Patents by Inventor Galen Clyde Hunt
Galen Clyde Hunt has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230214535Abstract: The disclosed technology is generally directed to network security for processors. In one example of the technology, a computing device includes: a processor, a memory, and a network interface. The computing device executes a first binary within a first region of the memory, executes a separate second binary within a second region of the memory, and prevents the second binary from accessing the first region of the memory. The first binary implements a kernel configured to control the network interface, while the separate second binary implements a network stack that is restricted to communicate only with an identified set of trusted servers.Type: ApplicationFiled: March 13, 2023Publication date: July 6, 2023Inventors: Mark RUSSINOVICH, Galen Clyde HUNT
-
Patent number: 11625505Abstract: The disclosed technology is generally directed to network security for processors. In one example of the technology, a device includes: hardware, including a network interface; a memory; and a processor. The memory is adapted to store run-time data for the device. The memory includes at least a first memory region and a second memory region. The processor that is adapted to execute processor-executable code including a first binary in the first memory region and a second binary in the second memory region. The first binary includes at least one application and a kernel. The kernel is configured to control the hardware. The second binary is configured to operate, upon execution, as a network stack. The device is configured such that the first memory region is protected such that the first memory region is inaccessible to the second binary.Type: GrantFiled: August 19, 2019Date of Patent: April 11, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Mark Russinovich, Galen Clyde Hunt
-
Publication number: 20230052789Abstract: A unique embedded system is disclosed that locally operates an application virtual machine (VM) and a system VM in isolation from each other. The application VM executes application-specific code for a given purpose of the embedded system. The system VM executes a host operating system (OS) and various security, compatibility, and updating functions independent of the application VM. Each VM is connected to its own unique hardware on the embedded system to ensure that changes to the application code or the system code do not impact the other.Type: ApplicationFiled: August 12, 2021Publication date: February 16, 2023Inventors: Ryan James FAIRFAX, Galen Clyde HUNT, Barry Clayton BOND, Kevin Thomas WESTON, JR.
-
Patent number: 11470118Abstract: The disclosed technology is generally directed to network security for processors. In one example of the technology, a device includes: a memory that is adapted to store run-time data for the device, and a processor. The processor is adapted to execute processor-executable code including a first binary that includes at least one application and a kernel, and a second binary. The second binary is configured to perform networking functions exclusively, including networking functions of one more of layers three through seven of the Open Systems Interconnection (OSI) model.Type: GrantFiled: November 1, 2019Date of Patent: October 11, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Mark Russinovich, Galen Clyde Hunt
-
Publication number: 20210136111Abstract: The disclosed technology is generally directed to network security for processors. In one example of the technology, a device includes: a memory that is adapted to store run-time data for the device, and a processor. The processor is adapted to execute processor-executable code including a first binary that includes at least one application and a kernel, and a second binary. The second binary is configured to perform networking functions exclusively, including networking functions of one more of layers three through seven of the Open Systems Interconnection (OSI) model.Type: ApplicationFiled: November 1, 2019Publication date: May 6, 2021Inventors: Mark RUSSINOVICH, Galen Clyde Hunt
-
Publication number: 20210056236Abstract: The disclosed technology is generally directed to network security for processors. In one example of the technology, a device includes: hardware, including a network interface; a memory; and a processor. The memory is adapted to store run-time data for the device. The memory includes at least a first memory region and a second memory region. The processor that is adapted to execute processor-executable code including a first binary in the first memory region and a second binary in the second memory region. The first binary includes at least one application and a kernel. The kernel is configured to control the hardware. The second binary is configured to operate, upon execution, as a network stack. The device is configured such that the first memory region is protected such that the first memory region is inaccessible to the second binary.Type: ApplicationFiled: August 19, 2019Publication date: February 25, 2021Inventors: Mark RUSSINOVICH, Galen Clyde HUNT
-
Patent number: 10831913Abstract: Systems, methods, and computer-readable storage media are provided for securely storing and accessing content within a public cloud. A processor manufacturer provides processors having secure enclave capability to a cloud provider. The provider makes available a listing of processor identifiers (CPUIDs) for processors available for storing content and having secure enclave capability. A content owner provides CPUIDs for desired processors from the listing to the manufacturer which provides the content owner with a processor-specific public code encryption key (CEK) for encrypting content to be stored on each processor identified. Each processor is constructed such that content encrypted with the public CEK may only be decrypted within a secure enclave thereof. The content owner encrypts the desired content with the public CEK and returns the encrypted content and the CPUID for the appropriate processor to the cloud provider. The cloud provider then stores the encrypted content on the particular processor.Type: GrantFiled: March 15, 2018Date of Patent: November 10, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Galen Clyde Hunt, Mark Eugene Russinovich
-
