, Benjamin M. Schultz, Frederick J. Smith, Lars Reuther, Michael B. Ebersol, Gerardo Diaz Cuellar, Ivan Dimitrov Pashov, Poornananda R. Gaddehosur, Hari R. Pulapaka, Vikram Mangalore Rao
  • Patent number: 10795974
    Abstract: Techniques for memory assignment for guest operating systems are disclosed herein. In one embodiment, a method includes generating a license blob containing data representing a product key copied from a record of license information in the host storage upon receiving a user request to launch an application in the guest operating system. The method also includes storing the generated license blob in a random memory location accessible by the guest operating system. The guest operating system can then query the license blob for permission to launch the application and launching the application in the guest operating system without having a separate product key for the guest operating system.
    Type: Grant
    Filed: May 31, 2018
    Date of Patent: October 6, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ahmed Saruhan Karademir, Sudeep Kumar Ghosh, Ankit Srivastava, Michael Trevor Pashniak, Benjamin M. Schultz, Balaji Balasubramanyan, Hari R. Pulapaka, Tushar Suresh Sugandhi, Matthew David Kurjanowicz, Giridhar Viswanathan
  • Publication number: 20200285609
    Abstract: Techniques of deferred container deployment are disclosed herein. In one embodiment, a method includes receiving, at a computing device, a container image corresponding to the container. The container image includes a first set of files identified by symbolic links individually directed to a file in the host filesystem on the computing device and a second set of files identified by hard links. The method also includes in response to receiving the container image, at the computing device, storing the received container image in a folder of the host filesystem on the computing device without resolving the symbolic links of the first set of the files until runtime of the requested container.
    Type: Application
    Filed: March 5, 2019
    Publication date: September 10, 2020
    Inventors: Amber Tianqi Guo, Benjamin M. Schultz, Frederick Justus Smith, IV, Axel Rietschin, Hari R. Pulapaka, Mehmet Iyigun, Jonathan De Marco
  • Patent number: 10728164
    Abstract: This application describes client devices that control network transmission based on a power state. The client device determines a power state of the computing device and a priority of an application executing on the computing device. The client device determines whether to permit the application to communicate with a remote network accessible device via the network communication hardware based at least on the priority of the application and the power state of the computing device. Also described is a power state service that selects a client device to be provided with a notification based on power states of the client devices.
    Type: Grant
    Filed: February 12, 2016
    Date of Patent: July 28, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Harish Srinivasan, Chris C. Gray, Javier N. Flores Assad, Benjamin M. Schultz, David Powell, Alvin K. Tan, Jean Khawand
  • Publication number: 20200192689
    Abstract: Techniques of migrating containerized software packages between source and destination computing devices are disclosed herein. In one embodiment, a method includes receiving, at a destination device, a request to migrate a source container currently executing on the source device to the destination device. The method also includes synchronizing a list of handles utilized by the source container on the source device between the destination device and the source device and instantiating, in the destination device, a destination container using a copy of an image, a memory snapshot, and the synchronized list of handles of the source container on the source device. Upon completion of instantiating the destination container, the destination device can transmit a remote display output of the application to be surfaced on the source device in place of the local display output generated by the source container.
    Type: Application
    Filed: December 12, 2018
    Publication date: June 18, 2020
    Inventors: Frederick Justus Smith, IV, Paul Bozzay, Benjamin M. Schultz, Margarit Chenchev, Hari R. Pulapaka
  • Patent number: 10666655
    Abstract: Providing access control by a first operating system. A method includes receiving at the first operating system, from the second operating system, a request for a bounding reference to a set having at least one resource. A bounding reference for the set is obtained. The bounding reference comprises a reference created from a first operating system resolvable reference to the set. The method further includes providing the obtained bounding reference for the obtained provided bounding reference to the second operating system. A request, including the obtained bounding reference and an identifier identifying the second operating system for the set, is received from the second operating system. The obtained bounding reference and the identifier identifying the second operating system are evaluated. As a result of evaluating the obtained bounding reference and the identifier identifying the second operating system, a resource control action is performed.
    Type: Grant
    Filed: November 20, 2017
    Date of Patent: May 26, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Gerardo Diaz Cuellar, Navin Narayan Pai, Ivan Dimitrov Pashov, Giridhar Viswanathan, Benjamin M. Schultz, Hari R. Pulapaka
  • Patent number: 10659466
    Abstract: The techniques and systems described herein improve security and improve connection reliability by providing a framework for an application to communicate its intent to an authority service so that the authority service can enforce networking security requirements. In various examples, an intent to access a resource over a network is received and queries are sent to resolve a network connection that enables access to the resource. Information for the resource is then collected and stored together in a trusted and secure environment. For instance, the information can include proxy data or can include hostname data. A ticket can be created based on the information. The ticket can be used to establish and maintain a secure network connection to the resource.
