Patents by Inventor Octavian T. Ureche
Octavian T. Ureche has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220207130Abstract: A computing device can perform operations to unlock encrypted volumes of the computing device while the computing device is in a recovery environment. In some examples, the computing device can work in conjunction with a test computing device to unlock the encrypted volumes using an unlock token and a PIN. In other examples, the computing device can perform operations without a test computing device. For example, the computing device can, while in the recovery environment, use credentials associated with a user of the computing device to obtain a recovery password to unlock keys for interpreting the encrypted volumes. In some examples, the computing device can use a shortened recovery password in conjunction with anti-hammering capabilities of a Trusted Platform Module in order to unlock keys for interpreting the encrypted volumes. These and other operations can facilitate secure unlock of volumes of encrypted data on a consumer device.Type: ApplicationFiled: March 17, 2022Publication date: June 30, 2022Inventors: Yogesh A. MEHTA, Octavian T. URECHE, Scott R. SHELL, Innokentiy BASMOV, Peter NOVOTNEY, Christopher L. WALSTAD
-
Patent number: 11361086Abstract: Methods and systems are disclosed for activating data encryption at rest in a storage device server in a cloud storage. In particular, an encryption orchestrator orchestrates activation processes through encryption controllers that controls policies and privileges to access data in storage device servers. To reduce a risk of a data loss and time loss in activations, the encryption controller pre-checks a storage device server for anomalies in configurations in network connectivity, encryption keys, and security certificates before starting the activation. Furthermore, the encryption controller performs a health-check of the storage device servers to detect anomalies that require restarting the storage device servers. The health-check reduces a risk of data loss when the storage device servers become unable restart itself. User interface tools may be provided to visually identify and manage encryption statuses and policies of the encryption controllers, the storage device servers, and data storage devices.Type: GrantFiled: December 30, 2019Date of Patent: June 14, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Piyush Joshi, Akil M. Merchant, Octavian T. Ureche, Jack Smith Richins, Soumya D. Pani, Asad Yaqoob, Salil Bhagurkar, Preston Derek Adam, Dayi Zhou
-
Patent number: 11295004Abstract: A computing device can perform operations to unlock encrypted volumes of the computing device while the computing device is in a recovery environment. In some examples, the computing device can work in conjunction with a test computing device to unlock the encrypted volumes using an unlock token and a PIN. In other examples, the computing device can perform operations without a test computing device. For example, the computing device can, while in the recovery environment, use credentials associated with a user of the computing device to obtain a recovery password to unlock keys for interpreting the encrypted volumes. In some examples, the computing device can use a shortened recovery password in conjunction with anti-hammering capabilities of a Trusted Platform Module in order to unlock keys for interpreting the encrypted volumes. These and other operations can facilitate secure unlock of volumes of encrypted data on a consumer device.Type: GrantFiled: January 31, 2020Date of Patent: April 5, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Yogesh A. Mehta, Octavian T. Ureche, Scott R. Shell, Innokentiy Basmov, Peter Novotney, Christopher L. Walstad
-
Patent number: 11153327Abstract: A data protection policy can specify which applications are allowed and/or dis-allowed from accessing cloud data that is subject to a data protection policy (i.e., data that has been assigned a classification and/or an owner.) To enforce that policy, the operating system (or other trusted entity) that stores or caches access credentials only provides these credentials to applications that are allowed by the policy. In this manner, because they are not provided with the credentials required to access the network resource, the dis-allowed applications cannot access the ‘protected’ data thereby helping prevent these dis-allowed (or non-compliant) applications from leaking data.Type: GrantFiled: August 9, 2019Date of Patent: October 19, 2021Inventors: Christopher Leonard Walstad, Vishal Agarwal, Narendra S. Acharya, Octavian T. Ureche, Preston Derek Adam
-
Patent number: 11055385Abstract: A multi-factor user authentication framework using asymmetric key includes a host device, a user agent, a gesture system, and an authentication system. The multiple factors include a user credential as well as a user gesture that indicates that the user is present. The user interacts with the user agent via the host device in order to obtain access to something for which user authentication is needed. The authentication system maintains the user credentials, which are provided to authenticate the user in response to the authentication system determining that the user is present (which can be determined in different manners, such as using a personal identification number (PIN), biometric information regarding the user, geographic location of the gesture system, etc.). The user agent, gesture system, and authentication system can be implemented on the same device (e.g., the host device), or alternatively implemented across one or more different devices.Type: GrantFiled: March 28, 2019Date of Patent: July 6, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Anooshiravan Saboori, Nelly Porter, Vijay G. Bharadwaj, Alexander Thomas Weinert, Octavian T. Ureche, Benjamin Richard Vincent, Tarek Bahaa El-Din Mahmoud Kamel
