Patents by Inventor Ravindra Nath Pandya
Ravindra Nath Pandya has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9875120Abstract: The subject disclosure is directed towards virtual components, e.g., comprising software components such as virtual components of a distributed computing system. Virtual components are available for use by distributed computing system applications, yet managed by the distributed computing system runtime transparent to the application with respect to automatic activation and deactivation on runtime-selected distributed computing system servers. Virtualization of virtual components is based upon mapping virtual components to their physical instantiations that are currently running, such as maintained in a global data store.Type: GrantFiled: March 27, 2014Date of Patent: January 23, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Sergey I. Bykov, Alan S. Geller, Gabriel Kliot, Ravindra Nath Pandya, Jorgen Thelin
-
Patent number: 9311483Abstract: Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.Type: GrantFiled: October 31, 2013Date of Patent: April 12, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Thekkthalackal Varugis Kurien, Paul England, Ravindra Nath Pandya, Niels Ferguson
-
Patent number: 9253195Abstract: The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL.Type: GrantFiled: June 11, 2013Date of Patent: February 2, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Carl M. Ellison, Paul J. Leach, Butler W. Lampson, Melissa W. Dunn, Ravindra Nath Pandya, Charles William Kaufman
-
Publication number: 20140380318Abstract: The subject disclosure is directed towards virtual components, e.g., comprising software components such as virtual components of a distributed computing system. Virtual components are available for use by distributed computing system applications, yet managed by the distributed computing system runtime transparent to the application with respect to automatic activation and deactivation on runtime-selected distributed computing system servers. Virtualization of virtual components is based upon mapping virtual components to their physical instantiations that are currently running, such as maintained in a global data store.Type: ApplicationFiled: March 27, 2014Publication date: December 25, 2014Applicant: Microsoft CorporationInventors: Sergey I. Bykov, Alan S. Geller, Gabriel Kliot, Ravindra Nath Pandya, Jorgen Thelin
-
Publication number: 20140059680Abstract: Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.Type: ApplicationFiled: October 31, 2013Publication date: February 27, 2014Inventors: Thekkthalackal Varugis Kurien, Paul England, Ravindra Nath Pandya, Niels Ferguson
-
Patent number: 8619971Abstract: Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.Type: GrantFiled: April 1, 2005Date of Patent: December 31, 2013Assignee: Microsoft CorporationInventors: Thekkthalackal Varugis Kurien, Paul England, Ravindra Nath Pandya, Niels Ferguson
-
Patent number: 8468579Abstract: The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL.Type: GrantFiled: June 15, 2007Date of Patent: June 18, 2013Assignee: Microsoft CorporationInventors: Carl Melvin Ellison, Paul J. Leach, Butler Wright Lampson, Melissa W. Dunn, Ravindra Nath Pandya, Charles William Kaufman
-
Patent number: 7900248Abstract: The subject disclosure pertains to systems and methods that facilitate managing groups entities for access control. A negative group is defined using a base group, where the negative group associated with a base group includes any entities not included in the base group. Negative groups can be implemented using certificates rather than explicit lists of negative group members. A certificate can provide evidence of membership in the negative group and can be presented for evaluation to obtain access to resources. Subtraction groups can also be used to manage access to resources. A subtraction group can be defined as the members of a first group, excluding any members of a second group.Type: GrantFiled: May 31, 2007Date of Patent: March 1, 2011Assignee: Microsoft CorporationInventors: Carl Melvin Ellison, Paul J. Lach, Butler Wright Lampson, Melissa W. Dunn, Ravindra Nath Pandya, Charles William Kaufman
-
Patent number: 7882539Abstract: Abstracting access control policy from access check mechanisms allows for richer expression of policy, using a declarative model with semantics, than what is permitted by the access check mechanisms. Further, abstracting access control policy allows for uniform expression of policy across multiple access check mechanisms. Proof-like reasons for any access query are provided, such as who has access to what resource, built from the policy statements themselves, independent of the access check mechanism that provide access. Access is audited and policy-based reasons for access are provided based on the access control policy.Type: GrantFiled: June 2, 2006Date of Patent: February 1, 2011Assignee: Microsoft CorporationInventors: Muthukrishnan Paramasivam, Charles F. Rose, III, Dave M. McPherson, Raja Pazhanivel Perumal, Satyajit Nath, Paul J. Leach, Ravindra Nath Pandya
-