    Type: Grant
    Filed: August 12, 2016
    Date of Patent: May 19, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Gerardo Diaz-Cuellar, Benjamin M. Schultz, Ivan Dimitrov Pashov
  • Patent number: 10650157
    Abstract: Facilities are provided to secure guest runtime environments (GREs). Security policy specifications may be associated with GREs. A GRE's security policy may be specific to the GRE and may also include security policy inherited from higher levels such as a host operating environment. The security policy of a GRE specifies restrictions and/or permissions for activities that may be performed within the scope of execution of the GRE. A GRE's security policy may limit what the GRE's guest software may do within the GRE. Restrictions/permissions may be applied to objects such as files, configuration data, and the like. Security specifications may be applied to execution initiated within a GRE. A GRE's security specification may restrict/permit executable objects from loading and executing within the GRE. The executability or accessibility of objects may be conditioned on factors such as the health/integrity of the GRE, the host system, requested files, and others.
    Type: Grant
    Filed: April 30, 2017
    Date of Patent: May 12, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Benjamin M. Schultz, Kinshumann, David John Linsley, Charles Glenn Jeffries, Giridhar Viswanathan, Scott Daniel Anderson, Frederick J. Smith, Hari R. Pulapaka, JianMing Zhou, Margarit Simeonov Chenchev, David B. Probert
  • Patent number: 10627889
    Abstract: Deploying containers constrained by power profiles on a host system. A method includes identifying a container template, a set of reusable stored characteristics, to be used for deploying a container instance. The method further includes obtaining a power profile, defining at least one power consumption threshold, for the container instance based on at least one of the set of reusable stored characteristics of the container template or other information about the container instance. The method further includes deploying the container instance on the host system by applying the set of reusable stored characteristics and the power profile by applying one or more configuration layers which causes power to the container instance to be at least one of regulated or monitored based on information in the power profile.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: April 21, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Margarit Simeonov Chenchev, Benjamin M. Schultz, Paresh Maisuria, Hari R. Pulapaka, Ankit Srivastava, Graham Wong
  • Publication number: 20200119951
    Abstract: Template-driven locally calculated policy updates for virtualized machines in a datacenter environment are described. A central control and monitoring node calculates and pushes down policy templates to local control and monitoring nodes. The templates provide boundaries and/or a pool of networking resources, from which the local control and monitoring node is enabled to calculate policy updates for locally instantiated virtual machines and containers.
    Type: Application
    Filed: December 6, 2019
    Publication date: April 16, 2020
    Inventors: Poornananda R. GADDEHOSUR, Benjamin M. SCHULTZ
  • Patent number: 10592689
    Abstract: Different containers are used for different usage sessions, a container referring to a virtualization layer for a computing device and used for isolation as well as hardware resource partitioning. A usage session refers to the time span beginning when one or more users begin to use the computing device, and ending when the one or more users cease using the computing device. During a particular usage session that uses a container, all interaction with the computing device is maintained in the container. The container is deleted when the usage session ends, leaving no data from the usage session behind after the usage session ends. Additionally, some usage sessions need not be run in containers, so data generated during such usage sessions is maintained after usage session ends. The host operating system automatically determines which usage sessions to run in containers and which usage sessions to run separate from any containers.
    Type: Grant
    Filed: October 20, 2016
    Date of Patent: March 17, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Kyle Thomas Brady, John C. Gordon, Benjamin M. Schultz, Ali Hajy, Morakinyo Korede Olugbade, Hari R. Pulapaka, Paul Bozzay, Frederick J. Smith, Mehmet Iyigun
  • Publication number: 20190392117
    Abstract: Techniques for secure sharing of data in computing systems are disclosed herein. In one embodiment, a method includes when exchanging data between the host operating system and the guest operating system, encrypting, at a trusted platform module (TPM) of the host, data to be exchanged with a first key to generate encrypted data. The method also includes transmitting the encrypted data from the host operating system to the guest operating system and decrypting, at the guest operating system, the transmitted encrypted data using a second key previously exchanged between the TPM of the host and a virtual TPM of the guest operating system.
