Patents by Inventor Frederick Justus Smith
Frederick Justus Smith has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20260120229Abstract: A method executed by a computer system with a processor system involves analyzing read profiling data associated with a first filesystem image to determine the sequence in which a guest context accessed multiple files during its startup. Subsequently, a second filesystem image is created based on this profiling data, comprising various data block sets, each set representing files accessed by the guest context. The data block sets are arranged in the second filesystem image according to the order in which the guest context accessed the corresponding files, ensuring a sequential writing process. This innovative approach optimizes filesystem organization and retrieval efficiency based on actual usage patterns during system initialization.Type: ApplicationFiled: October 31, 2024Publication date: April 30, 2026Inventors: Frederick Justus SMITH, Shaheed Gulamabbas Chagani, Paul McAlpin Bozzay, Xuhao HE, Aparajita Dutta
-
Patent number: 12225050Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: GrantFiled: March 28, 2022Date of Patent: February 11, 2025Assignee: Microsoft Technology Licensing, LLCInventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
-
Patent number: 11762964Abstract: Memory is partitioned and isolated in container-based memory enclaves. The container-based memory enclaves have attestable security guarantees. During provisioning of the container-based memory enclaves from a container image, a purported link in the container to a memory address of the enclave is modified to verifiably link to an actual memory address of the host, such as partitioned memory enclave. In some instances, enclave attestation reports can be validated without transmitting corresponding attestation requests to remote attestation services, based on previous attestation of one or more previous container attestation reports from a similar container and without requiring end-to-end attestation between the container and remote attestation service for each new attestation request.Type: GrantFiled: January 20, 2022Date of Patent: September 19, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Maxwell Christopher Renke, Taylor James Stark, Benjamin M. Schultz, Giridhar Viswanathan, Frederick Justus Smith, Deepu Chandy Thomas, Hari R. Pulapaka, Amber Tianqi Guo
-
Publication number: 20230244516Abstract: Computing systems, devices, and methods of dynamic image composition for container deployment are disclosed herein. One example technique includes receiving a request for accessing a file from a container process. In response to receiving the request, the technique includes querying a mapping table corresponding to the container process to locate an entry corresponding to a file identifier of the requested file. The entry also includes data identifying a file location on the storage device from which the requested file is accessible. The technique further includes retrieving a copy of the requested file according to the file location identified by the data in the located entry in the mapping table and providing the retrieved copy of the requested file to the container process, thereby allowing the container process to access the requested file.Type: ApplicationFiled: January 13, 2023Publication date: August 3, 2023Applicant: Microsoft Technology Licensing, LLCInventors: Jonathan De Marco, Benjamin M. Schultz, Frederick Justus Smith, Hari R. Pulapaka, Mehmet Iyigun, Amber Tianqi Guo
-
Publication number: 20220224726Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: ApplicationFiled: March 28, 2022Publication date: July 14, 2022Inventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
-
Patent number: 11363067Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: GrantFiled: June 12, 2019Date of Patent: June 14, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
-
Publication number: 20220147465Abstract: Memory is partitioned and isolated in container-based memory enclaves. The container-based memory enclaves have attestable security guarantees. During provisioning of the container-based memory enclaves from a container image, a purported link in the container to a memory address of the enclave is modified to verifiably link to an actual memory address of the host, such as partitioned memory enclave. In some instances, enclave attestation reports can be validated without transmitting corresponding attestation requests to remote attestation services, based on previous attestation of one or more previous container attestation reports from a similar container and without requiring end-to-end attestation between the container and remote attestation service for each new attestation request.Type: ApplicationFiled: January 20, 2022Publication date: May 12, 2022Inventors: Maxwell Christopher Renke, Taylor James Stark, Benjamin M. Schultz, Giridhar Viswanathan, Frederick Justus Smith, Deepu Chandy Thomas, Hari R. Pulapaka, Amber Tianqi Guo
-
Patent number: 11290488Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: GrantFiled: February 15, 2019Date of Patent: March 29, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
-
