Patents by Inventor Paul England

Paul England has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240314367
    Abstract: Lightweight mechanisms provide a way to assert provenance when live streaming media content and establish provenance upon playback. For example, a provenance claim generator generates a key pair including a live-stream private key and live-stream public key. The claim generator signs, with a long-term private key reliably associated with a sender, manifest metadata including the live-stream public key, thereby producing a manifest signature. During live streaming, the claim generator signs respective portions of media content with the live-stream private key, producing portion signatures for the respective portions. A provenance claim validator receives the manifest signature and manifest metadata. The claim validator verifies the manifest metadata using a long-term public key (reliably associated with the sender) and the manifest signature.
    Type: Application
    Filed: June 16, 2023
    Publication date: September 19, 2024
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Andrew JENKS, Samuel J. WENKER, Kevin M. KANE, Paul ENGLAND, Ning LIN, John C SIMMONS, Quintin BURNS
  • Patent number: 12086898
    Abstract: Systems and methods to determine when a media is a high-fidelity reproduction of an original media from a trusted entity are disclosed. In certain aspects, systems and method for generating a fragile watermark are disclosed. The fragile watermark may be inserted into digital media in a manner such that the watermark cannot be identified if the media content is significantly altered. Media content may be subsequently analyzed to determine the presence of a fragile watermark. When the fragile watermark is present, provenance of the media content can be verified and an indication of provenance is provided to the user.
    Type: Grant
    Filed: February 18, 2020
    Date of Patent: September 10, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Henrique S. Malvar, Paul England, Eric J. Horvitz
  • Patent number: 11966753
    Abstract: A storage device for booting a host computing device includes a first storage memory region having a first storage memory controller, a second storage memory region having a second storage memory controller, and a resilient boot controller. The resilient boot controller is configured to store boot code in the first storage memory region, prevent write access by the host computing device through the first storage memory controller to the first storage memory region, detect a reset of the host computing device through the input/output interface, copy at least a portion of the boot code from the first storage memory region to the second storage memory region, responsive to detection of the reset of the host computing device, and enable read access of the copied boot code by the host computing device through the second storage memory controller of the second storage memory region, responsive to the copy operation.
    Type: Grant
    Filed: November 2, 2022
    Date of Patent: April 23, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Paul England, Robert Karl Spiger, Brian Telfer, Sangho Lee, Marcus Peinado
  • Publication number: 20230047247
    Abstract: A storage device for booting a host computing device includes a first storage memory region having a first storage memory controller, a second storage memory region having a second storage memory controller, and a resilient boot controller. The resilient boot controller is configured to store boot code in the first storage memory region, prevent write access by the host computing device through the first storage memory controller to the first storage memory region, detect a reset of the host computing device through the input/output interface, copy at least a portion of the boot code from the first storage memory region to the second storage memory region, responsive to detection of the reset of the host computing device, and enable read access of the copied boot code by the host computing device through the second storage memory controller of the second storage memory region, responsive to the copy operation.
    Type: Application
    Filed: November 2, 2022
    Publication date: February 16, 2023
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Stefan THOM, Paul ENGLAND, Robert Karl SPIGER, Brian TELFER, Sangho LEE, Marcus PEINADO
  • Patent number: 11520596
    Abstract: A storage device for booting a host computing device includes a first storage memory region having a first storage memory controller, a second storage memory region having a second storage memory controller, and a resilient boot controller. The resilient boot controller is configured to store boot code in the first storage memory region, prevent write access by the host computing device through the first storage memory controller to the first storage memory region, detect a reset of the host computing device through the input/output interface, copy at least a portion of the boot code from the first storage memory region to the second storage memory region, responsive to detection of the reset of the host computing device, and enable read access of the copied boot code by the host computing device through the second storage memory controller of the second storage memory region, responsive to the copy operation.
    Type: Grant
    Filed: April 20, 2020
    Date of Patent: December 6, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Paul England, Robert Karl Spiger, Brian Telfer, Sangho Lee, Marcus Peinado
  • Patent number: 11316694
    Abstract: A computing device's trusted platform module (TPM) is configured with a cryptographic watchdog timer which forces a device reset if the TPM fails to solve a cryptographic challenge before the expiration of the timer. The computing device's TPM is configured to generate the cryptographic challenge, to which the computing device does not possess the cryptographic token for resolution. While the watchdog timer counts down, the computing device requests a cryptographic token from a remote service to solve the challenge. The remote service transmits the cryptographic token to the computing device so long as the remote service identifies no reason to withhold the token, such as the computing device being infected with malware. The interoperability of the computing device and remote service enables the remote service to exercise control and reset capabilities over the computing device.
