Patents by Inventor Stefan Saroiu
Stefan Saroiu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20160134907Abstract: Various technologies described herein pertain to performing collaborative rendering. A GPU of a mobile device can generate a mobile-rendered video stream based on a first instance of an application executed on the mobile device. A GPU of a server can generate one or more server-rendered video streams based on instance(s) of the application executed on the server. Based on the one or more server-rendered video streams, the server can generate a compressed server-manipulated video stream. The mobile device can further combine the mobile-rendered video stream and the compressed server-manipulated video stream to form a collaborative video stream, and a display screen of the mobile device can be caused to display the collaborative video stream. The mobile-rendered video stream can have a first level of a quality attribute and the collaborative video stream can have a second level of the quality attribute greater than the first level of the quality attribute.Type: ApplicationFiled: January 19, 2016Publication date: May 12, 2016Inventors: Alastair Wolman, Eduardo Alberto Cuervo Laffaye, Stefan Saroiu, Madanlal Musuvathi
-
Patent number: 9332427Abstract: A wireless computing device includes an antenna that is configured to transmit and receive wireless signals. The wireless computing device comprises a transmitter component that causes a first wireless signal to be transmitted to a wireless access point via the antenna, wherein the first wireless signal comprises a request for a location proof, wherein the request for the location proof comprises data that identifies the wireless computing device, and wherein the location proof comprises data that is indicative of a geographic location of the wireless access point. The system also includes a receiver component that receives, via the antenna, a second wireless signal from the wireless access point, wherein the second wireless signal is received by the receiver component subsequent to the transmitter component causing the first wireless signal to be transmitted to the wireless access point.Type: GrantFiled: August 12, 2013Date of Patent: May 3, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Alastair Wolman, Stefan Saroiu
-
Publication number: 20160048678Abstract: A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.Type: ApplicationFiled: October 30, 2015Publication date: February 18, 2016Inventors: Stefan Thom, Jeremiah Cox, David Linsley, Magnus Nystrom, Himanshu Raj, David Robinson, Stefan Saroiu, Rob Spiger, Alastair Wolman
-
Patent number: 9264749Abstract: Various technologies described herein pertain to performing collaborative rendering. A GPU of a mobile device can generate a mobile-rendered video stream based on a first instance of an application executed on the mobile device. A GPU of a server can generate one or more server-rendered video streams based on instance(s) of the application executed on the server. Based on the one or more server-rendered video streams, the server can generate a compressed server-manipulated video stream. The mobile device can further combine the mobile-rendered video stream and the compressed server-manipulated video stream to form a collaborative video stream, and a display screen of the mobile device can be caused to display the collaborative video stream. The mobile-rendered video stream can have a first level of a quality attribute and the collaborative video stream can have a second level of the quality attribute greater than the first level of the quality attribute.Type: GrantFiled: December 13, 2012Date of Patent: February 16, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Alastair Wolman, Eduardo Alberto Cuervo Laffaye, Stefan Saroiu, Madanlal Musuvathi
-
Publication number: 20160026782Abstract: Described is a technology by which the identity of a person (e.g., a customer in a commercial transaction) is determinable without active identification effort, via biometric data is obtained without action by the person. Machine processing of the biometric data over a set of possible persons, determined from secondary proximity sensing, is used to determine or assist in determining the identity of the person.Type: ApplicationFiled: September 4, 2015Publication date: January 28, 2016Applicant: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Christopher Stephen Frederick Smowton, Ronnie Chaiken, Weidong Cui, Oliver H. Foehr, Jacob Rubin Lorch, David Molnar, Bryan Jeffrey Parno, Stefan Saroiu, Alastair Wolman
-
Patent number: 9189653Abstract: A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.Type: GrantFiled: February 11, 2013Date of Patent: November 17, 2015Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Stefan Thom, Jeremiah Cox, David Linsley, Magnus Nystrom, Himanshu Raj, David Robinson, Stefan Saroiu, Rob Spiger, Alastair Wolman
-
Patent number: 9152868Abstract: Described is a technology by which the identity of a person (e.g., a customer in a commercial transaction) is determinable without active identification effort, via biometric data is obtained without action by the person. Machine processing of the biometric data over a set of possible persons, determined from secondary proximity sensing, is used to determine or assist in determining the identity of the person.Type: GrantFiled: March 23, 2012Date of Patent: October 6, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Christopher Stephen Frederick Smowton, Ronnie Chaiken, Weidong Cui, Oliver H. Foehr, Jacob Rubin Lorch, David Molnar, Bryan Jeffrey Parno, Stefan Saroiu, Alastair Wolman
