Patents by Inventor Bryan Parno
Bryan Parno has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10148442Abstract: A verified software system may be executable on secure hardware. Prior to being executed, the software system may be verified as conforming to a software specification. First credentials attesting to an identity of the software system may be sent to an external application. Second credentials signed by a provider of the secure hardware may be sent to the external application. The second credentials may attest to an identity of the secure hardware. The external application may securely exchange one or more messages with a software application of the software system. For example, the one or more messages may be decryptable only by the external application and the software application to provide confidentiality for each message. As another example, an attestation may vouch for an identity of a sender of each of the one or more messages to attest to an integrity of each message.Type: GrantFiled: May 2, 2016Date of Patent: December 4, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Chris Hawblitzel, Jacob R. Lorch, Jonathan R. Howell, Brian D. Zill, Bryan Parno
-
Patent number: 9536093Abstract: Software code of a software system (e.g., a software stack) may be verified as conforming to a specification. A high-level language implementation of the software system may be compiled using a compiler to create an assembly language implementation. A high-level specification corresponding to the software system may be translated to a low-level specification. A verifier may verify that the assembly language implementation functionally conforms to properties described in the low-level specification. In this way, the software system (e.g., a complete software system that includes an operating system, device driver(s), a software library, and one or more applications) may be verified at a low level (e.g., assembly language level).Type: GrantFiled: October 2, 2014Date of Patent: January 3, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Chris Hawblitzel, Bryan Parno, Jacob R. Lorch, Jonathan R. Howell, Brian D. Zill
-
Patent number: 9432401Abstract: A method for providing consistent security information between multiple applications is described herein. The method includes detecting potentially deceptive content from a communication application in a browser application. The method also includes generating consistent security information for the potentially deceptive content with the browser application. Additionally, the method includes sending the consistent security information for the potentially deceptive content to the communication application. Furthermore, the method includes providing a warning based on the consistent security information to the communication application.Type: GrantFiled: July 6, 2012Date of Patent: August 30, 2016Assignee: Microsoft Technology Licensing, LLCInventors: John R. Douceur, Bryan Parno, Robert W. Reeder
-
Publication number: 20160248592Abstract: A verified software system may be executable on secure hardware. Prior to being executed, the software system may be verified as conforming to a software specification. First credentials attesting to an identity of the software system may be sent to an external application. Second credentials signed by a provider of the secure hardware may be sent to the external application. The second credentials may attest to an identity of the secure hardware. The external application may securely exchange one or more messages with a software application of the software system. For example, the one or more messages may be decryptable only by the external application and the software application to provide confidentiality for each message. As another example, an attestation may vouch for an identity of a sender of each of the one or more messages to attest to an integrity of each message.Type: ApplicationFiled: May 2, 2016Publication date: August 25, 2016Inventors: Chris Hawblitzel, Jacob R. Lorch, Jonathan R. Howell, Brian D. Zill, Bryan Parno
-
Patent number: 9363087Abstract: A verified software system may be executable on secure hardware. Prior to being executed, the software system may be verified as conforming to a software specification. First credentials attesting to an identity of the software system may be sent to an external application. Second credentials signed by a provider of the secure hardware may be sent to the external application. The second credentials may attest to an identity of the secure hardware. The external application may securely exchange one or more messages with a software application of the software system. For example, the one or more messages may be decryptable only by the external application and the software application to provide confidentiality for each message. As another example, an attestation may vouch for an identity of a sender of each of the one or more messages to attest to an integrity of each message.Type: GrantFiled: October 2, 2014Date of Patent: June 7, 2016Assignee: Microsoft Technology Licensing, Inc.Inventors: Chris Hawblitzel, Bryan Parno, Jacob R. Lorch, Jonathan R. Howell, Brian D. Zill
-
