Patents by Inventor John Anthony Messec
John Anthony Messec has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10956321Abstract: A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.Type: GrantFiled: January 6, 2019Date of Patent: March 23, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Niels T. Ferguson, Yevgeniy Anatolievich Samsonov, Kinshumann, Samartha Chandrashekar, John Anthony Messec, Mark Fishel Novak, Christopher McCarron, Amitabh Prakash Tamhane, Qiang Wang, David Matthew Kruse, Nir Ben-Zvi, Anders Bertil Vinberg
-
Publication number: 20190155728Abstract: A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.Type: ApplicationFiled: January 6, 2019Publication date: May 23, 2019Inventors: Niels T. Ferguson, Yevgeniy Anatolievich Samsonov, Kinshumann, Samartha Chandrashekar, John Anthony Messec, Mark Fishel Novak, Christopher McCarron, Amitabh Prakash Tamhane, Qiang Wang, David Matthew Kruse, Nir Ben-Zvi, Anders Bertil Vinberg
-
Patent number: 10181037Abstract: Booting a machine in a secure fashion in a potentially unsecure environment. The method includes a target machine beginning a boot process. The method further includes the target machine determining that it needs provisioning data to continue booting. The target machine contacts a secure infrastructure to obtain the provisioning data. The target machine provides an identity claim that can be verified by the secure infrastructure. As a result of the secure infrastructure verifying the identity claim, the target machine receives a request from the secure infrastructure to establish a key sealed to the target machine. The target machine provides the established key to the secure infrastructure. The target machine receives the provisioning data from the secure infrastructure. The provisioning data is encrypted to the established key. The target machine decrypts the encrypted provisioning data, and uses the provisioning data to finish booting.Type: GrantFiled: November 9, 2016Date of Patent: January 15, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Mark Fishel Novak, Nir Ben-Zvi, John Anthony Messec, Kinshumann, Christopher McCarron
-
Patent number: 10176095Abstract: A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.Type: GrantFiled: August 22, 2016Date of Patent: January 8, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Niels T. Ferguson, Yevgeniy Anatolievich Samsonov, Kinshumann, Samartha Chandrashekar, John Anthony Messec, Mark Fishel Novak, Christopher McCarron, Amitabh Prakash Tamhane, Qiang Wang, David Matthew Kruse, Nir Ben-Zvi, Anders Bertil Vinberg
-
Publication number: 20170061128Abstract: Booting a machine in a secure fashion in a potentially unsecure environment. The method includes a target machine beginning a boot process. The method further includes the target machine determining that it needs provisioning data to continue booting. The target machine contacts a secure infrastructure to obtain the provisioning data. The target machine provides an identity claim that can be verified by the secure infrastructure. As a result of the secure infrastructure verifying the identity claim, the target machine receives a request from the secure infrastructure to establish a key sealed to the target machine. The target machine provides the established key to the secure infrastructure. The target machine receives the provisioning data from the secure infrastructure. The provisioning data is encrypted to the established key. The target machine decrypts the encrypted provisioning data, and uses the provisioning data to finish booting.Type: ApplicationFiled: November 9, 2016Publication date: March 2, 2017Inventors: Mark Fishel Novak, Nir Ben-Zvi, John Anthony Messec, Kinshuman Kinshumann, Christopher McCarron
-
Patent number: 9578017Abstract: Deploying an encrypted entity on a trusted entity is illustrated herein. A method includes, at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity. The untrusted entity is not trusted by the authority. At the trusted entity, a trust credential from the authority is used to obtain a key from a key distribution service. The key distribution service is trusted by the authority. The key is used to decrypt the encrypted entity to allow the encrypted entity to be deployed at the trusted entity.Type: GrantFiled: October 1, 2014Date of Patent: February 21, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Niels T. Ferguson, Yevgeniy Anatolievich Samsonov, Kinshuman Kinshumann, Samartha Chandrashekar, John Anthony Messec, Mark Fishel Novak, Christopher McCarron, Amitabh Prakash Tamhane, Qiang Wang, David Matthew Kruse, Nir Ben-Zvi, Anders Bertil Vinberg
-
