Patents by Inventor Bryan Mark Willman
Bryan Mark Willman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9772860Abstract: Efficient power management of a system with virtual machines is disclosed. In particular, such efficient power management may enable coordination of system-wide power changes with virtual machines. Additionally, such efficient power management may enable coherent power changes in a system with a virtual machine monitor. Furthermore, such efficient power management may enable dynamic control and communication of power state changes.Type: GrantFiled: September 7, 2016Date of Patent: September 26, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Adrian J. Oney, Bryan Mark Willman, Eric P. Traut, Forrest Curtis Foltz, Matthew D. Hendel, Rene Antonio Vega
-
Publication number: 20160378506Abstract: Efficient power management of a system with virtual machines is disclosed. In particular, such efficient power management may enable coordination of system-wide power changes with virtual machines. Additionally, such efficient power management may enable coherent power changes in a system with a virtual machine monitor. Furthermore, such efficient power management may enable dynamic control and communication of power state changes.Type: ApplicationFiled: September 7, 2016Publication date: December 29, 2016Inventors: Adrian J. Oney, Bryan Mark Willman, Eric P. Traut, Forrest Curtis Foltz, Matthew D. Hendel, Rene Antonio Vega
-
Patent number: 9489035Abstract: Efficient power management of a system with virtual machines is disclosed. In particular, such efficient power management may enable coordination of system-wide power changes with virtual machines. Additionally, such efficient power management may enable coherent power changes in a system with a virtual machine monitor. Furthermore, such efficient power management may enable dynamic control and communication of power state changes.Type: GrantFiled: December 15, 2015Date of Patent: November 8, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Adrian J. Oney, Bryan Mark Willman, Eric P. Traut, Forrest Curtis Foltz, Matthew D. Hendel, Rene Antonio Vega
-
Publication number: 20160109929Abstract: Efficient power management of a system with virtual machines is disclosed. In particular, such efficient power management may enable coordination of system-wide power changes with virtual machines. Additionally, such efficient power management may enable coherent power changes in a system with a virtual machine monitor. Furthermore, such efficient power management may enable dynamic control and communication of power state changes.Type: ApplicationFiled: December 15, 2015Publication date: April 21, 2016Inventors: Adrian J. Oney, Bryan Mark Willman, Eric P. Traut, Forrest Curtis Foltz, Matthew D. Hendel, Rene Antonio Vega
-
Patent number: 9218047Abstract: Efficient power management of a system with virtual machines is disclosed. In particular, such efficient power management may enable coordination of system-wide power changes with virtual machines. Additionally, such efficient power management may enable coherent power changes in a system with a virtual machine monitor. Furthermore, such efficient power management may enable dynamic control and communication of power state changes.Type: GrantFiled: December 8, 2014Date of Patent: December 22, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Adrian J. Oney, Bryan Mark Willman, Eric P. Traut, Forrest Curtis Foltz, Matthew D. Hendel, Rene Antonio Vega
-
Publication number: 20150143149Abstract: Efficient power management of a system with virtual machines is disclosed. In particular, such efficient power management may enable coordination of system-wide power changes with virtual machines. Additionally, such efficient power management may enable coherent power changes in a system with a virtual machine monitor. Furthermore, such efficient power management may enable dynamic control and communication of power state changes.Type: ApplicationFiled: December 8, 2014Publication date: May 21, 2015Inventors: Adrian J. Oney, Bryan Mark Willman, Eric P. Traut, Forrest Curtis Foltz, Matthew D. Hendel, Rene Antonio Vega
-
Patent number: 8909946Abstract: Efficient power management of a system with virtual machines is disclosed. In particular, such efficient power management may enable coordination of system-wide power changes with virtual machines. Additionally, such efficient power management may enable coherent power changes in a system with a virtual machine monitor. Furthermore, such efficient power management may enable dynamic control and communication of power state changes.Type: GrantFiled: May 18, 2006Date of Patent: December 9, 2014Assignee: Microsoft CorporationInventors: Adrian J. Oney, Bryan Mark Willman, Eric P. Traut, Forrest Curtis Foltz, Matthew D. Hendel, Rene Antonio Vega
