Patents by Inventor Matthew David Kurjanowicz
Matthew David Kurjanowicz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220413717Abstract: Techniques of implementing software filtered non-volatile memory in a computing device are disclosed herein. In one embodiment, a method includes detecting an entry being written to a guest admin submission queue (gASQ) by a memory driver of a virtual machine hosted on the computing device. Upon detecting the entry written to the gASQ by the memory driver, the command in the entry is analyzed to determine whether the command is allowed based on a list of allowed or disallowed commands. In response to determining that the command in the entry is not allowed, without sending the command to the non-volatile memory, generating an execution result of the command in response to the entry being written to the gASQ by the memory driver. As such, potentially harmful commands from the memory driver are prevented from being executed by the non-volatile memory.Type: ApplicationFiled: June 6, 2022Publication date: December 29, 2022Inventors: Martijn de Kort, David Hepkin, Murtaza Ghiya, Liang Yang, Matthew David Kurjanowicz
-
Patent number: 11385809Abstract: Techniques of implementing software filtered non-volatile memory in a computing device are disclosed herein. In one embodiment, a method includes detecting an entry being written to a guest admin submission queue (gASQ) by a memory driver of a virtual machine hosted on the computing device. Upon detecting the entry written to the gASQ by the memory driver, the command in the entry is analyzed to determine whether the command is allowed based on a list of allowed or disallowed commands. In response to determining that the command in the entry is not allowed, without sending the command to the non-volatile memory, generating an execution result of the command in response to the entry being written to the gASQ by the memory driver. As such, potentially harmful commands from the memory driver are prevented from being executed by the non-volatile memory.Type: GrantFiled: March 1, 2021Date of Patent: July 12, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Martijn de Kort, David Hepkin, Murtaza Ghiya, Liang Yang, Matthew David Kurjanowicz
-
Patent number: 11200300Abstract: Techniques for secure sharing of data in computing systems are disclosed herein. In one embodiment, a method includes when exchanging data between the host operating system and the guest operating system, encrypting, at a trusted platform module (TPM) of the host, data to be exchanged with a first key to generate encrypted data. The method also includes transmitting the encrypted data from the host operating system to the guest operating system and decrypting, at the guest operating system, the transmitted encrypted data using a second key previously exchanged between the TPM of the host and a virtual TPM of the guest operating system.Type: GrantFiled: June 20, 2018Date of Patent: December 14, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Giridhar Viswanathan, Sudeep Kumar Ghosh, Ankit Srivastava, Michael Trevor Pashniak, Benjamin M Schultz, Balaji Balasubramanyan, Hari R Pulapaka, Tushar Suresh Sugandhi, Matthew David Kurjanowicz, Ahmed Saruhan Karademir
-
Patent number: 11074323Abstract: Securely performing file operations. A method includes determining a licensing characteristic assigned to a file. When the licensing characteristic assigned to the file meets or exceeds a predetermined licensing condition, then the method includes performing a file operation on the file in a host operating system while preventing the file operation from being performed in the guest operating system. When the licensing characteristic assigned to the file does not meet or exceed the predetermined licensing condition, then the method includes performing the file operation on the file in the guest operating system while preventing the file operation from being performed directly in the host operating system.Type: GrantFiled: June 21, 2018Date of Patent: July 27, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Benjamin M. Schultz, Balaji Balasubramanyan, Giridhar Viswanathan, Ankit Srivastava, Margarit Simeonov Chenchev, Hari R. Pulapaka, Nived Kalappuraikal Sivadas, Raphael Gianotti Serrano dos Santo, Narasimhan Ramasubramanian, Frederick Justus Smith, Matthew David Kurjanowicz, Prakhar Srivastava, Jonathan Schwartz
-
Publication number: 20210181956Abstract: Techniques of implementing software filtered non-volatile memory in a computing device are disclosed herein. In one embodiment, a method includes detecting an entry being written to a guest admin submission queue (gASQ) by a memory driver of a virtual machine hosted on the computing device. Upon detecting the entry written to the gASQ by the memory driver, the command in the entry is analyzed to determine whether the command is allowed based on a list of allowed or disallowed commands. In response to determining that the command in the entry is not allowed, without sending the command to the non-volatile memory, generating an execution result of the command in response to the entry being written to the gASQ by the memory driver. As such, potentially harmful commands from the memory driver are prevented from being executed by the non-volatile memory.Type: ApplicationFiled: March 1, 2021Publication date: June 17, 2021Inventors: Martijn de Kort, David Hepkin, Murtaza Ghiya, Liang Yang, Matthew David Kurjanowicz
