Patents by Inventor David J. Linsley
David J. Linsley has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10956615Abstract: Embodiments are directed to managing software components loaded on a device by identifying a platform manifest having a valid certificate, confirming that the platform manifest is bound to the device, identifying components listed on the platform manifest, confirming that the listed components have a valid certificate, and loading listed components with valid certificates on the device. The components may be binaries and packages for an operating system. The components may be signed in an embedded manner or with detached signatures. The platform manifest may be bound to the device in a manner that allows for identification of unauthorized platform manifests.Type: GrantFiled: February 17, 2017Date of Patent: March 23, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Scott R. Shell, Md. Nazmus Sakib, Kinshumann, Dale R. Rolf, Daryn E. Robbins, Ian McCarty, JianMing M. Zhou, David J. Linsley
-
Publication number: 20180239929Abstract: Embodiments are directed to managing software components loaded on a device by identifying a platform manifest having a valid certificate, confirming that the platform manifest is bound to the device, identifying components listed on the platform manifest, confirming that the listed components have a valid certificate, and loading listed components with valid certificates on the device. The components may be binaries and packages for an operating system. The components may be signed in an embedded manner or with detached signatures. The platform manifest may be bound to the device in a manner that allows for identification of unauthorized platform manifests.Type: ApplicationFiled: February 17, 2017Publication date: August 23, 2018Inventors: Scott R. SHELL, Md. Nazmus SAKIB, KINSHUMANN, Dale R. ROLF, Daryn E. ROBBINS, Ian MCCARTY, JianMing M. ZHOU, David J. Linsley
-
Patent number: 9836601Abstract: Anti-malware process protection techniques are described. In one or more implementations, an anti-malware process is launched. The anti-malware process is verified based at least in part on an anti-malware driver that contains certificate pairs which contain an identity that is signed with the trusted certificate from a verified source. After the anti-malware process is verified, the anti-malware process may be assigned a protection level, and an administrative user may be prevented from altering the anti-malware process.Type: GrantFiled: August 8, 2016Date of Patent: December 5, 2017Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Hari Pulapaka, Nicholas S. Judge, Arun U. Kishan, James A. Schwartz, Jr., Kinshumann Kinshumann, David J. Linsley, Niraj V. Majmudar, Scott D. Anderson
-
Patent number: 9582513Abstract: Embodiments of the disclosure provide access to data in a compressed container through dynamic redirection, without storing decompressed data in persistent memory. The compressed container is stored in a first portion of memory. User data and reference files, with redirect pointers, for accessing corresponding files in the compressed container are stored in a second portion of memory. A command to access data is detected by a computing device. The redirect pointer in the reference file associated with the command redirects access to the corresponding compressed version of data stored in the compressed container. The corresponding accessed compressed version of data is decompressed on the fly and provided in response to the command without storing the decompressed data in persistent memory. Some embodiments provide integrity protection to validate the data coming from the compressed container.Type: GrantFiled: December 8, 2013Date of Patent: February 28, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Richard A. Pletcher, Malcolm J. Smith, Alain F. Gefflaut, Alex Bendetov, Andrey Shedel, David J. Linsley, Aaron M. Farmer, James Aaron Holmes, Troy E. Shaw, Emily N. Wilson, Innokentiy Basmov, Michael J. Grass, Alex M. Semenko, Scott D. Anderson, Kinshuman Kinshumann
-
Publication number: 20160342790Abstract: Anti-malware process protection techniques are described. In one or more implementations, an anti-malware process is launched. The anti-malware process is verified based at least in part on an anti-malware driver that contains certificate pairs which contain an identity that is signed with the trusted certificate from a verified source. After the anti-malware process is verified, the anti-malware process may be assigned a protection level, and an administrative user may be prevented from altering the anti-malware process.Type: ApplicationFiled: August 8, 2016Publication date: November 24, 2016Inventors: Hari Pulapaka, Nicholas S. Judge, Arun U. Kishan, James A. Schwartz, JR., Kinshumann Kinshumann, David J. Linsley, Niraj V. Majmudar, Scott D. Anderson
-
Patent number: 9424431Abstract: In a pre-operating system environment on a device prior to loading and running an operating system on the device, a policy identifying configuration settings for the operating system is obtained. The operating system itself is prevented from changing this policy, but the policy can be changed under certain circumstances by components of the pre-operating system environment. The policy is compared to configuration values used by the operating system, and the operating system is allowed to boot with the configuration values if the configuration values satisfy the policy. However, if the configuration values do not satisfy the policy, then a responsive action is taken.Type: GrantFiled: September 14, 2015Date of Patent: August 23, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Scott D. Anderson, David J. Linsley, Magnus Bo Gustaf Nyström, Douglas M. MacIver, Robert Karl Spiger
