Patents by Inventor Tadayoshi Kohno

Tadayoshi Kohno has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10140464
    Abstract: In some embodiments, an augmented reality system is provided that provides output security. In some embodiments, an operating system of the augmented reality system provides trusted management support for presenting virtual objects from untrusted applications executing in multiple isolated processes. With the output security mechanisms enabled, untrusted applications are still provided significant flexibility to create immersive AR experiences, but their presented content is constrained by the augmented reality system based on one or more output policies that are intended to reduce intrusiveness of virtual object presentations. Output policies may be composable, such that more than one output policy may be enforced on a given virtual object in a way that reduces intrusiveness of the presentation of the virtual object.
    Type: Grant
    Filed: December 8, 2016
    Date of Patent: November 27, 2018
    Assignee: University of Washington
    Inventors: Kiron Lebeck, Tadayoshi Kohno, Franziska Roesner
  • Patent number: 9736166
    Abstract: Systems and methods for creating and managing per-application profiles are disclosed. A method may include receiving input designating at least a first profile policy and a second profile policy. At least a first application profile and a second application profile may be created based on the received first profile policy and the second profile policy. An application of the plurality of applications may be associated with both the first application profile and the second application profile. A first storage partition and a second storage partition may be created within a storage space of the computing device. The storage space may be associated with the application. The first storage partition may store application data while the application is running under the first application profile. The second storage partition may store application data while the application is running under the second application profile.
    Type: Grant
    Filed: June 8, 2015
    Date of Patent: August 15, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Oriana Riva, Suman Kumar Nath, Temitope Oluwafemi, Franziska Roesner, Tadayoshi Kohno
  • Patent number: 9697365
    Abstract: Functionality is described herein for receiving events which characterize features in an environment, and for identifying at least one policy based on the events. The functionality consults a certificate, associated with the policy, to determine whether the policy is valid. If valid, the functionality uses the policy to govern the behavior of at least one application, such as by controlling the application's consumption of events. A trusted passport authority may be employed to generate the certificates. Each certificate may: (1) identify that it originated from the trusted passport authority; (2) contain context information which describes a context in which the policy is intended to be applied within an environment; and/or (3) contain machine-readable content that, when executed, carries out at least one aspect of the policy.
    Type: Grant
    Filed: January 28, 2014
    Date of Patent: July 4, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tadayoshi Kohno, David A. Molnar, Alexander N. Moshchuk, Franziska Roesner, Jiahe Helen Wang
  • Publication number: 20170162177
    Abstract: In some embodiments, an augmented reality system is provided that provides output security. In some embodiments, an operating system of the augmented reality system provides trusted management support for presenting virtual objects from untrusted applications executing in multiple isolated processes. With the output security mechanisms enabled, untrusted applications are still provided significant flexibility to create immersive AR experiences, but their presented content is constrained by the augmented reality system based on one or more output policies that are intended to reduce intrusiveness of virtual object presentations. Output policies may be composable, such that more than one output policy may be enforced on a given virtual object in a way that reduces intrusiveness of the presentation of the virtual object.
    Type: Application
    Filed: December 8, 2016
    Publication date: June 8, 2017
    Applicant: University of Washington
    Inventors: Kiron LEBECK, Tadayoshi KOHNO, Franziska ROESNER
  • Publication number: 20160359862
    Abstract: Systems and methods for creating and managing per-application profiles are disclosed. A method may include receiving input designating at least a first profile policy and a second profile policy. At least a first application profile and a second application profile may be created based on the received first profile policy and the second profile policy. An application of the plurality of applications may be associated with both the first application profile and the second application profile. A first storage partition and a second storage partition may be created within a storage space of the computing device. The storage space may be associated with the application. The first storage partition may store application data while the application is running under the first application profile. The second storage partition may store application data while the application is running under the second application profile.
    Type: Application
    Filed: June 8, 2015
    Publication date: December 8, 2016
    Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Oriana Riva, Suman Kumar Nath, Temitope Oluwafemi, Franziska Roesner, Tadayoshi Kohno
  • Patent number: 9489523
    Abstract: Systems and methods for providing an auditing file system for theft-prone devices are disclosed. The auditing file system supports fine-grained file auditing: a user may obtain reliable, explicit evidence that no files have been accessed after a device's loss. A user may also disable future file access after a device's loss, even in the absence of device network connectivity. In one embodiment, files are encrypted locally but the encryption keys are stored remotely, so that an audit server is queried for encryption keys to access protected files. By configuring the audit server to refuse to return a particular file's key, the user can prevent new accesses after the device is lost.