-
Publication number: 20150256332Abstract: Various technologies described herein pertain to a computing device that includes secure hardware (e.g., a TPM, a secure processor of a processing platform, protected memory that includes a software-based TPM, etc.). The secure hardware includes a shared secret, which is shared by the secure hardware and a server computing system. The shared secret is provisioned by the server computing system or a provisioning computing system of a party affiliated with the server computing system. The secure hardware further includes a cryptographic engine that can execute a cryptographic algorithm using the shared secret or a key generated from the shared secret. The cryptographic engine can execute the cryptographic algorithm to perform encryption, decryption, authentication, and/or attestation.Type: ApplicationFiled: February 24, 2015Publication date: September 10, 2015Inventors: Himanshu Raj, Stefan Saroiu, Alastair Wolman, Chen Chen
-
Publication number: 20150156330Abstract: The claimed subject matter provides a method for split billing. The method includes receiving a requested token. The requested token specifies conditions under which network traffic is allowed to be billed against a third party for content requested from a mobile computing device. The method also includes matching network traffic between the mobile computing device and a content provider to the specified conditions. The method further includes metering the matched network traffic to a billing account for the third party.Type: ApplicationFiled: February 10, 2015Publication date: June 4, 2015Applicant: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Himanshu Raj, Stefan Saroiu, Alastair Wolman
-
Patent number: 8965330Abstract: The claimed subject matter provides a method for split billing. The method includes receiving a requested token. The requested token specifies conditions under which network traffic is allowed to be billed against a third party for content requested from a mobile computing device. The method also includes matching network traffic between the mobile computing device and a content provider to the specified conditions. The method further includes metering the matched network traffic to a billing account for the third party.Type: GrantFiled: October 21, 2011Date of Patent: February 24, 2015Assignee: Microsoft CorporationInventors: Himanshu Raj, Stefan Saroiu, Alastair Wolman
-
Publication number: 20140359270Abstract: In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode.Type: ApplicationFiled: August 18, 2014Publication date: December 4, 2014Inventors: Himanshu Raj, Stefan Saroiu, Alastair Wolman, Paul England, Anh M. Nguyen, Shravan Rayanchu
-
Patent number: 8832461Abstract: Architecture that provides trusted sensors and trusted sensor readings on computing devices such as mobile devices. The architecture utilizes a trustworthy computing technology (e.g., trusted platform module (TPM). In the context of TPM, one implementation requires no additional hardware beyond the TPM and a virtualized environment to provide trusted sensor readings. A second implementation incorporates trusted computing primitives directly into sensors and enhances security using signed sensor readings. Privacy issues arising from the deployment of trusted sensors are also addressed by utilizing protocols.Type: GrantFiled: June 25, 2010Date of Patent: September 9, 2014Assignee: Microsoft CorporationInventors: Stefan Saroiu, Alastair Wolman
-
Patent number: 8812830Abstract: In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode.Type: GrantFiled: August 31, 2011Date of Patent: August 19, 2014Assignee: Microsoft CorporationInventors: Himanshu Raj, Stefan Saroiu, Alastair Wolman, Paul England, Anh M. Nguyen, Shravan Rayanchu
-
Publication number: 20140173674Abstract: Various technologies described herein pertain to performing collaborative rendering. A GPU of a mobile device can generate a mobile-rendered video stream based on a first instance of an application executed on the mobile device. A GPU of a server can generate one or more server-rendered video streams based on instance(s) of the application executed on the server. Based on the one or more server-rendered video streams, the server can generate a compressed server-manipulated video stream. The mobile device can further combine the mobile-rendered video stream and the compressed server-manipulated video stream to form a collaborative video stream, and a display screen of the mobile device can be caused to display the collaborative video stream. The mobile-rendered video stream can have a first level of a quality attribute and the collaborative video stream can have a second level of the quality attribute greater than the first level of the quality attribute.Type: ApplicationFiled: December 13, 2012Publication date: June 19, 2014Applicant: MICROSOFT CORPORATIONInventors: Alastair Wolman, Eduardo Alberto Cuervo Laffaye, Stefan Saroiu, Madanlal Musuvathi
-