Patent number: 7860802Abstract: A license is issued to a user as decryption and authorization portions. The decryption portion is accessible only by such user and has a decryption key (KD) for decrypting corresponding encrypted digital content and validating information including an identification of a root trust authority. The authorization portion sets forth rights granted in connection with the digital content and conditions that must be satisfied to exercise the rights granted, and has a digital signature that is validated according to the identified root trust authority in the decryption portion. The user issued accesses the decryption portion and employs the validation information therein to validate the digital signature of the authorization portion. If the conditions in the authorization portion so allow, the rights in the authorization portion are exercised by decrypting the encrypted content with the decryption key (KD) from the decryption portion and rendering the decrypted content.Type: GrantFiled: February 1, 2005Date of Patent: December 28, 2010Assignee: Microsoft CorporationInventors: Ravindra Nath Pandya, Peter David Waxman, Vinay Krishnaswamy, Muthukrishnan Paramasivam, Marco A. DeMello, Steven Bourne
-
Patent number: 7770206Abstract: A resource of a first organization provides access thereto to a requestor of a second organization. A first administrator of the first organization issues a first credential to a second administrator of the second organization, including policy that the second administrator may issue a second credential to the requestor on behalf of the first administrator. The second administrator issues the second credential to the requester, including the issued first credential. The requestor requests access from the resource and includes the issued first and second credentials. The resource validates that the issued first credential ties the first administrator to the second administrator, and that the issued second credential ties the second administrator to the requester. The resource thus knows that the request is based on rights delegated from the first administrator to the requester by way of the second administrator.Type: GrantFiled: March 11, 2005Date of Patent: August 3, 2010Assignee: Microsoft CorporationInventors: Blair Brewster Dillaway, Brian LaMacchia, Muthukrishnan Paramasivam, Charles F. Rose, III, Ravindra Nath Pandya
-
Patent number: 7509489Abstract: An improved certificate issuing system may comprise a certificate translation engine for translating incoming certificates and certificate requests from a first format into a second format. A certificate issuing engine may then operate on incoming requests in the common format. The issuing engine can issue certificates to clients according to its certificate issuing policy. The policy may be expressed as data in a policy expression language that can be consumed at runtime, which provides for flexible and efficient changing of issuing policy. Issued certificates can be translated back into a format that is consumed by the requesting client. Such translation can be performed by the translation engine prior to delivery of certificates to requesting clients.Type: GrantFiled: March 11, 2005Date of Patent: March 24, 2009Assignee: Microsoft CorporationInventors: Gregory Kostal, Muthukrishnan Paramasivam, Ravindra Nath Pandya, Scott C. Cottrille, Vasantha K Ravula, Vladimir Yarmolenko, Charles F. Rose, III, Yuhui Zhong
-
Patent number: 7500097Abstract: An improved certificate issuing system may comprise a novel arrangement for expressing certificate issuing policy. The policy may be expressed in a human-readable policy expression language and stored for example in a file that is consumed by a certificate issuing system at runtime. The policy may thus be easily changed by altering the digital file. Certain techniques are also provided for extending the capabilities of the certificate issuing system so it may apply and enforce new policies.Type: GrantFiled: February 28, 2005Date of Patent: March 3, 2009Assignee: Microsoft CorporationInventors: Gregory Kostal, Muthukrishnan Paramasivam, Ravindra Nath Pandya, Scott C. Cottrille, Vasantha K Ravula, Vladimir Yarmolenko, Charles F. Rose, III, Yuhui Zhong
-
Publication number: 20080313712Abstract: The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL.Type: ApplicationFiled: June 15, 2007Publication date: December 18, 2008Applicant: MICROSOFT CORPORATIONInventors: Carl Melvin Ellison, Paul J. Leach, Butler Wright Lampson, Melissa W. Dunn, Ravindra Nath Pandya, Charles William Kaufman
-
Publication number: 20080307486Abstract: The subject disclosure pertains to systems and methods that facilitate entity-based for access management. Typically, access to one or more resources is managed based upon identifiers assigned to entities. Groups of identifiers can be assigned to access rights. An authority component can manage an exclusion group that excludes an entity, regardless of the identifier utilized by the entity. Access control components can utilize exclusion groups in access policies to define access rights to a resource.Type: ApplicationFiled: June 11, 2007Publication date: December 11, 2008Applicant: MICROSOFT CORPORATIONInventors: Carl Melvin Ellison, Paul J. Leach, Butler Wright Lampson, Melissa W. Dunn, Ravindra Nath Pandya, Charles William Kaufman