-
Publication number: 20210200881Abstract: Methods and systems are disclosed for activating data encryption at rest in a storage device server in a cloud storage. In particular, an encryption orchestrator orchestrates activation processes through encryption controllers that controls policies and privileges to access data in storage device servers. To reduce a risk of a data loss and time loss in activations, the encryption controller pre-checks a storage device server for anomalies in configurations in network connectivity, encryption keys, and security certificates before starting the activation. Furthermore, the encryption controller performs a health-check of the storage device servers to detect anomalies that require restarting the storage device servers. The health-check reduces a risk of data loss when the storage device servers become unable restart itself. User interface tools may be provided to visually identify and manage encryption statuses and policies of the encryption controllers, the storage device servers, and data storage devices.Type: ApplicationFiled: December 30, 2019Publication date: July 1, 2021Applicant: Microsoft Technology Licensing, LLCInventors: Piyush JOSHI, Akil M. MERCHANT, Octavian T. URECHE, Jack Smith RICHINS, Soumya D. PANI, Asad YAQOOB, Salil BHAGURKAR, Preston Derek ADAM, Dayi ZHOU
-
Patent number: 10713350Abstract: A computing device can perform operations to unlock encrypted volumes of the computing device while the computing device is in a recovery environment. In some examples, the computing device can work in conjunction with a test computing device to unlock the encrypted volumes using an unlock token and a PIN. In other examples, the computing device can perform operations without a test computing device. For example, the computing device can, while in the recovery environment, use credentials associated with a user of the computing device to obtain a recovery password to unlock keys for interpreting the encrypted volumes. In some examples, the computing device can use a shortened recovery password in conjunction with anti-hammering capabilities of a Trusted Platform Module in order to unlock keys for interpreting the encrypted volumes. These and other operations can facilitate secure unlock of volumes of encrypted data on a consumer device.Type: GrantFiled: August 21, 2018Date of Patent: July 14, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Yogesh A. Mehta, Octavian T. Ureche, Scott R. Shell, Innokentiy Basmov, Peter Novotney, Christopher L. Walstad
-
Publication number: 20200167462Abstract: A computing device can perform operations to unlock encrypted volumes of the computing device while the computing device is in a recovery environment. In some examples, the computing device can work in conjunction with a test computing device to unlock the encrypted volumes using an unlock token and a PIN. In other examples, the computing device can perform operations without a test computing device. For example, the computing device can, while in the recovery environment, use credentials associated with a user of the computing device to obtain a recovery password to unlock keys for interpreting the encrypted volumes. In some examples, the computing device can use a shortened recovery password in conjunction with anti-hammering capabilities of a Trusted Platform Module in order to unlock keys for interpreting the encrypted volumes. These and other operations can facilitate secure unlock of volumes of encrypted data on a consumer device.Type: ApplicationFiled: January 31, 2020Publication date: May 28, 2020Inventors: Yogesh A. MEHTA, Octavian T. URECHE, Scott R. SHELL, Innokentiy BASMOV, Peter NOVOTNEY, Christopher L. WALSTAD
-
Patent number: 10511632Abstract: A system may identify resources such as applications or network locations that are not adequately covered by an enterprise's security policy to notify a network administrator of such deficiencies. An exemplary security policy may allow or deny access to individual functional resources (e.g. computing devices and/or applications) or groups of functional resources to individual data resources (e.g. enterprise network storage locations and/or enterprise data) or groups of data resources. The system may monitor enterprise network activity to identify when a security policy fails to define permissions corresponding to the use of particular resources. In response to identifying such gaps in the security policy, the system may enter policy enforcement event information into a policy learning log. The system may further generate a policy gap notification and transmit this notification to a policy management service to prompt a network administrator to take remedial action if appropriate.Type: GrantFiled: March 3, 2017Date of Patent: December 17, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Michael D. Ward, Preston Derek Adam, Octavian T. Ureche, Vishal Agarwal, Narendra S. Acharya
-
Publication number: 20190364052Abstract: A data protection policy can specify which applications are allowed and/or dis-allowed from accessing cloud data that is subject to a data protection policy (i.e., data that has been assigned a classification and/or an owner.) To enforce that policy, the operating system (or other trusted entity) that stores or caches access credentials only provides these credentials to applications that are allowed by the policy. In this manner, because they are not provided with the credentials required to access the network resource, the dis-allowed applications cannot access the ‘protected’ data thereby helping prevent these dis-allowed (or non-compliant) applications from leaking data.Type: ApplicationFiled: August 9, 2019Publication date: November 28, 2019Inventors: Christopher Leonard Walstad, Vishal Agarwal, Narendra S. Acharya, Octavian T. Ureche, Preston Derek Adam
