Patents by Inventor Gerardo DIAZ
Gerardo DIAZ has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240126514Abstract: A message management platform may receive, from an application operator, a configuration of a message flow. The message flow includes one or more messages associated with trigger conditions. The platform may receive, from a code snippet incorporated in an application of a user computing device, a notification that the user computing device has used the application. The platform may associate a user identifier with the user computing device. The platform may subscribe to, on behalf of the application operator, one or more API notification channels of the application builder platform. The platform may receive an API notification from the application builder platform. The platform may determine that the application builder platform's user is associated with the user identifier used by the message management platform. The platform may determine that the event described in the payload matches the trigger condition and transmit the first message to the user computing device.Type: ApplicationFiled: August 16, 2023Publication date: April 18, 2024Inventors: Alexander Colin Meyer, Gerardo Díaz De La Serna Formoso, Gideon Daniel VanRiette, James Quinlan, Joy Taylor Kaufman, Kameron Ahler, Lauren Leia Rouse, Vishak Swaminathan Visvanathan
-
Publication number: 20240129265Abstract: A message management platform may receive, from an application operator, a configuration of a message flow. The message flow includes one or more messages associated with trigger conditions. The platform may receive, from a code snippet incorporated in an application of a user computing device, a notification that the user computing device has used the application. The platform may associate a user identifier with the user computing device. The platform may subscribe to, on behalf of the application operator, one or more API notification channels of the application builder platform. The platform may receive an API notification from the application builder platform. The platform may determine that the application builder platform's user is associated with the user identifier used by the message management platform. The platform may determine that the event described in the payload matches the trigger condition and transmit the first message to the user computing device.Type: ApplicationFiled: October 12, 2023Publication date: April 18, 2024Inventors: Alexander Colin Meyer, Gerardo Díaz De La Serna Formoso, Gideon Daniel VanRiette, James Quinlan, Joy Taylor Kaufman, Kameron Ahler, Lauren Leia Rouse, Vishak Swaminathan Visvanathan
-
Publication number: 20240126515Abstract: A message management platform may receive, from an application operator, a configuration of a message flow. The message flow includes one or more messages associated with trigger conditions. The platform may receive, from a code snippet incorporated in an application of a user computing device, a notification that the user computing device has used the application. The platform may associate a user identifier with the user computing device. The platform may subscribe to, on behalf of the application operator, one or more API notification channels of the application builder platform. The platform may receive an API notification from the application builder platform. The platform may determine that the application builder platform's user is associated with the user identifier used by the message management platform. The platform may determine that the event described in the payload matches the trigger condition and transmit the first message to the user computing device.Type: ApplicationFiled: June 6, 2023Publication date: April 18, 2024Inventors: Alexander Colin Meyer, Gerardo Díaz De La Serna Formoso, Gideon Daniel VanRiette, James Quinlan, Joy Taylor Kaufman, Kameron Ahler, Lauren Leia Rouse, Vishak Swaminathan Visvanathan
-
Patent number: 11962694Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.Type: GrantFiled: November 29, 2021Date of Patent: April 16, 2024Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: David Garfield Thaler, III, Joerg-Thomas Pfenning, Gerardo Diaz-Cuellar
-
Patent number: 11861414Abstract: Techniques are disclosed for implementing system calls in a virtualized computing environment. An interface is configured to abstract partitions in the virtualized computing environment. A system call is received that is to be executed across a system boundary in a localized computing environment. Based on a declarative policy, one or more of a device type, device path, or process identity associated with the system call is determined. The system call is executed in the virtualized computing environment.Type: GrantFiled: January 28, 2022Date of Patent: January 2, 2024Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Gerardo Diaz-Cuellar, Poornananda R. Gaddehosur, Vance P. O'Neill
-
Patent number: 11809611Abstract: The present disclosure relates to devices and methods for protecting data from physical attacks. The devices and methods may establish an encryption protocol to encrypt data transmitted over a bus to one or more removable devices in communication with a computer device. The devices and methods may use the encryption protocol to communicate with the removal devices and perform storage requests at the removal devices. The devices and methods may also perform another layer of encryption on the data stored at the removal devices using a data at rest key stored on the removal devices.Type: GrantFiled: February 24, 2020Date of Patent: November 7, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Gerardo Diaz-Cuellar, Venkata Subrahmanyam Raman
-
