Patents by Inventor Ling Tony Chen

Ling Tony Chen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220131686
    Abstract: A method for secure key exchange. The method comprises receiving a request to certify a key from a communication partner at an interface between an access and tamper resistant circuit block and exposed circuitry. Within the access and tamper resistant circuit block, a first random private key is generated. A corresponding public key of the first random private key is derived, and a cryptographic digest of the public key and attributes associated with the first random private key is generated. The generated cryptographic digest is signed using a second random private key that has been designated for signing by one or more associated attributes. The public key and the signature are then sent to the communication partner via the interface.
    Type: Application
    Filed: October 27, 2020
    Publication date: April 28, 2022
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Avdhesh CHHODAVDIA, Ling Tony CHEN, Felix Stefan DOMKE, Kambiz RAHIMI, Jay Scott FULLER
  • Patent number: 11302411
    Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.
    Type: Grant
    Filed: March 31, 2021
    Date of Patent: April 12, 2022
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Ling Tony Chen, Felix Domke, Ankur Choudhary, Bradley Joseph Litterell
  • Patent number: 11184164
    Abstract: Disclosed is a cryptographic key management system implemented in access and tamper resistant circuitry. The circuitry includes processing circuitry to perform cryptographic processing based cryptographic keys. Cryptographic key registers include key portions and attribute portions. An interface receives commands from exposed circuitry that controls the processing circuitry to perform cryptographic processing based on the keys and associated attributes. The attributes indicate what operations may be performed on, or using, the associated keys. of the associated keys. The attributes indicate intended uses of the keys.
    Type: Grant
    Filed: February 2, 2018
    Date of Patent: November 23, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Kambiz Rahimi, Jay Scott Fuller, Ling Tony Chen, Felix Stefan Domke
  • Patent number: 11154784
    Abstract: Systems and method for providing a single sign in a gaming console that associates online activity that is out-of-game/cross game, and/or online activity that is in-game, and/or activity that is offline and in-game with that account. While online, a service tracks activity of gamers and provides usage statistics in a profile. While offline, the game console tracks the player's activity via a mechanism to collect detailed information about a specific player's in-game statistics and accomplishments. The offline activity is cached and uploaded when the console connects to the online service. Players can accumulate achievements offline that are credited towards online activities.
    Type: Grant
    Filed: August 26, 2019
    Date of Patent: October 26, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Michal Bortnik, Erik John Arthur, James David Macauley, Ling Tony Chen, Yasser B. Asmi, Steven D. Lamb, James N. Helm
  • Publication number: 20210209201
    Abstract: This disclosure describes systems and methods for protecting commercial off-the-shelf software program code from piracy. A software program may include multiple image files having code and data. A platform may modify the executable file such that the data may be placed at a location in memory that is an arbitrary distance from the code. The platform may encrypt the code and provide it to a computing device comprising a hardware enclave. The computing device may load the encrypted code into the hardware enclave but load the data into memory outside the hardware enclave. The computing device may request a decryption key from an authentication server using a hash of the hardware enclave signed by a processor. The authentication server may provide the decryption key if it verifies the signature and the hash. The computing device may decrypt the code and mark the hardware enclave as non-readable.
    Type: Application
    Filed: January 3, 2020
    Publication date: July 8, 2021
    Inventors: Xinyang GE, Weidong CUI, Ben NIU, Ling Tony CHEN
  • Patent number: 10885189
    Abstract: A host operating system running on a computing device monitors resource access by an application running in a container that is isolated from the host operating system. In response to detecting resource access by the application, a security event is generated describing malicious activity that occurs from the accessing the resource. This security event is analyzed to determine a threat level of the malicious activity. If the threat level does not satisfy a threat level threshold, the host operating system allows the application to continue accessing resources and continues to monitor resource access. When the threat level satisfies the threat level threshold, the operating system takes corrective action to prevent the malicious activity from spreading beyond the isolated container. Through the use of security events, the host operating system is protected from even kernel-level attacks without using resources required to run anti-virus software in the isolated container.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: January 5, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Charles G. Jeffries, Benjamin M. Schultz, Giridhar Viswanathan, Frederick Justus Smith, David Guy Weston, Ankit Srivastava, Ling Tony Chen, Hari R. Pulapaka
  • Patent number: 10592671
    Abstract: The subject disclosure is directed towards protecting code in memory from being modified after boot, such as code used in a dedicated microprocessor or microcontroller. Hardware, such as in logic or in a memory protection unit, allows a range of memory to be made non-writeable after being loaded, e.g., via a secure boot load operation. Further, startup code that is used to configure the hardware/memory may be made non-executable after having run once, so that no further execution may occur in that space, e.g., as a result of an attack. A function in the runtime code may allow for a limited, attack-protected reconfiguration of sub-regions of memory regions during the runtime execution.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: March 17, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ling Tony Chen, Felix Stefan Domke
  • Publication number: 20190374860
    Abstract: Systems and method for providing a single sign in a gaming console that associates online activity that is out-of-game/cross game, and/or online activity that is in-game, and/or activity that is offline and in-game with that account. While online, a service tracks activity of gamers and provides usage statistics in a profile. While offline, the game console tracks the player's activity via a mechanism to collect detailed information about a specific player's in-game statistics and accomplishments. The offline activity is cached and uploaded when the console connects to the online service. Players can accumulate achievements offline that are credited towards online activities.
