Patents by Inventor Geir Olsen
Geir Olsen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10204235Abstract: Applications are stored on removable storage of a mobile device in an encrypted form to provide isolation and piracy protection. In one implementation, each application is encrypted using its own associated encryption key that is generated based on an identifier of the application and a master key that is associated with a trusted platform module of the mobile device. In another implementation, each application is encrypted using two associated encryption keys. One key is used to encrypt binary data associated with the application such as source code, and the other key is used to encrypt application data such as graphics and configuration files. The encryption keys are each generated using the identifier of the application, the master key, and identifiers of the folders where the corresponding data types are stored on the mobile device. The removable storage includes SD cards formatted using the FAT or exFAT file systems.Type: GrantFiled: June 28, 2016Date of Patent: February 12, 2019Assignee: Microsoft Technology Licensing, LLCInventors: David Callaghan, Ravisankar Pudipeddi, Geir Olsen, Sachin Patel, JianMing Zhou, Dylan D'Silva
-
Patent number: 10205786Abstract: A method and system for providing a multi-user application executing in a user privilege mode with access to resources of multiple users is described. The multi-user application identifies a first user and a second user of the multi-user application. The multi-user application retrieves an access token for the first user and an access token for the second user. Each access token provides evidence of authorization to access a resource in accordance with access rights of the user. The multi-user application accesses resources by providing one of the access tokens as evidence of authorization to access the resource in accordance with the access rights of the user. The multi-user application can thus access resources of multiple users without having to execute in a system privilege mode.Type: GrantFiled: April 22, 2016Date of Patent: February 12, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Giridharan Sridharan, Vishal Agarwal, Geir Olsen
-
Publication number: 20170310759Abstract: A method and system for providing a multi-user application executing in a user privilege mode with access to resources of multiple users is described. The multi-user application identifies a first user and a second user of the multi-user application. The multi-user application retrieves an access token for the first user and an access token for the second user. Each access token provides evidence of authorization to access a resource in accordance with access rights of the user. The multi-user application accesses resources by providing one of the access tokens as evidence of authorization to access the resource in accordance with the access rights of the user. The multi-user application can thus access resources of multiple users without having to execute in a system privilege mode.Type: ApplicationFiled: April 22, 2016Publication date: October 26, 2017Inventors: Giridharan Sridharan, Vishal Agarwal, Geir Olsen
-
Patent number: 9690924Abstract: Two-factor authentication can be provided transparently to a user by virtue of proof information available at a mobile communication device. For example, after an access request for a service is sent, an authentication code can be intercepted from a responsive incoming message. The technologies can incorporate a cost proof as part of a cost optimization. Other features such as obfuscation and separate channels can be incorporated into the technologies to provide a superior user experience while implementing superior security.Type: GrantFiled: May 15, 2014Date of Patent: June 27, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Marc McClure, Ran Michaely, Geir Olsen, Benjamin Vincent
-
Publication number: 20160306992Abstract: Applications are stored on removable storage of a mobile device in an encrypted form to provide isolation and piracy protection. In one implementation, each application is encrypted using its own associated encryption key that is generated based on an identifier of the application and a master key that is associated with a trusted platform module of the mobile device. In another implementation, each application is encrypted using two associated encryption keys. One key is used to encrypt binary data associated with the application such as source code, and the other key is used to encrypt application data such as graphics and configuration files. The encryption keys are each generated using the identifier of the application, the master key, and identifiers of the folders where the corresponding data types are stored on the mobile device. The removable storage includes SD cards formatted using the FAT or exFAT file systems.Type: ApplicationFiled: June 28, 2016Publication date: October 20, 2016Inventors: David Callaghan, Ravisankar Pudipeddi, Geir Olsen, Sachin Patel, JianMing Zhou, Dylan D'Silva
-