Patent number: 8719847Abstract: A home device management technique is described that allows a user to manage a network of distributed home devices. Special application modules, driver modules, and service exchange ports are employed. Each application modules implements some functionality in the home, preferably using one or more devices in the home distributed system. Each driver module provides the logic for operating one or multiple distributed home devices and is capable of receiving commands from application modules and sending them to devices, detecting events for an associated type of home device, translating the detected event into a format usable by the application modules and notifying the application modules of the events. Events are communicated between the application modules and the driver modules by using one or more service exchange ports. Access control policies are employed to control access to the home devices.Type: GrantFiled: September 27, 2010Date of Patent: May 6, 2014Assignee: Microsoft Corp.Inventors: Sharad Agarwal, Paramvir Bahl, Alice Jane Bernheim Brush, Colin Kimm Dixon, Bongshin Lee, Ratul Mahajan, Stefan Saroiu
-
Publication number: 20140006805Abstract: Described is a technology by which classes of memory attacks are prevented, including cold boot attacks, DMA attacks, and bus monitoring attacks. In general, secret state such as an AES key and an AES round block are maintained in on-SoC secure storage, such as a cache. Corresponding cache locations are locked to prevent eviction to unsecure storage. AES tables are accessed only in the on-SoC secure storage, to prevent access patterns from being observed. Also described is securely preparing for an interrupt-based context switch during AES round computations and securely resuming from a context switch without needing to repeat any already completed round or round of computations.Type: ApplicationFiled: June 28, 2012Publication date: January 2, 2014Applicant: MICROSOFT CORPORATIONInventors: Patrick J. Colp, Himanshu Raj, Stefan Saroiu, Alastair Wolman
-
Publication number: 20130322630Abstract: A wireless computing device includes an antenna that is configured to transmit and receive wireless signals. The wireless computing device comprises a transmitter component that causes a first wireless signal to be transmitted to a wireless access point via the antenna, wherein the first wireless signal comprises a request for a location proof, wherein the request for the location proof comprises data that identifies the wireless computing device, and wherein the location proof comprises data that is indicative of a geographic location of the wireless access point. The system also includes a receiver component that receives, via the antenna, a second wireless signal from the wireless access point, wherein the second wireless signal is received by the receiver component subsequent to the transmitter component causing the first wireless signal to be transmitted to the wireless access point.Type: ApplicationFiled: August 12, 2013Publication date: December 5, 2013Applicant: MICROSOFT CORPORATIONInventors: Alastair Wolman, Stefan Saroiu
-
Publication number: 20130290755Abstract: A method described herein includes an act of, at a mobile computing device, receiving an indication that a portion of code of a program executing on the mobile computing device is to be offloaded to a second computing device for execution on the second computing device, wherein the indication is based at least in part upon an estimated energy savings of the mobile computing device by offloading the portion of the code for execution on the second computing device. The method also includes an act of transmitting data to the second computing device that causes the second computing device to execute the portion of the code.Type: ApplicationFiled: June 21, 2013Publication date: October 31, 2013Inventors: Alastair Wolman, Stefan Saroiu, Ranveer Chandra, Paramvir Bahl, Aruna Balasubramanian, Eduardo Alberto Cuervo Laffaye
-
Publication number: 20130251216Abstract: Described is a technology by which the identity of a person (e.g., a customer in a commercial transaction) is determinable without active identification effort, via biometric data is obtained without action by the person. Machine processing of the biometric data over a set of possible persons, determined from secondary proximity sensing, is used to determine or assist in determining the identity of the person.Type: ApplicationFiled: March 23, 2012Publication date: September 26, 2013Applicant: MICROSOFT CORPORATIONInventors: Christopher Stephen Frederick Smowton, Ronnie Chaiken, Weidong Cui, Oliver H. Foehr, Jacob Rubin Lorch, David Molnar, Bryan Jeffrey Parno, Stefan Saroiu, Alastair Wolman
-
Patent number: 8531334Abstract: A wireless computing device includes an antenna that is configured to transmit and receive wireless signals. The wireless computing device comprises a transmitter component that causes a first wireless signal to be transmitted to a wireless access point via the antenna, wherein the first wireless signal comprises a request for a location proof, wherein the request for the location proof comprises data that identifies the wireless computing device, and wherein the location proof comprises data that is indicative of a geographic location of the wireless access point. The system also includes a receiver component that receives, via the antenna, a second wireless signal from the wireless access point, wherein the second wireless signal is received by the receiver component subsequent to the transmitter component causing the first wireless signal to be transmitted to the wireless access point.Type: GrantFiled: November 6, 2009Date of Patent: September 10, 2013Assignee: Microsoft CorporationInventors: Alastair Wolman, Stefan Saroiu