Patents by Inventor Marcus Peinado

Marcus Peinado has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20210263746
    Abstract: A storage device for booting a host computing device includes a first storage memory region having a first storage memory controller, a second storage memory region having a second storage memory controller, and a resilient boot controller. The resilient boot controller is configured to store boot code in the first storage memory region, prevent write access by the host computing device through the first storage memory controller to the first storage memory region, detect a reset of the host computing device through the input/output interface, copy at least a portion of the boot code from the first storage memory region to the second storage memory region, responsive to detection of the reset of the host computing device, and enable read access of the copied boot code by the host computing device through the second storage memory controller of the second storage memory region, responsive to the copy operation.
    Type: Application
    Filed: April 20, 2020
    Publication date: August 26, 2021
    Inventors: Stefan THOM, Paul ENGLAND, Robert Karl SPIGER, Brian TELFER, Sangho LEE, Marcus PEINADO
  • Publication number: 20200313893
    Abstract: A computing device's trusted platform module (TPM) is configured with a cryptographic watchdog timer which forces a device reset if the TPM fails to solve a cryptographic challenge before the expiration of the timer. The computing device's TPM is configured to generate the cryptographic challenge, to which the computing device does not possess the cryptographic token for resolution. While the watchdog timer counts down, the computing device requests a cryptographic token from a remote service to solve the challenge. The remote service transmits the cryptographic token to the computing device so long as the remote service identifies no reason to withhold the token, such as the computing device being infected with malware. The interoperability of the computing device and remote service enables the remote service to exercise control and reset capabilities over the computing device.
    Type: Application
    Filed: March 27, 2019
    Publication date: October 1, 2020
    Inventors: Stefan THOM, Brian Clifford TELFER, Paul ENGLAND, Dennis James MATTOON, Marcus PEINADO
  • Patent number: 10791128
    Abstract: A process to detect intrusions with an intrusion detection system is disclosed. The intrusion detection system identifies instance types, and each instance type includes an instance. A know compromised instance is identified from the plurality of instances. A link between the plurality instance types is traversed from the compromised instance to discover an additional compromised instance.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: September 29, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Svetlana Gaivoronski, Paul England, Mohamed Rouatbi, Mariusz H. Jakubowski, Marcus Peinado, Julian Federico Gonzalez, Jr.
  • Patent number: 10735457
    Abstract: A process to investigate intrusions with an investigation system is disclosed. The process receives forensic facts from a set of forensic events on a system or network. A suspicious fact is identified from the forensic facts. A related fact from the forensic facts is identified based on the suspicious fact.
    Type: Grant
    Filed: October 3, 2017
    Date of Patent: August 4, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Mohamed Rouatbi, Julian Federico Gonzalez, Jr., Marcus Peinado, Mariusz H. Jakubowski, Svetlana Gaivoronski
  • Patent number: 10601596
    Abstract: Techniques to secure computation data in a computing environment from untrusted code. These techniques involve an isolated environment within the computing environment and an application programming interface (API) component to execute a key exchange protocol that ensures data integrity and data confidentiality for data communicated out of the isolated environment. The isolated environment includes an isolated memory region to store a code package. The key exchange protocol further involves a verification process for the code package stored in the isolated environment to determine whether the one or more exchanged encryption keys have been compromised. If the signature successfully authenticates the one or more keys, a secure communication channel is established to the isolated environment and access to the code package's functionality is enabled. Other embodiments are described and claimed.
    Type: Grant
    Filed: February 12, 2019
    Date of Patent: March 24, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Manuel Costa, Orion Tamlin Hodson, Sriram Kottarakurichi Rajamani, Marcus Peinado, Mark Eugene Russinovich, Kapil Vaswani
  • Publication number: 20190182052
    Abstract: Techniques to secure computation data in a computing environment from untrusted code. These techniques involve an isolated environment within the computing environment and an application programming interface (API) component to execute a key exchange protocol that ensures data integrity and data confidentiality for data communicated out of the isolated environment. The isolated environment includes an isolated memory region to store a code package. The key exchange protocol further involves a verification process for the code package stored in the isolated environment to determine whether the one or more exchanged encryption keys have been compromised. If the signature successfully authenticates the one or more keys, a secure communication channel is established to the isolated environment and access to the code package's functionality is enabled. Other embodiments are described and claimed.