Publication number: 20230336530Abstract: Examples of the present disclosure describe systems and methods for configuring and executing per-service TLS settings in a forward proxy. In examples, a proxy device receives a connection request from a client device to access a service. The proxy device identifies service connection information included in the connection request and selects a connection scheme for connecting to the service. The service connection information is compared to a static mapping of connection data in the connection scheme. If the service connection information matches the static mapping of connection data, a TLS type is determined for the connection request. If the service connection information does not match the static mapping of connection information, the service connection information is compared to a dynamic mapping of session information. Based on the comparison of the service connection information to the dynamic mapping of session information, a TLS type is determined for the connection request.Type: ApplicationFiled: April 19, 2022Publication date: October 19, 2023Inventors: Arupendra N. Roy, Arun Yadav, Chin Pong Kwong, Gerardo Diaz Cuellar, Alexandru Naparu, Jing Li
-
Patent number: 11729187Abstract: Devices and methods for protecting server devices from physical attacks use an encrypted overlay network to securely communicate between a trusted network and one or more host computer devices in communication with the trusted network. The devices and methods may generate VPN tunnels to communicate directly with individual host computer devices. The devices and methods may securely transmit data packets between the trusted network and the host computer devices using the VPN tunnels.Type: GrantFiled: February 24, 2020Date of Patent: August 15, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Gerardo Diaz-Cuellar, Venkata Subrahmanyam Raman
-
Patent number: 11709660Abstract: A message management platform may receive, from an application operator, a configuration of a message flow. The message flow includes one or more messages associated with trigger conditions. The platform may receive, from a code snippet incorporated in an application of a user computing device, a notification that the user computing device has used the application. The platform may associate a user identifier with the user computing device. The platform may subscribe to, on behalf of the application operator, one or more API notification channels of the application builder platform. The platform may receive an API notification from the application builder platform. The platform may determine that the application builder platform's user is associated with the user identifier used by the message management platform. The platform may determine that the event described in the payload matches the trigger condition and transmit the first message to the user computing device.Type: GrantFiled: October 12, 2022Date of Patent: July 25, 2023Assignee: Stodge Inc.Inventors: Alexander Colin Meyer, Gerardo Díaz De La Serna Formoso, Gideon Daniel VanRiette, James Quinlan, Joy Taylor Kaufman, Kameron Ahler, Lauren Leia Rouse, Vishak Swaminathan Visvanathan
-
Patent number: 11695650Abstract: Inducements are provided to customers to regularly connect back to a service provider and report usage that is expressed using a count of requests from a local computing device for cloud-based operations such as packet routing, container instantiation, virtual machine (VM) utilization, calls to a service or application, and the like. The count information is reported within a secure context, such as a trusted execution environment (TEE), using public-private key pair cryptography by which key derivation is dependent on some form of counting. For example, a customer computing device that is subject to a usage license encrypts an operation count and reports it to the service provider.Type: GrantFiled: February 21, 2021Date of Patent: July 4, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Gerardo Diaz-Cuellar, Stefan Thom, Joerg-Thomas Pfenning
-
Publication number: 20230078627Abstract: A method, apparatus, and system are provided for correlating real-time reservation capacity information received from a plurality of this party devices, with dynamically generated variable discounts. A deal inventory database, consumer profiles database, historical database, and deal rules and definitions database are accessed and/or updated in real-time to enable correlating the real-time reservation capacity information received from a third party device. Dynamically generated variable discounts are provided to user devices based on at least the user device real-time location, and other factors. Selections made via the user device are updated in multiple databases and communicated to the respective third party device in real-time.Type: ApplicationFiled: October 14, 2022Publication date: March 16, 2023Inventors: Hee Seo, Gerardo Diaz, Eric Vadon
-
Patent number: 11558189Abstract: The disclosure herein describes securing access to a service resource within a security boundary. A security gateway instance receives a request from an edge deployment outside the security boundary. The request includes identity data identifying the edge deployment. The identity data is validated based on allowed identity data of the security gateway instance and based on a validation handler associated with the service resource. Based on validating the identity data and validating the request, the identity data is transformed using security data specific to the security gateway instance. The transformed identity data indicates the request has been validated by the security gateway instance. Based on transforming the identity data of the request, the transformed identity data and the request are forwarded to the service resource via a network link within the security boundary, wherein the service resource is configured to process the request based on identifying the transformed identity data.Type: GrantFiled: November 30, 2020Date of Patent: January 17, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Fernando Garcia Valenzuela, Venkatasubrahmanyam Raman, Gerardo Diaz Cuellar, Arupendra Narayan Roy, Bisconde Ramon Aquino, Alexandru Naparu
-
