Patents by Inventor Edmund B. Nightingale
Edmund B. Nightingale has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11444918Abstract: The disclosed technology is generally directed to firewalls. In one example of the technology, a first firewall is used such that communication is blocked from a first subsystem of a device upon boot of the device. The first firewall is enabled to be configured by secure code subsequent to boot such that code that is not secure code is prevented from configuring the first firewall. After configuration of the first firewall, based on the configuration, the first firewall is used to selectively allow the first subsystem access to the first memory based on ranges of addresses of the first memory configured as accessible to the first subsystem.Type: GrantFiled: December 16, 2019Date of Patent: September 13, 2022Assignee: Microsoft Technology Licensing, LLCInventors: George Thomas Letey, Douglas L. Stiles, Edmund B. Nightingale
-
Patent number: 11422907Abstract: While connected to cloud storage, a computing device writes data and metadata to the cloud storage, indicates success of the write to an application of the computing device, and, after indicating success to the application, writes the data and metadata to local storage of the computing device. The data and metadata may be written to different areas of the local storage. The computing device may also determine that it has recovered from a crash or has connected to the cloud storage after operating disconnected and reconcile the local storage with the cloud storage. The reconciliation may be based at least on a comparison of the metadata stored in the area of the local storage with metadata received from the cloud storage. The cloud storage may store each item of data contiguously with its metadata as an expanded block.Type: GrantFiled: August 19, 2013Date of Patent: August 23, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: James W. Mickens, Jeremy E. Elson, Edmund B. Nightingale, Bin Fan, Asim Kadav, Osama Khan
-
Patent number: 11210173Abstract: A technology is directed to embedded device updates. In one example of the technology, a partition of a memory is atomically updated. The partition includes partition tables including a primary partition table and a back-up partition table. The partition tables include entries for the images included in the partition, and information associated with the images included in the partition. Atomically updating the partition of the memory includes writing an updated version to the partition. The written updated version is verified. An updated partition table is written to the back-up partition table. The updated partition table is written to the primary partition table. If it is determined that a power, or other, fault occurred while the primary partition table was being written, the primary partition table is overwritten with the back-up partition table.Type: GrantFiled: May 21, 2018Date of Patent: December 28, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Edmund B. Nightingale, Thales Paulo De Carvalho, Daryl Roy Zuniga Grosserhode
-
Patent number: 11106537Abstract: The disclosed technology is generally directed to IoT device update failure recovery. In one example of the technology, after writing an updated release to memory, a determination is made whether the updated release is valid. The updated release includes a plurality of image binaries. If the updated release is determined to be valid, the updated release is made the current release. A determination is made as to whether the current release is stable. Upon determining that the current release is unstable, an auto-rollback is performed. Performing the auto-rollback includes, via at least one processor, automatically: obtaining an uncompressed backup of a previous release; making the uncompressed backup of the previous release the current release; and executing the uncompressed backup.Type: GrantFiled: June 14, 2019Date of Patent: August 31, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Reuben R. Olinsky, Edmund B. Nightingale
-
Patent number: 11036654Abstract: The disclosed technology is generally directed to protection against unauthorized code. In one example of the technology, a read request to a restricted region of memory is detected. The read request is associated with a first processor. In response to detecting the read request to the restricted region of memory, a data value that causes an exception in response to execution by the first processor is provided.Type: GrantFiled: June 21, 2018Date of Patent: June 15, 2021Assignee: Microsoft Technology Licensing, LLCInventors: George Thomas Letey, Felix Stefan Domke, Edmund B. Nightingale
-
Patent number: 10942798Abstract: In one example of the technology, via a first independent execution environment of a set of independent execution environments in an integrated circuit, a first watchdog timer is caused to reset on a periodic basis. The set of independent execution environments is configured to have a defense-in-depth hierarchy. The set of independent execution environments includes a first independent execution environment and a second independent execution environment. The first independent execution environment is a most trusted execution environment on the integrated circuit. Via the second independent execution environment: a second watchdog timer is periodically caused to reset on a periodic basis. In response to the second watchdog timer timing out, an interrupt is communicated from the second watchdog timer to the first independent execution environment. In response to the first watchdog timer timing out, at least a portion of the integrated circuit is reset.Type: GrantFiled: May 31, 2018Date of Patent: March 9, 2021Assignee: Microsoft Technology Licensing, LLCInventors: George Thomas Letey, Douglas L. Stiles, Edmund B. Nightingale, Stephen E. Hodges, Philip John Joseph Wright
-
Patent number: 10936303Abstract: The disclosed technology is generally directed to updating of applications, firmware and/or other software on IoT devices. In one example of the technology, a request that is associated with a requested update is communicated from a normal world of a first application processor to a secure world of the first application processor. The secure world validates the requested update. Instructions associated with the validated update are communicated from the secure world to the normal world. Image requests are sent from the normal world to a cloud service for image binaries associated with the validated update. The secure world receives the requested image binaries from the cloud service. The secure world writes the received image binaries to memory, and validates the written image binaries.Type: GrantFiled: September 10, 2019Date of Patent: March 2, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Adrian Bonar, Reuben R. Olinsky, Sang Eun Kim, Edmund B. Nightingale, Thales de Carvalho