    Type: Application
    Filed: February 12, 2019
    Publication date: June 13, 2019
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Manuel Costa, Orion Tamlin Hodson, Sriram Kottarakurichi Rajamani, Marcus Peinado, Mark Eugene Russinovich, Kapil Vaswani
  • Publication number: 20190104147
    Abstract: A process to investigate intrusions with an investigation system is disclosed. The process receives forensic facts from a set of forensic events on a system or network. A suspicious fact is identified from the forensic facts. A related fact from the forensic facts is identified based on the suspicious fact.
    Type: Application
    Filed: October 3, 2017
    Publication date: April 4, 2019
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Mohamed Rouatbi, Julian Federico Gonzalez, JR., Marcus Peinado, Mariusz H. Jakubowski, Svetlana Gaivoronski
  • Patent number: 10248578
    Abstract: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.
    Type: Grant
    Filed: February 18, 2016
    Date of Patent: April 2, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Paul England, Glen Slick, John C. Dunn, Kenneth D. Ray, Marcus Peinado, Bryan Willman
  • Publication number: 20190098024
    Abstract: A process to detect intrusions with an intrusion detection system is disclosed. The intrusion detection system identifies instance types, and each instance type includes an instance. A know compromised instance is identified from the plurality of instances. A link between the plurality instance types is traversed from the compromised instance to discover an additional compromised instance.
    Type: Application
    Filed: September 28, 2017
    Publication date: March 28, 2019
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Svetlana Gaivoronski, Paul England, Mohamed Rouatbi, Mariusz H. Jakubowski, Marcus Peinado, Julian Federico Gonzalez, JR.
  • Patent number: 10230529
    Abstract: Techniques to secure computation data in a computing environment from untrusted code. These techniques involve an isolated environment within the computing environment and an application programming interface (API) component to execute a key exchange protocol that ensures data integrity and data confidentiality for data communicated out of the isolated environment. The isolated environment includes an isolated memory region to store a code package. The key exchange protocol further involves a verification process for the code package stored in the isolated environment to determine whether the one or more exchanged encryption keys have been compromised. If the signature successfully authenticates the one or more keys, a secure communication channel is established to the isolated environment and access to the code package's functionality is enabled. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: March 12, 2019
    Assignee: MICROSFT TECHNOLOGY LICENSING, LLC
    Inventors: Manuel Costa, Orion Tamlin Hodson, Sriram Kottarakurichi Rajamani, Marcus Peinado, Mark Eugene Russinovich, Kapil Vaswani
  • Patent number: 9916439
    Abstract: The subject disclosure is directed towards securing network data traffic through a trusted partition of the computing environment. A proxy service may communicate transaction data from a client to security-critical code within the trusted partition, which compares the transaction data to a security policy from a commercial electronic entity. If the transaction data includes malicious content, a security component framework of the trusted partition may reject the transaction data and terminate communications with the client. If the transaction data does not include malicious content, the security component framework may communicate a secured version of the transaction data and retrieve response data from the commercial electronic entity, which may be further communicated back to the client.
    Type: Grant
    Filed: March 22, 2012
    Date of Patent: March 13, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Mariusz H. Jakubowski, Marcus Peinado
  • Patent number: 9792427
    Abstract: Methods for enforcing confidentiality and integrity of code and data while running the code over the data in a distributed computing system are described. In an embodiment each machine which processes data within the system provides a secure sub-system which is protected from other parts of the machine and which receives encrypted data and encrypted code, processes the data using the received code and outputs encrypted data. When establishing the secure sub-systems, keys are exchanged between the client and secure sub-systems and the secure sub-systems provide an attestation confirming the identity of the code running in the secure sub-systems and confirming that the code is running on genuine secure sub-systems. In another embodiment a data-flow computation system is described in which chunks of input data, each comprising an identifier, are authenticated/encrypted. The identifiers are used within the system to confirm that each chunk is processed exactly once.
    Type: Grant
    Filed: February 7, 2014
    Date of Patent: October 17, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Manuel Costa, Felix Schuster, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Antony Ian Taylor Rowstron
  • Patent number: 9774620
    Abstract: Aspects of the subject disclosure are directed towards detecting instances within a web application where code and data are not separated, e.g., inline code in the application. One or more implementations automatically transform the web application into a transformed version where code and data are clearly separated, e.g., inline code is moved into external files. The transformation protects against a large class of cross-site scripting attacks.