-
Patent number: 10969973Abstract: Techniques of implementing software filtered non-volatile memory in a computing device are disclosed herein. In one embodiment, a method includes detecting an entry being written to a guest admin submission queue (gASQ) by a memory driver of a virtual machine hosted on the computing device. Upon detecting the entry written to the gASQ by the memory driver, the command in the entry is analyzed to determine whether the command is allowed based on a list of allowed or disallowed commands. In response to determining that the command in the entry is not allowed, without sending the command to the non-volatile memory, generating an execution result of the command in response to the entry being written to the gASQ by the memory driver. As such, potentially harmful commands from the memory driver are prevented from being executed by the non-volatile memory.Type: GrantFiled: September 20, 2018Date of Patent: April 6, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Martijn de Kort, David Hepkin, Murtaza Ghiya, Liang Yang, Matthew David Kurjanowicz
-
Patent number: 10885193Abstract: Securely performing file operations. A method includes determining a trust characteristic assigned to a file. When the trust characteristic assigned to the file meets or exceeds a predetermined trust condition, then the method includes performing a file operation on the file in a host operating system while preventing the file operation from being performed in the container operating system. When the trust characteristic assigned to the file does not meet or exceed the predetermined trust condition, then the method includes performing the file operation on the file in the container operating system while preventing the file operation from being performed directly in the host operating system.Type: GrantFiled: February 12, 2018Date of Patent: January 5, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Bryan R. Born, Giridhar Viswanathan, Peteris Ledins, Balaji Balasubramanyan, Margarit Simeonov Chenchev, Benjamin M. Schultz, Hari R. Pulapaka, Frederick Justus Smith, Narasimhan Ramasubramanian, Raphael Gianotti Serrano Dos Santo, Nived Kalappuraikal Sivadas, Ravinder Thind, Matthew David Kurjanowicz
-
Patent number: 10795974Abstract: Techniques for memory assignment for guest operating systems are disclosed herein. In one embodiment, a method includes generating a license blob containing data representing a product key copied from a record of license information in the host storage upon receiving a user request to launch an application in the guest operating system. The method also includes storing the generated license blob in a random memory location accessible by the guest operating system. The guest operating system can then query the license blob for permission to launch the application and launching the application in the guest operating system without having a separate product key for the guest operating system.Type: GrantFiled: May 31, 2018Date of Patent: October 6, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Ahmed Saruhan Karademir, Sudeep Kumar Ghosh, Ankit Srivastava, Michael Trevor Pashniak, Benjamin M. Schultz, Balaji Balasubramanyan, Hari R. Pulapaka, Tushar Suresh Sugandhi, Matthew David Kurjanowicz, Giridhar Viswanathan
-
Publication number: 20200097192Abstract: Techniques of implementing software filtered non-volatile memory in a computing device are disclosed herein. In one embodiment, a method includes detecting an entry being written to a guest admin submission queue (gASQ) by a memory driver of a virtual machine hosted on the computing device. Upon detecting the entry written to the gASQ by the memory driver, the command in the entry is analyzed to determine whether the command is allowed based on a list of allowed or disallowed commands. In response to determining that the command in the entry is not allowed, without sending the command to the non-volatile memory, generating an execution result of the command in response to the entry being written to the gASQ by the memory driver. As such, potentially harmful commands from the memory driver are prevented from being executed by the non-volatile memory.Type: ApplicationFiled: September 20, 2018Publication date: March 26, 2020Inventors: Martijn de Kort, David Hepkin, Murtaza Ghiya, Liang Yang, Matthew David Kurjanowicz
-
