Patents by Inventor Gopinathan Kannan
Gopinathan Kannan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11301575Abstract: Techniques for secure data synchronization are described. In one or more implementations, a determination is made as to whether enterprise data is stored locally on a first device corresponding to an enterprise device. Based on a determination that the second device is a non-enterprise device, a determination is made as to whether a permission associated with the first device indicates that the first device is permitted to propagate the enterprise data to non-enterprise devices. If the first device lacks permission to propagate the enterprise data to non-enterprise devices, the enterprise data is prevented from being propagated to the second device.Type: GrantFiled: October 5, 2018Date of Patent: April 12, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Matthew Z. Tamayo-Rios, Saurav Sinha, Ruslan Ovechkin, Gopinathan Kannan, Vijay G. Bharadwaj, Christopher R. Macaulay, Eric Fleischman, Nathan J. Ide, Kun Liu
-
Patent number: 10826836Abstract: Features related to systems and methods for opportunistic packet network flow controller with implicit bias correction are disclosed. Features are described for generating short term forecasts based on external inputs such as historical flow data and future events, in a large scale network flow carrying heterogeneous packets with limited bandwidth along its connections. The bias in forecast is continuously corrected based on current flow telemetry and new external inputs leading to automatically adjusting the flow control at every connection based on current and anticipated volume, in real time.Type: GrantFiled: October 26, 2017Date of Patent: November 3, 2020Assignee: Amazon Technologies, Inc.Inventors: Gopinathan Kannan, Thomas Yves Paul Helleboid, Ruipeng Huang, Akshay Malik, Aniket V. Oak
-
Publication number: 20190311150Abstract: Techniques for secure data synchronization are described. In one or more implementations, a determination is made as to whether enterprise data is stored locally on a first device corresponding to an enterprise device. Based on a determination that the second device is a non-enterprise device, a determination is made as to whether a permission associated with the first device indicates that the first device is permitted to propagate the enterprise data to non-enterprise devices. If the first device lacks permission to propagate the enterprise data to non-enterprise devices, the enterprise data is prevented from being propagated to the second device.Type: ApplicationFiled: October 5, 2018Publication date: October 10, 2019Inventors: Matthew Z. TAMAYO-RIOS, Saurav SINHA, Ruslan OVECHKIN, Gopinathan KANNAN, Vijay G. BHARADWAJ, Christopher R. MACAULAY, Eric FLEISCHMAN, Nathan J. IDE, Kun LIU
-
Patent number: 10121018Abstract: Techniques for secure data synchronization are described. In one or more implementations, a determination is made as to whether enterprise data is stored locally on a first device corresponding to an enterprise device. Based on a determination that the second device is a non-enterprise device, a determination is made as to whether a permission associated with the first device indicates that the first device is permitted to propagate the enterprise data to non-enterprise devices. If the first device lacks permission to propagate the enterprise data to non-enterprise devices, the enterprise data is prevented from being propagated to the second device.Type: GrantFiled: July 14, 2016Date of Patent: November 6, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Matthew Z. Tamayo-Rios, Saurav Sinha, Ruslan Ovechkin, Gopinathan Kannan, Vijay G. Bharadwaj, Christopher R. Macaulay, Eric Fleischman, Nathan J. Ide, Kun Liu
-
Patent number: 9998438Abstract: In one embodiment, a client device 110 may use an attestation service 140 to verify a secure server 120. The secure server 120 may receive a signed trusted credential 310 from an attestation service 140 validating the secure server 120 as trustworthy to a client device 110 seeking access. The secure server 120 may protect the signed trusted credential 310 in a server secure module 280.Type: GrantFiled: October 23, 2013Date of Patent: June 12, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Saurav Sinha, Gopinathan Kannan, Nathan Ide, Shawn Corey, Tony Ureche
-
Patent number: 9686274Abstract: In one embodiment, a user login device may create a user identifier template 400 for identifying a user by implicitly capturing one or more biometric identifier readings. A user login device may capture an enrollment biometric identifier reading of a user during an operational user action. The user login device may apply the enrollment biometric identifier reading in creating a user identifier template 400.Type: GrantFiled: October 11, 2013Date of Patent: June 20, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Himanshu Soni, Vijay Bharadwaj, Arthur H. Baker, Gopinathan Kannan, Ryan Segeberg, Nelly Porter
-
Patent number: 9515832Abstract: The techniques and systems described herein present various implementations of a model for authenticating processes for execution and specifying and enforcing permission restrictions on system resources for processes and users. In some implementations, a binary file for an application, program, or process may be augmented to include a digital signature encrypted with a key such that an operating system may subsequently authenticate the digital signature. Once the binary file has been authenticated, the operating system may create a process and tag the process with metadata indicating the type of permissions that are allowed for the process. The metadata may correspond to a particular access level for specifying resource permissions.Type: GrantFiled: June 24, 2013Date of Patent: December 6, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Vishal Agarwal, Sunil P. Gottumukkala, Arun U. Kishan, Dave M. McPherson, Jonathan M. Andes, Giridharan Sridharan, Kinshuman Kinshumann, Adam Damiano, Salahuddin J. Khan, Gopinathan Kannan