-
Publication number: 20080301780Abstract: The subject disclosure pertains to systems and methods that facilitate managing groups entities for access control. A negative group is defined using a base group, where the negative group associated with a base group includes any entities not included in the base group. Negative groups can be implemented using certificates rather than explicit lists of negative group members. A certificate can provide evidence of membership in the negative group and can be presented for evaluation to obtain access to resources. Subtraction groups can also be used to manage access to resources. A subtraction group can be defined as the members of a first group, excluding any members of a second group.Type: ApplicationFiled: May 31, 2007Publication date: December 4, 2008Applicant: MICROSOFT CORPORATIONInventors: Carl Melvin Ellison, Paul J. Leach, Butler Wright Lampson, Melissa W. Dunn, Ravindra Nath Pandya, Charles William Kaufman
-
Publication number: 20080244736Abstract: Access control as it relates to policies or permissions is provided based on a created model. A security policy is abstracted and can be independent of a mechanism used to protect resources. An asbstract model of a potential user, user role and/or resource is created without associating a specific individual and/or resource with a model. These abstract user models and abstract resource models can be used across applications or within disparate applications. The abstracted security policies can be selectively applied to the model. Specific users and/or resources can be associated with one or more abstract user model or abstract resource model. The models can be nested to provide configurations for larger systems.Type: ApplicationFiled: March 30, 2007Publication date: October 2, 2008Applicant: MICROSOFT CORPORATIONInventors: Butler Lampson, Ravindra Nath Pandya, Paul J. Leach, Muthukrishnan Paramasivam, Carl M. Ellison, Charles William Kaufman
-
Patent number: 7379918Abstract: A method for reactivation of software products includes activating a first software product associated with a reactivation policy group. A hardware identifier derived from the computer hardware configuration is bound with the first software product activation. A second software product is activated having an associated reactivation binding list. Reactivation is requested for the first software product and an updated hardware identifier is associated with a reactivation policy group of the first software product. The second software product may be spared the request for reactivation if the second product can be associated with the reactivation of the first software product given the binding list is compatible with the reactivation policy group.Type: GrantFiled: July 30, 2004Date of Patent: May 27, 2008Assignee: Microsoft CorporationInventors: Xiaoxi Tan, Caglar Gunyakti, Ravindra Nath Pandya, Aidan T. Hughes, Kristjan Hatlelid, Yue Liu
-
Publication number: 20070283411Abstract: Abstracting access control policy from access check mechanisms allows for richer expression of policy, using a declarative model with semantics, than what is permitted by the access check mechanisms. Further, abstracting access control policy allows for uniform expression of policy across multiple access check mechanisms. Proof-like reasons for any access query are provided, such as who has access to what resource, built from the policy statements themselves, independent of the access check mechanism that provide access. Access is audited and policy-based reasons for access are provided based on the access control policy.Type: ApplicationFiled: June 2, 2006Publication date: December 6, 2007Applicant: Microsoft CorporationInventors: Muthukrishnan Paramasivam, Charles F. Rose, Dave M. McPherson, Raja Pazhanivel Perumal, Satyajit Nath, Paul J. Leach, Ravindra Nath Pandya
-
Publication number: 20060173788Abstract: A license is issued to a user as decryption and authorization portions. The decryption portion is accessible only by such user and has a decryption key (KD) for decrypting corresponding encrypted digital content and validating information including an identification of a root trust authority. The authorization portion sets forth rights granted in connection with the digital content and conditions that must be satisfied to exercise the rights granted, and has a digital signature that is validated according to the identified root trust authority in the decryption portion. The user issued accesses the decryption portion and employs the validation information therein to validate the digital signature of the authorization portion. If the conditions in the authorization portion so allow, the rights in the authorization portion are exercised by decrypting the encrypted content with the decryption key (KD) from the decryption portion and rendering the decrypted content.Type: ApplicationFiled: February 1, 2005Publication date: August 3, 2006Applicant: Microsoft CorporationInventors: Ravindra Nath Pandya, Peter Waxman, Vinay Krishnaswamy, Muthukrishnan Paramasivam, Marco DeMello, Steven Bourne