-
Patent number: 7975117Abstract: Plural guest operating systems run on a computer, where a security kernel enforces a policy of isolation among the guest operating systems. An exclusion vector defines a set of pages that cannot be accessed by direct memory access (DMA) devices. The security kernel enforces an isolation policy by causing certain pages to be excluded from direct access. Thus, device drivers in guest operating systems are permitted to control DMA devices directly without virtualization of those devices, while each guest is prevented from using DMA devices to access pages that the guest is not permitted to access under the policy.Type: GrantFiled: December 19, 2003Date of Patent: July 5, 2011Assignee: Microsoft CorporationInventors: Marcus Peinado, Paul England, Bryan Mark Willman, Yuqun Chen, Andrew John Thornton
-
Patent number: 7788669Abstract: Techniques are disclosed to support hosting of a first operating system by a second operating system, where the first system provides at least some of the infrastructure for the second system. A facility is provided whereby the second system can receive data from the first system without the first system being able to modify that data. The second system may use the first system's scheduler by creating shadow threads and synchronization objects known to the first system, while the second system makes the final decision as to whether a thread runs. Separate memory may be allocated to both systems at boot time, or dynamically during their operation. The techniques herein may be used to protect the second system from actions arising in the first system. Preferably, the interaction between the first and second systems is facilitated by a security monitor, which assists in protecting the second system from the first.Type: GrantFiled: May 2, 2003Date of Patent: August 31, 2010Assignee: Microsoft CorporationInventors: Paul England, Marcus Peinado, Bryan Mark Willman
-
Patent number: 7721094Abstract: Access to an authentication image may be protected so that only authenticated processes have access to the image. The image can be displayed to authenticate a User Interface (UI) to a computer user. The image indicates the UI can be trusted. If the image is not displayed, it may be that an application UI is “spoofed” to trick a user into providing sensitive information. Additionally, a large variety of different images can be used as authentication images, so spoofing one image be recognized by most users. A set of original images may be provided, along with image modification processes which can generate a large number of variations. Techniques for authenticating UIs in a virtual machine context are provided. A secure attention sequence is also provided, which allows users to test whether processes running on a computer are authenticated.Type: GrantFiled: May 6, 2005Date of Patent: May 18, 2010Assignee: Microsoft CorporationInventors: Paul Cador Roberts, Laura Posey Benofsky, William Gifford Holt, Leslie Helena Johnson, Bryan Mark Willman, Madeline Jinx Bryant
-
Patent number: 7694121Abstract: A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader's future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader's behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.Type: GrantFiled: June 30, 2004Date of Patent: April 6, 2010Assignee: Microsoft CorporationInventors: Bryan Mark Willman, Paul England, Kenneth D. Ray, Jamie Hunter, Lonnie Dean McMichael, Derek Norman LaSalle, Pierre Jacomet, Mark Eliot Paley, Thekkthalackal Varugis Kurien, David B. Cross
-
Patent number: 7650478Abstract: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.Type: GrantFiled: December 9, 2005Date of Patent: January 19, 2010Assignee: Microsoft CorporationInventors: Marcus Peinado, Paul England, Bryan Mark Willman
-
Patent number: 7644246Abstract: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.Type: GrantFiled: December 9, 2005Date of Patent: January 5, 2010Assignee: Microsoft CorporationInventors: Marcus Peinado, Paul England, Bryan Mark Willman
-