Publication number: 20190392117Abstract: Techniques for secure sharing of data in computing systems are disclosed herein. In one embodiment, a method includes when exchanging data between the host operating system and the guest operating system, encrypting, at a trusted platform module (TPM) of the host, data to be exchanged with a first key to generate encrypted data. The method also includes transmitting the encrypted data from the host operating system to the guest operating system and decrypting, at the guest operating system, the transmitted encrypted data using a second key previously exchanged between the TPM of the host and a virtual TPM of the guest operating system.Type: ApplicationFiled: June 20, 2018Publication date: December 26, 2019Inventors: Giridhar Viswanathan, Sudeep Kumar Ghosh, Ankit Srivastava, Michael Trevor Pashniak, Benjamin M. Schultz, Balaji Balasubramanyan, Hari R. Pulapaka, Tushar Suresh Sugandhi, Matthew David Kurjanowicz, Ahmed Saruhan Karademir
-
Publication number: 20190370436Abstract: Techniques for memory assignment for guest operating systems are disclosed herein. In one embodiment, a method includes generating a license blob containing data representing a product key copied from a record of license information in the host storage upon receiving a user request to launch an application in the guest operating system. The method also includes storing the generated license blob in a random memory location accessible by the guest operating system. The guest operating system can then query the license blob for permission to launch the application and launching the application in the guest operating system without having a separate product key for the guest operating system.Type: ApplicationFiled: May 31, 2018Publication date: December 5, 2019Inventors: Ahmed Saruhan Karademir, Sudeep Kumar Ghosh, Ankit Srivastava, Michael Trevor Pashniak, Benjamin M. Schultz, Balaji Balasubramanyan, Hari R. Pulapaka, Tushar Suresh Sugandhi, Matthew David Kurjanowicz, Giridhar Viswanathan
-
Publication number: 20190347420Abstract: Securely storing, installing, or launching applications. A method includes determining a trust characteristic or a license characteristic assigned to an application. When the trust characteristic or the license characteristic meets or exceeds a predetermined trust condition or a predetermined license condition, then the method includes at least one of storing, installing or launching the application in a first, more secure operating system while preventing the application from, being at least one of stored, installed or launched in a second, less secure operating system. When the trust characteristic or the license characteristic does not meet or exceed the predetermined trust condition or the predetermined license condition, then the method includes at least one of storing, installing or launching the application in the second less secure operating system while preventing the application from being at least one of stored, installed or launched in the first, more secure operating system.Type: ApplicationFiled: May 11, 2018Publication date: November 14, 2019Inventors: Benjamin M. Schultz, Matthew David Kurjanowicz, Ankit Srivastava, Ahmed Saruhan Karademir, Sudeep Kumar Ghosh, Michael Trevor Pashniak, Hari R. Pulapaka, Balaji Balasubramanyan, Tushar Suresh Sugandhi, Giridhar Viswanathan
-
Patent number: 10452298Abstract: Reading and copying data as file data in a persistent memory storage device. A method may be practiced in a virtual machine environment. The virtual machine environment includes a persistent memory storage device. The persistent memory storage device has the ability to appear as a memory device having available memory to a virtual machine on a host and as a file to the host. The method includes acts for copying data stored in the persistent memory storage device for a first virtual machine. The method includes the host reading data from the persistent memory storage device as file data. The method further includes the host writing the data from the persistent memory storage device as file data.Type: GrantFiled: June 30, 2017Date of Patent: October 22, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Matthew David Kurjanowicz, Attilio Mainetti, Scott Chao-Chueh Lee
-
Patent number: 10366235Abstract: Mounting a filesystem for media. The method includes detecting that media has been connected to a computing device. The method further includes causing a filesystem for the media to be mounted to a virtual machine. The virtual machine is coupled to a server. The method further includes causing file data from the media organized by the filesystem to be served from the server to the computing device.Type: GrantFiled: December 16, 2016Date of Patent: July 30, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Matthew David Kurjanowicz, Adam Warren Burch
-
