Patents by Inventor Ling Tony Chen

Ling Tony Chen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10391405
    Abstract: Systems and method for providing a single sign in a gaming console that associates online activity that is out-of-game/cross game, and/or online activity that is in-game, and/or activity that is offline and in-game with that account. While online, a service tracks activity of gamers and provides usage statistics in a profile. While offline, the game console tracks the player's activity via a mechanism to collect detailed information about a specific player's in-game statistics and accomplishments. The offline activity is cached and uploaded when the console connects to the online service. Players can accumulate achievements offline that are credited towards online activities.
    Type: Grant
    Filed: January 4, 2017
    Date of Patent: August 27, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Michal Bortnik, Erik John Arthur, James David Macauley, Ling Tony Chen, Yasser B. Asmi, Steven D. Lamb, James N. Helm
  • Publication number: 20190251256
    Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.
    Type: Application
    Filed: December 20, 2018
    Publication date: August 15, 2019
    Inventors: Jonathan E. Lange, John V. Sell, Ling Tony Chen, Eric O. Mejdrich
  • Publication number: 20190245686
    Abstract: Disclosed is a cryptographic key management system implemented in access and tamper resistant circuitry. The circuitry includes processing circuitry to perform cryptographic processing based cryptographic keys. Cryptographic key registers include key portions and attribute portions. An interface receives commands from exposed circuitry that controls the processing circuitry to perform cryptographic processing based on the keys and associated attributes. The attributes indicate what operations may be performed on, or using, the associated keys. of the associated keys. The attributes indicate intended uses of the keys.
    Type: Application
    Filed: February 2, 2018
    Publication date: August 8, 2019
    Inventors: Kambiz Rahimi, Jay Scott Fuller, Ling Tony Chen, Felix Stefan Domke
  • Patent number: 10311217
    Abstract: A compiler automatically modularizes identified functions or portions of source code, thereby enabling developers to merely identify portions of source code that represent functionality that is to be protected, including going back and identifying such portions after the programming of the software application program has been substantially completed. Such identification can be inline, within the source code itself, or specified in an external file.
    Type: Grant
    Filed: December 9, 2016
    Date of Patent: June 4, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Olaf Alexander Miller, Ling Tony Chen, Hakki Tunc Bostanci
  • Patent number: 10257189
    Abstract: System and methods for using secure isolated technology to prevent piracy and cheating on electronic devices. In some examples, an electronic device can use hardware based secure isolated technology to store a first portion of an application in computer memory, and store a second portion of the application in a hardware based secure isolated region of the computer memory, the second portion of the application including an encrypted portion and a plaintext portion The electronic device can further use the hardware based secure isolated technology to establish a secure encrypted communication channel with a server, send data to the server via the secure encrypted communication channel, receive a decryption key from the server via the secure encrypted communication channel, and decrypt encrypted portion using the decryption key. The electronic device can then execute the application using the first portion of the application and the second portion of the application.
    Type: Grant
    Filed: May 24, 2016
    Date of Patent: April 9, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Ling Tony Chen
  • Patent number: 10198578
    Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.
    Type: Grant
    Filed: December 5, 2016
    Date of Patent: February 5, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jonathan E. Lange, John V. Sell, Ling Tony Chen, Eric O. Mejdrich
  • Publication number: 20180336351
    Abstract: A host operating system running on a computing device monitors resource access by an application running in a container that is isolated from the host operating system. In response to detecting resource access by the application, a security event is generated describing malicious activity that occurs from the accessing the resource. This security event is analyzed to determine a threat level of the malicious activity. If the threat level does not satisfy a threat level threshold, the host operating system allows the application to continue accessing resources and continues to monitor resource access. When the threat level satisfies the threat level threshold, the operating system takes corrective action to prevent the malicious activity from spreading beyond the isolated container. Through the use of security events, the host operating system is protected from even kernel-level attacks without using resources required to run anti-virus software in the isolated container.
    Type: Application
    Filed: May 22, 2017
    Publication date: November 22, 2018
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Charles G. JEFFRIES, Benjamin M. SCHULTZ, Giridhar VISWANATHAN, Frederick Justus SMITH, David Guy WESTON, Ankit SRIVASTAVA, Ling Tony CHEN, Hari R. PULAPAKA
  • Publication number: 20180196946
    Abstract: The subject disclosure is directed towards protecting code in memory from being modified after boot, such as code used in a dedicated microprocessor or microcontroller. Hardware, such as in logic or in a memory protection unit, allows a range of memory to be made non-writeable after being loaded, e.g., via a secure boot load operation. Further, startup code that is used to configure the hardware/memory may be made non-executable after having run once, so that no further execution may occur in that space, e.g., as a result of an attack. A function in the runtime code may allow for a limited, attack-protected reconfiguration of sub-regions of memory regions during the runtime execution.