    Type: Application
    Filed: June 20, 2018
    Publication date: December 26, 2019
    Inventors: Giridhar Viswanathan, Sudeep Kumar Ghosh, Ankit Srivastava, Michael Trevor Pashniak, Benjamin M. Schultz, Balaji Balasubramanyan, Hari R. Pulapaka, Tushar Suresh Sugandhi, Matthew David Kurjanowicz, Ahmed Saruhan Karademir
  • Patent number: 10511542
    Abstract: The techniques described herein monitor, store, and evaluate network information associated with an application to determine a connectivity option to use to communicate data. A connectivity option includes a network interface and a type of network connection. The determination is made based on power consumption information associated with available connectivity options. Consequently, a device on which the application is installed can better manage its power consumption associated with network communications.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: December 17, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Harish Srinivasan, Javier N. Flores Assad, James C. Gray, David Richard Powell, Jr., Benjamin M. Schultz, Ryan Gregory Wood
  • Patent number: 10505761
    Abstract: Template-driven locally calculated policy updates for virtualized machines in a datacenter environment are described. A central control and monitoring node calculates and pushes down policy templates to local control and monitoring nodes. The templates provide boundaries and/or a pool of networking resources, from which the local control and monitoring node is enabled to calculate policy updates for locally instantiated virtual machines and containers.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: December 10, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Poornananda R. Gaddehosur, Benjamin M. Schultz
  • Publication number: 20190370436
    Abstract: Techniques for memory assignment for guest operating systems are disclosed herein. In one embodiment, a method includes generating a license blob containing data representing a product key copied from a record of license information in the host storage upon receiving a user request to launch an application in the guest operating system. The method also includes storing the generated license blob in a random memory location accessible by the guest operating system. The guest operating system can then query the license blob for permission to launch the application and launching the application in the guest operating system without having a separate product key for the guest operating system.
    Type: Application
    Filed: May 31, 2018
    Publication date: December 5, 2019
    Inventors: Ahmed Saruhan Karademir, Sudeep Kumar Ghosh, Ankit Srivastava, Michael Trevor Pashniak, Benjamin M. Schultz, Balaji Balasubramanyan, Hari R. Pulapaka, Tushar Suresh Sugandhi, Matthew David Kurjanowicz, Giridhar Viswanathan
  • Publication number: 20190347420
    Abstract: Securely storing, installing, or launching applications. A method includes determining a trust characteristic or a license characteristic assigned to an application. When the trust characteristic or the license characteristic meets or exceeds a predetermined trust condition or a predetermined license condition, then the method includes at least one of storing, installing or launching the application in a first, more secure operating system while preventing the application from, being at least one of stored, installed or launched in a second, less secure operating system. When the trust characteristic or the license characteristic does not meet or exceed the predetermined trust condition or the predetermined license condition, then the method includes at least one of storing, installing or launching the application in the second less secure operating system while preventing the application from being at least one of stored, installed or launched in the first, more secure operating system.
    Type: Application
    Filed: May 11, 2018
    Publication date: November 14, 2019
    Inventors: Benjamin M. Schultz, Matthew David Kurjanowicz, Ankit Srivastava, Ahmed Saruhan Karademir, Sudeep Kumar Ghosh, Michael Trevor Pashniak, Hari R. Pulapaka, Balaji Balasubramanyan, Tushar Suresh Sugandhi, Giridhar Viswanathan
  • Patent number: 10438019
    Abstract: A second operating system accessing resources from an external service. A method includes sending an anonymized request, for an anonymized user corresponding to an authorized user, for resources, through a broker. A request for proof indicating that the anonymized user is authorized to obtain the resources is received from the broker. As a result, a request is send to a first operating system for the proof that the anonymized user is authorized to obtain the resources. Proof is received from the first operating system, based on the anonymized user being associated with the authorized user, that the anonymized user is authorized to obtain the resources. The proof is provided to the broker. As a result, the resources are obtained by the second operating system from the service.
    Type: Grant
    Filed: June 30, 2017
    Date of Patent: October 8, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Giridhar Viswanathan, Gerardo Diaz Cuellar, Hari R. Pulapaka, Ivan Dimitrov Pashov, Navin Narayan Pai, Benjamin M. Schultz
  • Publication number: 20190297116
    Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.
    Type: Application
    Filed: June 12, 2019
    Publication date: September 26, 2019
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
  • Patent number: 10404791
    Abstract: A load balancer receives a client request from a client device for a connection to an application. The load balancer queries a monitoring server for a list of one or more application servers associated with the application. The monitoring server determines, based on cache state information of the plurality of application servers, the list of one or more application servers. The load balancer establishes a connection on behalf of the client device to one of the application servers.
    Type: Grant
    Filed: December 4, 2015
    Date of Patent: September 3, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ranjit Puri, Benjamin M. Schultz, David G. Thaler
  • Patent number: 10380081
    Abstract: A container for one or more scheduled meeting is pre-built for the meeting prior to the meeting occurring. The container can be built in a variety of manners, including using both static and dynamic techniques. Dynamic techniques for building a container allows a pre-build system to include more pertinent data in the container whereas static techniques reduce computing workload and allow for pre-building containers for unscheduled meetings. A combination of static and dynamic building techniques can be applied using a layer repository. Alternately, a static base layer can be used and customized for scheduled meetings.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: August 13, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Kyle Thomas Brady, John C. Gordon, Benjamin M. Schultz, Ali Hajy, Morakinyo Korede Olugbade, Hari R. Pulapaka, Paul McAlpin Bozzay, Frederick Justus Smith, Mehmet Iyigun