Patents by Inventor Stephen D. Pate
Stephen D. Pate has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11068280Abstract: During the user-mode startup of an operating system of a computing system and prior to the execution of a service control manager process, an early retrieval process is launched so as to retrieve (i) decryption keys corresponding to one or more encrypted files, folders or data partitions and/or (ii) an access control policy from a key management server external to the computing system. The retrieved information may be provided to a disk filter driver and/or file system filter driver of the operating system. In order to communicate with the external key management server, the early retrieval process may initialize the network stack of the computing system, since network services is not yet available prior to the execution of the services.exe process.Type: GrantFiled: September 21, 2017Date of Patent: July 20, 2021Assignee: HyTrust, Inc.Inventors: Babu Katchapalayam, Stephen D. Pate
-
Publication number: 20190370013Abstract: During the user-mode startup of an operating system of a computing system and prior to the execution of a service control manager process, an early retrieval process is launched so as to retrieve (i) decryption keys corresponding to one or more encrypted files, folders or data partitions and/or (ii) an access control policy from a key management server external to the computing system. The retrieved information may be provided to a disk filter driver and/or file system filter driver of the operating system. In order to communicate with the external key management server, the early retrieval process may initialize the network stack of the computing system, since network services is not yet available prior to the execution of the services.exe process.Type: ApplicationFiled: September 21, 2017Publication date: December 5, 2019Inventors: Babu KATCHAPALAYAM, Stephen D. PATE
-
Patent number: 10402206Abstract: During the startup of an operating system of a computing system, a monitoring process of the operating system is used to detect an entry point of a daemon manager process. In response to detecting the entry point, the startup process is paused, and an early attach process is launched so as to attach one or more encrypted data partitions to the operating system. As part of the early attach process, the network stack of the computing system may be initialized, which allows the early attach process to retrieve one or more decryption keys corresponding to the one or more encrypted data partitions from an external key management server. The one or more decryption keys may be transmitted to a disk filter driver of the operating system, which provides the operating system with access to the one or more encrypted data partitions. Upon the conclusion of the early attach process, the operating system startup process resumes with the one or more encrypted data partitions now accessible to the operating system.Type: GrantFiled: September 21, 2017Date of Patent: September 3, 2019Assignee: HyTrust, Inc.Inventors: Babu Katchapalayam, Stephen D. Pate
-
Publication number: 20180217847Abstract: During the startup of an operating system of a computing system, a monitoring process of the operating system is used to detect an entry point of a daemon manager process. In response to detecting the entry point, the startup process is paused, and an early attach process is launched so as to attach one or more encrypted data partitions to the operating system. As part of the early attach process, the network stack of the computing system may be initialized, which allows the early attach process to retrieve one or more decryption keys corresponding to the one or more encrypted data partitions from an external key management server. The one or more decryption keys may be transmitted to a disk filter driver of the operating system, which provides the operating system with access to the one or more encrypted data partitions. Upon the conclusion of the early attach process, the operating system startup process resumes with the one or more encrypted data partitions now accessible to the operating system.Type: ApplicationFiled: September 21, 2017Publication date: August 2, 2018Inventors: Babu Katchapalayam, Stephen D. Pate
-
Patent number: 9817675Abstract: During the startup of an operating system of a computing system, a monitoring process of the operating system is used to detect an entry point of a daemon manager process. In response to detecting the entry point, the startup process is paused, and an early attach process is launched so as to attach one or more encrypted data partitions to the operating system. As part of the early attach process, the network stack of the computing system may be initialized, which allows the early attach process to retrieve one or more decryption keys corresponding to the one or more encrypted data partitions from an external key management server. The one or more decryption keys may be transmitted to a disk filter driver of the operating system, which provides the operating system with access to the one or more encrypted data partitions. Upon the conclusion of the early attach process, the operating system startup process resumes with the one or more encrypted data partitions now accessible to the operating system.Type: GrantFiled: January 31, 2017Date of Patent: November 14, 2017Assignee: HYTRUST, INC.Inventors: Babu Katchapalayam, Stephen D. Pate
-
Patent number: 9699155Abstract: A virtual file system is described that is implemented in a virtualization platform as a stackable file system layer that intercepts file operations between a hypervisor and a physical file system. The virtual file system encrypts (at least in part) VM files to be stored, organizes the encrypted VM files into VM sets, and then maps and stores the encrypted VM sets into storage pools. Storage and access to files within the VM sets is controlled through the use of administrator-determined policies governing storage, security, access control, authentication, and auditing. The system and method described herein allow a seamless integration between a data center (e.g., a private cloud) and computing resources served across the internet and supported by cloud service providers (e.g., public clouds) while ensuring that the security needs of customers and cloud service providers are met.Type: GrantFiled: May 13, 2015Date of Patent: July 4, 2017Assignee: HYTRUST, INC.Inventors: Stephen D. Pate, Tushar Y. Tambay, Kelvin J. Pryse, Lynn F. Kerby, Blaine T. Cuykendall, Thomas J. Satterlee