-
Patent number: 9501635Abstract: This disclosure describes methods, systems, and application programming interfaces for creating a credential managed account. This disclosure describes creating a new password managed account, defining the password managed account, wherein the password managed account is to access a service on a managed computing device, identifying the password managed account for a lifecycle, and automatically managing the password managed account by updating and changing a password for the password managed account on a periodic basis.Type: GrantFiled: June 25, 2008Date of Patent: November 22, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Ramesh Chinta, Scott A. Field, Liqiang Zhu, Umit Akkus, Siddharth Bhai, Gopinathan Kannan, James J Simmons, Qi Cao, Paul Miller, Ryan Fairfax, Alexandru Hanganu
-
Publication number: 20160321464Abstract: Techniques for secure data synchronization are described. In one or more implementations, a determination is made as to whether enterprise data is stored locally on a first device corresponding to an enterprise device. Based on a determination that the second device is a non-enterprise device, a determination is made as to whether a permission associated with the first device indicates that the first device is permitted to propagate the enterprise data to non-enterprise devices. If the first device lacks permission to propagate the enterprise data to non-enterprise devices, the enterprise data is prevented from being propagated to the second device.Type: ApplicationFiled: July 14, 2016Publication date: November 3, 2016Applicant: Microsoft Technology Licensing, LLCInventors: Matthew Z. Tamayo-Rios, Saurav Sinha, Ruslan Ovechkin, Gopinathan Kannan, Vijay G. Bharadwaj, Christopher R. Macaulay, Eric Fleischman, Nathan J. Ide, Kun Liu
-
Patent number: 9430664Abstract: An application on a device can communicate with organization services. The application accesses a protection system on the device, which encrypts data obtained by the application from an organization service using an encryption key, and includes with the data an indication of a decryption key usable to decrypt the encrypted data. The protection system maintains a record of the encryption and decryption keys associated with the organization. The data can be stored in various locations on at least the device, and can be read by various applications on at least the device. If the organization determines that data of the organization stored on a device is to no longer be accessible on the device (e.g., is to be revoked from the device), a command is communicated to the device to revoke data associated with the organization. In response to this command, the protection system deletes the decryption key.Type: GrantFiled: July 2, 2013Date of Patent: August 30, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Preston Derek Adam, Peter J. Novotney, Nathan J. Ide, Innokentiy Basmov, Narendra S. Acharya, Octavian T. Ureche, Saurav Sinha, Gopinathan Kannan, Christopher R. Macaulay, Michael J. Grass
-
Patent number: 9424439Abstract: Techniques for secure data synchronization are described. In one or more implementations, techniques may be employed to conserve high cost data storage by storing larger portions of encrypted data in low cost storage, while storing relatively smaller encryption keys in higher cost storage. A device that is granted access to the encryption keys can retrieve the encrypted data from the low cost storage and use the encryption keys to decrypt the encrypted data.Type: GrantFiled: September 12, 2011Date of Patent: August 23, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Matthew Z. Tamayo-Rios, Saurav Sinha, Ruslan Ovechkin, Gopinathan Kannan, Vijay G. Bharadwaj, Christopher R. Macaulay, Eric Fleischman, Nathan J. Ide, Kun Liu
-
Publication number: 20160080293Abstract: The techniques discussed herein may facilitate user account management while also protecting a user's personally identifiable information (PII). The user's PII is stored in a protected area, such as a secure operating system area. The techniques may also implement a broker process to access a user's PII. The techniques display a user's accounts that are available for use with an application. The techniques further provide for passing a hint to the application upon receiving selection of an account, wherein the hint indicates which user account is selected, without divulging to the application any of the user's PII.Type: ApplicationFiled: September 12, 2014Publication date: March 17, 2016Inventors: Karanbir Singh, Saurav Sinha, Sanjay N. Mahida, Andy Liu, Gopinathan Kannan, Nathan Jeffrey Ide, Tony Ureche, Sainath Narendranath Thadkal, Alex Radutskiy, Eric M. Jia, Kanna Ramasubramanian, Yifan Wang
-
Publication number: 20150302196Abstract: Techniques for local system health assessment are described. In at least some embodiments, a health assessment can be performed by an isolated security environment that resides locally on a system without requiring a network connection and/or access to a remote attestation service. In at least some embodiments, a health assessment ascertains whether modules that reside on a system have been altered such that the modules may be considered unsafe. For example, a known safe list is generated that includes measurements of known safe versions of modules that may be compared to current measurements of the modules to determine whether the modules have been altered. Health policies may be employed to specify various rules and parameters for performing system health assessments.Type: ApplicationFiled: April 16, 2014Publication date: October 22, 2015Applicant: Microsoft CorporationInventors: Gopinathan Kannan, Octavian T. Ureche, Kinshumann Kinshumann, Vishal Agarwal