Patent number: 11256785Abstract: Memory is partitioned and isolated in container-based memory enclaves. The container-based memory enclaves have attestable security guarantees. During provisioning of the container-based memory enclaves from a container image, a purported link in the container to a memory address of the enclave is modified to verifiably link to an actual memory address of the host, such as partitioned memory enclave. In some instances, enclave attestation reports can be validated without transmitting corresponding attestation requests to remote attestation services, based on previous attestation of one or more previous container attestation reports from a similar container and without requiring end-to-end attestation between the container and remote attestation service for each new attestation request.Type: GrantFiled: September 9, 2019Date of Patent: February 22, 2022Assignee: MICROSOFT TECHNOLOGLY LICENSING, LLCInventors: Maxwell Christopher Renke, Taylor James Stark, Benjamin M. Schultz, Giridhar Viswanathan, Frederick Justus Smith, Deepu Chandy Thomas, Hari R. Pulapaka, Amber Tianqi Guo
-
Patent number: 11100243Abstract: Technologies are described for selective persistence of data utilized by software containers. A configuration policy is defined that includes data that specifies one or more data stores for which data is not to be persisted following accesses to a software container and one or more data stores for which data is to be persisted following accesses to the software container. When the software container is first accessed, the data stores identified in the configuration policy are attached to the software container. Upon a subsequent access to the container, such as at the conclusion of a user session or upon destruction of the container, the data in the attached data stores is persisted or deleted based upon the configuration policy. When the software container is once again accessed, the data store containing the persisted data can be re-attached to the software container.Type: GrantFiled: January 15, 2018Date of Patent: August 24, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Margarit Simeonov Chenchev, Benjamin M. Schultz, Giridhar Viswanathan, Balaji Balasubramanyan, Yanan Zhang, Frederick Justus Smith, Hari R. Pulapaka, David Weston
-
Patent number: 11074323Abstract: Securely performing file operations. A method includes determining a licensing characteristic assigned to a file. When the licensing characteristic assigned to the file meets or exceeds a predetermined licensing condition, then the method includes performing a file operation on the file in a host operating system while preventing the file operation from being performed in the guest operating system. When the licensing characteristic assigned to the file does not meet or exceed the predetermined licensing condition, then the method includes performing the file operation on the file in the guest operating system while preventing the file operation from being performed directly in the host operating system.Type: GrantFiled: June 21, 2018Date of Patent: July 27, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Benjamin M. Schultz, Balaji Balasubramanyan, Giridhar Viswanathan, Ankit Srivastava, Margarit Simeonov Chenchev, Hari R. Pulapaka, Nived Kalappuraikal Sivadas, Raphael Gianotti Serrano dos Santo, Narasimhan Ramasubramanian, Frederick Justus Smith, Matthew David Kurjanowicz, Prakhar Srivastava, Jonathan Schwartz
-
Publication number: 20210011984Abstract: Memory is partitioned and isolated in container-based memory enclaves. The container-based memory enclaves have attestable security guarantees. During provisioning of the container-based memory enclaves from a container image, a purported link in the container to a memory address of the enclave is modified to verifiably link to an actual memory address of the host, such as partitioned memory enclave. In some instances, enclave attestation reports can be validated without transmitting corresponding attestation requests to remote attestation services, based on previous attestation of one or more previous container attestation reports from a similar container and without requiring end-to-end attestation between the container and remote attestation service for each new attestation request.Type: ApplicationFiled: September 9, 2019Publication date: January 14, 2021Inventors: Maxwell Christopher Renke, Taylor James Stark, Benjamin M. Schultz, Giridhar Viswanathan, Frederick Justus Smith, Deepu Chandy Thomas, Hari R. Pulapaka, Amber Tianqi Guo
-
Patent number: 10885189Abstract: A host operating system running on a computing device monitors resource access by an application running in a container that is isolated from the host operating system. In response to detecting resource access by the application, a security event is generated describing malicious activity that occurs from the accessing the resource. This security event is analyzed to determine a threat level of the malicious activity. If the threat level does not satisfy a threat level threshold, the host operating system allows the application to continue accessing resources and continues to monitor resource access. When the threat level satisfies the threat level threshold, the operating system takes corrective action to prevent the malicious activity from spreading beyond the isolated container. Through the use of security events, the host operating system is protected from even kernel-level attacks without using resources required to run anti-virus software in the isolated container.Type: GrantFiled: May 22, 2017Date of Patent: January 5, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Charles G. Jeffries, Benjamin M. Schultz, Giridhar Viswanathan, Frederick Justus Smith, David Guy Weston, Ankit Srivastava, Ling Tony Chen, Hari R. Pulapaka
-
