Patents by Inventor Brandon S. Baker

Brandon S. Baker has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11314882
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for instantiating and managing systems that utilize hierarchal enclaves in a cloud environment.
    Type: Grant
    Filed: August 11, 2020
    Date of Patent: April 26, 2022
    Assignee: Google LLC
    Inventors: Nelly Porter, David Benson Cross, Uday Ramesh Savagaonkar, Brandon S. Baker, Sergey Simakov
  • Publication number: 20200372166
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for instantiating and managing systems that utilize hierarchal enclaves in a cloud environment.
    Type: Application
    Filed: August 11, 2020
    Publication date: November 26, 2020
    Inventors: Nelly Porter, David Benson Cross, Uday Ramesh Savagaonkar, Brandon S. Baker, Sergey Simakov
  • Patent number: 10776503
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for instantiating and managing systems that utilize hierarchal enclaves in a cloud environment.
    Type: Grant
    Filed: November 14, 2017
    Date of Patent: September 15, 2020
    Assignee: Google LLC
    Inventors: Nelly Porter, David Benson Cross, Uday Ramesh Savagsonkar, Brandon S. Baker, Sergey Simakov
  • Patent number: 10521265
    Abstract: Techniques are disclosed for coalescing timer ticks generated by timers used to service guest operating systems executing in virtual machines. By coalescing timer ticks a logical processor can enter a low power mode thereby reducing power consumed by the system.
    Type: Grant
    Filed: September 19, 2008
    Date of Patent: December 31, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Haiyong Wang, Brandon S. Baker, Shuvabrata Ganguly, Thomas D. I. Fahrig
  • Patent number: 10509664
    Abstract: The present disclosure relates to a distributed disk image deployment during virtual machine instance creation, and to deploying a virtual machine instances based on disk image locality. On example method includes receiving, at a first computing node, a request to create a virtual machine instance, the request identifying a disk image to be associated with the virtual machine instance; determining a set of computing nodes from which to transfer the disk image on a locality of the first computing node to each computing node in the set of computing nodes, generating a set of requests for a plurality of portions of the disk image, sending at least one request from the set of requests to each computing node in the set of computing nodes; and receiving, from at least one of the set of computing nodes, one or more portions of the disk image.
    Type: Grant
    Filed: December 8, 2016
    Date of Patent: December 17, 2019
    Assignee: Google LLC
    Inventors: Michael A. Halcrow, Brandon S. Baker, Nicholas V. Finco, Matthew Riley
  • Patent number: 10361868
    Abstract: A method includes receiving a break-glass ticket scope identifying one or more secure containers of a secure container system. The secure containers are instantiated in a non-debuggable state and execute corresponding secure execution environments for contents of the corresponding secure containers. The method also includes generating a pending break-glass ticket having the break-glass ticket scope and transmitting the pending break-glass ticket to a break-glass approver for approver. In response to receiving an approved break-glass ticket from the break-glass approver, the method includes altering an access setting of the one or more secure containers defined in the break-glass ticket scope. The altered access setting allows debugging of the respective contents of the one or more secure containers executing the corresponding secure execution environments.
    Type: Grant
    Filed: May 23, 2016
    Date of Patent: July 23, 2019
    Assignee: Google LLC
    Inventors: Brandon S. Baker, Uday Savagaonkar
  • Publication number: 20180137299
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for instantiating and managing systems that utilize hierarchal enclaves in a cloud environment.
    Type: Application
    Filed: November 14, 2017
    Publication date: May 17, 2018
    Inventors: Nelly Porter, David Benson Cross, Uday Ramesh Savagsonkar, Brandon S. Baker, Sergey Simakov
  • Patent number: 9864627
    Abstract: Principles for enabling power management techniques for virtual machines. In a virtual machine environment, a physical computer system may maintain management facilities to direct and control one or more virtual machines executing thereon. In some techniques described herein, the management facilities may be adapted to place a virtual processor in an idle state in response to commands from a guest operating system. One or more signaling mechanisms may be supported such that the guest operating system will command the management facilities to place virtual processors in the idle state.
