Patents by Inventor Dave M. McPherson
Dave M. McPherson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10419216Abstract: A keying infrastructure may generate and/or manage cryptographic keys. The cryptographic keys may include identity keys, encryption keys, and a variety of other types of keys. The cryptographic keys may be derived or created with a key derivation function (KDF) or other one-way function. The cryptographic keys may include keys that are accessible to a boot loader, keys that are accessible to particular components of a Trusted Execution Environment (TrEE), and so on. In some examples, a key may be derived from a preceding key in a sequence of keys. The preceding key may be deleted when the key is derived.Type: GrantFiled: March 14, 2017Date of Patent: September 17, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Niels T. Ferguson, Magnus Bo Gustaf Nystrom, Dave M. McPherson, Paul England, Mark Fishel Novak
-
Publication number: 20170187526Abstract: A keying infrastructure may generate and/or manage cryptographic keys. The cryptographic keys may include identity keys, encryption keys, and a variety of other types of keys. The cryptographic keys may be derived or created with a key derivation function (KDF) or other one-way function. The cryptographic keys may include keys that are accessible to a boot loader, keys that are accessible to particular components of a Trusted Execution Environment (TrEE), and so on. In some examples, a key may be derived from a preceding key in a sequence of keys. The preceding key may be deleted when the key is derived.Type: ApplicationFiled: March 14, 2017Publication date: June 29, 2017Inventors: Niels T. Ferguson, Magnus Bo Gustaf Nystrom, Dave M. McPherson, Paul England, Mark Fishel Novak
-
Patent number: 9633210Abstract: A keying infrastructure may generate and/or manage cryptographic keys. The cryptographic keys may include identity keys, encryption keys, and a variety of other types of keys. The cryptographic keys may be derived or created with a key derivation function (KDF) or other one-way function. The cryptographic keys may include keys that are accessible to a boot loader, keys that are accessible to particular components of a Trusted Execution Environment (TrEE), and so on. In some examples, a key may be derived from a preceding key in a sequence of keys. The preceding key may be deleted when the key is derived.Type: GrantFiled: March 31, 2014Date of Patent: April 25, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Niels T. Ferguson, Magnus Bo Gustaf Nystrom, Dave M. McPherson, Paul England, Mark Fishel Novak
-
Patent number: 9515832Abstract: The techniques and systems described herein present various implementations of a model for authenticating processes for execution and specifying and enforcing permission restrictions on system resources for processes and users. In some implementations, a binary file for an application, program, or process may be augmented to include a digital signature encrypted with a key such that an operating system may subsequently authenticate the digital signature. Once the binary file has been authenticated, the operating system may create a process and tag the process with metadata indicating the type of permissions that are allowed for the process. The metadata may correspond to a particular access level for specifying resource permissions.Type: GrantFiled: June 24, 2013Date of Patent: December 6, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Vishal Agarwal, Sunil P. Gottumukkala, Arun U. Kishan, Dave M. McPherson, Jonathan M. Andes, Giridharan Sridharan, Kinshuman Kinshumann, Adam Damiano, Salahuddin J. Khan, Gopinathan Kannan
-
Publication number: 20150078550Abstract: A security processing unit is configured to manage cryptographic keys. In some instances, the security processing unit may comprise a co-processing unit that includes memory, one or more processors, and other components to perform operations in a secure environment. A component that is external to the security processing unit may communicate with the security processing unit to generate a cryptographic key, manage access to a cryptographic key, encrypt/decrypt data with a cryptographic key, or otherwise utilize a cryptographic key. The external component may comprise a central processing unit, an application, and/or any other hardware or software component that is located outside the security processing unit.Type: ApplicationFiled: March 31, 2014Publication date: March 19, 2015Applicant: Microsoft CorporationInventors: Niels T. Ferguson, Dave M. McPherson, Mark Fishel Novak, Paul England
-
Publication number: 20150082048Abstract: A keying infrastructure may generate and/or manage cryptographic keys. The cryptographic keys may include identity keys, encryption keys, and a variety of other types of keys. The cryptographic keys may be derived or created with a key derivation function (KDF) or other one-way function. The cryptographic keys may include keys that are accessible to a boot loader, keys that are accessible to particular components of a Trusted Execution Environment (TrEE), and so on. In some examples, a key may be derived from a preceding key in a sequence of keys. The preceding key may be deleted when the key is derived.Type: ApplicationFiled: March 31, 2014Publication date: March 19, 2015Applicant: MICROSOFT CORPORATIONInventors: Niels T. Ferguson, Magnus Bo Gustaf Nystrom, Dave M. McPherson, Paul England, Mark Fishel Novak