    Type: Grant
    Filed: June 18, 2013
    Date of Patent: September 26, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Weidong Ciu, Adam Loe Doupe, Mariusz H. Jakubowski, Marcus Peinado
  • Publication number: 20170033930
    Abstract: Techniques to secure computation data in a computing environment from untrusted code. These techniques involve an isolated environment within the computing environment and an application programming interface (API) component to execute a key exchange protocol that ensures data integrity and data confidentiality for data communicated out of the isolated environment. The isolated environment includes an isolated memory region to store a code package. The key exchange protocol further involves a verification process for the code package stored in the isolated environment to determine whether the one or more exchanged encryption keys have been compromised. If the signature successfully authenticates the one or more keys, a secure communication channel is established to the isolated environment and access to the code package's functionality is enabled. Other embodiments are described and claimed.
    Type: Application
    Filed: September 25, 2015
    Publication date: February 2, 2017
    Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Manuel Costa, Orion Tamlin Hodson, Sriram Kottarakurichi Rajamani, Marcus Peinado, Mark Eugene Russinovich, Kapil Vaswani
  • Patent number: 9430402
    Abstract: The described implementations relate to computer memory. One implementation provides a technique that can include providing stealth memory to an application. The stealth memory can have an associated physical address on a memory device. The technique can also include identifying a cache line of a cache that is mapped to the physical address associated with the stealth page, and locking one or more other physical addresses on the memory device that also map to the cache line.
    Type: Grant
    Filed: November 4, 2014
    Date of Patent: August 30, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Marcus Peinado, Taesoo Kim
  • Patent number: 9425965
    Abstract: Implementations for providing a persistent secure execution environment with a hosted computer are described. A host operating system of a computing system provides an encrypted checkpoint to a persistence module that executes in a secure execution environment of a hardware-protected memory area initialized by a security-enabled processor. The encrypted checkpoint is derived at least partly from another secure execution environment that is cryptographically certifiable as including another hardware-protected memory area established in an activation state to refrain from executing software not trusted by the client system.
    Type: Grant
    Filed: February 13, 2012
    Date of Patent: August 23, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Andrew A. Baumann, Galen C. Hunt, Marcus Peinado
  • Patent number: 9413538
    Abstract: Implementations for providing a secure execution environment with a hosted computer are described. A security-enabled processor establishes a hardware-protected memory area with an activation state that executes only software identified by a client system. The hardware-protected memory area is inaccessible by code that executes outside the hardware-protected memory area. A certification is transmitted to the client system to indicate that the secure execution environment is established, in its activation state, with only the software identified by the request.
    Type: Grant
    Filed: December 12, 2011
    Date of Patent: August 9, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Andrew A. Baumann, Galen C. Hunt, Marcus Peinado
  • Patent number: 9389933
    Abstract: Described herein are implementations for providing a platform adaptation layer that enables applications to execute inside a user-mode hardware-protected isolation container while utilizing host platform resources that reside outside of the isolation container. The platform adaptation layer facilitates a system service request interaction between the application and the host platform. As part of the facilitating, a secure services component of the platform adaptation layer performs a security-relevant action.
    Type: Grant
    Filed: December 12, 2011
    Date of Patent: July 12, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Andrew A. Baumann, Galen C. Hunt, Marcus Peinado
  • Publication number: 20160162419
    Abstract: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.
    Type: Application
    Filed: February 18, 2016
    Publication date: June 9, 2016
    Inventors: Paul England, Glen Slick, John C. Dunn, Kenneth D. Ray, Marcus Peinado, Bryan Willman
  • Patent number: 9329845
    Abstract: A system described herein includes a receiver component that receives source code from a computer-readable medium of a computing device and a static analysis component that executes a points-to analysis algorithm over the source code to cause generation of a points-to graph, wherein the points-to graph is a directed graph that comprises a plurality of nodes and a plurality of edges, wherein nodes of the points-to graph represent pointers in the source code and edges represent inclusion relationships in the source code. The system also includes an inference component that infers target types for generic pointers in the source code based at least in part upon known type definitions and global variables in the source code.
    Type: Grant
    Filed: June 4, 2009
    Date of Patent: May 3, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Weidong Cui, Marcus Peinado