    Type: Grant
    Filed: June 23, 2016
    Date of Patent: January 9, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Haiyong Wang, Brandon S. Baker, Shuvabrata Ganguly, Nicholas Stephen Judge
  • Patent number: 9537745
    Abstract: The present disclosure relates to a distributed disk image deployment during virtual machine instance creation, and to deploying a virtual machine instances based on disk image locality. On example method includes receiving a request to create a virtual machine instance identifying a disk image; determining one or more storage devices storing the disk image; determining a distance measurement between each of a plurality of computing nodes and the one or more storage devices storing the disk image; selecting a computing node on which to create the virtual machine instance based on a locality of the computing node to a storage device from the one or more storage devices storing the disk image, the locality including the distance measurement between the computing node and the storage device; and creating the virtual machine instance on the computing node using the disk image from the storage device.
    Type: Grant
    Filed: March 7, 2014
    Date of Patent: January 3, 2017
    Assignee: Google Inc.
    Inventors: Michael A. Halcrow, Brandon S. Baker, Nicholas V. Finco, Matthew Riley
  • Patent number: 9495190
    Abstract: In the host operating system of a computing device, entropy data is collected based at least in part on each of one or more hardware components of the computing device. An entropy pool is updated based at least in part on the collected entropy data, and data from the entropy pool is provided to a guest operating system running as a virtual machine of the computing device. The guest operating system maintains a guest operating system entropy pool based on the data from the entropy pool provided by the host operating system. The guest operating system accesses the guest operating system entropy pool and uses the guest operating system entropy pool as a basis for generating values including random numbers.
    Type: Grant
    Filed: August 24, 2009
    Date of Patent: November 15, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Carl M. Ellison, Scott A. Field, Brandon S. Baker
  • Publication number: 20160306650
    Abstract: Principles for enabling power management techniques for virtual machines. In a virtual machine environment, a physical computer system may maintain management facilities to direct and control one or more virtual machines executing thereon. In some techniques described herein, the management facilities may be adapted to place a virtual processor in an idle state in response to commands from a guest operating system. One or more signaling mechanisms may be supported such that the guest operating system will command the management facilities to place virtual processors in the idle state.
    Type: Application
    Filed: June 23, 2016
    Publication date: October 20, 2016
    Inventors: Haiyong Wang, Brandon S. Baker, Shuvabrata Ganguly, Nicholas Stephen Judge
  • Patent number: 9436823
    Abstract: A method and apparatus are provided to detect malicious code in a computing system, where the malicious code is obscured by manipulation of an input/output memory management unit. A peripheral component interconnect express (PCIe) device requests a translation of a bus address for a given device in the system and determines whether the requested translation was received. If the requested translation was received, the PCIe device further determines whether the bus address for the given device corresponds to a physical address for the given device. If the bus address for the given device does not correspond to the physical address for the given device, the PCIe device sends a notification that the computing system is potentially compromised.
    Type: Grant
    Filed: December 17, 2013
    Date of Patent: September 6, 2016
    Assignee: Google Inc.
    Inventors: Benjamin Charles Serebrin, Brandon S. Baker
  • Patent number: 9405347
    Abstract: Principles for enabling power management techniques for virtual machines. In a virtual machine environment, a physical computer system may maintain management facilities to direct and control one or more virtual machines executing thereon. In some techniques described herein, the management facilities may be adapted to place a virtual processor in an idle state in response to commands from a guest operating system. One or more signaling mechanisms may be supported such that the guest operating system will command the management facilities to place virtual processors in the idle state.
