Patents by Inventor Butler W. Lampson

Butler W. Lampson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9253195
    Abstract: The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL.
    Type: Grant
    Filed: June 11, 2013
    Date of Patent: February 2, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Carl M. Ellison, Paul J. Leach, Butler W. Lampson, Melissa W. Dunn, Ravindra Nath Pandya, Charles William Kaufman
  • Publication number: 20130283342
    Abstract: The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL.
    Type: Application
    Filed: June 11, 2013
    Publication date: October 24, 2013
    Inventors: Carl M. Ellison, Paul J. Leach, Butler W. Lampson, Melissa W. Dunn, Ravindra M. Pandya, Charles William Kaufman
  • Patent number: 8302149
    Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
    Type: Grant
    Filed: October 20, 2005
    Date of Patent: October 30, 2012
    Assignee: Microsoft Corporation
    Inventors: Giovanni M. Della-Libera, Christopher G. Kaler, Scott A. Konersmann, Butler W. Lampson, Paul J. Leach, Bradford H. Lovering, Steven E. Lucco, Stephen J. Millet, Richard F. Rashid, John P. Shewchuk
  • Patent number: 8006295
    Abstract: The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.
    Type: Grant
    Filed: June 28, 2007
    Date of Patent: August 23, 2011
    Assignee: Microsoft Corporation
    Inventors: Carl M. Ellison, Paul J. Leach, Butler W. Lampson, Melissa W. Dunn, Ravindra N. Pandya, Charles W. Kaufman
  • Patent number: 7809938
    Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
    Type: Grant
    Filed: October 20, 2005
    Date of Patent: October 5, 2010
    Assignee: Microsoft Corporation
    Inventors: Giovanni M. Della-Libera, Christopher G. Kaler, Scott A. Konersmann, Butler W. Lampson, Paul J. Leach, Bradford H. Lovering, Steven E. Lucco, Stephen J. Millet, Richard F. Rashid, John P. Shewchuk
  • Patent number: 7752442
    Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
    Type: Grant
    Filed: October 20, 2005
    Date of Patent: July 6, 2010
    Assignee: Microsoft Corporation
    Inventors: Giovanni M. Della-Libera, Christopher G. Kaler, Scott A. Konersmann, Butler W. Lampson, Paul J. Leach, Bradford H. Lovering, Steven E. Luocco, Stephen J. Millet, Richard F. Rashid, John P. Shewchuk
  • Patent number: 7752431
    Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
    Type: Grant
    Filed: October 20, 2005
    Date of Patent: July 6, 2010
    Assignee: Microsoft Corporation
    Inventors: Giovanni M. Della-Libera, Christopher G. Kaler, Scott A. Konersmann, Butler W. Lampson, Paul J. Leach, Bradford H. Lovering, Steven E. Lucco, Stephen J. Millet, Richard F. Rashid, John P. Shewchuk
  • Patent number: 7543336
    Abstract: In one aspect, a data structure to be encrypted is received, the data structure including content along with a statement of conditions under which the content may be decrypted. The content is encrypted using a public key of a pair of public and private keys of a device that is to decrypt the data structure. In another aspect, a data structure is decrypted using a private key of a pair of public and private keys. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.
    Type: Grant
    Filed: May 7, 2003
    Date of Patent: June 2, 2009
    Assignee: Microsoft Corporation
    Inventors: Butler W. Lampson, John D. DeTreville, Paul England
  • Patent number: 7529919
    Abstract: In accordance with one aspect of boot blocks for software, in a computer system that has a central processing unit and a software identity register, an atomic operation is executed to set an identity of a piece of software into the software identity register. If the atomic operation completes correctly, then the software identity register contains the identity of the piece of software; otherwise, the software identity register contains a value other than the identity of the piece of software.
    Type: Grant
    Filed: May 7, 2003
    Date of Patent: May 5, 2009
    Assignee: Microsoft Corporation
    Inventors: Butler W. Lampson, John D. DeTreville, Paul England
  • Patent number: 7496769
    Abstract: An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.
    Type: Grant
    Filed: December 20, 2004
    Date of Patent: February 24, 2009
    Assignee: Microsoft Corporation
    Inventors: Butler W. Lampson, Paul England
  • Publication number: 20090007247
    Abstract: The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.
    Type: Application
    Filed: June 28, 2007
    Publication date: January 1, 2009
    Applicant: MICROSOFT CORPORATION
    Inventors: Carl M. Ellison, Paul J. Leach, Butler W. Lampson, Melissa W. Dunn, Ravindra N. Pandya, Charles W. Kaufman
  • Patent number: 7457412
    Abstract: In accordance with certain aspects, a computer system has a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system. An OS certificate is created including the identity from the software identity register, information describing the operating system, and the CPU public key. The created OS certificate is signed using the CPU private key.
    Type: Grant
    Filed: December 22, 2006
    Date of Patent: November 25, 2008
    Assignee: Microsoft Corporation
    Inventors: Paul England, Butler W. Lampson, John D. DeTreville
  • Patent number: 7434263
    Abstract: In one aspect, a data structure to be encrypted is received in a device, the data structure including content along with a statement of conditions under which the content may be decrypted. The data structure is encrypted using a symmetric key of a processor of the device. In another aspect, a data structure is decrypted using a processor symmetric key. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.