-
Patent number: 10901845Abstract: Erasure code for data is generated by: calculating the size and bytes of an erasure code block, calculating a number of stripes for the erasure code, and generating each stripe of each block for the erasure code, such that the stripes alternate in a pattern for each block, and saving hashes. A portion of the data is repaired by: for each block of the portion of the data, calculating the stripe of the block, identifying each hash for which the hash of the block of the portion of data does not match the saved hash of the block as a bad block, and for each identified bad block, generating a repair block for the bad block based on the stripe of the block and corresponding block of the data in the erasure coding for the data.Type: GrantFiled: June 20, 2018Date of Patent: January 26, 2021Assignee: Microsoft Technology Licensing, LLCInventor: Edmund B. Nightingale
-
Patent number: 10860302Abstract: The disclosed technology is generally directed to embedded device updates. In one example of the technology, staging is performed for at least two priority groups, completing staging of each higher priority group before staging a lower priority group, including, for each priority group, the following actions. A list of install targets is generated for the priority group based on a list of software for installation in a memory and software present in the memory. A list of purge targets is generated for the priority group based on the list of software for installation in the memory and the software present in the memory. The install targets are downloaded to a backup partition of the memory. Updating of the software in the memory is caused based on the install targets. The purge targets are deleted from the memory. The install targets are deleted from the back-up partition.Type: GrantFiled: October 21, 2019Date of Patent: December 8, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Edmund B. Nightingale, Thales Paulo De Carvalho, Daryl Roy Zuniga Grosserhode
-
Patent number: 10783075Abstract: The disclosed technology is generally directed to data security. In one example of the technology, data is stored in a memory. The memory includes a plurality of memory banks including a first memory bank and a second memory bank. At least a portion of the data is interleaved amongst at least two of the plurality of memory banks. Access is caused to be prevented to at least one of the plurality of memory banks while a debug mode or recovery mode is occurring. Also, access is caused to be prevented to the at least one of the plurality of memory banks starting with initial boot until a verification by a security complex is successful. The verification by the security complex includes the security complex verifying a signature.Type: GrantFiled: April 7, 2019Date of Patent: September 22, 2020Assignee: Microsoft Technology Licensing, LLCInventors: George Thomas Letey, Douglas L. Stiles, Edmund B. Nightingale
-
Patent number: 10715526Abstract: The disclosed technology is generally directed to integrated circuit technology with defense-in-depth. In one example of the technology, an integrated circuit includes a set of independent execution environments including at least two independent execution environments. At least two of the independent execution environments are general purpose cores with differing capabilities. The independent execution environments in the set of independent execution environments are configured to have a defense-in-depth hierarchy.Type: GrantFiled: February 27, 2017Date of Patent: July 14, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Edmund B. Nightingale, Reuben R. Olinsky, Galen C. Hunt, Douglas Stiles, George Thomas Letey
-
Publication number: 20200120067Abstract: The disclosed technology is generally directed to firewalls. In one example of the technology, a first firewall is used such that communication is blocked from a first subsystem of a device upon boot of the device. The first firewall is enabled to be configured by secure code subsequent to boot such that code that is not secure code is prevented from configuring the first firewall. After configuration of the first firewall, based on the configuration, the first firewall is used to selectively allow the first subsystem access to the first memory based on ranges of addresses of the first memory configured as accessible to the first subsystem.Type: ApplicationFiled: December 16, 2019Publication date: April 16, 2020Inventors: George Thomas LETEY, Douglas L. STILES, Edmund B. NIGHTINGALE
-
Patent number: 10587575Abstract: The disclosed technology is generally directed to firewalls. In one example of the technology, a first firewall is used such that communication is blocked from a first subsystem of a device upon boot of the device. The first firewall is enabled to be configured by secure code subsequent to boot such that code that is not secure code is prevented from configuring the first firewall. After configuration of the first firewall, based on the configuration, the first firewall is used to selectively allow the first subsystem access to the first memory based on ranges of addresses of the first memory configured as accessible to the first subsystem.Type: GrantFiled: May 26, 2017Date of Patent: March 10, 2020Assignee: Microsoft Technology Licensing, LLCInventors: George Thomas Letey, Douglas L. Stiles, Edmund B. Nightingale
-
Publication number: 20200065082Abstract: The disclosed technology is generally directed to embedded device updates. In one example of the technology, staging is performed for at least two priority groups, completing staging of each higher priority group before staging a lower priority group, including, for each priority group, the following actions. A list of install targets is generated for the priority group based on a list of software for installation in a memory and software present in the memory. A list of purge targets is generated for the priority group based on the list of software for installation in the memory and the software present in the memory. The install targets are downloaded to a backup partition of the memory. Updating of the software in the memory is caused based on the install targets. The purge targets are deleted from the memory. The install targets are deleted from the back-up partition.Type: ApplicationFiled: October 21, 2019Publication date: February 27, 2020Inventors: Edmund B. NIGHTINGALE, Thales Paulo DE CARVALHO, Daryl Roy ZUNIGA GROSSERHODE