-
Patent number: 10404716Abstract: A data protection policy can specify which applications are allowed and/or dis-allowed from accessing cloud data that is subject to a data protection policy (i.e., data that has been assigned a classification and/or an owner.) To enforce that policy, the operating system (or other trusted entity) that stores or caches access credentials only provides these credentials to applications that are allowed by the policy. In this manner, because they are not provided with the credentials required to access the network resource, the dis-allowed applications cannot access the ‘protected’ data thereby helping prevent these dis-allowed (or noncompliant) applications from leaking data.Type: GrantFiled: March 15, 2017Date of Patent: September 3, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Christopher Leonard Walstad, Vishal Agarwal, Narendra S. Acharya, Octavian T. Ureche, Preston Derek Adam
-
Publication number: 20190220579Abstract: A multi-factor user authentication framework using asymmetric key includes a host device, a user agent, a gesture system, and an authentication system. The multiple factors include a user credential as well as a user gesture that indicates that the user is present. The user interacts with the user agent via the host device in order to obtain access to something for which user authentication is needed. The authentication system maintains the user credentials, which are provided to authenticate the user in response to the authentication system determining that the user is present (which can be determined in different manners, such as using a personal identification number (PIN), biometric information regarding the user, geographic location of the gesture system, etc.). The user agent, gesture system, and authentication system can be implemented on the same device (e.g., the host device), or alternatively implemented across one or more different devices.Type: ApplicationFiled: March 28, 2019Publication date: July 18, 2019Inventors: Anooshiravan Saboori, Nelly Porter, Vijay G. Bharadwaj, Alexander Thomas Weinert, Octavian T. Ureche, Benjamin Richard Vincent, Tarek Bahaa El-Din Mahmoud Kamel
-
Patent number: 10268809Abstract: A multi-factor user authentication framework using asymmetric key includes a host device, a user agent, a gesture system, and an authentication system. The multiple factors include a user credential as well as a user gesture that indicates that the user is present. The user interacts with the user agent via the host device in order to obtain access to something for which user authentication is needed. The authentication system maintains the user credentials, which are provided to authenticate the user in response to the authentication system determining that the user is present (which can be determined in different manners, such as using a personal identification number (PIN), biometric information regarding the user, geographic location of the gesture system, etc.). The user agent, gesture system, and authentication system can be implemented on the same device (e.g., the host device), or alternatively implemented across one or more different devices.Type: GrantFiled: April 2, 2018Date of Patent: April 23, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Anooshiravan Saboori, Nelly Porter, Vijay G. Bharadwaj, Alexander Thomas Weinert, Octavian T. Ureche, Benjamin Richard Vincent, Tarek Bahaa El-Din Mahmoud Kamel
-
Publication number: 20180357412Abstract: A computing device can perform operations to unlock encrypted volumes of the computing device while the computing device is in a recovery environment. In some examples, the computing device can work in conjunction with a test computing device to unlock the encrypted volumes using an unlock token and a PIN. In other examples, the computing device can perform operations without a test computing device. For example, the computing device can, while in the recovery environment, use credentials associated with a user of the computing device to obtain a recovery password to unlock keys for interpreting the encrypted volumes. In some examples, the computing device can use a shortened recovery password in conjunction with anti-hammering capabilities of a Trusted Platform Module in order to unlock keys for interpreting the encrypted volumes. These and other operations can facilitate secure unlock of volumes of encrypted data on a consumer device.Type: ApplicationFiled: August 21, 2018Publication date: December 13, 2018Inventors: Yogesh A. MEHTA, Octavian T. URECHE, Scott R. SHELL, Innokentiy BASMOV, Peter NOVOTNEY, Christopher L. WALSTAD
-
Patent number: 10078748Abstract: A computing device can perform operations to unlock encrypted volumes of the computing device while the computing device is in a recovery environment. In some examples, the computing device can work in conjunction with a test computing device to unlock the encrypted volumes using an unlock token and a PIN. In other examples, the computing device can perform operations without a test computing device. For example, the computing device can, while in the recovery environment, use credentials associated with a user of the computing device to obtain a recovery password to unlock keys for interpreting the encrypted volumes. In some examples, the computing device can use a shortened recovery password in conjunction with anti-hammering capabilities of a Trusted Platform Module in order to unlock keys for interpreting the encrypted volumes. These and other operations can facilitate secure unlock of volumes of encrypted data on a consumer device.Type: GrantFiled: November 13, 2015Date of Patent: September 18, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Yogesh A Mehta, Octavian T. Ureche, Scott R. Shell, Innokentiy Basmov, Peter Novotney, Christopher L Walstad
