Patents by Inventor Jianrong Gu
Jianrong Gu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8798272Abstract: Systems and methods for managing multiple keys for file encryption and decryption may provide an encrypted list of previously used keys. The list itself may be encrypted using a current key. To decrypt files that are encrypted in one or more of the previous keys, the list can be decrypted, and the appropriate previous key can be retrieved. To re-key files, an automated process can decrypt any files using previous keys and encrypt them using the current key. If a new current key is introduced, the prior current key can be used to decrypt the list of keys, the prior current key can be added to the list, and the list can be re-encrypted using the new current key.Type: GrantFiled: December 17, 2010Date of Patent: August 5, 2014Assignee: Microsoft CorporationInventors: David B. Cross, Duncan G. Bryce, Jianrong Gu, Kelvin Sjek Yiu, Monica Ioana Ene-Pietrosanu
-
Patent number: 8161563Abstract: In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.Type: GrantFiled: July 20, 2010Date of Patent: April 17, 2012Assignee: Microsoft CorporationInventors: Roberto A. Franco, Anantha P. Ganjam, John G. Bedworth, Peter T. Brundrett, Roland K. Tokumi, Jeremiah S. Epling, Daniel Sie, Jianrong Gu, Marc Silbey, Vidya Nallathimmayyagari, Bogdan Tepordei
-
Patent number: 8045714Abstract: Systems and methods for managing multiple keys for file encryption and decryption may provide an encrypted list of previously used keys. The list itself may be encrypted using a current key. To decrypt files that are encrypted in one or more of the previous keys, the list can be decrypted, and the appropriate previous key can be retrieved. To re-key files, an automated process can decrypt any files using previous keys and encrypt them using the current key. If a new current key is introduced, the prior current key can be used to decrypt the list of keys, the prior current key can be added to the list, and the list can be re-encrypted using the new current key.Type: GrantFiled: February 7, 2005Date of Patent: October 25, 2011Assignee: Microsoft CorporationInventors: David B. Cross, Duncan G. Bryce, Jianrong Gu, Kelvin Shek Yiu, Monica Ioana Ene-Pietrosanu
-
Publication number: 20110106948Abstract: In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.Type: ApplicationFiled: July 20, 2010Publication date: May 5, 2011Applicant: Microsoft CorporationInventors: Roberto A. Franco, Anantha P. Ganjam, John G. Bedworth, Peter T. Brundrett, Roland K. Tokumi, Jeremiah S. Epling, Daniel Sie, Jianrong Gu, Marc Silbey, Vidya Nallathimmayyagari, Bogdan Tepordei
-
Publication number: 20110085664Abstract: Systems and methods for managing multiple keys for file encryption and decryption may provide an encrypted list of previously used keys. The list itself may be encrypted using a current key. To decrypt files that are encrypted in one or more of the previous keys, the list can be decrypted, and the appropriate previous key can be retrieved. To re-key files, an automated process can decrypt any files using previous keys and encrypt them using the current key. If a new current key is introduced, the prior current key can be used to decrypt the list of keys, the prior current key can be added to the list, and the list can be re-encrypted using the new current key.Type: ApplicationFiled: December 17, 2010Publication date: April 14, 2011Applicant: Microsoft CorporationInventors: David B. Cross, Duncan G. Bryce, Jianrong Gu, Kelvin Sjek Yiu, Monica Ioana Ene-Pietrosanu
-
Patent number: 7792964Abstract: In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.Type: GrantFiled: October 28, 2005Date of Patent: September 7, 2010Assignee: Microsoft CorporationInventors: Roberto A. Franco, Anantha P Ganjam, John G. Bedworth, Peter T. Brundrett, Roland K Tokumi, Jeremiah S. Epling, Daniel Sie, Jianrong Gu, Marc Silbey, Vidya Nallathimmayyagari, Bogdan Tepordei
-
Patent number: 7437429Abstract: Access to WebDAV (Distributed Authoring and Versioning) servers is provided in a manner that is essentially transparent to applications. A WebDAV redirector and related components support file system I/O requests and network requests directed to WebDAV servers identified by URI (Universal Resource Identifier) names, or by a drive may be mapped to a WebDAV share. An application's create or open I/O requests directed to a WebDAV server are detected, and result in a local copy of the file being downloaded and cached for local access. When closed, the local file is uploaded to the WebDAV server. Network-related requests such as for browsing that are directed to a WebDAV server are also handled transparently. WebDAV files may be locally encrypted and decrypted at the file system level, transparent to applications and the WebDAV server, via an encrypting file system that performs local encryption and decryption at the local file system level.Type: GrantFiled: January 17, 2002Date of Patent: October 14, 2008Assignee: Microsoft CorporationInventors: Shishir Pardikar, Rohan Kumar, Yun Lin, Praerit Garg, Jianrong Gu
-
Patent number: 7382883Abstract: One aspect relates to a process and associated device that provides a private key of an asymmetric key pair in a key device. A symmetric master key is derived from the private key of the asymmetric key pair. The symmetric master key is stored in a computer memory location. The symmetric master key is used to encrypt or decrypt a file encryption key. The file encryption key can encrypt or decrypt files. In another aspect, the user can still access the files even if a user deactivates the key device by encrypting or decrypting the file encryption key directly from the symmetric master key.Type: GrantFiled: December 14, 2006Date of Patent: June 3, 2008Assignee: Microsoft CorporationInventors: David B. Cross, Jianrong Gu, Josh D. Benaloh, Thomas C. Jones, Paul J. Leach, Glenn D. Pittaway