Publication number: 20190087597Abstract: Systems, methods, and computer-readable storage media are provided for securely storing and accessing content within a public cloud. A processor manufacturer provides processors having secure enclave capability to a cloud provider. The provider makes available a listing of processor identifiers (CPUIDs) for processors available for storing content and having secure enclave capability. A content owner provides CPUIDs for desired processors from the listing to the manufacturer which provides the content owner with a processor-specific public code encryption key (CEK) for encrypting content to be stored on each processor identified. Each processor is constructed such that content encrypted with the public CEK may only be decrypted within a secure enclave thereof. The content owner encrypts the desired content with the public CEK and returns the encrypted content and the CPUID for the appropriate processor to the cloud provider. The cloud provider then stores the encrypted content on the particular processor.Type: ApplicationFiled: March 15, 2018Publication date: March 21, 2019Inventors: GALEN CLYDE HUNT, MARK EUGENE RUSSINOVICH
-
Patent number: 10165079Abstract: Technologies are described herein for providing a persona-based application experience. In some configurations, an application can be adapted with a persona package selected from multiple persona packages. The persona packages may include persona-specific user settings, persona-specific application storage settings, or persona-specific application state settings. A persona package may be selected based on a current persona of a user, a time of day, and/or a location of the user. The selected persona package comprises a setting to adapt the execution of the application. In some configurations, a computer determines, a current persona of the user. The computer also receives a selected persona package comprising a user setting of the software application. The selection of the persona package is based on the current persona of the user and established credentials associated with the user. The computer adapts the execution of the software application according to the selected persona package.Type: GrantFiled: August 20, 2015Date of Patent: December 25, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Alvin Chardon, Kristofer Hellick Reierson, Angela Mele Anderson, Galen Clyde Hunt, Douglas Christopher Burger, Dilip Krishna Pai
-
Patent number: 9922200Abstract: Systems, methods, and computer-readable storage media are provided for securely storing and accessing content within a public cloud. A processor manufacturer provides processors having secure enclave capability to a cloud provider. The provider makes available a listing of processor identifiers (CPUIDs) for processors available for storing content and having secure enclave capability. A content owner provides CPUIDs for desired processors from the listing to the manufacturer which provides the content owner with a processor-specific public code encryption key (CEK) for encrypting content to be stored on each processor identified. Each processor is constructed such that content encrypted with the public CEK may only be decrypted within a secure enclave thereof. The content owner encrypts the desired content with the public CEK and returns the encrypted content and the CPUID for the appropriate processor to the cloud provider. The cloud provider then stores the encrypted content on the particular processor.Type: GrantFiled: June 30, 2014Date of Patent: March 20, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Galen Clyde Hunt, Mark Eugene Russinovich
-
Publication number: 20160134721Abstract: Technologies are described herein for providing a persona-based application experience. A query for a location of a persona package is received from a virtualization client. When the query is received, a current persona of a user requesting execution of a virtualized application is determined. The location of the persona package corresponding to the current persona of the user is determined. The location of the persona package is sent to the virtualization client in response to the query. The virtualization client is configured to execute the virtualized application adapted to the persona package.Type: ApplicationFiled: August 20, 2015Publication date: May 12, 2016Inventors: Alvin Chardon, Kristofer Hellick Reierson, Angela Mele Anderson, Galen Clyde Hunt, Douglas Christopher Burger, Dilip Krishna Pai
-
Publication number: 20150379297Abstract: Systems, methods, and computer-readable storage media are provided for securely storing and accessing content within a public cloud. A processor manufacturer provides processors having secure enclave capability to a cloud provider. The provider makes available a listing of processor identifiers (CPUIDs) for processors available for storing content and having secure enclave capability. A content owner provides CPUIDs for desired processors from the listing to the manufacturer which provides the content owner with a processor-specific public code encryption key (CEK) for encrypting content to be stored on each processor identified. Each processor is constructed such that content encrypted with the public CEK may only be decrypted within a secure enclave thereof. The content owner encrypts the desired content with the public CEK and returns the encrypted content and the CPUID for the appropriate processor to the cloud provider. The cloud provider then stores the encrypted content on the particular processor.Type: ApplicationFiled: June 30, 2014Publication date: December 31, 2015Inventors: GALEN CLYDE HUNT, MARK EUGENE RUSSINOVICH
-
Patent number: 9116728Abstract: Technologies are described herein for providing; a persona-based application experience. A query for a location of a persona package is received from a virtualization client. When the query is received, a current persona of a user requesting execution of a virtualized application is determined. The location of the persona package corresponding to the current persona of the user is determined. The location of the persona package is sent to the virtualization client in response to the query. The virtualization client is configured to execute the virtualized application adapted to the persona package.Type: GrantFiled: December 21, 2010Date of Patent: August 25, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Alvin Chardon, Kristofer Hellick Reierson, Angela Mele Anderson, Galen Clyde Hunt, Douglas Christopher Burger, Dilip Krishna Pai
-
Publication number: 20120159479Abstract: Technologies are described herein for providing; a persona-based application experience. A query for a location of a persona package is received from a virtualization client. When the query is received, a current persona of a user requesting execution of a virtualized application is determined. The location of the persona package corresponding to the current persona of the user is determined The location of the persona package is sent to the virtualization client in response to the query. The virtualization client is configured to execute the virtualized application adapted to the persona package.Type: ApplicationFiled: December 21, 2010Publication date: June 21, 2012Applicant: MICROSOFT CORPORATIONInventors: Alvin Chardon, Kristofer Hellick Reierson, Angela Mele Anderson, Galen Clyde Hunt, Douglas Christopher Burger, Dilip Krishna Pai