-
Patent number: 9424425Abstract: Anti-malware process protection techniques are described. In one or more implementations, an anti-malware process is launched. The anti-malware process is verified based at least in part on an anti-malware driver that contains certificates which contain an identity that is signed with the trusted certificate from a verified source. After the anti-malware process is verified, the anti-malware process may be assigned a protection level, and an administrative user may be prevented from altering the anti-malware process.Type: GrantFiled: May 31, 2013Date of Patent: August 23, 2016Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Hari Pulapaka, Nicholas S. Judge, Arun U. Kishan, James A. Schwartz, Jr., Kinshumann Kinshumann, David J. Linsley, Niraj V. Majmudar, Scott D. Anderson
-
Patent number: 9256745Abstract: In a pre-operating system environment on a device prior to loading and running an operating system on the device, a policy identifying configuration settings for the operating system is obtained. The operating system itself is prevented from changing this policy, but the policy can be changed under certain circumstances by components of the pre-operating system environment. The policy is compared to configuration values used by the operating system, and the operating system is allowed to boot with the configuration values if the configuration values satisfy the policy. However, if the configuration values do not satisfy the policy, then a responsive action is taken.Type: GrantFiled: March 1, 2011Date of Patent: February 9, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Scott D. Anderson, David J. Linsley, Magnus Bo Gustaf Nyström, Douglas M. MacIver, Robert Karl Spiger
-
Publication number: 20160012234Abstract: In a pre-operating system environment on a device prior to loading and running an operating system on the device, a policy identifying configuration settings for the operating system is obtained. The operating system itself is prevented from changing this policy, but the policy can be changed under certain circumstances by components of the pre-operating system environment. The policy is compared to configuration values used by the operating system, and the operating system is allowed to boot with the configuration values if the configuration values satisfy the policy. However, if the configuration values do not satisfy the policy, then a responsive action is taken.Type: ApplicationFiled: September 14, 2015Publication date: January 14, 2016Inventors: Scott D. Anderson, David J. Linsley, Magnus Bo Gustaf Nyström, Douglas M. MacIver, Robert Karl Spiger
-
Patent number: 9208313Abstract: Anti-malware process protection techniques are described. In one or more implementations, an anti-malware driver is signed using a hash that identifies a manufacturer of the anti-malware driver. The anti-malware driver is then provided to a computing device. The anti-malware driver may be assigned a protection level based on an agreement between the anti-malware manufacturer and an operating system manufacturer, and this protection level effects the operation of the anti-malware program on the computing device.Type: GrantFiled: June 11, 2013Date of Patent: December 8, 2015Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Hari Pulapaka, Nicholas S. Judge, Arun U. Kishan, James A. Schwartz, Jr., Kinshumann Kinshumann, David J. Linsley, Niraj V. Majmudar, Scott D. Anderson
-
Publication number: 20150161155Abstract: Embodiments of the disclosure provide access to data in a compressed container through dynamic redirection, without storing decompressed data in persistent memory. The compressed container is stored in a first portion of memory. User data and reference files, with redirect pointers, for accessing corresponding files in the compressed container are stored in a second portion of memory. A command to access data is detected by a computing device. The redirect pointer in the reference file associated with the command redirects access to the corresponding compressed version of data stored in the compressed container. The corresponding accessed compressed version of data is decompressed on the fly and provided in response to the command without storing the decompressed data in persistent memory. Some embodiments provide integrity protection to validate the data coming from the compressed container.Type: ApplicationFiled: December 8, 2013Publication date: June 11, 2015Applicant: Microsoft CorporationInventors: Richard A. Pletcher, Malcolm J. Smith, Alain F. Gefflaut, Alex Bendetov, Andrey Shedel, David J. Linsley, Aaron M. Farmer, James Aaron Holmes, Troy E. Shaw, Emily N. Wilson, Innokentiy Basmov, Michael J. Grass, Alex M. Semenko, Scott D. Anderson, Kinshuman Kinshumann
-
Patent number: 8938618Abstract: Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner.Type: GrantFiled: April 5, 2013Date of Patent: January 20, 2015Assignee: Microsoft CorporationInventors: Mark F. Novak, Robert Karl Spiger, Stefan Thom, David J. Linsley, Scott A. Field, Anil Francis Thomas
-