Patent number: 10885193Abstract: Securely performing file operations. A method includes determining a trust characteristic assigned to a file. When the trust characteristic assigned to the file meets or exceeds a predetermined trust condition, then the method includes performing a file operation on the file in a host operating system while preventing the file operation from being performed in the container operating system. When the trust characteristic assigned to the file does not meet or exceed the predetermined trust condition, then the method includes performing the file operation on the file in the container operating system while preventing the file operation from being performed directly in the host operating system.Type: GrantFiled: February 12, 2018Date of Patent: January 5, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Bryan R. Born, Giridhar Viswanathan, Peteris Ledins, Balaji Balasubramanyan, Margarit Simeonov Chenchev, Benjamin M. Schultz, Hari R. Pulapaka, Frederick Justus Smith, Narasimhan Ramasubramanian, Raphael Gianotti Serrano Dos Santo, Nived Kalappuraikal Sivadas, Ravinder Thind, Matthew David Kurjanowicz
-
Publication number: 20190297116Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: ApplicationFiled: June 12, 2019Publication date: September 26, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
-
Patent number: 10380081Abstract: A container for one or more scheduled meeting is pre-built for the meeting prior to the meeting occurring. The container can be built in a variety of manners, including using both static and dynamic techniques. Dynamic techniques for building a container allows a pre-build system to include more pertinent data in the container whereas static techniques reduce computing workload and allow for pre-building containers for unscheduled meetings. A combination of static and dynamic building techniques can be applied using a layer repository. Alternately, a static base layer can be used and customized for scheduled meetings.Type: GrantFiled: March 31, 2017Date of Patent: August 13, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Kyle Thomas Brady, John C. Gordon, Benjamin M. Schultz, Ali Hajy, Morakinyo Korede Olugbade, Hari R. Pulapaka, Paul McAlpin Bozzay, Frederick Justus Smith, Mehmet Iyigun
-
Patent number: 10375111Abstract: Anonymous containers are discussed herein. An operating system running on a computing device, also referred to herein as a host operating system running on a host device, prevents an application from accessing personal information (e.g., user information or corporate information) by activating an anonymous container that is isolated from the host operating system. In order to create and activate the anonymous container, a container manager anonymizes the configuration and settings data of the host operating system, and injects the anonymous configuration and settings data into the anonymous container. Such anonymous configuration and settings data may include, by way of example and not limitation, application data, machine configuration data, and user settings data. The host operating system then allows the application to run in the anonymous container.Type: GrantFiled: February 10, 2017Date of Patent: August 6, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Benjamin M. Schultz, Frederick Justus Smith, Daniel Vasquez Lopez, Abhinav Mishra, Ian James McCarty, John A. Starks, Joshua David Ebersol, Ankit Srivastava, Hari R. Pulapaka, Mehmet Iyigun, Stephen E. Bensley, Giridhar Viswanathan
-
Patent number: 10333985Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.Type: GrantFiled: March 16, 2017Date of Patent: June 25, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
-
Publication number: 20190180003Abstract: Securely performing file operations. A method includes determining a licensing characteristic assigned to a file. When the licensing characteristic assigned to the file meets or exceeds a predetermined licensing condition, then the method includes performing a file operation on the file in a host operating system while preventing the file operation from being performed in the guest operating system. When the licensing characteristic assigned to the file does not meet or exceed the predetermined licensing condition, then the method includes performing the file operation on the file in the guest operating system while preventing the file operation from being performed directly in the host operating system.Type: ApplicationFiled: June 21, 2018Publication date: June 13, 2019Inventors: Benjamin M. Schultz, Balaji Balasubramanyan, Giridhar Viswanathan, Ankit Srivastava, Margarit Simeonov Chenchev, Hari R. Pulapaka, Nived Kalappuraikal Sivadas, Raphael Gianotti Serrano dos Santo, Narasimhan Ramasubramanian, Frederick Justus Smith, Matthew David Kurjanowicz, Prakhar Srivastava, Jonathan Schwartz
-
Publication number: 20190180033Abstract: Securely performing file operations. A method includes determining a trust characteristic assigned to a file. When the trust characteristic assigned to the file meets or exceeds a predetermined trust condition, then the method includes performing a file operation on the file in a host operating system while preventing the file operation from being performed in the container operating system. When the trust characteristic assigned to the file does not meet or exceed the predetermined trust condition, then the method includes performing the file operation on the file in the container operating system while preventing the file operation from being performed directly in the host operating system.Type: ApplicationFiled: February 12, 2018Publication date: June 13, 2019Inventors: Bryan R. BORN, Giridhar VISWANATHAN, Peteris LEDINS, Balaji BALASUBRAMANYAN, Margarit Simeonov CHENCHEV, Benjamin M. SCHULTZ, Hari R. PULAPAKA, Frederick Justus SMITH, Narasimhan RAMASUBRAMANIAN, Raphael GIANOTTI SERRANO DOS SANTO, Nived KALAPPURAIKAL SIVADAS, Ravinder THIND, Matthew David KURJANOWICZ