Patents by Inventor Samyuktha SUBRAMANIAN

Samyuktha SUBRAMANIAN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11928216
    Abstract: A method for protecting an OS disk of a computing device without block encrypting the OS disk. The method identifies one or more files that store configuration data associated with OS binaries executed on the computing device. The method encrypts the configuration data stored in the one or more files using an encryption key and seals the encryption key to a TPM of the computing device. The method then boots the computing device by attempting to unseal the encryption key by authenticating one or more of the OS binaries with the TPM. When authenticating the one or more of the OS binaries is successful, the method completes boot of the computing device by decrypting the configuration data using the encryption key. If authentication of the one or more of the OS binaries is not successful, however, the method aborts boot of the computing device.
    Type: Grant
    Filed: December 18, 2020
    Date of Patent: March 12, 2024
    Assignee: VMware, Inc.
    Inventors: Samyuktha Subramanian, Jesse Pool, Petr Vandrovec, Viswesh Narayanan
  • Patent number: 11509480
    Abstract: A method of attestation of a host machine based on runtime configuration of the host machine is provided. The method receives, at an attestation machine, a request from the host machine for attestation of a software executing on the host machine, the request including at least one security-related configuration of the software at launch time and a corresponding runtime behavior of the software when the security-related configuration changes. The method then generates a claim based on evaluating a value associated with the at least one security-related configuration and the corresponding runtime behavior of the software when the value changes. The method also generates an attestation token after a successful attestation of the software and include in the attestation token the generated claim. The method further transmits the attestation token to the host machine.
    Type: Grant
    Filed: June 30, 2020
    Date of Patent: November 22, 2022
    Assignee: VMWARE, INC.
    Inventors: Samyuktha Subramanian, Jesse Pool
  • Publication number: 20220198021
    Abstract: A method for protecting an OS disk of a computing device without block encrypting the OS disk. The method identifies one or more files that store configuration data associated with OS binaries executed on the computing device. The method encrypts the configuration data stored in the one or more files using an encryption key and seals the encryption key to a TPM of the computing device. The method then boots the computing device by attempting to unseal the encryption key by authenticating one or more of the OS binaries with the TPM. When authenticating the one or more of the OS binaries is successful, the method completes boot of the computing device by decrypting the configuration data using the encryption key. If authentication of the one or more of the OS binaries is not successful, however, the method aborts boot of the computing device.
    Type: Application
    Filed: December 18, 2020
    Publication date: June 23, 2022
    Inventors: Samyuktha SUBRAMANIAN, Jesse POOL, Petr VANDROVEC, Viswesh NARAYANAN
  • Publication number: 20210409223
    Abstract: A method of attestation of a host machine based on runtime configuration of the host machine is provided. The method receives, at an attestation machine, a request from the host machine for attestation of a software executing on the host machine, the request including at least one security-related configuration of the software at launch time and a corresponding runtime behavior of the software when the security-related configuration changes. The method then generates a claim based on evaluating a value associated with the at least one security-related configuration and the corresponding runtime behavior of the software when the value changes. The method also generates an attestation token after a successful attestation of the software and include in the attestation token the generated claim. The method further transmits the attestation token to the host machine.
    Type: Application
    Filed: June 30, 2020
    Publication date: December 30, 2021
    Inventors: Samyuktha SUBRAMANIAN, Jesse POOL
  • Publication number: 20210382706
    Abstract: A method for an attestation machine to attest a software executing on a remote machine is provided. The method receives, at the attestation machine, a request from the remote machine for attestation of the software executing on the remote machine. The method then determines, by the attestation machine, whether metadata associated with the software is stored at a remote server. The remote server includes several software packages for at least one of installation or upgrade and metadata associated with each of the several software packages. When the metadata associated with the software is stored at the remote server, the method sends, from the attestation machine, an attestation confirmation message to the remote machine.
    Type: Application
    Filed: June 3, 2020
    Publication date: December 9, 2021
    Inventors: Jesse POOL, Samyuktha SUBRAMANIAN, Utkarsh VIPUL
  • Patent number: 10853494
    Abstract: An example method of authenticating software executing in a computer system includes verifying first software executing on the computer system, the software including a hypervisor, verifying second software executing in a virtual machine (VM) managed by the hypervisor, generating a binding key having public and private portions, signing an object to identifies the VM using the private portion of the binding key, and verifying a signature of the object using a public portion of the binding key.
    Type: Grant
    Filed: July 23, 2018
    Date of Patent: December 1, 2020
    Assignee: VMware, Inc.
    Inventors: Samyuktha Subramanian, Daniel Muller, Mukund Gunti, Adrian Drzewiecki
  • Patent number: 10754952
    Abstract: An example method of authenticating software executing in a computer system includes: receiving, from the computer system over a network at a server computer, a trusted platform module (TPM) quote, an event log, and a metadata database, the TPM quote provided by a TPM in the computer system, the event log including first checksums for the software executing in the computer system, and the metadata database including second checksums of binary files stored in packages from which the software is installed; establishing a root of trust in the computer system at the server computer based on the TPM quote and the event log; and determining, at the server computer in response to establishing the root of trust, integrity of the software executing in the computer system by comparing the first checksums with the second checksums.
    Type: Grant
    Filed: July 23, 2018
    Date of Patent: August 25, 2020
    Assignee: VMware, Inc.
    Inventors: Daniel Muller, Samyuktha Subramanian, Mukund Gunti
  • Publication number: 20200026858
    Abstract: An example method of authenticating software executing in a computer system includes verifying first software executing on the computer system, the software including a hypervisor, verifying second software executing in a virtual machine (VM) managed by the hypervisor, generating a binding key having public and private portions, signing an object to identifies the VM using the private portion of the binding key, and verifying a signature of the object using a public portion of the binding key.
    Type: Application
    Filed: July 23, 2018
    Publication date: January 23, 2020
    Inventors: Samyuktha SUBRAMANIAN, Daniel MULLER, Mukund GUNTI, Adrian DRZEWIECKI
  • Publication number: 20200026857
    Abstract: An example method of authenticating software executing in a computer system includes: receiving, from the computer system over a network at a server computer, a trusted platform module (TPM) quote, an event log, and a metadata database, the TPM quote provided by a TPM in the computer system, the event log including first checksums for the software executing in the computer system, and the metadata database including second checksums of binary files stored in packages from which the software is installed; establishing a root of trust in the computer system at the server computer based on the TPM quote and the event log; and determining, at the server computer in response to establishing the root of trust, integrity of the software executing in the computer system by comparing the first checksums with the second checksums.
    Type: Application
    Filed: July 23, 2018
    Publication date: January 23, 2020
    Inventors: Daniel MULLER, Samyuktha SUBRAMANIAN, Mukund GUNTI