Patents by Inventor Butler W. Lampson

Butler W. Lampson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 7174457
    Abstract: A general-purpose processor (CPU) is configured with a new mechanism facilitating an authenticated boot sequence that provides building blocks for client-side rights management when the system is online, and provides continued protection of persistent data even when the system goes offline or is rebooted. The CPU includes a cryptographic key pair, and a manufacturer certificate testifying that the manufacturer built the CPU according to a known specification. The operating system (OS) includes a unique block of code, or “boot block” that can establish OS identity by extraction from a digitally signed boot block or by computing a hash digest of the boot block. During booting, the CPU executes a single opcode, followed by the boot block, as an atomic operation to set the identity of the OS into the software identity register. The subscriber unit then can establish a chain of trust to a content provider.
    Type: Grant
    Filed: March 10, 1999
    Date of Patent: February 6, 2007
    Assignee: Microsoft Corporation
    Inventors: Paul England, John D. DeTreville, Butler W. Lampson
  • Patent number: 7020772
    Abstract: Curtained operation provides trusted execution of code and secrecy of data in a secure memory. Curtained code can only be executed from within certain address ranges of a curtained memory region secure against access by code from without the region. Code entry points are restricted, and atomic execution is assured. The memory is organized into multiple hierarchically curtained rings, and peer subrings are denied access to each other as well as to more secure rings.
    Type: Grant
    Filed: September 22, 2003
    Date of Patent: March 28, 2006
    Assignee: Microsoft Corporation
    Inventors: Paul England, Butler W. Lampson
  • Patent number: 6986059
    Abstract: An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.
    Type: Grant
    Filed: June 17, 2004
    Date of Patent: January 10, 2006
    Assignee: Microsoft Corporation
    Inventors: Paul England, Butler W. Lampson
  • Patent number: 6976175
    Abstract: An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.
    Type: Grant
    Filed: December 13, 2004
    Date of Patent: December 13, 2005
    Assignee: Microsoft Corporation
    Inventors: Paul England, Butler W. Lampson
  • Publication number: 20040243836
    Abstract: An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.
    Type: Application
    Filed: June 17, 2004
    Publication date: December 2, 2004
    Applicant: Microsoft Corporation
    Inventors: Paul England, Butler W. Lampson
  • Patent number: 6820063
    Abstract: Digital rights for content downloaded to a subscriber computer from a provider are specified in an access predicate. The access predicate is compared with a rights manager certificate associated with an entity, such as an application, that wants access to the content. If the rights manager certificate satisfies the access predicate, the entity is allowed access to the content. A license that specifies limitations on the use of the content can also be associated with the content and provided to the entity. The use the entity makes of the content is monitored and terminated if the entity violates the license limitations. In one aspect of the invention, the access predicate and the license are protected from tampering through cryptographic techniques.
    Type: Grant
    Filed: January 8, 1999
    Date of Patent: November 16, 2004
    Assignee: Microsoft Corporation
    Inventors: Paul England, John D. DeTreville, Butler W. Lampson
  • Patent number: 6788815
    Abstract: A user interface allows a user to input handwritten, key-press, and spoken text in a seamless, synchronized manner. A text input panel accepts soft keyboard presses and handwritten words, characters, and gestures. A text recognizer/synchronizer integrates textual input from various sources while recognizing and preserving the order in which a user entered text via the soft keyboard, via handwriting, and/or by speaking. Synchronized text may be displayed in a stage area of the text input panel before being passed to an operating system message router and/or an application program. While in handwriting recognition mode, various permutations and combinations of a word recognition area, a character recognition area, and a keybar/keypad may optionally be displayed.
    Type: Grant
    Filed: February 28, 2001
    Date of Patent: September 7, 2004
    Assignee: Microsoft Corporation
    Inventors: Charlton E. Lui, Charles P. Thacker, James E. Mathews, Leroy B. Keely, David Switzer, William H. Vong, Butler W. Lampson
  • Patent number: 6775779
    Abstract: An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.