Publication number: 20190180003Abstract: Securely performing file operations. A method includes determining a licensing characteristic assigned to a file. When the licensing characteristic assigned to the file meets or exceeds a predetermined licensing condition, then the method includes performing a file operation on the file in a host operating system while preventing the file operation from being performed in the guest operating system. When the licensing characteristic assigned to the file does not meet or exceed the predetermined licensing condition, then the method includes performing the file operation on the file in the guest operating system while preventing the file operation from being performed directly in the host operating system.Type: ApplicationFiled: June 21, 2018Publication date: June 13, 2019Inventors: Benjamin M. Schultz, Balaji Balasubramanyan, Giridhar Viswanathan, Ankit Srivastava, Margarit Simeonov Chenchev, Hari R. Pulapaka, Nived Kalappuraikal Sivadas, Raphael Gianotti Serrano dos Santo, Narasimhan Ramasubramanian, Frederick Justus Smith, Matthew David Kurjanowicz, Prakhar Srivastava, Jonathan Schwartz
-
Publication number: 20190180033Abstract: Securely performing file operations. A method includes determining a trust characteristic assigned to a file. When the trust characteristic assigned to the file meets or exceeds a predetermined trust condition, then the method includes performing a file operation on the file in a host operating system while preventing the file operation from being performed in the container operating system. When the trust characteristic assigned to the file does not meet or exceed the predetermined trust condition, then the method includes performing the file operation on the file in the container operating system while preventing the file operation from being performed directly in the host operating system.Type: ApplicationFiled: February 12, 2018Publication date: June 13, 2019Inventors: Bryan R. BORN, Giridhar VISWANATHAN, Peteris LEDINS, Balaji BALASUBRAMANYAN, Margarit Simeonov CHENCHEV, Benjamin M. SCHULTZ, Hari R. PULAPAKA, Frederick Justus SMITH, Narasimhan RAMASUBRAMANIAN, Raphael GIANOTTI SERRANO DOS SANTO, Nived KALAPPURAIKAL SIVADAS, Ravinder THIND, Matthew David KURJANOWICZ
-
Publication number: 20180329643Abstract: Reading and copying data as file data in a persistent memory storage device. A method may be practiced in a virtual machine environment. The virtual machine environment includes a persistent memory storage device. The persistent memory storage device has the ability to appear as a memory device having available memory to a virtual machine on a host and as a file to the host. The method includes acts for copying data stored in the persistent memory storage device for a first virtual machine. The method includes the host reading data from the persistent memory storage device as file data. The method further includes the host writing the data from the persistent memory storage device as file data.Type: ApplicationFiled: June 30, 2017Publication date: November 15, 2018Inventors: Matthew David KURJANOWICZ, Attilio MAINETTI, Scott Chao-Chueh LEE
-
Publication number: 20180173878Abstract: Mounting a filesystem for media. The method includes detecting that media has been connected to a computing device. The method further includes causing a filesystem for the media to be mounted to a virtual machine. The virtual machine is coupled to a server. The method further includes causing file data from the media organized by the filesystem to be served from the server to the computing device.Type: ApplicationFiled: December 16, 2016Publication date: June 21, 2018Inventors: Matthew David Kurjanowicz, Adam Warren Burch
-
Publication number: 20180165133Abstract: A computing device runs a host on which multiple guests (e.g., virtual machines run via a virtual machine monitor such as a hypervisor) can run. The guest is used for isolation as well as hardware resource partitioning. The guest and the host agree on a name and a size for shared memory. Both the guest and the host map to the shared memory, and both the guest and the host to access the shared memory. The access allowed to the shared memory can be the same for both the host and the guest (e.g., both may be allowed read/write access) or different (e.g., the guest may be allowed write only access and the host may be allowed read only access).Type: ApplicationFiled: June 30, 2017Publication date: June 14, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Mehmet Iyigun, Matthew David Kurjanowicz, Martijn de Kort, Kevin M. Broas, Yevgeniy M. Bak
-
Publication number: 20170068469Abstract: A storage system creates a snapshot of a virtual hard disk by switching an I/O request target for the virtual hard disk. A requestor may issue requests to the storage system requesting that specific operations of the process should be performed. A request may specify that more than one operation should be performed in one operation. After initializing a new virtual hard disk file, I/O requests directed to a target virtual hard disk file are held for later deliver. The I/O request target is switched from the target to the new virtual hard disk file. I/O requests are unblocked and the stored requests are delivered to the new virtual hard disk file. Additional I/O requests sent to the target virtual hard disk file may be redirected to the new virtual hard disk file.Type: ApplicationFiled: September 3, 2015Publication date: March 9, 2017Applicant: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Vinod Shankar, Matthew David Kurjanowicz, Balaji Sekar, Adam Burch, Brendan Grebur