Patents by Inventor Josh Benaloh
Josh Benaloh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20060031338Abstract: Disclosed are systems and methods that facilitate securing communication channels used in a challenge-response system to mitigate spammer intrusion or deception. The systems and methods make use of unique IDs that can be added to outbound messages originating from a sender, a recipient, and a third-party server. The IDs can be correlated according to the relevant parties. Thus, for example, a sender can add a signed ID to an outgoing message. A challenge sent back to the sender for that particular message can echo the same ID or a new ID derived from the original ID to allow a sender to verify that the challenge corresponds to an actual message. The IDs can include cookies as well to facilitate correlation of messages and to facilitate the retrieval of messages once a sender is determined to be legitimate.Type: ApplicationFiled: August 9, 2004Publication date: February 9, 2006Applicant: Microsoft CorporationInventors: Nina Kang, Joshua Goodman, Robert Rounthwaite, Josh Benaloh, Elissa Murphy, Manav Mishra, Gopalakrishnan Seshadrinathan, Derek Hazeur, Ryan Colvin
-
Publication number: 20060005013Abstract: A method of generating a call sign. A method of generating a call sign comprising determining a distinguished qualifier, finding a distinguished salt, and hashing the distinguished salt with the distinguished qualifier.Type: ApplicationFiled: June 30, 2004Publication date: January 5, 2006Applicant: Microsoft CorporationInventors: Christian Huitema, Josh Benaloh, Kim Cameron
-
Publication number: 20060005230Abstract: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.Type: ApplicationFiled: August 18, 2005Publication date: January 5, 2006Applicant: Microsoft CorporationInventors: Paul England, Marcus Peinado, Daniel Simon, Josh Benaloh
-
Publication number: 20050289351Abstract: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.Type: ApplicationFiled: August 18, 2005Publication date: December 29, 2005Applicant: Microsoft CorporationInventors: Paul England, Marcus Peinado, Daniel Simon, Josh Benaloh
-
Publication number: 20050278530Abstract: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.Type: ApplicationFiled: August 18, 2005Publication date: December 15, 2005Applicant: Microsoft CorporationInventors: Paul England, Marcus Peinado, Daniel Simon, Josh Benaloh
-
Publication number: 20050278531Abstract: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.Type: ApplicationFiled: August 18, 2005Publication date: December 15, 2005Applicant: Microsoft CorporationInventors: Paul England, Marcus Peinado, Daniel Simon, Josh Benaloh
-
Publication number: 20050278253Abstract: A method describes user interaction in combination with sending a send item from an application of a computing device to a recipient. The computing device has an attestation unit thereon for attesting to trustworthiness. The application facilitates a user in constructing the send item, and pre-determined indicia are monitored that can be employed to detect that the user is in fact expending effort to construct the send item. The attestation unit authenticates the application to impart trust thereto, and upon the user commanding the application to send, a send attestation is constructed to accompany the send item. The send attestation is based on the monitored indicia and the authentication of the application and thereby describes the user interaction. The constructed send attestation is packaged with the constructed send item and the package is sent to the recipient.Type: ApplicationFiled: June 15, 2004Publication date: December 15, 2005Applicant: Microsoft CorporationInventors: Christopher Meek, David Heckerman, Josh Benaloh, Marcus Peinado, Joshua Goodman
-
Publication number: 20050278477Abstract: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.Type: ApplicationFiled: August 18, 2005Publication date: December 15, 2005Applicant: Microsoft CorporationInventors: Paul England, Marcus Peinado, Daniel Simon, Josh Benaloh
-
Publication number: 20050273862Abstract: Methods and systems are described that enable protection of digital content, such as movies and the like, by making pirated copies traceable back to a unique decryption key that was utilized to decrypt the originally encrypted content. The innovative advancements do not rely on post-distribution watermarking or fingerprinting techniques, and yet intrinsically link any unauthorized copies back to a unique cryptographic key or key collection that was used when the genuine copy was reproduced. In one embodiment, digital content is provided and comprises multiple partition sets, with each partition set comprising a first partition and at least one different version of the first partition. Each partition of each partition set is uniquely marked and encrypted with a different key. Individual unique key collections are then defined to contain, for each partition set, one key that was used to encrypt a partition from the partition set and no two key collections are identical.Type: ApplicationFiled: July 28, 2005Publication date: December 8, 2005Applicant: Microsoft CorporationInventors: Josh Benaloh, Andrew Rosen, Gideon Yuval
-
Publication number: 20050235361Abstract: Transmitter and receiver computing device are interconnected by a network. The transmitter transmits protected digital content to the receiver in a manner so that the receiver can access the content even though the content is directly licensed to the transmitter and not the receiver.Type: ApplicationFiled: April 19, 2004Publication date: October 20, 2005Applicant: Microsoft CorporationInventors: James Alkove, Clifford Van Dyke, Eduardo Oliveira, Josh Benaloh, Troy Batterberry
-