    Type: Grant
    Filed: April 6, 1999
    Date of Patent: August 10, 2004
    Assignee: Microsoft Corporation
    Inventors: Paul England, Butler W. Lampson
  • Publication number: 20040071344
    Abstract: A user interface allows a user to input handwritten, key-press, and spoken text in a seamless, synchronized manner. A text input panel accepts soft keyboard presses and handwritten words, characters, and gestures. A text recognizer/synchronizer integrates textual input from various sources while recognizing and preserving the order in which a user entered text via the soft keyboard, via handwriting, and/or by speaking. Synchronized text may be displayed in a stage area of the text input panel before being passed to an operating system message router and/or an application program. While in handwriting recognition mode, various permutations and combinations of a word recognition area, a character recognition area, and a keybar/keypad may optionally be displayed.
    Type: Application
    Filed: February 28, 2001
    Publication date: April 15, 2004
    Inventors: Charlton E. Lui, Charles P. Thacker, James E. Mathews, Leroy B. Keely, David Switzer, William H. Vong, Butler W. Lampson
  • Publication number: 20040044906
    Abstract: Curtained operation provides trusted execution of code and secrecy of data in a secure memory. Curtained code can only be executed from within certain address ranges of a curtained memory region secure against access by code from without the region. Code entry points are restricted, and atomic execution is assured. The memory is organized into multiple hierarchically curtained rings, and peer subrings are denied access to each other as well as to more secure rings.
    Type: Application
    Filed: September 22, 2003
    Publication date: March 4, 2004
    Inventors: Paul England, Butler W. Lampson
  • Publication number: 20040027338
    Abstract: A secondary input system for a pen-based computer allows users to control a graphical user interface without the use of a stylus. The secondary input system may me in the form of a pointing system. A display surface may be attached to a housing in which the display surface is sensitive to input of a pen device. The pointing system includes a secondary input system on housing in which the input device is responsive to movement of a finger of a user for controlling the graphical user interface. The input device may be a point stick device, a touchpad, or other device that provides two-dimensional movement of a graphical object on the display surface. The secondary input system may be automatically activated or deactivated based on proximity sensing of a stylus or pen with respect of the display surface.
    Type: Application
    Filed: August 12, 2002
    Publication date: February 12, 2004
    Applicant: Microsoft Corporation
    Inventor: Butler W. Lampson
  • Patent number: 6651171
    Abstract: Curtained operation provides trusted execution of code and secrecy of data in a secure memory. Curtained code can only be executed from within certain address ranges of a curtained memory region secure against access by code from without the region. Code entry points are restricted, and atomic execution is assured. The memory is organized into multiple hierarchically curtained rings, and peer subrings are denied access to each other as well as to more secure rings.
    Type: Grant
    Filed: April 6, 1999
    Date of Patent: November 18, 2003
    Assignee: Microsoft Corporation
    Inventors: Paul England, Butler W. Lampson
  • Publication number: 20030196110
    Abstract: In accordance with one aspect of boot blocks for software, in a computer system that has a central processing unit and a software identity register, an atomic operation is executed to set an identity of a piece of software into the software identity register. If the atomic operation completes correctly, then the software identity register contains the identity of the piece of software; otherwise, the software identity register contains a value other than the identity of the piece of software.
    Type: Application
    Filed: May 7, 2003
    Publication date: October 16, 2003
    Inventors: Butler W. Lampson, John D. DeTreville, Paul England
  • Publication number: 20030196085
    Abstract: A system and method for authenticating an operating system includes, in accordance with one aspect, a method in a computer system having a processor, an operating system (OS), and a software identity register that holds an identity of the operating system, the processor having a private key. The method comprises forming an OS certificate containing the identity from the software identity register and signing the OS certificate using the private key. In accordance with another aspect, the signed identity is submitted to a recipient to prove an identity of the operating system to the recipient.