Publication number: 20220291875Abstract: Examples described herein generally relate to hosting virtual memory backed kernel isolated containers. A server includes at least one physical processor and at least one physical computer memory addressable via physical memory addresses. The at least one physical computer memory stores executable code configured to provide at least one host including a kernel and at least one kernel isolated container within the at least one host. The host allocates virtual memory having virtual memory addresses to a respective container of the at least one kernel isolated container. The host pins a subset of the virtual memory addresses to a subset of the physical memory addresses. The host performs a direct memory access operation or device memory-mapped input-output operation of the respective container on the subset of the physical memory addresses. At least part of the physical computer memory that is not pinned is oversubscribed.Type: ApplicationFiled: August 25, 2020Publication date: September 15, 2022Inventors: Gerardo DIAZ-CUELLAR, Omar CARDONA, Jacob Kappeler OSHINS, John STARKS, Craig Daniel WILHITE
-
Publication number: 20220276886Abstract: Examples described herein generally relate to a server for hosting process isolated containers within a virtual machine. The server includes at least one physical processor; at least one physical computer memory storing executable code for execution by the at least one physical processor, and a physical network interface controller, NIC. The executable code may be configured to provide a host virtual machine and at least one process isolated container within the host virtual machine. The physical NIC includes a physical NIC switch configured to distribute incoming data packets to a plurality of functions including a physical function and virtual functions. At least one of the virtual functions is assigned to an individual process isolated container within the virtual machine. The virtual function assigned to the individual process isolated container allows the physical NIC switch to distribute incoming data packets for the individual process isolated container at a hardware level.Type: ApplicationFiled: August 25, 2020Publication date: September 1, 2022Inventors: Gerardo DIAZ-CUELLAR, Omar CARDONA, Dinesh Kumar GOVINDASAMY, Jason MESSER
-
Publication number: 20220173901Abstract: The disclosure herein describes securing access to a service resource within a security boundary. A security gateway instance receives a request from an edge deployment outside the security boundary. The request includes identity data identifying the edge deployment. The identity data is validated based on allowed identity data of the security gateway instance and based on a validation handler associated with the service resource. Based on validating the identity data and validating the request, the identity data is transformed using security data specific to the security gateway instance. The transformed identity data indicates the request has been validated by the security gateway instance. Based on transforming the identity data of the request, the transformed identity data and the request are forwarded to the service resource via a network link within the security boundary, wherein the service resource is configured to process the request based on identifying the transformed identity data.Type: ApplicationFiled: November 30, 2020Publication date: June 2, 2022Inventors: Fernando GARCIA VALENZUELA, Venkata Subrahmanyam RAMAN, Gerardo DIAZ CUELLAR, Arupendra Narayan ROY, Bisconde Ramon AQUINO, Alexandru NAPARU
-
Publication number: 20220156126Abstract: Techniques are disclosed for implementing system calls in a virtualized computing environment. An interface is configured to abstract partitions in the virtualized computing environment. A system call is received that is to be executed across a system boundary in a localized computing environment. Based on a declarative policy, one or more of a device type, device path, or process identity associated with the system call is determined. The system call is executed in the virtualized computing environment.Type: ApplicationFiled: January 28, 2022Publication date: May 19, 2022Inventors: Gerardo DIAZ-CUELLAR, Poornananda R. GADDEHOSUR, Vance P. O'NEILL
-
Publication number: 20220085995Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.Type: ApplicationFiled: November 29, 2021Publication date: March 17, 2022Inventors: David Garfield THALER, III, Joerg-Thomas PFENNING, Gerardo DIAZ-CUELLAR
-
Patent number: 11237878Abstract: Techniques are disclosed for implementing system calls in a virtualized computing environment. An interface is configured to abstract partitions in the virtualized computing environment. A system call is received that is to be executed across a system boundary in a localized computing environment. Based on a declarative policy, one or more of a device type, device path, or process identity associated with the system call is determined. The system call is executed in the virtualized computing environment.Type: GrantFiled: September 9, 2019Date of Patent: February 1, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Gerardo Diaz-Cuellar, Poornananda R. Gaddehosur, Vance P. O'Neill
-
Patent number: 11190352Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.Type: GrantFiled: November 27, 2018Date of Patent: November 30, 2021Assignee: Microsoft Technology Licensing, LLCInventors: David Garfield Thaler, III, Joerg-Thomas Pfenning, Gerardo Diaz-Cuellar
-
Publication number: 20210266336Abstract: The present disclosure relates to devices and methods for protecting server devices from physical attacks. The devices and methods may use an encrypted overlay network to securely communicate between a trusted network and one or more host computer devices on network racks in communication with the trusted network. The devices and methods may generate VPN tunnels to communicate directly with individual host computer devices on the network racks. The devices and methods may securely transmit data packets between the trusted network and the host computer devices using the VPN tunnels.Type: ApplicationFiled: February 24, 2020Publication date: August 26, 2021Inventors: Gerardo DIAZ-CUELLAR, Venkata Subrahmanyam RAMAN