    Type: Application
    Filed: December 29, 2017
    Publication date: July 12, 2018
    Inventors: Ling Tony CHEN, Felix Stefan DOMKE
  • Publication number: 20180165428
    Abstract: A compiler automatically modularizes identified functions or portions of source code, thereby enabling developers to merely identify portions of source code that represent functionality that is to be protected, including going back and identifying such portions after the programming of the software application program has been substantially completed. Such identification can be inline, within the source code itself, or specified in an external file.
    Type: Application
    Filed: December 9, 2016
    Publication date: June 14, 2018
    Inventors: Olaf Alexander Miller, Ling Tony Chen, Hakki Tunc Bostanci
  • Patent number: 9916452
    Abstract: A device-local key derivation scheme generates, during a first boot session for an electronic device, a sealing key that is derived at least in part from a device-generated random seed and an internal secret that is unique to the electronic device. After generating the sealing key, access to the internal secret is disabled for a remainder of the first boot session and until a second boot session is initiated. At runtime, the sealing key is used to sign a module manifest that describes the software that is authorized to access the sealing key, and the module manifest containing the sealing key is persisted in non-volatile memory of the electronic device. The module manifest can be used to validate software during a subsequent boot session and to authorize software updates on the electronic device without relying on an external entity or external information to protect on-device secrets.
    Type: Grant
    Filed: May 18, 2016
    Date of Patent: March 13, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Felix Domke, Ling Tony Chen
  • Patent number: 9875358
    Abstract: The subject disclosure is directed towards protecting code in memory from being modified after boot, such as code used in a dedicated microprocessor or microcontroller. Hardware, such as in logic or in a memory protection unit, allows a range of memory to be made non-writeable after being loaded, e.g., via a secure boot load operation. Further, startup code that is used to configure the hardware/memory may be made non-executable after having run once, so that no further execution may occur in that space, e.g., as a result of an attack. A function in the runtime code may allow for a limited, attack-protected reconfiguration of sub-regions of memory regions during the runtime execution.
    Type: Grant
    Filed: June 20, 2014
    Date of Patent: January 23, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ling Tony Chen, Felix Stefan Domke
  • Publication number: 20180004531
    Abstract: In one example, a method includes allocating separate portions of memory for a control stack and a data stack. The method also includes, upon detecting a call instruction, storing a first return address in the control stack and a second return address in the data stack; and upon detecting a return instruction, popping the first return address from the control stack and the second return address from the data stack and raising an exception if the two return addresses do not match. Otherwise, the return instruction returns the first return address. Additionally, the method includes executing an exception handler in response to the return instruction detecting an exception, wherein the exception handler is to pop one or more return addresses from the control stack until the return address on a top of the control stack matches the return address on a top of the data stack.
    Type: Application
    Filed: June 30, 2016
    Publication date: January 4, 2018
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Ling Tony Chen, Kenneth D. Johnson, Jonathan E. Lange, Kinshumann, Matthew Miller, Neeraj Singh
  • Publication number: 20170346814
    Abstract: System and methods for using secure isolated technology to prevent piracy and cheating on electronic devices. In some examples, an electronic device can use hardware based secure isolated technology to store a first portion of an application in computer memory, and store a second portion of the application in a hardware based secure isolated region of the computer memory, the second portion of the application including an encrypted portion and a plaintext portion The electronic device can further use the hardware based secure isolated technology to establish a secure encrypted communication channel with a server, send data to the server via the secure encrypted communication channel, receive a decryption key from the server via the secure encrypted communication channel, and decrypt encrypted portion using the decryption key. The electronic device can then execute the application using the first portion of the application and the second portion of the application.
    Type: Application
    Filed: May 24, 2016
    Publication date: November 30, 2017
    Inventor: Ling Tony Chen
  • Publication number: 20170337380
    Abstract: A device-local key derivation scheme generates, during a first boot session for an electronic device, a sealing key that is derived at least in part from a device-generated random seed and an internal secret that is unique to the electronic device. After generating the sealing key, access to the internal secret is disabled for a remainder of the first boot session and until a second boot session is initiated. At runtime, the sealing key is used to sign a module manifest that describes the software that is authorized to access the sealing key, and the module manifest containing the sealing key is persisted in non-volatile memory of the electronic device. The module manifest can be used to validate software during a subsequent boot session and to authorize software updates on the electronic device without relying on an external entity or external information to protect on-device secrets.