-
Patent number: 7376968Abstract: A system and method for facilitating BIOS integrated encryption is provided. An interface is defined between the operating system and the BIOS. The operating system employs this interface to provide BIOS code information to facilitate decryption of data that is encrypted on the system. In the pre-operating system boot phase, the BIOS employs the decryption information provided from this interface in order to decrypt the data. The decrypted information can be employed to facilitate secure rebooting of a computer system from hibernate mode and/or secure access to device(s).Type: GrantFiled: November 20, 2003Date of Patent: May 20, 2008Assignee: Microsoft CorporationInventors: Andrew J. Ritz, David B. Cross, Duncan Bryce, James A. Schwartz, Jr., Jianrong Gu, Scott A. Field
-
Patent number: 7325115Abstract: An operating system copies data from memory pages into a paging file on disk, in order to free up space in the memory. A mechanism is disclosed that causes the data to be encrypted as it is copied into the paging file, thereby protecting the paged data from unauthorized (or otherwise undesired) observation. The data that is stored in the paging file is encrypted with a session key, that is generated shortly after the machine on which the paging file exists is started. The session key, which is used both for encryption and decryption of the paging file data, is stored in volatile memory, so that the key is not persisted across boots of the machine. Since the key is not persisted across boots, old paging file data that was stored prior to the most recent boot cannot be recovered in clear text, thereby protecting the data from observation.Type: GrantFiled: November 25, 2003Date of Patent: January 29, 2008Assignee: Microsoft CorporationInventors: Benjamin A. Leis, David B. Cross, Duncan G. Bryce, Jianrong Gu, Rajeev Y. Nagar, Scott A. Field
-
Publication number: 20070088947Abstract: One aspect relates to a process and associated device that provides a private key of an asymmetric key pair in a key device. A symmetric master key is derived from the private key of the asymmetric key pair. The symmetric master key is stored in a computer memory location. The symmetric master key is used to encrypt or decrypt a file encryption key. The file encryption key can encrypt or decrypt files. In another aspect, the user can still access the files even if a user deactivates the key device by encrypting or decrypting the file encryption key directly from the symmetric master key.Type: ApplicationFiled: December 14, 2006Publication date: April 19, 2007Applicant: Microsoft CorporationInventors: David Cross, Jianrong Gu, Josh Benaloh, Thomas Jones, Paul Leach, Glenn Pittaway
-
Patent number: 7181016Abstract: One aspect relates to a process and associated device that provides a private key of an asymmetric key pair in a key device. A symmetric master key is derived from the private key of the asymmetric key pair. The symmetric master key is stored in a computer memory location. The symmetric master key is used to encrypt or decrypt a file encryption key. The file encryption key can encrypt or decrypt files. In another aspect, the user can still access the files even if a user deactivates the key device by encrypting or decrypting the file encryption key directly from the symmetric master key.Type: GrantFiled: January 27, 2003Date of Patent: February 20, 2007Assignee: Microsoft CorporationInventors: David B. Cross, Jianrong Gu, Josh D. Benaloh, Thomas C. Jones, Paul J. Leach, Glenn D. Pittaway
-
Publication number: 20060277311Abstract: In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.Type: ApplicationFiled: October 28, 2005Publication date: December 7, 2006Applicant: Microsoft CorporationInventors: Roberto Franco, Anantha Ganjam, John Bedworth, Peter Brundrett, Roland Tokumi, Jeremiah Epling, Daniel Sie, Jianrong Gu, Marc Sibley, Vidya Nallathimmayyagari, Bogdan Tepordei
-
Publication number: 20060179309Abstract: Systems and methods for managing multiple keys for file encryption and decryption may provide an encrypted list of previously used keys. The list itself may be encrypted using a current key. To decrypt files that are encrypted in one or more of the previous keys, the list can be decrypted, and the appropriate previous key can be retrieved. To re-key files, an automated process can decrypt any files using previous keys and encrypt them using the current key. If a new current key is introduced, the prior current key can be used to decrypt the list of keys, the prior current key can be added to the list, and the list can be re-encrypted using the new current key.Type: ApplicationFiled: February 7, 2005Publication date: August 10, 2006Applicant: Microsoft CorporationInventors: David Cross, Duncan Bryce, Jianrong Gu, Kelvin Yiu, Monica Ene-Pietrosanu
-