Patent number: 9519787Abstract: Booting a machine in a secure fashion in a potentially unsecure environment. The method includes a target machine beginning a boot process. The method further includes the target machine determining that it needs provisioning data to continue booting. The target machine contacts a secure infrastructure to obtain the provisioning data. The target machine provides an identity claim that can be verified by the secure infrastructure. As a result of the secure infrastructure verifying the identity claim, the target machine receives a request from the secure infrastructure to establish a key sealed to the target machine. The target machine provides the established key to the secure infrastructure. The target machine receives the provisioning data from the secure infrastructure. The provisioning data is encrypted to the established key. The target machine decrypts the encrypted provisioning data, and uses the provisioning data to finish booting.Type: GrantFiled: November 14, 2014Date of Patent: December 13, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Mark Fishel Novak, Nir Ben-Zvi, John Anthony Messec, Kinshuman Kinshumann, Christopher McCarron
-
Publication number: 20160357988Abstract: A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.Type: ApplicationFiled: August 22, 2016Publication date: December 8, 2016Inventors: Niels T. Ferguson, Yevgeniy Anatolievich Samsonov, Kinshuman Kinshumann, Samartha Chandrashekar, John Anthony Messec, Mark Fishel Novak, Christopher McCarron, Amitabh Prakash Tamhane, Qiang Wang, David Matthew Kruse, Nir Ben-Zvi, Anders Bertil Vinberg
-
Publication number: 20160140343Abstract: Booting a machine in a secure fashion in a potentially unsecure environment. The method includes a target machine beginning a boot process. The method further includes the target machine determining that it needs provisioning data to continue booting. The target machine contacts a secure infrastructure to obtain the provisioning data. The target machine provides an identity claim that can be verified by the secure infrastructure. As a result of the secure infrastructure verifying the identity claim, the target machine receives a request from the secure infrastructure to establish a key sealed to the target machine. The target machine provides the established key to the secure infrastructure. The target machine receives the provisioning data from the secure infrastructure. The provisioning data is encrypted to the established key. The target machine decrypts the encrypted provisioning data, and uses the provisioning data to finish booting.Type: ApplicationFiled: November 14, 2014Publication date: May 19, 2016Inventors: Mark Fishel Novak, Nir Ben-Zvi, John Anthony Messec, Kinshuman Kinshumann, Christopher McCarron
-
Publication number: 20150319160Abstract: Deploying an encrypted entity on a trusted entity is illustrated herein. A method includes, at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity. The untrusted entity is not trusted by the authority. At the trusted entity, a trust credential from the authority is used to obtain a key from a key distribution service. The key distribution service is trusted by the authority. The key is used to decrypt the encrypted entity to allow the encrypted entity to be deployed at the trusted entity.Type: ApplicationFiled: October 1, 2014Publication date: November 5, 2015Inventors: Niels T. Ferguson, Yevgeniy Anatolievich Samsonov, Kinshuman Kinshumann, Samartha Chandrashekar, John Anthony Messec, Mark Fishel Novak, Christopher McCarron, Amitabh Prakash Tamhane, Qiang Wang, David Matthew Kruse, Nir Ben-Zvi, Anders Bertil Vinberg
-
Publication number: 20140359213Abstract: Determining host machines on which to place a virtual machine. The method includes determining that a virtual machine to be deployed to a host will use a differencing disk chain based off of one or more base disks. One or more hosts are identified having the one or more base disks already available to the one or more hosts. One of the one or more hosts is selected at which to place the virtual machine based on the one or more hosts having the one or more base disks already available to the one or more hosts. The virtual machine is placed at the selected host.Type: ApplicationFiled: June 17, 2013Publication date: December 4, 2014Inventors: John Anthony Messec, Sumit Siva Dasan, Yi Sun, Bo Wu, Robert S. T. Gibson
-
Patent number: 8028239Abstract: A management user interface can be generated at run time via subtractive extensible context-based filtering. Definitions of user interface elements can include an indication of appropriate contexts for which the user interface elements are to be shown. Context factors can include application state, external state, surface or element definitions, or some combination thereof. The context-based filtering approach allows definition of user interface elements and user interface surfaces so that appearance of additional elements in the appropriate surfaces can be accomplished without programming. For example, a user interface surface definition can specify categories of user interface elements. At run time, those user interface elements of the category can be chosen for display. When new elements relating to the category are added, the new elements appear when the surface is rendered. Other features include heterogeneous type selection and exact number homogeneous type selection.Type: GrantFiled: December 19, 2003Date of Patent: September 27, 2011Assignee: Microsoft CorporationInventors: Hilal Al-Hilali, Mark Sok-Man Hong, Daniel Thomas Travison, Jr., Jonathan Marshall Rowlett, Samuel Li, John Anthony Messec, Abhishek Gulati