-
Patent number: 9300640Abstract: An approach to securely distributing and running virtual machines is described that addresses the inherent insecurity of mobile virtual machines by authenticating a user before establishing a specialized virtualization runtime environment that includes a filesystem driver inserted into the host operating system to provide secure access to a virtual machine by authorized hypervisors only. Further described is the creation of a SecureVM package that includes the various components used to perform the operations of installation, user authentication and establishment of the specialized virtualization runtime environment.Type: GrantFiled: September 28, 2013Date of Patent: March 29, 2016Assignee: HyTrust, Inc.Inventor: Stephen D. Pate
-
Publication number: 20150244693Abstract: A virtual file system is described that is implemented in a virtualization platform as a stackable file system layer that intercepts file operations between a hypervisor and a physical file system. The virtual file system encrypts (at least in part) VM files to be stored, organizes the encrypted VM files into VM sets, and then maps and stores the encrypted VM sets into storage pools. Storage and access to files within the VM sets is controlled through the use of administrator-determined policies governing storage, security, access control, authentication, and auditing. The system and method described herein allow a seamless integration between a data center (e.g., a private cloud) and computing resources served across the internet and supported by cloud service providers (e.g., public clouds) while ensuring that the security needs of customers and cloud service providers are met.Type: ApplicationFiled: May 13, 2015Publication date: August 27, 2015Inventors: Stephen D. Pate, Tushar Y. Tambay, Kelvin J. Pryse, Lynn F. Kerby, Blaine T. Cuykendall, Thomas J. Satterlee
-
Patent number: 9053339Abstract: A virtual file system is described that is implemented in a virtualization platform as a stackable file system layer that intercepts file operations between a hypervisor and a physical file system. The virtual file system encrypts (at least in part) VM files to be stored, organizes the encrypted VM files into VM sets, and then maps and stores the encrypted VM sets into storage pools. Storage and access to files within the VM sets is controlled through the use of administrator-determined policies governing storage, security, access control, authentication, and auditing. The system and method described herein allow a seamless integration between a data center (e.g., a private cloud) and computing resources served across the internet and supported by cloud service providers (e.g., public clouds) while ensuring that the security needs of customers and cloud service providers are met.Type: GrantFiled: September 22, 2011Date of Patent: June 9, 2015Assignee: HyTrust, Inc.Inventors: Stephen D. Pate, Tushar Y. Tambay, Kelvin J. Pryse, Lynn F. Kerby, Blaine T. Cuykendall, Thomas J. Satterlee
-
Publication number: 20150019864Abstract: An approach to securely distributing and running virtual machines is described that addresses the inherent insecurity of mobile virtual machines by authenticating a user before establishing a specialized virtualization runtime environment that includes a filesystem driver inserted into the host operating system to provide secure access to a virtual machine by authorized hypervisors only. Further described is the creation of a SecureVM package that includes the various components used to perform the operations of installation, user authentication and establishment of the specialized virtualization runtime environment.Type: ApplicationFiled: September 28, 2013Publication date: January 15, 2015Applicant: High Cloud Security, Inc.Inventor: Stephen D. Pate
-
Patent number: 8555377Abstract: An approach to securely distributing and running virtual machines is described that addresses the inherent insecurity of mobile virtual machines by authenticating a user before establishing a specialized virtualization runtime environment that includes a filesystem driver inserted into the host operating system to provide secure access to a virtual machine by authorized hypervisors only. Further described is the creation of a SecureVM package that includes the various components used to perform the operations of installation, user authentication and establishment of the specialized virtualization runtime environment.Type: GrantFiled: March 23, 2011Date of Patent: October 8, 2013Assignee: High Cloud SecurityInventor: Stephen D. Pate
-
Publication number: 20120110328Abstract: A virtual file system is described that is implemented in a virtualization platform as a stackable file system layer that intercepts file operations between a hypervisor and a physical file system. The virtual file system encrypts (at least in part) VM files to be stored, organizes the encrypted VM files into VM sets, and then maps and stores the encrypted VM sets into storage pools. Storage and access to files within the VM sets is controlled through the use of administrator-determined policies governing storage, security, access control, authentication, and auditing. The system and method described herein allow a seamless integration between a data center (e.g., a private cloud) and computing resources served across the internet and supported by cloud service providers (e.g., public clouds) while ensuring that the security needs of customers and cloud service providers are met.Type: ApplicationFiled: September 22, 2011Publication date: May 3, 2012Applicant: High Cloud Security, Inc.Inventors: Stephen D. Pate, Tushar Y. Tambay, Kelvin J. Pryse, Lynn F. Kerby, Blaine T. Cuykendall, Thomas J. Satterlee
-
Publication number: 20110271279Abstract: An approach to securely distributing and running virtual machines is described that addresses the inherent insecurity of mobile virtual machines by authenticating a user before establishing a specialized virtualization runtime environment that includes a filesystem driver inserted into the host operating system to provide secure access to a virtual machine by authorized hypervisors only. Further described is the creation of a SecureVM package that includes the various components used to perform the operations of installation, user authentication and establishment of the specialized virtualization runtime environment.Type: ApplicationFiled: March 23, 2011Publication date: November 3, 2011Applicant: High Cloud Security, Inc.Inventor: Stephen D. Pate