Patents by Inventor Mark Russinovich
Mark Russinovich has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20180225448Abstract: The disclosed technology is generally directed to blockchain and other security technology. In one example of the technology, a pre-determined type of blockchain or other security protocol code is stored in a trusted execution environment (TEE) of the processor. TEE attestation is used to verify that the blockchain or other security protocol code stored in the TEE is the pre-determined type of blockchain or other security protocol code. A blockchain or other transaction is received and processed. Based on the processing of the transaction, an official state of the transaction on a consortium network is directly updated for the network. The updated official state of the processed transaction is broadcasted to the consortium network.Type: ApplicationFiled: June 29, 2017Publication date: August 9, 2018Inventors: Mark RUSSINOVICH, Manuel COSTA, Matthew KERNER, Thomas MOSCIBRODA
-
Publication number: 20180227275Abstract: The disclosed technology is generally directed to blockchain and other security technology. In one example of the technology, a first node is endorsed. During endorsement of a first node, a pre-determined type of blockchain or other security protocol code to be authorized and a pre-determined membership list are stored in a trusted execution environment (TEE) of the first node. A determination is made as to whether the membership lists and pre-determined blockchain or other security protocol code to be authorized from the proposed members match. If so, TEE attestation is used to verify that nodes associated with prospective members of the consortium store the pre-determined type of blockchain or other security protocol code to be authorized. Upon TEE attestation being successful, a consortium network is bootstrapped such that the prospective members become members of the consortium network.Type: ApplicationFiled: June 29, 2017Publication date: August 9, 2018Inventors: Mark RUSSINOVICH, Manuel COSTA, Matthew KERNER, Thomas MOSCIBRODA
-
Publication number: 20180032399Abstract: Technologies for managing fault recovery in a cloud computing environment may be used after faults of various sizes, including faults which put total functioning capacity below subscribed capacity. Computing services have repair priorities. A fault recovery manager selects a higher priority service whose capacity is below a minimum availability, and chooses a lower priority service still above its minimal availability, and reassigns capacity from the lower priority service to the higher priority service without depriving the lower priority service of operability. Capacity reassignment continues at least until the higher priority service is at or above minimal availability, or the lower priority service is at minimal availability. Lower priority services may also be terminated entirely to free up resources for higher priority services. New deployments may be prevented until all services are at or above minimal availability. Spare capacity may be reserved against demand fluctuations or further faults.Type: ApplicationFiled: July 26, 2016Publication date: February 1, 2018Inventors: James E. JOHNSON, Mark RUSSINOVICH
-
Patent number: 9851991Abstract: Embodiments of the present invention relate to systems, methods, and computer storage media for concurrently maintaining a spanned virtual hard drive across two or more computer-storage media and a non-spanned virtual hard drive on one of computer-storage media. The method includes storing data of the spanned virtual hard drive across the computer-storage media utilizing volume spanning. While the spanned virtual hard drive is maintained on the computer storage media, the method includes storing data of the non-spanned virtual hard drive on one of the computer-storage media.Type: GrantFiled: June 4, 2015Date of Patent: December 26, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Mark Russinovich, Naga Govindaraju
-
Publication number: 20170364345Abstract: Software updates within one or more regions of a multi-tenant cloud are coordinated. Tenant vs. tenant conflicts, tenant vs. infrastructure provider conflicts, and conflicts between security and another priority are identified and resolved using a shared update coordinator, update priority specifications, and availability specifications. An infrastructure update request may be presented to tenants for approval. Postponed infrastructure updates may be prioritized higher. Preventing exploits of zero-day vulnerabilities may be prioritized over meeting availability targets. Updates may be merged to reduce downtime, even when the updates originate from independently controlled entities. Maximum downtime, minimum fault domains, minimum virtual machines, permitted update start times, and other availability criteria may be specified. Updates may be preempted, or allowed to complete, based on their relative priorities.Type: ApplicationFiled: June 15, 2016Publication date: December 21, 2017Inventors: Marcus FONTOURA, Mark RUSSINOVICH, Yunus MOHAMMED, Pritesh PATWA, Avnish Kumar CHHABRA, Ziv RAFALOVICH
-
Publication number: 20170339008Abstract: Certain embodiments of computing systems, devices, components, modules, routines, and processes for implementing distributed operational control in a computing fabric are described herein. In one embodiment, a method includes receiving, at a control cluster, a tenant request for a cloud-based computing service at the computing system. The method also includes creating an application configured to provide the requested cloud-based computing service based on the tenant request and pushing configuration data of the created application to the execution cluster to be executed at the execution cluster without further intervention from the control cluster.Type: ApplicationFiled: May 17, 2016Publication date: November 23, 2017Inventors: David Dion, James Johnson, Marcus Fontoura, Milan Vukosavljevic, Mark Russinovich, Gopal Kakivaya
-
Publication number: 20150268980Abstract: Embodiments of the present invention relate to systems, methods, and computer storage media for concurrently maintaining a spanned virtual hard drive across two or more computer-storage media and a non-spanned virtual hard drive on one of computer-storage media. The method includes storing data of the spanned virtual hard drive across the computer-storage media utilizing volume spanning. While the spanned virtual hard drive is maintained on the computer storage media, the method includes storing data of the non-spanned virtual hard drive on one of the computer-storage media.Type: ApplicationFiled: June 4, 2015Publication date: September 24, 2015Inventors: MARK RUSSINOVICH, NAGA GOVINDARAJU