Publication number: 20140359774Abstract: Anti-malware process protection techniques are described. In one or more implementations, an anti-malware process is launched. The anti-malware process is verified based at least in part on an anti-malware driver that contains certificates which contain an identity that is signed with the trusted certificate from a verified source. After the anti-malware process is verified, the anti-malware process may be assigned a protection level, and an administrative user may be prevented from altering the anti-malware process.Type: ApplicationFiled: May 31, 2013Publication date: December 4, 2014Inventors: Hari Pulapaka, Nicholas S. Judge, Arun U. Kishan, James A. Schwartz, Jr., Kinshumann Kinshumann, David J. Linsley, Niraj V. Majmudar, Scott D. Anderson
-
Publication number: 20140359775Abstract: Anti-malware process protection techniques are described. In one or more implementations, an anti-malware driver is signed using a hash that identifies a manufacturer of the anti-malware driver. The anti-malware driver is then provided to a computing device. The anti-malware driver may be assigned a protection level based on an agreement between the anti-malware manufacturer and an operating system manufacturer, and this protection level effects the operation of the anti-malware program on the computing device.Type: ApplicationFiled: June 11, 2013Publication date: December 4, 2014Inventors: Hari Pulapaka, Nicholas S. Judge, Arun U. Kishan, James A. Schwartz, JR., Kinshumann Kinshumann, David J. Linsley, Niraj V. Majmudar, Scott D. Anderson
-
Patent number: 8776258Abstract: Techniques for providing access rights to different portions of a software application to one or more authorized users are described herein. An issuance license may be inserted into the software application that divides the software application into one or more portions and identifies, for each portion, one or more users that are authorized access to the portion. Each portion of the software application may then be encrypted using, for example, a different cryptographic key. When the software is executed, an end user license may then be requested that corresponds to a particular user and that entitles the particular user access to each portion of the software application that the issuance license identifies the particular user as being authorized to access. The end user license may then be used to decrypt each portion of the software application that the issuance license identifies the particular end user as being authorized to access.Type: GrantFiled: June 20, 2007Date of Patent: July 8, 2014Inventor: David J. Linsley
-
Patent number: 8627464Abstract: An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations.Type: GrantFiled: November 2, 2010Date of Patent: January 7, 2014Assignee: Microsoft CorporationInventors: Stefan Thom, Nathan Ide, Scott Danie Anderson, Robert Karl Spiger, David J. Linsley, Mark Fishel Novak, Magnus Nyström
-
Patent number: 8417962Abstract: Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner.Type: GrantFiled: June 11, 2010Date of Patent: April 9, 2013Assignee: Microsoft CorporationInventors: Mark F. Novak, Robert Karl Spiger, Stefan Thom, David J. Linsley, Scott A. Field, Anil Francis Thomas
-
Patent number: 8375437Abstract: A Trusted Platform Module (TPM) can be utilized to provide hardware-based protection of cryptographic information utilized within a virtual computing environment. A virtualized cryptographic service can interface with the virtual environment and enumerate a set of keys that encryption mechanisms within the virtual environment can utilize to protect their keys. The keys provided by the virtualized cryptographic service can be further protected by the TPM-specific keys of the TPM on the computing device hosting the virtual environment. Access to the protected data within the virtual environment can, thereby, only be granted if the virtualized cryptographic service's keys have been protected by the TPM-specific keys of the TPM on the computing device that is currently hosting the virtual environment. The virtualized cryptographic service's keys can be protected by TPM-specific keys of TPMs on selected computing devices to enable the virtual environment to be hosted by other computing devices.Type: GrantFiled: March 30, 2010Date of Patent: February 12, 2013Assignee: Microsoft CorporationInventors: David J. Linsley, Stefan Thom
-
Publication number: 20120226895Abstract: In a pre-operating system environment on a device prior to loading and running an operating system on the device, a policy identifying configuration settings for the operating system is obtained. The operating system itself is prevented from changing this policy, but the policy can be changed under certain circumstances by components of the pre-operating system environment. The policy is compared to configuration values used by the operating system, and the operating system is allowed to boot with the configuration values if the configuration values satisfy the policy. However, if the configuration values do not satisfy the policy, then a responsive action is taken.Type: ApplicationFiled: March 1, 2011Publication date: September 6, 2012Applicant: MICROSOFT CORPORATIONInventors: Scott D. Anderson, David J. Linsley, Magnus Bo Gustaf Nyström, Douglas M. MacIver, Robert Karl Spiger
-
Publication number: 20120110644Abstract: An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations.Type: ApplicationFiled: November 2, 2010Publication date: May 3, 2012Applicant: Microsoft CorporationInventors: Stefan Thom, Nathan Ide, Scott Daniel Anderson, Robert Karl Spiger, David J. Linsley, Mark Fishel Novak, Magnus Nyström