    Type: Application
    Filed: May 7, 2003
    Publication date: October 16, 2003
    Inventors: Butler W. Lampson, John D. DeTreville, Paul England
  • Publication number: 20030196099
    Abstract: In one aspect, a data structure to be encrypted is received, the data structure including content along with a statement of conditions under which the content may be decrypted. The content is encrypted using a public key of a pair of public and private keys of a device that is to decrypt the data structure. In another aspect, a data structure is decrypted using a private key of a pair of public and private keys. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.
    Type: Application
    Filed: May 7, 2003
    Publication date: October 16, 2003
    Inventors: Butler W. Lampson, John D. DeTreville, Paul England
  • Publication number: 20030196111
    Abstract: In accordance with one aspect of attesting to a value of a register and/or memory region, an operating system of a device receives a request, in response to an ATTEST operation being invoked, to make a signed attestation of a value. The operating system signs a statement that includes the value using a private key of a pair of public and private keys of a processor of the device. The value may be stored in a register and/or a region of memory.
    Type: Application
    Filed: May 7, 2003
    Publication date: October 16, 2003
    Inventors: Butler W. Lampson, John D. DeTreville, Paul England
  • Publication number: 20030194094
    Abstract: In one aspect, a data structure to be encrypted is received in a device, the data structure including content along with a statement of conditions under which the content may be decrypted. The data structure is encrypted using a symmetric key of a processor of the device. In another aspect, a data structure is decrypted using a processor symmetric key. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.
    Type: Application
    Filed: May 7, 2003
    Publication date: October 16, 2003
    Inventors: Butler W. Lampson, John D. DeTreville, Paul England
  • Publication number: 20030074579
    Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
    Type: Application
    Filed: February 6, 2002
    Publication date: April 17, 2003
    Applicant: Microsoft Corporation
    Inventors: Giovanni M. Della-Libera, Christopher G. Kaler, Scott A. Konersmann, Butler W. Lampson, Paul J. Leach, Bradford H. Lovering, Steven E. Lucco, Stephen J. Millet, Richard F. Rashid, John P. Shewchuk
  • Patent number: 6330670
    Abstract: A digital rights management operating system protects rights-managed data, such as downloaded content, from access by untrusted programs while the data is loaded into memory or on a page file as a result of the execution of a trusted application that accesses the memory. To protect the rights-managed data resident in memory, the digital rights management operating system refuses to load an untrusted program into memory while the trusted application is executing or removes the data from memory before loading the untrusted program. If the untrusted program executes at the operating system level, such as a debugger, the digital rights management operating system renounces a trusted identity created for it by the computer processor when the computer was booted. To protect the rights-managed data on the page file, the digital rights management operating system prohibits raw access to the page file, or erases the data from the page file before allowing such access.
    Type: Grant
    Filed: January 8, 1999
    Date of Patent: December 11, 2001
    Assignee: Microsoft Corporation
    Inventors: Paul England, John D. DeTreville, Butler W. Lampson
  • Patent number: 6327652
    Abstract: The identity of an operating system running on a computer is determined from an identity associated with an initial component for the operating system, combined with identities of additional components that are loaded afterwards. Loading of a digital rights management operating system on a subscriber computer is guaranteed by validating digital signatures on each component to be loaded and by determining a trust level for each component. A trusted identity is assumed by the digital rights management operating system when only components with valid signatures and a pre-determined trust level are loaded. Otherwise, the operating system is associated with an untrusted identity. Both the trusted and untrusted identities are derived from the components that were loaded. Additionally, a record of the loading of each component is placed into a boot log that is protected from tampering through a chain of public-private key pairs.
    Type: Grant
    Filed: January 8, 1999
    Date of Patent: December 4, 2001
    Assignee: Microsoft Corporation
    Inventors: Paul England, John D. DeTreville, Butler W. Lampson