-
Patent number: 9069467Abstract: Embodiments of the present invention relate to systems, methods, and computer storage media for concurrently maintaining a spanned virtual hard drive across two or more computer-storage media and a non-spanned virtual hard drive on one of computer-storage media. The method includes storing data of the spanned virtual hard drive across the computer-storage media utilizing volume spanning. While the spanned virtual hard drive is maintained on the computer storage media, the method includes storing data of the non-spanned virtual hard drive on one of the computer-storage media.Type: GrantFiled: June 1, 2011Date of Patent: June 30, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Naga Govindaraju, Mark Russinovich
-
Patent number: 8990907Abstract: Embodiments are directed to establishing separate security identities for a shared service and shared service instances, and to managing shared and service instance credentials. In one scenario, a computer system establishes a shared credential for a shared service that includes multiple shared service instances, where the shared credential uniquely identifies the shared service. The computer system establishes a service instance credential for each shared service instance that uniquely identifies each shared service instance and maintains a relationship between the service instance and the shared service. The relationship provides service instance access to the shared credentials as the shared credentials are updated over time. Then, upon determining that the shared credentials have been updated and are no longer valid, the shared service instance accesses the updated shared credentials using the established relationship.Type: GrantFiled: November 9, 2012Date of Patent: March 24, 2015Assignee: Microsoft CorporationInventors: David A. Matson, Kahren Tevosyan, Mark Russinovich
-
Patent number: 8806494Abstract: Determining execution rights for a process. A user selects a process for execution. A driver intercepts the execution and communicates with a service or its remote agent. Configuration data is accessed to determine an execution role specifying whether the process should be denied execution or should execute with particular rights to access or modify system resources. The execution role is provided to the driver, and the driver allows or denies execution of the process in accordance with the provided execution role.Type: GrantFiled: July 3, 2013Date of Patent: August 12, 2014Assignee: Microsoft CorporationInventors: Mark Russinovich, Bryce Cogswell, Wesley G. Miller
-
Publication number: 20140137218Abstract: Embodiments are directed to establishing separate security identities for a shared service and shared service instances, and to managing shared and service instance credentials. In one scenario, a computer system establishes a shared credential for a shared service that includes multiple shared service instances, where the shared credential uniquely identifies the shared service. The computer system establishes a service instance credential for each shared service instance that uniquely identifies each shared service instance and maintains a relationship between the service instance and the shared service. The relationship provides service instance access to the shared credentials as the shared credentials are updated over time. Then, upon determining that the shared credentials have been updated and are no longer valid, the shared service instance accesses the updated shared credentials using the established relationship.Type: ApplicationFiled: November 9, 2012Publication date: May 15, 2014Applicant: MICROSOFT CORPORATIONInventors: David A. Matson, Kahren Tevosyan, Mark Russinovich
-
Publication number: 20130298128Abstract: Determining execution rights for a process. A user selects a process for execution. A driver intercepts the execution and communicates with a service or its remote agent. Configuration data is accessed to determine an execution role specifying whether the process should be denied execution or should execute with particular rights to access or modify system resources. The execution role is provided to the driver, and the driver allows or denies execution of the process in accordance with the provided execution role.Type: ApplicationFiled: July 3, 2013Publication date: November 7, 2013Inventors: Mark Russinovich, Bryce Cogswell, Wesley G. Miller
-
Patent number: 8490093Abstract: Determining execution rights for a process. A user selects a process for execution. A driver intercepts the execution and communicates with a service or its remote agent. Configuration data is accessed to determine an execution role specifying whether the process should be denied execution or should execute with particular rights to access or modify system resources. The execution role is provided to the driver, and the driver allows or denies execution of the process in accordance with the provided execution role.Type: GrantFiled: February 5, 2007Date of Patent: July 16, 2013Assignee: Microsoft CorporationInventors: Mark Russinovich, Bryce Cogswell, Wesley G. Miller
-
Publication number: 20120311573Abstract: Embodiments of the present invention relate to systems, methods, and computer storage media for concurrently maintaining a spanned virtual hard drive across two or more computer-storage media and a non-spanned virtual hard drive on one of computer-storage media. The method includes storing data of the spanned virtual hard drive across the computer-storage media utilizing volume spanning. While the spanned virtual hard drive is maintained on the computer storage media, the method includes storing data of the non-spanned virtual hard drive on one of the computer-storage media.Type: ApplicationFiled: June 1, 2011Publication date: December 6, 2012Applicant: MICROSOFT CORPORATIONInventors: NAGA GOVINDARAJU, MARK RUSSINOVICH
-
Publication number: 20070199068Abstract: Determining execution rights for a process. A user selects a process for execution. A driver intercepts the execution and communicates with a service or its remote agent. Configuration data is accessed to determine an execution role specifying whether the process should be denied execution or should execute with particular rights to access or modify system resources. The execution role is provided to the driver, and the driver allows or denies execution of the process in accordance with the provided execution role.Type: ApplicationFiled: February 5, 2007Publication date: August 23, 2007Applicant: Microsoft CorporationInventors: Mark Russinovich, Bryce Cogswell