Patents by Inventor Malcolm E. Pearson
Malcolm E. Pearson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10871984Abstract: An execution environment has a deployed virtual machine image. The virtual machine image provides a service that is identified by a role. The execution environment generates a measurement of the virtual machine image and provides it to a key service to request role keys that enable operation of the virtual machine image in the execution environment. The key service determines whether the virtual machine image is mapped to the role and, if so, returns the role keys to the requesting execution environment.Type: GrantFiled: April 17, 2019Date of Patent: December 22, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Malcolm E. Pearson, Tolga Acar, Rahul Verma
-
Publication number: 20190243678Abstract: An execution environment has a deployed virtual machine image. The virtual machine image provides a service that is identified by a role. The execution environment generates a measurement of the virtual machine image and provides it to a key service to request role keys that enable operation of the virtual machine image in the execution environment. The key service determines whether the virtual machine image is mapped to the role and, if so, returns the role keys to the requesting execution environment.Type: ApplicationFiled: April 17, 2019Publication date: August 8, 2019Inventors: Malcolm E. PEARSON, Tolga ACAR, Rahul VERMA
-
Patent number: 10310885Abstract: An execution environment has a deployed virtual machine image. The virtual machine image provides a service that is identified by a role. The execution environment generates a measurement of the virtual machine image and provides it to a key service to request role keys that enable operation of the virtual machine image in the execution environment. The key service determines whether the virtual machine image is mapped to the role and, if so, returns the role keys to the requesting execution environment.Type: GrantFiled: October 25, 2016Date of Patent: June 4, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Malcolm E. Pearson, Tolga Acar, Rahul Verma
-
Publication number: 20180113730Abstract: An execution environment has a deployed virtual machine image. The virtual machine image provides a service that is identified by a role. The execution environment generates a measurement of the virtual machine image and provides it to a key service to request role keys that enable operation of the virtual machine image in the execution environment. The key service determines whether the virtual machine image is mapped to the role and, if so, returns the role keys to the requesting execution environment.Type: ApplicationFiled: October 25, 2016Publication date: April 26, 2018Inventors: Malcolm E. Pearson, Tolga Acar, Rahul Verma
-
Patent number: 9160740Abstract: Establishing secure, mutually authenticated communication between a trusted network and a perimeter network. Servers on the perimeter network may be securely and automatically configured to communicate with the trusted network. Servers not functioning properly may be stopped from communicating with the other servers. Credential information relating to a perimeter server may be automatically, and regularly, updated without intervention.Type: GrantFiled: September 4, 2013Date of Patent: October 13, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Hao Zhang, Jeffrey B. Kay, Malcolm E. Pearson, Eric D. Tribble
-
Patent number: 8726020Abstract: Automatically sending configuration information from a trusted network to a perimeter network. Master servers residing in the trusted network are adapted for administering a distributed directory service containing configuration information. Edge servers residing in the perimeter network are adapted for using a local directory service local to each edge server. Edge-connected bridgehead servers residing in the trusted network are adapted for replicating the configuration information from the trusted network to the perimeter network. Replicating the configuration information to the perimeter network by trusted servers acquiring leases on edge servers is also disclosed.Type: GrantFiled: May 31, 2006Date of Patent: May 13, 2014Assignee: Microsoft CorporationInventors: Leon Warman, Malcolm E. Pearson, Andrei Kuznetsov, Nathan F. Waddoups, Eric D. Tribble
-
Publication number: 20140006783Abstract: Establishing secure, mutually authenticated communication between a trusted network and a perimeter network. Servers on the perimeter network may be securely and automatically configured to communicate with the trusted network. Servers not functioning properly may be stopped from communicating with the other servers. Credential information relating to a perimeter server may be automatically, and regularly, updated without intervention.Type: ApplicationFiled: September 4, 2013Publication date: January 2, 2014Applicant: Microsoft CorporationInventors: Hao Zhang, Jeffrey B. Kay, Malcolm E. Pearson, Eric D. Tribble
-
Patent number: 8549295Abstract: Establishing secure, mutually authenticated communication between a trusted network and a perimeter network. Servers on the perimeter network may be securely and automatically configured to communicate with the trusted network. Servers not functioning properly may be stopped from communicating with the other servers. Credential information relating to a perimeter server may be automatically, and regularly, updated without intervention.Type: GrantFiled: May 31, 2006Date of Patent: October 1, 2013Assignee: Microsoft CorporationInventors: Hao Zhang, Jeffrey B. Kay, Malcolm E. Pearson, Eric D. Tribble