Patent number: 9405925Abstract: Applications are stored on removable storage of a mobile device in an encrypted form to provide isolation and piracy protection. In one implementation, each application is encrypted using its own associated encryption key that is generated based on an identifier of the application and a master key that is associated with a trusted platform module of the mobile device. In another implementation, each application is encrypted using two associated encryption keys. One key is used to encrypt binary data associated with the application such as source code, and the other key is used to encrypt application data such as graphics and configuration files. The encryption keys are each generated using the identifier of the application, the master key, and identifiers of the folders where the corresponding data types are stored on the mobile device. The removable storage includes SD cards formatted using the FAT or exFAT file systems.Type: GrantFiled: February 9, 2014Date of Patent: August 2, 2016Assignee: Microsoft Technology Licensing, LLCInventors: David Callaghan, Ravisankar Pudipeddi, Geir Olsen, Sachin Patel, JianMing Zhou, Dylan D'Silva
-
Publication number: 20150334564Abstract: Two-factor authentication can be provided transparently to a user by virtue of proof information available at a mobile communication device. For example, after an access request for a service is sent, an authentication code can be intercepted from a responsive incoming message. The technologies can incorporate a cost proof as part of a cost optimization. Other features such as obfuscation and separate channels can be incorporated into the technologies to provide a superior user experience while implementing superior security.Type: ApplicationFiled: May 15, 2014Publication date: November 19, 2015Applicant: MICROSOFT CORPORATIONInventors: Marc McClure, Ran Michaely, Geir Olsen, Benjamin Vincent
-
Publication number: 20150227753Abstract: Applications are stored on removable storage of a mobile device in an encrypted form to provide isolation and piracy protection. In one implementation, each application is encrypted using its own associated encryption key that is generated based on an identifier of the application and a master key that is associated with a trusted platform module of the mobile device. In another implementation, each application is encrypted using two associated encryption keys. One key is used to encrypt binary data associated with the application such as source code, and the other key is used to encrypt application data such as graphics and configuration files. The encryption keys are each generated using the identifier of the application, the master key, and identifiers of the folders where the corresponding data types are stored on the mobile device. The removable storage includes SD cards formatted using the FAT or exFAT file systems.Type: ApplicationFiled: February 9, 2014Publication date: August 13, 2015Applicant: Microsoft CorporationInventors: David Callaghan, Ravisankar Pudipeddi, Geir Olsen, Sachin Patel, JianMing Zhou, Dylan D'Silva
-
Patent number: 8533811Abstract: A technique allows software developers to develop applications for a smart phone or other terminal by unlocking the terminal so that it can run unsigned applications. A developer registers with a web-based service, agrees to registration terms, and provides authentication credentials. Data which verifies the authentication credentials is provided back to the developer's computer. The terminal is connected to the developer's computer, and via a user interface, the developer requests registration of the terminal. In response, the terminal receives the data from the developer's computer, and provides the data and a unique terminal identifier to the service. If authorized, the service returns a persistent token or license which is stored at, and used to unlock, the terminal. The service can also provide a command which enforces an expiration date. The terminal checks in with the service to determine if the account is in good standing, and is re-locked if warranted.Type: GrantFiled: August 10, 2010Date of Patent: September 10, 2013Assignee: Microsoft CorporationInventors: John Bruno, Michael Saffitz, Kenneth D. Ray, Geir Olsen
-
Patent number: 8458770Abstract: Access control for an application is described. An exemplary method includes receiving a first command of an application to invoke a function of a user interface, identifying a first authorization context based on a first user context and the function of the user interface invoked, retrieving a first access policy providing access criteria associated with the first authorization context, and applying the first access policy to the accessibility of the function. The method includes receiving a second command to invoke the function in a second instance of the application and identifying a second authorization context based on a second user context and the function of the user interface invoked. The second authorization context is different than the first authorization context. The method includes retrieving a second access policy providing second access criteria associated with the second authorization context and applying the second access policy to the accessibility of the function.Type: GrantFiled: September 14, 2011Date of Patent: June 4, 2013Assignee: Microsoft CorporationInventors: Geir Olsen, Lee C. Spiesman, Michael D. Smith
-