Patent number: 6986043Abstract: A system and method for encryption and decryption of files. The system and method operate in conjunction with the file system to transparently encrypt and decrypt files in using a public key-private key pair encryption scheme. When a user puts a file in an encrypted directory or encrypts a file, data writes to the disk for that file are encrypted with a random file encryption key generated from a random number and encrypted with the public key of a user and the public key of at least one recovery agent. The encrypted key information is stored with the file, whereby the user or a recovery agent can decrypt the file data using a private key. With a correct private key, encrypted reads are decrypted transparently by the file system and returned to the user. One or more selectable encryption and decryption algorithms may be provided via interchangeable cryptographic modules.Type: GrantFiled: May 29, 2001Date of Patent: January 10, 2006Assignee: Microsoft CorporationInventors: Brian Andrew, Jianrong Gu, Mark J. Zbikowski, Praerit Garg, Mike K. Lai, Wesley Witt, Klaus U. Schutz
-
Publication number: 20050111664Abstract: A system and method for facilitating BIOS integrated encryption is provided. An interface is defined between the operating system and the BIOS. The operating system employs this interface to provide BIOS code information to facilitate decryption of data that is encrypted on the system. In the pre-operating system boot phase, the BIOS employs the decryption information provided from this interface in order to decrypt the data. The decrypted information can be employed to facilitate secure rebooting of a computer system from hibernate mode and/or secure access to device(s).Type: ApplicationFiled: November 20, 2003Publication date: May 26, 2005Inventors: Andrew Ritz, David Cross, Duncan Bryce, James Schwartz, Jianrong Gu, Scott Field
-
Publication number: 20050114688Abstract: An operating system copies data from memory pages into a paging file on disk, in order to free up space in the memory. A mechanism is disclosed that causes the data to be encrypted as it is copied into the paging file, thereby protecting the paged data from unauthorized (or otherwise undesired) observation. The data that is stored in the paging file is encrypted with a session key, that is generated shortly after the machine on which the paging file exists is started. The session key, which is used both for encryption and decryption of the paging file data, is stored in volatile memory, so that the key is not persisted across boots of the machine. Since the key is not persisted across boots, old paging file data that was stored prior to the most recent boot cannot be recovered in clear text, thereby protecting the data from observation.Type: ApplicationFiled: November 25, 2003Publication date: May 26, 2005Inventors: Benjamin Leis, David Cross, Duncan Bryce, Jianrong Gu, Rajeev Nagar, Scott Field
-
Publication number: 20040146015Abstract: One aspect relates to a process and associated device that provides a private key of an asymmetric key pair in a key device. A symmetric master key is derived from the private key of the asymmetric key pair. The symmetric master key is stored in a computer memory location. The symmetric master key is used to encrypt or decrypt a file encryption key. The file encryption key can encrypt or decrypt files. In another aspect, the user can still access the files even if a user deactivates the key device by encrypting or decrypting the file encryption key directly from the symmetric master key.Type: ApplicationFiled: January 27, 2003Publication date: July 29, 2004Inventors: David B. Cross, Jianrong Gu, Josh D. Benaloh, Thomas C. Jones, Paul J. Leach, Glenn D. Pittaway
-
Publication number: 20030046366Abstract: Access to WebDAV (Distributed Authoring and Versioning) servers is provided in a manner that is essentially transparent to applications. A WebDAV redirector and related components support file system I/O requests and network requests directed to WebDAV servers identified by URI (Universal Resource Identifier) names, or by a drive may be mapped to a WebDAV share. An application's create or open I/O requests directed to a WebDAV server are detected, and result in a local copy of the file being downloaded and cached for local access. When closed, the local file is uploaded to the WebDAV server. Network-related requests such as for browsing that are directed to a WebDAV server are also handled transparently. WebDAV files may be locally encrypted and decrypted at the file system level, transparent to applications and the WebDAV server, via an encrypting file system that performs local encryption and decryption at the local file system level.Type: ApplicationFiled: January 17, 2002Publication date: March 6, 2003Inventors: Shishir Pardikar, Rohan Kumar, Yun Lin, Praerit Garg, Jianrong Gu
-
Publication number: 20020019935Abstract: A system and method for encryption and decryption of files. The system and method operate in conjunction with the file system to transparently encrypt and decrypt files in using a public key-private key pair encryption scheme. When a user puts a file in an encrypted directory or encrypts a file, data writes to the disk for that file are encrypted with a random file encryption key generated from a random number and encrypted with the public key of a user and the public key of at least one recovery agent. The encrypted key information is stored with the file, whereby the user or a recovery agent can decrypt the file data using a private key. With a correct private key, encrypted reads are decrypted transparently by the file system and returned to the user. One or more selectable encryption and decryption algorithms may be provided via interchangeable cryptographic modules.Type: ApplicationFiled: May 29, 2001Publication date: February 14, 2002Inventors: Brian Andrew, Jianrong Gu, Mark J. Zbikowski, Praerit Garg, Mike K. Lai, Wesley Witt, Klaus U. Schutz