-
Patent number: 8180833Abstract: Within a mail transfer agent of a message transfer system, a message is received and if the recipient entity resolves to a number of recipients exceeding a specified quantity, the original message is not processed. Instead, at least two messages are created, with each of the created messages addressed to a subset of the original set of recipients. The created messages are returned to the calling module for processing.Type: GrantFiled: February 28, 2005Date of Patent: May 15, 2012Assignee: Microsoft CorporationInventors: David A. Braun, Daniel D. Longley, Malcolm E. Pearson, Steven D. White
-
Patent number: 8166113Abstract: An electronic mail message (EMM) addressed to a distribution list of an enterprise is received at a server of the enterprise from a sending address outside of the enterprise. If the distribution list has no external addresses, then the EMM is blocked from being delivered to the distribution list. In an embodiment, if the distribution list has an external address and the sending address is identified in a safe sender list corresponding to the distribution list, then the EMM is delivered to the distribution list. In an embodiment, if the distribution list has an external address, the sending address is not in a safe sender list corresponding to the distribution list, and the content of the message is approved, then the EMM is delivered to the distribution list.Type: GrantFiled: August 2, 2006Date of Patent: April 24, 2012Assignee: Microsoft CorporationInventors: Mihai Costea, Konstantin Ryvkin, Malcolm E. Pearson, Roy Williams
-
Patent number: 8135645Abstract: A transmitting gateway may utilize a retrieved domain-specific key to secure an outbound message, and a receiving gateway may utilize another retrieved domain-specific key to authenticate and validate the secured message.Type: GrantFiled: March 3, 2006Date of Patent: March 13, 2012Assignee: Microsoft CorporationInventors: Jeffrey B. Kay, Eric D. Tribble, Roy Williams, Trevor W. Freeman, Malcolm E. Pearson
-
Patent number: 8028026Abstract: Propagating messaging preferences of one or more users from a recipient mailbox to a perimeter network administering e-mail content blocking and routing. A content filtering application located outside a trusted network receives messaging preferences information from within the trusted network regarding the mail recipients. This messaging preferences information may be utilized to allow certain pre-authorized messages from particular senders to bypass content filtering. Moreover, the messaging preferences information may be hashed to further protect the information on the perimeter network and to speed in review and comparison of the messaging preferences information. In addition, other types of user-specific information may be propagated to the perimeter network for use with other applications other than messaging.Type: GrantFiled: May 31, 2006Date of Patent: September 27, 2011Assignee: Microsoft CorporationInventors: Chandresh K. Jain, Malcolm E. Pearson, Nathan F. Waddoups, Mihai Costea, Eric D. Tribble
-
Patent number: 7921165Abstract: A processor 104 executes computer-executable instructions to receive messages 302; store 304 the received messages in a foreground memory 108; process 306 the stored messages in the foreground memory 108; send 306 the processed messages; move 308 the sent messages to a background memory 110; evaluate 310, 312 the messages in the background memory with respect to a parameter; and delete 314 selected messages in the background memory as a function of the evaluating. Alternatively, a message queue may be used to track lost messages.Type: GrantFiled: November 30, 2005Date of Patent: April 5, 2011Assignee: Microsoft CorporationInventors: Malcolm E. Pearson, Narasimhan Sundararajan, Greg Thiel
-
Publication number: 20100306393Abstract: Embodiments disclosed herein extend to the use of external access objects in a multi-tenant environment. First and second tenants contract for operations that users of the second tenant will perform in the first tenant. Identity criteria for the users are determined. These users are mapped to an external access object that represents the second tenant users when performing the operations in the first tenant. The external access object is also associated with the resources and/or data that the users of the second tenant will be allowed access to when performing the operations. The users of the second tenant provide a request for access to the resources and/or data to perform operations. Identity criteria are determined and the users are mapped to an external access object based on the identity criteria. It is determined if the user has permission to access the resources and/or data and perform the operations.Type: ApplicationFiled: May 26, 2009Publication date: December 2, 2010Applicant: MICROSOFT CORPORATIONInventors: Madan R. Appiah, Malcolm E. Pearson, Daniel Kershaw
-