    Type: Application
    Filed: August 26, 2019
    Publication date: December 12, 2019
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Michal Bortnik, Erik John Arthur, James David Macauley, Ling Tony Chen, Yasser B. Asmi, Steven D. Lamb, James N. Helm
  • Patent number: 10391405
    Abstract: Systems and method for providing a single sign in a gaming console that associates online activity that is out-of-game/cross game, and/or online activity that is in-game, and/or activity that is offline and in-game with that account. While online, a service tracks activity of gamers and provides usage statistics in a profile. While offline, the game console tracks the player's activity via a mechanism to collect detailed information about a specific player's in-game statistics and accomplishments. The offline activity is cached and uploaded when the console connects to the online service. Players can accumulate achievements offline that are credited towards online activities.
    Type: Grant
    Filed: January 4, 2017
    Date of Patent: August 27, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Michal Bortnik, Erik John Arthur, James David Macauley, Ling Tony Chen, Yasser B. Asmi, Steven D. Lamb, James N. Helm
  • Publication number: 20190251256
    Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.
    Type: Application
    Filed: December 20, 2018
    Publication date: August 15, 2019
    Inventors: Jonathan E. Lange, John V. Sell, Ling Tony Chen, Eric O. Mejdrich
  • Publication number: 20190245686
    Abstract: Disclosed is a cryptographic key management system implemented in access and tamper resistant circuitry. The circuitry includes processing circuitry to perform cryptographic processing based cryptographic keys. Cryptographic key registers include key portions and attribute portions. An interface receives commands from exposed circuitry that controls the processing circuitry to perform cryptographic processing based on the keys and associated attributes. The attributes indicate what operations may be performed on, or using, the associated keys. of the associated keys. The attributes indicate intended uses of the keys.
    Type: Application
    Filed: February 2, 2018
    Publication date: August 8, 2019
    Inventors: Kambiz Rahimi, Jay Scott Fuller, Ling Tony Chen, Felix Stefan Domke
  • Patent number: 10311217
    Abstract: A compiler automatically modularizes identified functions or portions of source code, thereby enabling developers to merely identify portions of source code that represent functionality that is to be protected, including going back and identifying such portions after the programming of the software application program has been substantially completed. Such identification can be inline, within the source code itself, or specified in an external file.
    Type: Grant
    Filed: December 9, 2016
    Date of Patent: June 4, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Olaf Alexander Miller, Ling Tony Chen, Hakki Tunc Bostanci
  • Patent number: 10257189
    Abstract: System and methods for using secure isolated technology to prevent piracy and cheating on electronic devices. In some examples, an electronic device can use hardware based secure isolated technology to store a first portion of an application in computer memory, and store a second portion of the application in a hardware based secure isolated region of the computer memory, the second portion of the application including an encrypted portion and a plaintext portion The electronic device can further use the hardware based secure isolated technology to establish a secure encrypted communication channel with a server, send data to the server via the secure encrypted communication channel, receive a decryption key from the server via the secure encrypted communication channel, and decrypt encrypted portion using the decryption key. The electronic device can then execute the application using the first portion of the application and the second portion of the application.
    Type: Grant
    Filed: May 24, 2016
    Date of Patent: April 9, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Ling Tony Chen
  • Patent number: 10198578
    Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.