Publication number: 20120005722Abstract: Access control for an application is described. An exemplary method includes receiving a first command of an application to invoke a function of a user interface, identifying a first authorization context based on a first user context and the function of the user interface invoked, retrieving a first access policy providing access criteria associated with the first authorization context, and applying the first access policy to the accessibility of the function. The method includes receiving a second command to invoke the function in a second instance of the application and identifying a second authorization context based on a second user context and the function of the user interface invoked. The second authorization context is different than the first authorization context. The method includes retrieving a second access policy providing second access criteria associated with the second authorization context and applying the second access policy to the accessibility of the function.Type: ApplicationFiled: September 14, 2011Publication date: January 5, 2012Applicant: MICROSOFT CORPORATIONInventors: Geir Olsen, Lee C. Spiesman, Michael D. Smith
-
Patent number: 8042151Abstract: A context based access control system that includes a set of one or more authorization contexts that are activated in response to selection of different functions or tasks or other functional boundary object of an application program. The authorization contexts are associated with one or more access policies that are invoked in response to activation of the one or more authorization contexts.Type: GrantFiled: December 20, 2005Date of Patent: October 18, 2011Assignee: Microsoft CorporationInventors: Geir Olsen, Lee C. Spiesman, Michael D. Smith
-
Publication number: 20110177792Abstract: A technique allows software developers to develop applications for a smart phone or other terminal by unlocking the terminal so that it can run unsigned applications. A developer registers with a web-based service, agrees to registration terms, and provides authentication credentials. Data which verifies the authentication credentials is provided back to the developer's computer. The terminal is connected to the developer's computer, and via a user interface, the developer requests registration of the terminal. In response, the terminal receives the data from the developer's computer, and provides the data and a unique terminal identifier to the service. If authorized, the service returns a persistent token or license which is stored at, and used to unlock, the terminal. The service can also provide a command which enforces an expiration date. The terminal checks in with the service to determine if the account is in good standing, and is re-locked if warranted.Type: ApplicationFiled: August 10, 2010Publication date: July 21, 2011Applicant: Microsoft CorporationInventors: John Bruno, Michael Saffitz, Kenneth D. Ray, Geir Olsen
-
Publication number: 20070143823Abstract: A context based access control system that includes a set of one or more authorization contexts that are activated in response to selection of different functions or tasks or other functional boundary object of an application program. The authorization contexts are associated with one or more access policies that are invoked in response to activation of the one or more authorization contexts.Type: ApplicationFiled: December 20, 2005Publication date: June 21, 2007Applicant: Microsoft CorporationInventors: Geir Olsen, Lee Spiesman, Michael Smith
-
Publication number: 20070102394Abstract: The invention relates to a closure device (1) with or without a drinking mechanism (30) for bottles/receptacles, arranged to be attached to the bottle/receptacle, and where the device comprises a first cavity (2) preferably for additive. The invention is characterised in that at least one second cavity is provided in the device, where the first and the at least second cavity can be opened individually by means of opening mechanisms which are integrated in the device and can be influenced from the outside of the device.Type: ApplicationFiled: November 1, 2006Publication date: May 10, 2007Inventors: Geir Olsen, Frode Busterud
-
Publication number: 20050251850Abstract: A method of providing Resource-Event-Agent (REA) model based security includes identifying an association between a first object and a second object, where the first object is the Agent type and the second object is any REA object. Then, an association class is created for the association between the first object and the second object. The association class, for example called a Security Policy Association Class, defines security between the first object and the second object.Type: ApplicationFiled: March 31, 2004Publication date: November 10, 2005Applicant: Microsoft CorporationInventors: Jesper Kiehn, Pavel Hruby, Geir Olsen
-
Patent number: 6627081Abstract: A separator assembly for use “downhole” in an oil well, comprising an elongate body member including longitudinally extending oil and water passages, the elongate body member defining a longitudinally extending mounting face to which at least one hydrocyclone is secured, the hydrocyclone having its axis extending generally longitudinally of the elongate body, a first connecting union at the overflow end of the hydrocyclone whereby the overflow outlet of the hydrocyclone communicates with the oil passage of the body member, a second connecting union at the underflow end of the hydrocyclone whereby the underflow outlet of the hydrocyclone communicates with the water passage of the elongate body member, and, connecting means at opposite axial ends respectively of the elongate body member for establishing communication with the oil and water passages respectively.Type: GrantFiled: March 28, 2001Date of Patent: September 30, 2003Assignees: Kvaerner Process Systems A.S., Kvaerner Oilfield Products A.S.Inventors: Michael Hilditch, Martin Dennis Grewer, Geir Olsen