Publication number: 20100306775Abstract: Embodiments disclosed herein extend to the use of administrative roles in a multi-tenant environment. The administrative roles define administrative tasks defining privileged operations that may be performed on the resources or data of a particular tenant. In some embodiments, the administrative tasks are a subset of administrative tasks. The administrative role also defines target objects which may be subjected to the administrative tasks. In some embodiments, the target objects are a subset of target objects. An administrator may associate a user or group of users of the particular tenant with a given administrative role. In this way, the user or group of users are delegated permission to perform the subset of administrative tasks on the subset of target objects without having to be given permission to perform all administrative tasks on all target objects.Type: ApplicationFiled: May 26, 2009Publication date: December 2, 2010Applicant: MICROSOFT CORPORATIONInventors: Madan R. Appiah, Malcolm E. Pearson, Daniel Kershaw
-
Patent number: 7831669Abstract: Within a mail transfer agent of a message transfer system, a message is received and if the recipient entity resolves to a number of recipients exceeding a specified quantity, the original message is not processed. Instead, at least two messages are created, with each of the created messages addressed to a subset of the original set of recipients. The created messages are returned to the calling module for processing.Type: GrantFiled: February 28, 2005Date of Patent: November 9, 2010Assignee: Microsoft CorporationInventors: David A. Braun, Daniel D. Longley, Malcolm E. Pearson, Steven D. White
-
Patent number: 7810160Abstract: A method for applying a common communication policy over at least two user groups of an organization. The method receives a communication request to transmit a communication between a sender user and at least one recipient user. The method identifies characteristics of the sender user and identifies characteristics of the at least one recipient user. The method further accesses a communication rules store common to the at least two user groups and determines the communication rules in the rules store applicable to the received communication based upon at least one of the characteristics of the sender user, the characteristics of the at least one recipient user, and the content of the communication. The method applies the identified rules to the communication.Type: GrantFiled: December 28, 2005Date of Patent: October 5, 2010Assignee: Microsoft CorporationInventors: Jesse M. Dougherty, Malcolm E. Pearson, Shawn M. Thomas
-
Patent number: 7774413Abstract: Techniques for eliminating duplicate/redundant scanning of email messages while the email message traverses the various servers within an email infrastructure are provided. Some techniques utilize a message hygiene stamp that is transported with the email message as the email message enters an enterprise and is routed within the enterprise until the email message reaches the end user inbox. The filters comprise logic that enables the filters to annotate the result of their filtering or other processing in corresponding message hygiene stamps. The message hygiene stamps allow the filters to determine whether the email message has already been processed by the filter within the email infrastructure.Type: GrantFiled: August 30, 2005Date of Patent: August 10, 2010Assignee: Microsoft CorporationInventors: Mihai Costea, Daniel D. Longley, Malcolm E. Pearson
-
Patent number: 7743104Abstract: The present invention provides for a messaging system that automatically identifies a forest that corresponds to a particular recipient of a message, without using a common or unified directory that maps forests with recipients. In a network with multiple forests, each forest having multiple recipients, when a message is received at a message server with a destination address that does not uniquely identify a particular forest, the present invention provides for using a standard messaging protocol for querying each forest. The forests respond with status codes that indicate whether or not a recipient associated with the destination address corresponds to the forest being queried. If a status code indicates that the recipient corresponds to the particular forest, information may be stored and used to quarry that particular forest first, before querying other forests within the network.Type: GrantFiled: August 27, 2004Date of Patent: June 22, 2010Assignee: Microsoft CorporationInventors: Alexander R. Wetmore, Malcolm E. Pearson, Wayne M. Cranston
-
Patent number: 7734754Abstract: A method for reviewing effectiveness of a rules system applying one or more rules to communication traffic of a group of users. The method analyzes a log containing one or more communications reviewed by the rules system to determine if the communications in the log conforms to the communications policy. The method also identifies one or more of the rules of the rules system violated by the communications when the analyzing the log determines that at least one of the communications in the log does not conform to the communications policy. Other methods determine the effectiveness of planned modifications to a rules system.Type: GrantFiled: December 28, 2005Date of Patent: June 8, 2010Assignee: Microsoft CorporationInventors: Jesse M. Dougherty, Malcolm E. Pearson, Shawn M. Thomas