-
Publication number: 20140380058Abstract: The techniques and systems described herein present various implementations of a model for authenticating processes for execution and specifying and enforcing permission restrictions on system resources for processes and users. In some implementations, a binary file for an application, program, or process may be augmented to include a digital signature encrypted with a key such that an operating system may subsequently authenticate the digital signature. Once the binary file has been authenticated, the operating system may create a process and tag the process with metadata indicating the type of permissions that are allowed for the process. The metadata may correspond to a particular access level for specifying resource permissions.Type: ApplicationFiled: June 24, 2013Publication date: December 25, 2014Inventors: Vishal Agarwal, Sunil P. Gottumukkala, Arun U. Kishan, Dave M. McPherson, Jonathan M. Andes, Giridharan Sridharan, Kinshuman Kinshumann, Adam Damiano, Salahuddin J. Khan, Gopinathan Kannan
-
Patent number: 8799630Abstract: This disclosure describes methods, systems and application programming interfaces for creating an advanced security negotiation package. This disclosure describes creating an advanced security negotiation protocol under a Simple and Protected Negotiation Mechanism (SPNEGO) protocol to negotiate an authentication scheme. The protocol describes defining a Windows Security Type (WST) Library message to protect negotiation data during the advanced security negotiation protocol. The protocol sends an initial message that carries multiple authentication messages to reduce redundant roundtrips and implements key exchanges by a mini Security Support Provider (SSP).Type: GrantFiled: June 26, 2008Date of Patent: August 5, 2014Assignee: Microsoft CorporationInventors: Dave M. McPherson, Tanmoy Dutta, Cristian Ilac, Liqiang Zhu
-
Patent number: 8533772Abstract: A role-based authorization management system maintains an authorization policy store that represents user authorizations to perform operations associated with an application. When a user attempts to perform a function associated with an application, the authorization management system verifies that the user is authorized to perform the requested function. The authorization management system also provides an interface for an application administrator to update role-based user authorization policies associated with one or more applications.Type: GrantFiled: June 3, 2009Date of Patent: September 10, 2013Assignee: Microsoft CorporationInventors: Praerit Garg, Cliff Van Dyke, Dave M. McPherson, Everett McKay
-
Patent number: 7882539Abstract: Abstracting access control policy from access check mechanisms allows for richer expression of policy, using a declarative model with semantics, than what is permitted by the access check mechanisms. Further, abstracting access control policy allows for uniform expression of policy across multiple access check mechanisms. Proof-like reasons for any access query are provided, such as who has access to what resource, built from the policy statements themselves, independent of the access check mechanism that provide access. Access is audited and policy-based reasons for access are provided based on the access control policy.Type: GrantFiled: June 2, 2006Date of Patent: February 1, 2011Assignee: Microsoft CorporationInventors: Muthukrishnan Paramasivam, Charles F. Rose, III, Dave M. McPherson, Raja Pazhanivel Perumal, Satyajit Nath, Paul J. Leach, Ravindra Nath Pandya
-
Publication number: 20090328140Abstract: This disclosure describes methods, systems and application programming interfaces for creating an advanced security negotiation package. This disclosure describes creating an advanced security negotiation protocol under a Simple and Protected Negotiation Mechanism (SPNEGO) protocol to negotiate an authentication scheme. The protocol describes defining a Windows Security Type (WST) Library message to protect negotiation data during the advanced security negotiation protocol. The protocol sends an initial message that carries multiple authentication messages to reduce redundant roundtrips and implements key exchanges by a mini Security Support Provider (SSP).Type: ApplicationFiled: June 26, 2008Publication date: December 31, 2009Applicant: Microsoft CorporationInventors: Dave M. McPherson, Tanmoy Dutta, Cristian Ilac, Liqiang Zhu
-
Publication number: 20070283411Abstract: Abstracting access control policy from access check mechanisms allows for richer expression of policy, using a declarative model with semantics, than what is permitted by the access check mechanisms. Further, abstracting access control policy allows for uniform expression of policy across multiple access check mechanisms. Proof-like reasons for any access query are provided, such as who has access to what resource, built from the policy statements themselves, independent of the access check mechanism that provide access. Access is audited and policy-based reasons for access are provided based on the access control policy.Type: ApplicationFiled: June 2, 2006Publication date: December 6, 2007Applicant: Microsoft CorporationInventors: Muthukrishnan Paramasivam, Charles F. Rose, Dave M. McPherson, Raja Pazhanivel Perumal, Satyajit Nath, Paul J. Leach, Ravindra Nath Pandya