    Type: Grant
    Filed: February 26, 2009
    Date of Patent: August 2, 2016
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Haiyong Wang, Brandon S. Baker, Shuvabrata Ganguly, Nicholas Stephen Judge
  • Patent number: 8909939
    Abstract: Methods, systems, and apparatuses, including computer programs encoded on a computer storage medium, for distribution of cryptographic keys. In one aspect, a method includes receiving a plurality of requests, each request being received by a different respective virtual machine of a plurality of virtual machines; generating, by each of the virtual machines, a different host key pair, wherein each of the host key pairs comprises an encryption key and a decryption key that are associated with the virtual machine that generated it; providing, by each of the virtual machines, the encryption key generated by the virtual machine to a distinct metadata server that stores parameters of the virtual machine; and sending, from each of the metadata servers, the encryption key generated by the virtual machine that the metadata server is configured to communicate with to an application programming interface system.
    Type: Grant
    Filed: April 4, 2012
    Date of Patent: December 9, 2014
    Assignee: Google Inc.
    Inventors: Joseph S. Beda, III, Brandon S. Baker
  • Publication number: 20110047545
    Abstract: In the host operating system of a computing device, entropy data is collected based at least in part on each of one or more hardware components of the computing device. An entropy pool is updated based at least in part on the collected entropy data, and data from the entropy pool is provided to a guest operating system running as a virtual machine of the computing device. The guest operating system maintains a guest operating system entropy pool based on the data from the entropy pool provided by the host operating system. The guest operating system accesses the guest operating system entropy pool and uses the guest operating system entropy pool as a basis for generating values including random numbers.
    Type: Application
    Filed: August 24, 2009
    Publication date: February 24, 2011
    Applicant: Microsoft Corporation
    Inventors: Carl M. Ellison, Scott A. Field, Brandon S. Baker
  • Publication number: 20100218183
    Abstract: Principles for enabling power management techniques for virtual machines. In a virtual machine environment, a physical computer system may maintain management facilities to direct and control one or more virtual machines executing thereon. In some techniques described herein, the management facilities may be adapted to place a virtual processor in an idle state in response to commands from a guest operating system. One or more signaling mechanisms may be supported such that the guest operating system will command the management facilities to place virtual processors in the idle state.
    Type: Application
    Filed: February 26, 2009
    Publication date: August 26, 2010
    Applicant: Microsoft Corporation
    Inventors: Haiyong Wang, Brandon S. Baker, Shuvabrata Ganguly, Nicholas Stephen Judge
  • Publication number: 20100077394
    Abstract: Techniques are disclosed for coalescing timer ticks generated by timers used to service guest operating systems executing in virtual machines. By coalescing timer ticks a logical processor can enter a low power mode thereby reducing power consumed by the system.
    Type: Application
    Filed: September 19, 2008
    Publication date: March 25, 2010
    Applicant: MICROSOFT CORPORATION
    Inventors: Haiyong Wang, Brandon S. Baker, Shuvabrata Ganguly, Thomas D.I. Fahrig
  • Patent number: 7549022
    Abstract: Avoiding cache-line sharing in virtual machines can be implemented in a system running a host and multiple guest operating systems. The host facilitates hardware access by a guest operating system and oversees memory access by the guest. Because cache lines are associated with memory pages that are spaced at regular intervals, the host can direct guest memory access to only select memory pages, and thereby restrict guest cache use to one or more cache lines. Other guests can be restricted to different cache lines by directing memory access to a separate set of memory pages.
    Type: Grant
    Filed: July 21, 2006
    Date of Patent: June 16, 2009
    Assignee: Microsoft Corporation
    Inventor: Brandon S. Baker
  • Publication number: 20080022048
    Abstract: Avoiding cache-line sharing in virtual machines can be implemented in a system running a host and multiple guest operating systems. The host facilitates hardware access by a guest operating system and oversees memory access by the guest. Because cache lines are associated with memory pages that are spaced at regular intervals, the host can direct guest memory access to only select memory pages, and thereby restrict guest cache use to one or more cache lines. Other guests can be restricted to different cache lines by directing memory access to a separate set of memory pages.
    Type: Application
    Filed: July 21, 2006
    Publication date: January 24, 2008
    Applicant: Microsoft Corporation
    Inventor: Brandon S. Baker