-
Publication number: 20180255102Abstract: A system may identify resources such as applications or network locations that are not adequately covered by an enterprise's security policy to notify a network administrator of such deficiencies. An exemplary security policy may allow or deny access to individual functional resources (e.g. computing devices and/or applications) or groups of functional resources to individual data resources (e.g. enterprise network storage locations and/or enterprise data) or groups of data resources. The system may monitor enterprise network activity to identify when a security policy fails to define permissions corresponding to the use of particular resources. In response to identifying such gaps in the security policy, the system may enter policy enforcement event information into a policy learning log. The system may further generate a policy gap notification and transmit this notification to a policy management service to prompt a network administrator to take remedial action if appropriate.Type: ApplicationFiled: March 3, 2017Publication date: September 6, 2018Inventors: Michael D. Ward, Preston Derek Adam, Octavian T. Ureche, Vishal Agarwal, Narendra S. Acharya
-
Publication number: 20180234430Abstract: A data protection policy can specify which applications are allowed and/or dis-allowed from accessing cloud data that is subject to a data protection policy (i.e., data that has been assigned a classification and/or an owner.) To enforce that policy, the operating system (or other trusted entity) that stores or caches access credentials only provides these credentials to applications that are allowed by the policy. In this manner, because they are not provided with the credentials required to access the network resource, the dis-allowed applications cannot access the ‘protected’ data thereby helping prevent these dis-allowed (or non-compliant) applications from leaking data.Type: ApplicationFiled: March 15, 2017Publication date: August 16, 2018Inventors: Christopher Leonard Walstad, Vishal Agarwal, NARENDRA S. ACHARYA, Octavian T. Ureche, Preston Derek Adam
-
Publication number: 20180225433Abstract: A multi-factor user authentication framework using asymmetric key includes a host device, a user agent, a gesture system, and an authentication system. The multiple factors include a user credential as well as a user gesture that indicates that the user is present. The user interacts with the user agent via the host device in order to obtain access to something for which user authentication is needed. The authentication system maintains the user credentials, which are provided to authenticate the user in response to the authentication system determining that the user is present (which can be determined in different manners, such as using a personal identification number (PIN), biometric information regarding the user, geographic location of the gesture system, etc.). The user agent, gesture system, and authentication system can be implemented on the same device (e.g., the host device), or alternatively implemented across one or more different devices.Type: ApplicationFiled: April 2, 2018Publication date: August 9, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Anooshiravan Saboori, Nelly Porter, Vijay G. Bharadwaj, Alexander Thomas Weinert, Octavian T. Ureche, Benjamin Richard Vincent, Tarek Bahaa El-Din Mahmoud Kamel
-
Patent number: 9967244Abstract: A multi-factor user authentication framework using asymmetric key includes a host device, a user agent, a gesture system, and an authentication system. The multiple factors include a user credential as well as a user gesture that indicates that the user is present. The user interacts with the user agent via the host device in order to obtain access to something for which user authentication is needed. The authentication system maintains the user credentials, which are provided to authenticate the user in response to the authentication system determining that the user is present (which can be determined in different manners, such as using a personal identification number (PIN), biometric information regarding the user, geographic location of the gesture system, etc.). The user agent, gesture system, and authentication system can be implemented on the same device (e.g., the host device), or alternatively implemented across one or more different devices.Type: GrantFiled: October 14, 2015Date of Patent: May 8, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Anooshiravan Saboori, Nelly Porter, Vijay G. Bharadwaj, Alexander Thomas Weinert, Octavian T. Ureche, Benjamin Richard Vincent, Tarek Bahaa El-Din Mahmoud Kamel
-
Patent number: 9900295Abstract: Content on a device is encrypted and protected based on a data protection key. The protected content can then be copied to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user's devices. A key used to retrieve plaintext content from the protected content is associated with an identifier of a particular device that provides the key, the device providing the key being the device that generated the key, or another managed device to which the protected content was transferred. A wipe command can similarly be transferred to the various ones of the user's devices, causing any keys associated with a particular device to be deleted from each of the various ones of the user's devices.Type: GrantFiled: November 5, 2014Date of Patent: February 20, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Yogesh A. Mehta, Octavian T. Ureche, Preston Derek Adam, Narendra S. Acharya