    Type: Grant
    Filed: May 7, 2003
    Date of Patent: October 7, 2008
    Assignee: Microsoft Corporation
    Inventors: Butler W. Lampson, John D. DeTreville, Paul England
  • Patent number: 7424606
    Abstract: A system and method for authenticating an operating system includes, in accordance with one aspect, a method in a computer system having a processor, an operating system (OS), and a software identity register that holds an identity of the operating system, the processor having a private key. The method comprises forming an OS certificate containing the identity from the software identity register and signing the OS certificate using the private key. In accordance with another aspect, the signed identity is submitted to a recipient to prove an identity of the operating system to the recipient.
    Type: Grant
    Filed: May 7, 2003
    Date of Patent: September 9, 2008
    Assignee: Microsoft Corporation
    Inventors: Butler W. Lampson, John D. DeTreville, Paul England
  • Patent number: 7418137
    Abstract: A user interface allows a user to input handwritten, key-press, and spoken text in a seamless, synchronized manner. A text input panel accepts soft keyboard presses and handwritten words, characters, and gestures. A text recognizer/synchronizer integrates textual input from various sources while recognizing and preserving the order in which a user entered text via the soft keyboard, via handwriting, and/or by speaking. Synchronized text may be displayed in a stage area of the text input panel before being passed to an operating system message router and/or an application program. While in handwriting recognition mode, various permutations and combinations of a word recognition area, a character recognition area, and a keybar/keypad may optionally be displayed.
    Type: Grant
    Filed: August 30, 2004
    Date of Patent: August 26, 2008
    Assignee: Microsoft Corporation
    Inventors: Charlton E Lui, Charles P Thacker, James E Mathews, Leroy B Keely, David Switzer, William H Vong, Butler W Lampson
  • Patent number: 7415620
    Abstract: In accordance with certain aspects, a chain of trust is established between a subscriber unit and a content provider. A request is submitted from the subscriber unit to the content provider. A challenge nonce is generated at the content provider and returned to the subscriber unit. At the subscriber unit, an operating system (OS) certificate containing an identity of the operating system from the software identity register, information describing the operating system, the challenge nonce, and a CPU public key is formed, and the OS certificate is signed using a CPU private key. The OS certificate and a CPU manufacturer certificate supplied by a manufacturer of the CPU are passed from the subscriber unit to the content provider, and are evaluated at the content provider to determine whether to reject or fulfill the request.
    Type: Grant
    Filed: December 22, 2006
    Date of Patent: August 19, 2008
    Assignee: Microsoft Corporation
    Inventors: Paul England, John D. DeTreville, Butler W. Lampson
  • Patent number: 7356682
    Abstract: In accordance with one aspect of attesting to a value of a register and/or memory region, an operating system of a device receives a request, in response to an ATTEST operation being invoked, to make a signed attestation of a value. The operating system signs a statement that includes the value using a private key of a pair of public and private keys of a processor of the device. The value may be stored in a register and/or a region of memory.
    Type: Grant
    Filed: May 7, 2003
    Date of Patent: April 8, 2008
    Assignee: Microsoft Corporation
    Inventors: Butler W. Lampson, John D. DeTreville, Paul England
  • Patent number: 7302709
    Abstract: A one-way hash function is applied to a seed supplied by an application to produce a hashed seed that is used to generate the application storage key. A one-way hash function is applied to a seed supplied by a user to produce a first hashed seed that is passed to a keyed hash function, which is keyed to an identity for the user, to produce a second hashed seed. The second hashed seed is used to generate the user storage key. An operating system storage key is generated from an unhashed seed. One of the storage keys is used to encrypt the downloaded content. An access predicate attached to the content when it is downloaded is associated with the storage key to enforce certain limitations on the access of the content.
    Type: Grant
    Filed: September 7, 2005
    Date of Patent: November 27, 2007
    Assignee: Microsoft Corporation
    Inventors: Paul England, John D. DeTreville, Butler W. Lampson
  • Patent number: 7248248
    Abstract: A secondary input system for a pen-based computer allows users to control a graphical user interface without the use of a stylus. The secondary input system may be in the form of a pointing system. A display surface may be attached to a housing in which the display surface is sensitive to input of a pen device. The pointing system includes a secondary input system on housing in which the input device is responsive to movement of a finger of a user for controlling the graphical user interface. The input device may be a point stick device, a touchpad, or other device that provides two-dimensional movement of a graphical object on the display surface. The secondary input system may be automatically activated or deactivated based on proximity sensing of a stylus or pen with respect of the display surface.
    Type: Grant
    Filed: August 12, 2002
    Date of Patent: July 24, 2007
    Assignee: Microsoft Corporation
    Inventor: Butler W. Lampson
  • Patent number: 7194092
    Abstract: Secure storage for downloaded content on a subscriber computer is keyed to a trusted digital rights management operating system, a trusted application, a trusted user or a combination thereof. A one-way hash function is applied to a seed supplied by an application to produce a hashed seed that is used to generate the application storage key. A one-way hash function is applied to a seed supplied by a user to produce a first hashed seed that is passed to a keyed hash function, which is keyed to an identity for the user, to produce a second hashed seed. The second hashed seed is used to generate the user storage key. An operating system storage key is generated from an unhashed seed. One of the storage keys is used to encrypt the downloaded content. An access predicate attached to the content when it is downloaded is associated with the storage key to enforce certain limitations on the access of the content.
    Type: Grant
    Filed: January 8, 1999
    Date of Patent: March 20, 2007
    Assignee: Microsoft Corporation
    Inventors: Paul England, John D. DeTreville, Butler W. Lampson