    Type: Grant
    Filed: December 5, 2016
    Date of Patent: February 5, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jonathan E. Lange, John V. Sell, Ling Tony Chen, Eric O. Mejdrich
  • Publication number: 20180336351
    Abstract: A host operating system running on a computing device monitors resource access by an application running in a container that is isolated from the host operating system. In response to detecting resource access by the application, a security event is generated describing malicious activity that occurs from the accessing the resource. This security event is analyzed to determine a threat level of the malicious activity. If the threat level does not satisfy a threat level threshold, the host operating system allows the application to continue accessing resources and continues to monitor resource access. When the threat level satisfies the threat level threshold, the operating system takes corrective action to prevent the malicious activity from spreading beyond the isolated container. Through the use of security events, the host operating system is protected from even kernel-level attacks without using resources required to run anti-virus software in the isolated container.
    Type: Application
    Filed: May 22, 2017
    Publication date: November 22, 2018
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Charles G. JEFFRIES, Benjamin M. SCHULTZ, Giridhar VISWANATHAN, Frederick Justus SMITH, David Guy WESTON, Ankit SRIVASTAVA, Ling Tony CHEN, Hari R. PULAPAKA
  • Publication number: 20180196946
    Abstract: The subject disclosure is directed towards protecting code in memory from being modified after boot, such as code used in a dedicated microprocessor or microcontroller. Hardware, such as in logic or in a memory protection unit, allows a range of memory to be made non-writeable after being loaded, e.g., via a secure boot load operation. Further, startup code that is used to configure the hardware/memory may be made non-executable after having run once, so that no further execution may occur in that space, e.g., as a result of an attack. A function in the runtime code may allow for a limited, attack-protected reconfiguration of sub-regions of memory regions during the runtime execution.
    Type: Application
    Filed: December 29, 2017
    Publication date: July 12, 2018
    Inventors: Ling Tony CHEN, Felix Stefan DOMKE
  • Publication number: 20180165428
    Abstract: A compiler automatically modularizes identified functions or portions of source code, thereby enabling developers to merely identify portions of source code that represent functionality that is to be protected, including going back and identifying such portions after the programming of the software application program has been substantially completed. Such identification can be inline, within the source code itself, or specified in an external file.
    Type: Application
    Filed: December 9, 2016
    Publication date: June 14, 2018
    Inventors: Olaf Alexander Miller, Ling Tony Chen, Hakki Tunc Bostanci
  • Patent number: 9916452
    Abstract: A device-local key derivation scheme generates, during a first boot session for an electronic device, a sealing key that is derived at least in part from a device-generated random seed and an internal secret that is unique to the electronic device. After generating the sealing key, access to the internal secret is disabled for a remainder of the first boot session and until a second boot session is initiated. At runtime, the sealing key is used to sign a module manifest that describes the software that is authorized to access the sealing key, and the module manifest containing the sealing key is persisted in non-volatile memory of the electronic device. The module manifest can be used to validate software during a subsequent boot session and to authorize software updates on the electronic device without relying on an external entity or external information to protect on-device secrets.
    Type: Grant
    Filed: May 18, 2016
    Date of Patent: March 13, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Felix Domke, Ling Tony Chen
  • Patent number: 9875358
    Abstract: The subject disclosure is directed towards protecting code in memory from being modified after boot, such as code used in a dedicated microprocessor or microcontroller. Hardware, such as in logic or in a memory protection unit, allows a range of memory to be made non-writeable after being loaded, e.g., via a secure boot load operation. Further, startup code that is used to configure the hardware/memory may be made non-executable after having run once, so that no further execution may occur in that space, e.g., as a result of an attack. A function in the runtime code may allow for a limited, attack-protected reconfiguration of sub-regions of memory regions during the runtime execution.
    Type: Grant
    Filed: June 20, 2014
    Date of Patent: January 23, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ling Tony Chen, Felix Stefan Domke
  • Publication number: 20180004531
    Abstract: In one example, a method includes allocating separate portions of memory for a control stack and a data stack. The method also includes, upon detecting a call instruction, storing a first return address in the control stack and a second return address in the data stack; and upon detecting a return instruction, popping the first return address from the control stack and the second return address from the data stack and raising an exception if the two return addresses do not match. Otherwise, the return instruction returns the first return address. Additionally, the method includes executing an exception handler in response to the return instruction detecting an exception, wherein the exception handler is to pop one or more return addresses from the control stack until the return address on a top of the control stack matches the return address on a top of the data stack.
    Type: Application
    Filed: June 30, 2016
    Publication date: January 4, 2018
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Ling Tony Chen, Kenneth D. Johnson, Jonathan E. Lange, Kinshumann, Matthew Miller, Neeraj Singh