    Type: Application
    Filed: May 18, 2016
    Publication date: November 23, 2017
    Inventors: Felix Domke, Ling Tony Chen
  • Patent number: 9762396
    Abstract: When theft protection of a computing device is initiated, credentials of the user are provided to one or more services that verify the credentials and generate a recovery key. A data value is generated based on the recovery key and an identifier of the computing device (e.g., by applying a cryptographic hash function to the recovery key and the computing device identifier), and the data value is provided to the computing device, which stores the data value at the computing device. When a user is prompted to prove his or her ownership of the device, the owner can prove his or her ownership of the device in different manners by accessing the one or more services via a network (e.g., the Internet), or by providing the recovery key (e.g., obtained using another computing device) to the computing device.
    Type: Grant
    Filed: December 2, 2016
    Date of Patent: September 12, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Mihai Irinel Susan, Bogdan Andreiu, Scott R. Shell, Scott Michael Bragg, Ling Tony Chen
  • Patent number: 9716708
    Abstract: A system-on-chip (SoC) includes multiple hardware modules that are implemented on a substrate. The hardware modules include a plurality of hardware and software security features and the SoC provides one or more external interfaces for accessing the security features. A validation module, implemented in the boot code of the SoC for example, manages security certificates to control access to the plurality of security features. Each security certificate includes one or more unique identifiers corresponding to one or more hardware modules in the SoC and access control settings for one or more security features of the one or more hardware modules. The security certificate additionally includes a certificate signature signed by a secure key.
    Type: Grant
    Filed: September 13, 2013
    Date of Patent: July 25, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Michael Love, Ling Tony Chen, Felix Domke, Kenneth Ray
  • Publication number: 20170193226
    Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.
    Type: Application
    Filed: December 5, 2016
    Publication date: July 6, 2017
    Inventors: Jonathan E. Lange, John V. Sell, Ling Tony Chen, Eric O. Mejdrich
  • Patent number: 9646154
    Abstract: Return oriented programming (ROP) attack prevention techniques are described. In one or more examples, a method is described of protecting against return oriented programming attacks. The method includes initiating a compute signature hardware instruction of a computing device to compute a signature for a return address and the associated location on the stack the return address is stored and causing storage of the computed signature along with the return address in the stack. The method also includes enforcing that before executing the return instruction using the return address on the stack, initiating a verify signature hardware instruction of the computing device to verify the signature matches the target return address on the stack and responding to successful verification of the signature through execution of the verify signature hardware instruction by the computing device, executing the return instruction to the return address.
    Type: Grant
    Filed: January 20, 2015
    Date of Patent: May 9, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ling Tony Chen, Jonathan E. Lange, Greg M. Zaverucha
  • Publication number: 20170113145
    Abstract: Systems and method for providing a single sign in a gaming console that associates online activity that is out-of-game/cross game, and/or online activity that is in-game, and/or activity that is offline and in-game with that account. While online, a service tracks activity of gamers and provides usage statistics in a profile. While offline, the game console tracks the player's activity via a mechanism to collect detailed information about a specific player's in-game statistics and accomplishments. The offline activity is cached and uploaded when the console connects to the online service. Players can accumulate achievements offline that are credited towards online activities.
    Type: Application
    Filed: January 4, 2017
    Publication date: April 27, 2017
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Michal Bortnik, Erik John Arthur, James David Macauley, Ling Tony Chen, Yasser B. Asmi, Steven D. Lamb, James N. Helm
  • Publication number: 20170085386
    Abstract: When theft protection of a computing device is initiated, credentials of the user are provided to one or more services that verify the credentials and generate a recovery key. A data value is generated based on the recovery key and an identifier of the computing device (e.g., by applying a cryptographic hash function to the recovery key and the computing device identifier), and the data value is provided to the computing device, which stores the data value at the computing device. When a user is prompted to prove his or her ownership of the device, the owner can prove his or her ownership of the device in different manners by accessing the one or more services via a network (e.g., the Internet), or by providing the recovery key (e.g., obtained using another computing device) to the computing device.
    Type: Application
    Filed: December 2, 2016
    Publication date: March 23, 2017
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Mihai Irinel Susan, Bogdan Andreiu, Scott R. Shell, Scott Michael Bragg, Ling Tony Chen