    Type: Grant
    Filed: April 8, 2011
    Date of Patent: November 8, 2016
    Assignee: University of Washington through its Center for Commercialization
    Inventors: Tadayoshi Kohno, Roxana Geambasu, Henry Levy, Steven Gribble
  • Patent number: 9424239
    Abstract: A shared renderer maintains shared state information to which two or more augmented reality application contribute. The shared renderer then provides a single output presentation based on the shared state information. Among other aspects, the shared renderer includes a permission mechanism by which applications can share information regarding object properties. The shared renderer may also include: a physics engine for simulating movement of at least one object that is represented by the shared state information; an annotation engine for managing a presentation of annotations produced by plural applications; and/or an occlusion engine for managing the behavior of the output presentation when two or more objects, produced by two or more applications, overlap within the output presentation.
    Type: Grant
    Filed: September 6, 2013
    Date of Patent: August 23, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Alan M. Dunn, Tadayoshi Kohno, David A. Molnar, Alexander N. Moshchuk, Franziska Roesner, Jiahe Helen Wang
  • Patent number: 9413784
    Abstract: Functionality is described herein for managing the behavior of one or more applications, such as augmented reality applications and/or other environment-sensing applications. The functionality defines permission information in a world-driven manner, which means that the functionality uses a trusted mechanism to identify cues in the sensed environment, and then maps those cues to permission information. The functionality then uses the permission information to govern the operation of one or more applications.
    Type: Grant
    Filed: September 6, 2013
    Date of Patent: August 9, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tadayoshi Kohno, David A. Molnar, Alexander N. Moshchuk, Franziska Roesner, Jiahe Helen Wang
  • Patent number: 9355268
    Abstract: Functionality is described herein by which plural environment-sensing applications capture information from an environment in a fine-grained and least-privileged manner. By doing so, the functionality reduces the risk that private information that appears within the environment will be released to unauthorized parties. Among other aspects, the functionality provides an error correction mechanism for reducing the incidence of false positives in the detection of objects, an offloading technique for delegating computationally intensive recognition tasks to a remote computing framework, and a visualization module by which a user may inspect the access rights to be granted (or already granted) to each application.
    Type: Grant
    Filed: September 6, 2013
    Date of Patent: May 31, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Loris D'Antoni, Alan M. Dunn, Suman Jana, Tadayoshi Kohno, Benjamin Livshits, David A. Molnar, Alexander N. Moshchuk, Eyal Ofek, Franziska Roesner, Timothy Scott Saponas, Margus Veanes, Jiahe Helen Wang
  • Patent number: 9106650
    Abstract: An access system is described herein which allows an application module to access a user-owned resource based on an indication of a user's intent to interact with the user-owned resource. For example, the application module can provide an application user interface which embeds a gadget associated with a particular user-owned resource. The access system can interpret the user's interaction with the gadget as conferring implicit permission to the application module to access the user-owned resource associated with the gadget. In addition, or alternatively, the user may make a telltale gesture in the course of interacting with the application module. The access system can interpret this gesture as conferring implicit permission to the application module to access a user-owned resource that is associated with the gesture.
    Type: Grant
    Filed: November 9, 2011
    Date of Patent: August 11, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Franziska Roesner, Tadayoshi Kohno, Alexander Moshchuk, Bryan J. Parno, Helen J. Wang
  • Publication number: 20150074742
    Abstract: Functionality is described herein for managing the behavior of one or more applications, such as augmented reality applications and/or other environment-sensing applications. The functionality defines permission information in a world-driven manner, which means that the functionality uses a trusted mechanism to identify cues in the sensed environment, and then maps those cues to permission information. The functionality then uses the permission information to govern the operation of one or more applications.
    Type: Application
    Filed: September 6, 2013
    Publication date: March 12, 2015
    Applicant: Microsoft Corporation
    Inventors: Tadayoshi Kohno, David A. Molnar, Alexander N. Moshchuk, Franziska Roesner, Jiahe Helen Wang
  • Publication number: 20150074746
    Abstract: Functionality is described herein for receiving events which characterize features in an environment, and for identifying at least one policy based on the events. The functionality consults a certificate, associated with the policy, to determine whether the policy is valid. If valid, the functionality uses the policy to govern the behavior of at least one application, such as by controlling the application's consumption of events. A trusted passport authority may be employed to generate the certificates. Each certificate may: (1) identify that it originated from the trusted passport authority; (2) contain context information which describes a context in which the policy is intended to be applied within an environment; and/or (3) contain machine-readable content that, when executed, carries out at least one aspect of the policy.
    Type: Application
    Filed: January 28, 2014
    Publication date: March 12, 2015
    Applicant: Microsoft Corporation
    Inventors: Tadayoshi Kohno, David A. Molnar, Alexander N. Moshchuk, Franziska Roesner, Jiahe Helen Wang
  • Publication number: 20150071555
    Abstract: Functionality is described herein by which plural environment-sensing applications capture information from an environment in a fine-grained and least-privileged manner. By doing so, the functionality reduces the risk that private information that appears within the environment will be released to unauthorized parties. Among other aspects, the functionality provides an error correction mechanism for reducing the incidence of false positives in the detection of objects, an offloading technique for delegating computationally intensive recognition tasks to a remote computing framework, and a visualization module by which a user may inspect the access rights to be granted (or already granted) to each application.