Publication number: 20160098562Abstract: Software code of a software system (e.g., a software stack) may be verified as conforming to a specification. A high-level language implementation of the software system may be compiled using a compiler to create an assembly language implementation. A high-level specification corresponding to the software system may be translated to a low-level specification. A verifier may verify that the assembly language implementation functionally conforms to properties described in the low-level specification. In this way, the software system (e.g., a complete software system that includes an operating system, device driver(s), a software library, and one or more applications) may be verified at a low level (e.g., assembly language level).Type: ApplicationFiled: October 2, 2014Publication date: April 7, 2016Inventors: Chris Hawblitzel, Bryan Parno, Jacob R. Lorch, Jonathan R. Howell, Brian D. Zill
-
Publication number: 20160099811Abstract: A verified software system may be executable on secure hardware. Prior to being executed, the software system may be verified as conforming to a software specification. First credentials attesting to an identity of the software system may be sent to an external application. Second credentials signed by a provider of the secure hardware may be sent to the external application. The second credentials may attest to an identity of the secure hardware. The external application may securely exchange one or more messages with a software application of the software system. For example, the one or more messages may be decryptable only by the external application and the software application to provide confidentiality for each message. As another example, an attestation may vouch for an identity of a sender of each of the one or more messages to attest to an integrity of each message.Type: ApplicationFiled: October 2, 2014Publication date: April 7, 2016Applicant: Microsoft CorporationInventors: Chris Hawblitzel, Bryan Parno, Jacob R. Lorch, Jonathan R. Howell, Brian D. Zill
-
Publication number: 20140013426Abstract: A method for providing consistent security information between multiple applications is described herein. The method includes detecting potentially deceptive content from a communication application in a browser application. The method also includes generating consistent security information for the potentially deceptive content with the browser application. Additionally, the method includes sending the consistent security information for the potentially deceptive content to the communication application. Furthermore, the method includes providing a warning based on the consistent security information to the communication application.Type: ApplicationFiled: July 6, 2012Publication date: January 9, 2014Applicant: MICROSOFT CORPORATIONInventors: John R. Douceur, Bryan Parno, Robert W. Reeder
-
Patent number: 8352738Abstract: Phishing attacks succeed by exploiting a user's inability to distinguish legitimate websites from spoofed websites. Most prior work focuses on assisting the user in making this distinction; however, users must make the right security decision every time. Unfortunately, humans are ill-suited for performing the security checks necessary for secure site identification, and a single mistake may result in a total compromise of the user's online account. Fundamentally, users should be authenticated using information that they cannot readily reveal to malicious parties. Placing less reliance on the user during the authentication process enhances security and eliminates many forms of fraud. We disclose using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware.Type: GrantFiled: December 3, 2007Date of Patent: January 8, 2013Assignee: Carnegie Mellon UniversityInventors: Bryan Parno, Cynthia Kuo, Adrian Perrig
-
Patent number: 8031875Abstract: A technique for securing information involves encrypting raw data into encrypted data based on an initial key. The technique further involves generating a set of key shares from the initial key via application of error correction code encoding. Each key share has a size which is independent of a size of the initial key. The technique further involves electronically storing each key share on a respective memory device of a set of memory devices (e.g., RFID tags). The initial key is reconstructable from a predetermined number of the key shares read from their respective memory devices to enable decryption of the encrypted data.Type: GrantFiled: August 8, 2008Date of Patent: October 4, 2011Assignee: EMC CorporationInventors: Ari Juels, Bryan Parno
-
Publication number: 20100049975Abstract: Phishing attacks succeed by exploiting a user's inability to distinguish legitimate websites from spoofed websites. Most prior work focuses on assisting the user in making this distinction; however, users must make the right security decision every time. Unfortunately, humans are ill-suited for performing the security checks necessary for secure site identification, and a single mistake may result in a total compromise of the user's online account. Fundamentally, users should be authenticated using information that they cannot readily reveal to malicious parties. Placing less reliance on the user during the authentication process enhances security and eliminates many forms of fraud. We disclose using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware.Type: ApplicationFiled: December 3, 2007Publication date: February 25, 2010Inventors: Bryan Parno, Cynthia Kuo, Adrian Perrig