Publication number: 20050193210Abstract: Systems, methods and modulated data signals are described herein that provide an efficient way to derive a single key from which a user can extract virtually any number of data encryption keys. A database is logically divided into segments and a small prime number is associated with each segment. An encryption key is derived for each segment in the database and a key set is determined for distributing a data subset to a user. Each segment is encrypted with the corresponding encryption key. A single key is derived using the prime numbers associated with the data segments and the single key, the encrypted database, and a small amount of public information is provided to the user. The user utilizes this information to extract the encryption key set from the single key. One implementation utilizes a tree structure to significantly reduce the number of modular exponentiations that must be calculated when extracting the encryption keys.Type: ApplicationFiled: December 17, 2004Publication date: September 1, 2005Applicant: Microsoft CorporationInventor: Josh Benaloh
-
Publication number: 20050144447Abstract: Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.Type: ApplicationFiled: February 28, 2005Publication date: June 30, 2005Applicant: Microsoft CorporationInventors: Paul England, Marcus Peinado, Daniel Simon, Josh Benaloh
-
Publication number: 20050144448Abstract: Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.Type: ApplicationFiled: February 28, 2005Publication date: June 30, 2005Applicant: Microsoft CorporationInventors: Paul England, Marcus Peinado, Daniel Simon, Josh Benaloh
-
Publication number: 20050138270Abstract: Machine instructions comprising a bootstrap code are buried within a critical component of an electronic game console where they cannot readily be accessed or modified. A preloader portion in a read only memory (ROM) is hashed by the bootstrap code and the result is compared to an expected hash value maintained in the bootstrap code. Further verification of the boot-up process is carried out by the preloader, which hashes the code in ROM to obtain a hash value for the code. The result is verified against a digital signature value that defines an expected value for this hash. Failure to obtain any expected result terminates the boot-up process. Since the bootstrap code confirms the preloader, and the preloader confirms the remainder of the code in ROM, this technique is useful for ensuring that the code used for booting up the device has not been modified or replaced.Type: ApplicationFiled: January 7, 2005Publication date: June 23, 2005Applicant: Microsoft CorporationInventors: Dinarte Morais, Jon Lange, Daniel Simon, Ling Chen, Josh Benaloh
-
Publication number: 20050120201Abstract: A system and method for automatically determining if a computer user is a human or an automated script. Human interactive proofs (HIPs) are currently used to deter automated registration for web services by automated computer scripts. Unfortunately, HIPs entail multiple steps (request service, receive challenge, respond to challenge) that can be burdensome. The system and method of the invention in one embodiment provides a “black-box” to potential users consisting of a challenge generator and a secret key. The challenge is generated for the user and the response can be provided as part of the service request, eliminating the need for a separate challenge from a service provider and response to the challenge.Type: ApplicationFiled: December 1, 2003Publication date: June 2, 2005Applicant: Microsoft CorporationInventors: Josh Benaloh, Ismail Paya
-
Publication number: 20050117746Abstract: Systems, methods and modulated data signals are described herein that provide an efficient way to derive a single key from which a user can extract virtually any number of data encryption keys. A database is logically divided into segments and a small prime number is associated with each segment. An encryption key is derived for each segment in the database and a key set is determined for distributing a data subset to a user. Each segment is encrypted with the corresponding encryption key. A single key is derived using the prime numbers associated with the data segments and the single key, the encrypted database, and a small amount of public information is provided to the user. The user utilizes this information to extract the encryption key set from the single key. One implementation utilizes a tree structure to significantly reduce the number of modular exponentiations that must be calculated when extracting the encryption keys.Type: ApplicationFiled: December 17, 2004Publication date: June 2, 2005Applicant: Microsoft CorporationInventor: Josh Benaloh
-
Publication number: 20050097063Abstract: Described herein are one or more implementations for extracting multiple single keys from a compressed key, each single key corresponding to a segment in a unique data subset of a database.Type: ApplicationFiled: November 5, 2004Publication date: May 5, 2005Applicant: Microsoft CorporationInventor: Josh Benaloh
-
Publication number: 20050097062Abstract: Described herein is one or more implementations that generate a single key from a set of encrypted keys, which set is associated with a unique data subset of a database.Type: ApplicationFiled: November 5, 2004Publication date: May 5, 2005Applicant: Microsoft CorporationInventor: Josh Benaloh
-
Publication number: 20050094813Abstract: Described herein is one or more implementations for compressing one or more keys.Type: ApplicationFiled: November 5, 2004Publication date: May 5, 2005Applicant: Microsoft CorporationInventor: Josh Benaloh
-
Publication number: 20050066183Abstract: An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the privacy created by the encryption (e.g., so the other computing device cannot see the plaintext). The exclusive encryption system may be implemented as part of a serverless distributed file system with directory entries (e.g., file names or folder names) being the plaintext, or alternatively as part of other systems.Type: ApplicationFiled: November 10, 2004Publication date: March 24, 2005Applicant: Microsoft CorporationInventors: John Douceur, Josh Benaloh, Gideon Yuval, Atul Adya