-
Publication number: 20200012492Abstract: The disclosed technology is generally directed to updating of applications, firmware and/or other software on IoT devices. In one example of the technology, a request that is associated with a requested update is communicated from a normal world of a first application processor to a secure world of the first application processor. The secure world validates the requested update. Instructions associated with the validated update are communicated from the secure world to the normal world. Image requests are sent from the normal world to a cloud service for image binaries associated with the validated update. The secure world receives the requested image binaries from the cloud service. The secure world writes the received image binaries to memory, and validates the written image binaries.Type: ApplicationFiled: September 10, 2019Publication date: January 9, 2020Inventors: Adrian Bonar, Reuben R. Olinsky, Sang Eun Kim, Edmund B. Nightingale, Thales de Carvalho
-
Publication number: 20200004721Abstract: The disclosed technology is generally directed to peripheral access. In one example of the technology, stored configuration information is read. The stored configuration information is associated with mapping a plurality of independent execution environments to a plurality of peripherals such that the peripherals of the plurality of peripherals have corresponding independent execution environments of the plurality of independent execution environments. A configurable interrupt routing table is programmed based on the configuration information. An interrupt is received from a peripheral. The interrupt is routed to the corresponding independent execution environment based on the configurable interrupt routing table.Type: ApplicationFiled: July 8, 2019Publication date: January 2, 2020Inventors: George Thomas LETEY, Douglas L. STILES, Edmund B. NIGHTINGALE
-
Publication number: 20190370103Abstract: In one example of the technology, via a first independent execution environment of a set of independent execution environments in an integrated circuit, a first watchdog timer is caused to reset on a periodic basis. The set of independent execution environments is configured to have a defense-in-depth hierarchy. The set of independent execution environments includes a first independent execution environment and a second independent execution environment. The first independent execution environment is a most trusted execution environment on the integrated circuit. Via the second independent execution environment: a second watchdog timer is periodically caused to reset on a periodic basis. In response to the second watchdog timer timing out, an interrupt is communicated from the second watchdog timer to the first independent execution environment. In response to the first watchdog timer timing out, at least a portion of the integrated circuit is reset.Type: ApplicationFiled: May 31, 2018Publication date: December 5, 2019Inventors: George Thomas LETEY, Douglas L. STILES, Edmund B. NIGHTINGALE, Stephen E. HODGES, Philip John Joseph WRIGHT
-
Publication number: 20190347164Abstract: The disclosed technology is generally directed to embedded device updates. In one example of the technology, a partition of a memory is atomically updated. The partition includes partition tables including a primary partition table and a back-up partition table. The partition tables include entries for the images included in the partition, and information associated with the images included in the partition. Atomically updating the partition of the memory includes writing an updated version to the partition. The written updated version is verified. An updated partition table is written to the back-up partition table. The updated partition table is written to the primary partition table. If it is determined that a power, or other, fault occurred while the primary partition table was being written, the primary partition table is overwritten with the back-up partition table.Type: ApplicationFiled: May 21, 2018Publication date: November 14, 2019Inventors: Edmund B. NIGHTINGALE, Thales Paulo DE CARVALHO, Daryl Roy ZUNIGA GROSSERHODE
-
Patent number: 10452375Abstract: The disclosed technology is generally directed to embedded device updates. In one example of the technology, staging is performed for at least two priority groups, completing staging of each higher priority group before staging a lower priority group, including, for each priority group, the following actions. A list of install targets is generated for the priority group based on a list of software for installation in a memory and software present in the memory. A list of purge targets is generated for the priority group based on the list of software for installation in the memory and the software present in the memory. The install targets are downloaded to a backup partition of the memory. Updating of the software in the memory is caused based on the install targets. The purge targets are deleted from the memory. The install targets are deleted from the back-up partition.Type: GrantFiled: June 21, 2018Date of Patent: October 22, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Edmund B. Nightingale, Thales Paulo De Carvalho, Daryl Roy Zuniga Grosserhode
-
Publication number: 20190317860Abstract: Erasure code for data is generated by: calculating the size and bytes of an erasure code block, calculating a number of stripes for the erasure code, and generating each stripe of each block for the erasure code, such that the stripes alternate in a pattern for each block, and saving hashes. A portion of the data is repaired by: for each block of the portion of the data, calculating the stripe of the block, identifying each hash for which the hash of the block of the portion of data does not match the saved hash of the block as a bad block, and for each identified bad block, generating a repair block for the bad block based on the stripe of the block and corresponding block of the data in the erasure coding for the data.Type: ApplicationFiled: June 20, 2018Publication date: October 17, 2019Inventor: Edmund B. NIGHTINGALE