Patents by Inventor Ivan Dimitrov Pashov
Ivan Dimitrov Pashov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230370418Abstract: Techniques for implementing a last known good (LKG) client-side cache for DNS resiliency are disclosed. A first DNS request is submitted to a DNS server. A first DNS resolution that resolves an IP address for a domain name is received. A service stores the first DNS resolution in an LKG cache residing on the local host. A second DNS request is sent, where the second DNS request again requests to resolve the same domain name. In response to determining that a second DNS resolution for the second DNS request has not been received, the service obtains the IP address for the domain name from the LKG cache.Type: ApplicationFiled: May 12, 2022Publication date: November 16, 2023Inventors: Vinothkumar PRABHAKARAN, Srikanth SUBRAMANIAN, Kiran Kumar Venkata Purna Chenna Kesava VEMULA, Arpan Kumar GUPTA, Aditya SHARMA, Peter Alan CARLIN, Ivan Dimitrov PASHOV
-
Publication number: 20230068635Abstract: A front-end computing system provides cross machine message forwarding through a kernel mode component. The message is received in a kernel mode queue of the front-end computing system. The message includes one or more headers and an entity body including one or more data blocks. A user mode router in the front-end computing system designates a computing system to process the message based at least in part on the one or more headers. The one or more data blocks are passed through the kernel mode queue in the front-end computing system to the designated computing system without passing the one or more data blocks to the user mode router in the front-end computing system.Type: ApplicationFiled: August 30, 2021Publication date: March 2, 2023Inventor: Ivan Dimitrov PASHOV
-
Publication number: 20220197666Abstract: A computing system delegates a request between a first container in user mode of an operating system on a webserver system and a second container in the user mode of the operating system. The operating system includes a kernel. A service in the second container creates a delegation queue in the kernel of the operating system. The service adds an identifier as a property of the delegation queue in the kernel, wherein the identifier is unique across the first container and the second container. A router executing in the first container opens the delegation queue in the kernel using the identifier, responsive to the adding operation. The request is delegated to the service executing in the second container via the delegation queue in the kernel, responsive to the opening operation.Type: ApplicationFiled: February 18, 2021Publication date: June 23, 2022Inventor: Ivan Dimitrov PASHOV
-
Patent number: 10855725Abstract: A host operating system running on a computing device monitors network communications for the computing device to identify network resources that are requested by the computing device. The host operating system compares requested network resources against security policies to determine if the requested network resources are trusted. When an untrusted network resource is identified, the host operating system accesses the untrusted network resource within a container that is isolated from the host operating system kernel using techniques discussed herein. By restricting access to untrusted network resources to isolated containers, the host operating system is protected from even kernel-level attacks or infections that may result from an untrusted network resource.Type: GrantFiled: June 2, 2016Date of Patent: December 1, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Navin Narayan Pai, Charles G. Jeffries, Giridhar Viswanathan, Benjamin M. Schultz, Frederick J. Smith, Lars Reuther, Michael B. Ebersol, Gerardo Diaz Cuellar, Ivan Dimitrov Pashov, Poornananda R. Gaddehosur, Hari R. Pulapaka, Vikram Mangalore Rao
-
Patent number: 10666655Abstract: Providing access control by a first operating system. A method includes receiving at the first operating system, from the second operating system, a request for a bounding reference to a set having at least one resource. A bounding reference for the set is obtained. The bounding reference comprises a reference created from a first operating system resolvable reference to the set. The method further includes providing the obtained bounding reference for the obtained provided bounding reference to the second operating system. A request, including the obtained bounding reference and an identifier identifying the second operating system for the set, is received from the second operating system. The obtained bounding reference and the identifier identifying the second operating system are evaluated. As a result of evaluating the obtained bounding reference and the identifier identifying the second operating system, a resource control action is performed.Type: GrantFiled: November 20, 2017Date of Patent: May 26, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Gerardo Diaz Cuellar, Navin Narayan Pai, Ivan Dimitrov Pashov, Giridhar Viswanathan, Benjamin M. Schultz, Hari R. Pulapaka
-
Patent number: 10659466Abstract: The techniques and systems described herein improve security and improve connection reliability by providing a framework for an application to communicate its intent to an authority service so that the authority service can enforce networking security requirements. In various examples, an intent to access a resource over a network is received and queries are sent to resolve a network connection that enables access to the resource. Information for the resource is then collected and stored together in a trusted and secure environment. For instance, the information can include proxy data or can include hostname data. A ticket can be created based on the information. The ticket can be used to establish and maintain a secure network connection to the resource.Type: GrantFiled: August 12, 2016Date of Patent: May 19, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Gerardo Diaz-Cuellar, Benjamin M. Schultz, Ivan Dimitrov Pashov
-