    Type: Grant
    Filed: March 27, 2019
    Date of Patent: April 26, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Brian Clifford Telfer, Paul England, Dennis James Mattoon, Marcus Peinado
  • Publication number: 20210263746
    Abstract: A storage device for booting a host computing device includes a first storage memory region having a first storage memory controller, a second storage memory region having a second storage memory controller, and a resilient boot controller. The resilient boot controller is configured to store boot code in the first storage memory region, prevent write access by the host computing device through the first storage memory controller to the first storage memory region, detect a reset of the host computing device through the input/output interface, copy at least a portion of the boot code from the first storage memory region to the second storage memory region, responsive to detection of the reset of the host computing device, and enable read access of the copied boot code by the host computing device through the second storage memory controller of the second storage memory region, responsive to the copy operation.
    Type: Application
    Filed: April 20, 2020
    Publication date: August 26, 2021
    Inventors: Stefan THOM, Paul ENGLAND, Robert Karl SPIGER, Brian TELFER, Sangho LEE, Marcus PEINADO
  • Publication number: 20210012450
    Abstract: Systems and methods to determine when a media is a high-fidelity reproduction of an original media from a trusted entity are disclosed. In certain aspects, systems and method for generating a fragile watermark are disclosed. The fragile watermark may be inserted into digital media in a manner such that the watermark cannot be identified if the media content is significantly altered. Media content may be subsequently analyzed to determine the presence of a fragile watermark. When the fragile watermark is present, provenance of the media content can be verified and an indication of provenance is provided to the user.
    Type: Application
    Filed: February 18, 2020
    Publication date: January 14, 2021
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Henrique S. MALVAR, Paul ENGLAND, Eric J. HORVITZ
  • Publication number: 20200313893
    Abstract: A computing device's trusted platform module (TPM) is configured with a cryptographic watchdog timer which forces a device reset if the TPM fails to solve a cryptographic challenge before the expiration of the timer. The computing device's TPM is configured to generate the cryptographic challenge, to which the computing device does not possess the cryptographic token for resolution. While the watchdog timer counts down, the computing device requests a cryptographic token from a remote service to solve the challenge. The remote service transmits the cryptographic token to the computing device so long as the remote service identifies no reason to withhold the token, such as the computing device being infected with malware. The interoperability of the computing device and remote service enables the remote service to exercise control and reset capabilities over the computing device.
    Type: Application
    Filed: March 27, 2019
    Publication date: October 1, 2020
    Inventors: Stefan THOM, Brian Clifford TELFER, Paul ENGLAND, Dennis James MATTOON, Marcus PEINADO
  • Patent number: 10791128
    Abstract: A process to detect intrusions with an intrusion detection system is disclosed. The intrusion detection system identifies instance types, and each instance type includes an instance. A know compromised instance is identified from the plurality of instances. A link between the plurality instance types is traversed from the compromised instance to discover an additional compromised instance.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: September 29, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Svetlana Gaivoronski, Paul England, Mohamed Rouatbi, Mariusz H. Jakubowski, Marcus Peinado, Julian Federico Gonzalez, Jr.
  • Patent number: 10496824
    Abstract: Disclosed is a trusted language runtime (TLR) architecture that provides abstractions for developing a runtime for executing trusted applications or portions thereof securely on a mobile device (e.g., a smartphone). TLR offers at least two abstractions to mobile developers: a trustbox and a trustlet. The trustbox is a runtime environment that offers code and data integrity, and confidentiality. Code and data running inside a trustbox cannot be read or modified by any code running outside the trustbox. A trustlet is the code portion of an application that runs inside a trustbox. With TLR, programmers can write applications in .NET and specify which parts of the application handle sensitive data, and thus, run inside the trustbox. With the TLR, the developer places these parts in a trustlet class, and the TLR provides all support needed to run the parts in the trustbox.
    Type: Grant
    Filed: June 24, 2011
    Date of Patent: December 3, 2019
    Assignee: Microsoft Licensing Technology, LLC
    Inventors: Himanshu Raj, Nuno Santos, Paul England, Stefan Saroiu, Alastair Wolman
  • Patent number: 10452384
    Abstract: Disclosed are systems that provide for secure and reliable remote management. Cryptographic health tickets provided by a management server are provided to a protected process executing on a computing device. In some examples, the health tickets reset an authenticated watchdog timer that resets the computing device if the timer expires. In some examples, the computing device may contact the management server prior to loading an operating system to receive instructions, but may omit contacting the management server if a valid health ticket is found.