-
Patent number: 9058467Abstract: A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.Type: GrantFiled: September 1, 2011Date of Patent: June 16, 2015Assignee: Microsoft CorporationInventors: Mark Novak, Paul J. Leach, Yi Zeng, Saurav Sinha, K Michiko Short, Gopinathan Kannan
-
Patent number: 9032492Abstract: A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.Type: GrantFiled: September 1, 2011Date of Patent: May 12, 2015Assignee: Microsoft CorporationInventors: Mark Novak, Paul J. Leach, Yi Zeng, Saurav Sinha, K Michiko Short, Gopinathan Kannan
-
Publication number: 20150113618Abstract: In one embodiment, a client device 110 may use an attestation service 140 to verify a secure server 120. The secure server 120 may receive a signed trusted credential 310 from an attestation service 140 validating the secure server 120 as trustworthy to a client device 110 seeking access. The secure server 120 may protect the signed trusted credential 310 in a server secure module 280.Type: ApplicationFiled: October 23, 2013Publication date: April 23, 2015Inventors: Saurav Sinha, Gopinathan Kannan, Nathan Ide, Shawn Corey, Tony Ureche
-
Publication number: 20150106891Abstract: In one embodiment, a user login device may create a user identifier template 400 for identifying a user by implicitly capturing one or more biometric identifier readings. A user login device may capture an enrollment biometric identifier reading of a user during an operational user action. The user login device may apply the enrollment biometric identifier reading in creating a user identifier template 400.Type: ApplicationFiled: October 11, 2013Publication date: April 16, 2015Applicant: Microsoft CorporationInventors: Himanshu Soni, Vijay Bharadwaj, Arthur H. Baker, Gopinathan Kannan, Ryan Segeberg, Nelly Porter
-
Publication number: 20140380058Abstract: The techniques and systems described herein present various implementations of a model for authenticating processes for execution and specifying and enforcing permission restrictions on system resources for processes and users. In some implementations, a binary file for an application, program, or process may be augmented to include a digital signature encrypted with a key such that an operating system may subsequently authenticate the digital signature. Once the binary file has been authenticated, the operating system may create a process and tag the process with metadata indicating the type of permissions that are allowed for the process. The metadata may correspond to a particular access level for specifying resource permissions.Type: ApplicationFiled: June 24, 2013Publication date: December 25, 2014Inventors: Vishal Agarwal, Sunil P. Gottumukkala, Arun U. Kishan, Dave M. McPherson, Jonathan M. Andes, Giridharan Sridharan, Kinshuman Kinshumann, Adam Damiano, Salahuddin J. Khan, Gopinathan Kannan
-
Publication number: 20140344571Abstract: An application on a device can communicate with organization services. The application accesses a protection system on the device, which encrypts data obtained by the application from an organization service using an encryption key, and includes with the data an indication of a decryption key usable to decrypt the encrypted data. The protection system maintains a record of the encryption and decryption keys associated with the organization. The data can be stored in various locations on at least the device, and can be read by various applications on at least the device. If the organization determines that data of the organization stored on a device is to no longer be accessible on the device (e.g., is to be revoked from the device), a command is communicated to the device to revoke data associated with the organization. In response to this command, the protection system deletes the decryption key.Type: ApplicationFiled: July 2, 2013Publication date: November 20, 2014Inventors: Preston Derek Adam, Peter J. Novotney, Nathan J. Ide, Innokentiy Basmov, Narendra S. Acharya, Octavian T. Ureche, Saurav Sinha, Gopinathan Kannan, Christopher R. Macaulay, Michael J. Grass
-
Publication number: 20140344570Abstract: An application on a device can communicate with organization services. The application accesses a protection system on the device, which encrypts data obtained by the application from an organization service using an encryption key, and includes with the data an indication of a decryption key usable to decrypt the encrypted data. The protection system maintains a record of the encryption and decryption keys associated with the organization. The data can be stored in various locations on at least the device, and can be read by various applications on at least the device. If the organization determines that data of the organization stored on a device is to no longer be accessible on the device (e.g., is to be revoked from the device), a command is communicated to the device to revoke data associated with the organization. In response to this command, the protection system deletes the decryption key.Type: ApplicationFiled: May 20, 2013Publication date: November 20, 2014Inventors: Preston Derek Adam, Peter J. Novotney, Nathan J. Ide, Innokentiy Basmov, Narendra S. Acharya, Octavian T. Ureche, Saurav Sinha, Gopinathan Kannan, Christopher R. Macaulay, Michael J. Grass