Patent number: 10438019Abstract: A second operating system accessing resources from an external service. A method includes sending an anonymized request, for an anonymized user corresponding to an authorized user, for resources, through a broker. A request for proof indicating that the anonymized user is authorized to obtain the resources is received from the broker. As a result, a request is send to a first operating system for the proof that the anonymized user is authorized to obtain the resources. Proof is received from the first operating system, based on the anonymized user being associated with the authorized user, that the anonymized user is authorized to obtain the resources. The proof is provided to the broker. As a result, the resources are obtained by the second operating system from the service.Type: GrantFiled: June 30, 2017Date of Patent: October 8, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Giridhar Viswanathan, Gerardo Diaz Cuellar, Hari R. Pulapaka, Ivan Dimitrov Pashov, Navin Narayan Pai, Benjamin M. Schultz
-
Publication number: 20190158497Abstract: Providing access control by a first operating system. A method includes receiving at the first operating system, from the second operating system, a request for a bounding reference to a set having at least one resource. A bounding reference for the set is obtained. The bounding reference comprises a reference created from a first operating system resolvable reference to the set. The method further includes providing the obtained bounding reference for the obtained provided bounding reference to the second operating system. A request, including the obtained bounding reference and an identifier identifying the second operating system for the set, is received from the second operating system. The obtained bounding reference and the identifier identifying the second operating system are evaluated. As a result of evaluating the obtained bounding reference and the identifier identifying the second operating system, a resource control action is performed.Type: ApplicationFiled: November 20, 2017Publication date: May 23, 2019Inventors: Gerardo DIAZ CUELLAR, Navin Narayan PAI, Ivan Dimitrov PASHOV, Giridhar VISWANATHAN, Benjamin M. SCHULTZ, Hari R. PULAPAKA
-
Publication number: 20180322307Abstract: A second operating system accessing resources from an external service. A method includes sending an anonymized request, for an anonymized user corresponding to an authorized user, for resources, through a broker. A request for proof indicating that the anonymized user is authorized to obtain the resources is received from the broker. As a result, a request is send to a first operating system for the proof that the anonymized user is authorized to obtain the resources. Proof is received from the first operating system, based on the anonymized user being associated with the authorized user, that the anonymized user is authorized to obtain the resources. The proof is provided to the broker. As a result, the resources are obtained by the second operating system from the service.Type: ApplicationFiled: June 30, 2017Publication date: November 8, 2018Inventors: Giridhar VISWANATHAN, Gerardo DIAZ CUELLAR, Hari R. PULAPAKA, Ivan Dimitrov PASHOV, Navin Narayan PAI, Benjamin M. SCHULTZ
-
Publication number: 20170353496Abstract: A host operating system running on a computing device monitors network communications for the computing device to identify network resources that are requested by the computing device. The host operating system compares requested network resources against security policies to determine if the requested network resources are trusted. When an untrusted network resource is identified, the host operating system accesses the untrusted network resource within a container that is isolated from the host operating system kernel using techniques discussed herein. By restricting access to untrusted network resources to isolated containers, the host operating system is protected from even kernel-level attacks or infections that may result from an untrusted network resource.Type: ApplicationFiled: June 2, 2016Publication date: December 7, 2017Applicant: Microsoft Technology Licensing, LLCInventors: Navin Narayan Pai, Charles G. Jeffries, Giridhar Viswanathan, Benjamin M. Schultz, Frederick J. Smith, Lars Reuther, Michael B. Ebersol, Gerardo Diaz Cuellar, Ivan Dimitrov Pashov, Poornananda R. Gaddehosur, Hari R. Pulapaka, Vikram Mangalore Rao
-
Publication number: 20170279805Abstract: The techniques and systems described herein improve security and improve connection reliability by providing a framework for an application to communicate its intent to an authority service so that the authority service can enforce networking security requirements. In various examples, an intent to access a resource over a network is received and queries are sent to resolve a network connection that enables access to the resource. Information for the resource is then collected and stored together in a trusted and secure environment. For instance, the information can include proxy data or can include hostname data. A ticket can be created based on the information. The ticket can be used to establish and maintain a secure network connection to the resource.Type: ApplicationFiled: August 12, 2016Publication date: September 28, 2017Inventors: Gerardo Diaz-Cuellar, Benjamin M. Schultz, Ivan Dimitrov Pashov
-
Patent number: 7434013Abstract: Aspects of the subject matter described herein relate to providing adaptive system recovery for computer systems. This may include receiving restoration information from a first computer system wherein the restoration information defines each storage component associated with the first computer system and the restoration information includes a storage component status, a storage component signature, a storage component type, and a storage component size. The restoration information may be used to match each of the storage components of the first computer system to a storage component of the second computer system based at least on the restoration information and size of the storage component of the second computer system. Matching may include matching a storage component signature from the restoration information to a storage component signature of a storage component associated with the second computer system. Other aspects are described in the detailed description.Type: GrantFiled: January 30, 2006Date of Patent: October 7, 2008Assignee: Microsoft CorporationInventors: Daniel C. Stevenson, Chiasen Chung, Ivan Dimitrov Pashov