    Type: Grant
    Filed: February 5, 2018
    Date of Patent: October 22, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Paul England
  • Patent number: 10440006
    Abstract: A smart device, connected device, Internet of Things (IoT) device, etc. is configured with an embedded certificate authority. The embedded certificate authority generates a compound certificate that is signed at least by a manufacturer certificate securely stored on the device. The compound certificate includes a representation of a state of the device, which is based on one or more measurements of code executable on the device. The compound certificate may be used by an external device communicating with the smart device to determine whether the device is in a trusted state. Because the compound certificate is chained to a manufacturer certificate, the external device can communicate with the manufacturer (or an employed party) to determine whether the state of the device should be trusted.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: October 8, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Robert Karl Spiger, Dennis Mattoon, Paul England
  • Patent number: 10419216
    Abstract: A keying infrastructure may generate and/or manage cryptographic keys. The cryptographic keys may include identity keys, encryption keys, and a variety of other types of keys. The cryptographic keys may be derived or created with a key derivation function (KDF) or other one-way function. The cryptographic keys may include keys that are accessible to a boot loader, keys that are accessible to particular components of a Trusted Execution Environment (TrEE), and so on. In some examples, a key may be derived from a preceding key in a sequence of keys. The preceding key may be deleted when the key is derived.
    Type: Grant
    Filed: March 14, 2017
    Date of Patent: September 17, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Niels T. Ferguson, Magnus Bo Gustaf Nystrom, Dave M. McPherson, Paul England, Mark Fishel Novak
  • Publication number: 20190243630
    Abstract: Disclosed are systems that provide for secure and reliable remote management. Cryptographic health tickets provided by a management server are provided to a protected process executing on a computing device. In some examples, the health tickets reset an authenticated watchdog timer that resets the computing device if the timer expires. In some examples, the computing device may contact the management server prior to loading an operating system to receive instructions, but may omit contacting the management server if a valid health ticket is found.
    Type: Application
    Filed: February 5, 2018
    Publication date: August 8, 2019
    Inventor: Paul England
  • Patent number: 10284375
    Abstract: Techniques for a trust service for a client device are described. In various implementations, a trust service is implemented remotely from a client device and provides various trust-related functions to the client device. According to various implementations, communication between a client device and a remote trust service is authenticated by a client identifier (ID) that is maintained by both the client device and the remote trust service. In at least some implementations, the client ID is stored on a location of the client device that is protected from access by (e.g., is inaccessible to) device components such as an operating system, applications, and so forth. Thus, the client ID may be utilized to generate signatures to authenticate communications between the client device and the remote trust service.
    Type: Grant
    Filed: July 19, 2017
    Date of Patent: May 7, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Ronald Aigner, Dennis J. Mattoon, Stuart H. Schaefer, Merzin Kapadia, Robert Karl Spiger, David R. Wooten, Paul England
  • Patent number: 10248578
    Abstract: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.
    Type: Grant
    Filed: February 18, 2016
    Date of Patent: April 2, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Paul England, Glen Slick, John C. Dunn, Kenneth D. Ray, Marcus Peinado, Bryan Willman
  • Publication number: 20190098024
    Abstract: A process to detect intrusions with an intrusion detection system is disclosed. The intrusion detection system identifies instance types, and each instance type includes an instance. A know compromised instance is identified from the plurality of instances. A link between the plurality instance types is traversed from the compromised instance to discover an additional compromised instance.
    Type: Application
    Filed: September 28, 2017
    Publication date: March 28, 2019
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Svetlana Gaivoronski, Paul England, Mohamed Rouatbi, Mariusz H. Jakubowski, Marcus Peinado, Julian Federico Gonzalez, JR.
  • Publication number: 20180375852
    Abstract: A smart device, connected device, Internet of Things (IoT) device, etc. is configured with an embedded certificate authority. The embedded certificate authority generates a compound certificate that is signed at least by a manufacturer certificate securely stored on the device. The compound certificate includes a representation of a state of the device, which is based on one or more measurements of code executable on the device. The compound certificate may be used by an external device communicating with the smart device to determine whether the device is in a trusted state. Because the compound certificate is chained to a manufacturer certificate, the external device can communicate with the manufacturer (or an employed party) to determine whether the state of the device should be trusted.
    Type: Application
    Filed: June 21, 2017
    Publication date: December 27, 2018
    Inventors: Stefan THOM, Robert Karl SPIGER, Dennis MATTOON, Paul ENGLAND
  • Publication number: 20180131523
    Abstract: Techniques for a trust service for a client device are described. In various implementations, a trust service is implemented remotely from a client device and provides various trust-related functions to the client device. According to various implementations, communication between a client device and a remote trust service is authenticated by a client identifier (ID) that is maintained by both the client device and the remote trust service. In at least some implementations, the client ID is stored on a location of the client device that is protected from access by (e.g., is inaccessible to) device components such as an operating system, applications, and so forth. Thus, the client ID may be utilized to generate signatures to authenticate communications between the client device and the remote trust service.
    Type: Application
    Filed: July 19, 2017
    Publication date: May 10, 2018
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Ronald Aigner, Dennis J. Mattoon, Stuart H. Schaefer, Merzin Kapadia, Robert Karl Spiger, David R. Wooten, Paul England