Patent number: 7574610Abstract: A security device watches over the secure functionality in a computer system. This “watcher” security device may be integrated within the computer system or may be separate from it. The security device queries the secure functionality to determine whether the state of the secure functionality is acceptable. If no satisfactory state exists, or if no response is received, then a signal is transmitted. The signal may be auditory (a buzzer) or visual (a flashing light) in order to signal to any user that the secure functionality has been compromised. Optionally, human input devices may be disabled, or a monitoring service notified, in conjunction with or in lieu of the signal. If the secure functionality includes a secret shared between the secure functionality and the user, then the security device may signal the secret. For example, where the secret is visual, the security device may display the secret.Type: GrantFiled: September 30, 2004Date of Patent: August 11, 2009Assignee: Microsoft CorporationInventors: Bryan Mark Willman, Christine M. Chew, Paul C. Roberts, David Rudolph Wooten, John E. Paff
-
Patent number: 7565509Abstract: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.Type: GrantFiled: November 1, 2002Date of Patent: July 21, 2009Assignee: Microsoft CorporationInventors: Marcus Peinado, Paul England, Bryan Mark Willman
-
Patent number: 7565505Abstract: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.Type: GrantFiled: December 9, 2005Date of Patent: July 21, 2009Assignee: Microsoft CorporationInventors: Marcus Peinado, Paul England, Bryan Mark Willman
-
Patent number: 7530103Abstract: In a single machine that has entities running in an untrusted environment and entities running in a trusted environment, the trustworthiness of the entities in the trusted environment is projected to the entities in the untrusted environment. This is applicable, for example, to Microsoft®'s Next Generation Secure Computing Base (NGSCB), where a regular operating system (e.g., the Windows® operating system) hosts a secure operating system (e.g., the nexus).Type: GrantFiled: August 7, 2003Date of Patent: May 5, 2009Assignee: Microsoft CorporationInventors: Bryan Mark Willman, Paul England, Kenneth D. Ray, Keith Kaplan, Varugis Kurien, Michael David Marr
-
Patent number: 7493429Abstract: The present invention provides for trusted side-band communications between components in a computer system, so that use of the system bus may be avoided. Two components may be connected by means other than a bus (e.g., an infrared port, a wire, an unused pin, etc.), whereby these components may communicate without the use of the system bus. The non-bus communication channel may be referred to as “side-band.” The side-band channel may be used to communicate information that might identify the user's hardware (e.g., a public key) or other information that the user may not want to be easily intercepted by the public at large. Communication over the side-band channel may also be used to verify that the participants in a communication are within a defined positional relationship to each other.Type: GrantFiled: January 16, 2004Date of Patent: February 17, 2009Assignee: Microsoft CorporationInventors: John E. Paff, Marcus Peinado, Thekkthalackal Varugis Kurien, Bryan Mark Willman, Paul England, Andrew John Thornton
-
Patent number: 7434003Abstract: An operating system is described that is capable of ascertaining whether it is executing in a virtual machine environment and is further capable of modifying its behavior to operate more efficiently and provide optimal behavior in a virtual machine environment. An operating system is enlightened so that it is aware of VMMs or hypervisors, taking on behavior that is optimal to that environment. The VMM or hypervisor informs the operating system of the optimal behavior, and vice versa.Type: GrantFiled: November 15, 2005Date of Patent: October 7, 2008Assignee: Microsoft CorporationInventors: Adrian J. Oney, Bryan Mark Willman, Eric P. Traut, Forrest Curtis Foltz, John Te-Jui Sheu, Matthew D. Hendel, Rene Antonio Vega
-
Patent number: 7330981Abstract: A file locker manages the storage and use of protected data for software objects. A protected environment maintains the cryptographic and isolative infrastructure to support sealing of data items for use by a trusted agent. The file locker uses the protected environment's sealing functionality to seal data items for the file locker's exclusive access. The file locker seals, to itself, files received from software objects, and provides those files upon request, and upon sufficient proof of the requestor's trustworthiness, authenticity, and/or identity. The file locker may be used to extend the protected environment's sealing functionality to legacy applications, without the legacy applications having to implement agents that can run in the protected environment and access the sealing functionality directly.Type: GrantFiled: April 23, 2004Date of Patent: February 12, 2008Assignee: Microsoft CorporationInventor: Bryan Mark Willman