    Type: Application
    Filed: September 6, 2013
    Publication date: March 12, 2015
    Applicant: Microsoft Corporation
    Inventors: Loris D'Antoni, Alan M. Dunn, Suman Jana, Tadayoshi Kohno, Benjamin Livshits, David A. Molnar, Alexander N. Moshchuk, Eyal Ofek, Franziska Roesner, Timothy Scott Saponas, Margus Veanes, Jiahe Helen Wang
  • Publication number: 20150074506
    Abstract: A shared renderer maintains shared state information to which two or more augmented reality application contribute. The shared renderer then provides a single output presentation based on the shared state information. Among other aspects, the shared renderer includes a permission mechanism by which applications can share information regarding object properties. The shared renderer may also include: a physics engine for simulating movement of at least one object that is represented by the shared state information; an annotation engine for managing a presentation of annotations produced by plural applications; and/or an occlusion engine for managing the behavior of the output presentation when two or more objects, produced by two or more applications, overlap within the output presentation.
    Type: Application
    Filed: September 6, 2013
    Publication date: March 12, 2015
    Applicant: Microsoft Corporation
    Inventors: Alan M. Dunn, Tadayoshi Kohno, David A. Molnar, Alexander N. Moshchuk, Franziska Roesner, Jiahe Helen Wang
  • Patent number: 8848924
    Abstract: A privacy-preserving device-tracking system and method to assist in the recovery of lost or stolen Internet-connected mobile devices. The function of such a system seem contradictory, since it is desirable to hide a device's legitimately-visited locations from third-party services and other parties to achieve location privacy, while still enabling recovery of the device's location(s) after it goes missing by tracking the device to determine its location. An exemplary embodiment uses a DHT for storing encrypted location information and other forensic information in connection with indices that are successively determined based on initial pseudorandom seed information (i.e., state) that is retained by the owner of the device. Using the seed information, the software can determine indices mapped to location information stored after the device went missing, enabling the device to be located.
    Type: Grant
    Filed: November 24, 2008
    Date of Patent: September 30, 2014
    Assignee: University of Washington
    Inventors: Tadayoshi Kohno, Arvind Krishnamurthy, Gabriel Maganis, Thomas Ristenpart
  • Patent number: 8643475
    Abstract: An approach for defending radio frequency identification (RFID) tags and other contactless cards against ghost-and-leech (a.k.a. proxying, relay, or man-in-the-middle) attacks incorporates gesture recognition techniques directly implemented with the RFID tags or contactless cards. These tags or cards will only engage in wireless communications when they internally detect “secret handshakes.” A secret handshake recognition system is implemented on a passive WISP RFID tag having a built-in accelerometer. This approach is backward compatible with existing deployments of RFID tag and contactless card readers and is also designed to minimize the changes to the existing usage model of certain classes of RFID and contactless cards, such as access cards that are kept in a wallet or purse, by enabling execution of secret handshakes without removing the card. This novel approach can also improve the security and privacy properties in other uses of RFID tags, e.g., contactless payment cards.
    Type: Grant
    Filed: April 13, 2010
    Date of Patent: February 4, 2014
    Assignee: University of Washington through its Center for Commercialization
    Inventors: Tadayoshi Kohno, Alexei Czeskis, Karl Koscher, Joshua R Smith
  • Patent number: 8520855
    Abstract: A configuration for encapsulating data that is unreadable after a predetermined timeout. To encapsulate data a random data key is generated and split into shares. A threshold number of shares are needed to reconstruct the key. The shares are stored at random locations within one or more networks. Each location is configured to delete the stored data after a predetermined time period. Encapsulated data is created by creating a vanishing data object (VDO) comprising the encrypted data, and data sufficient to locate at least a threshold number of key shares from their stored locations. The VDO becomes inaccessible after enough shares of the data are deleted such that the data key cannot be restored. However, if prior to timeout a sufficient number of data key shares are located and retrieved the data key can be reconstructed. The reconstructed data key is then used to decrypt the original data.
    Type: Grant
    Filed: March 5, 2010
    Date of Patent: August 27, 2013
    Assignee: University of Washington
    Inventors: Tadayoshi Kohno, Roxana Geambasu, Henry M. Levy
  • Publication number: 20130205385
    Abstract: An access system is described herein which allows an application to access a system-level and/or application-specific user-owned resource based on a user's interaction with an intent-based access mechanism. For example, the intent-based access mechanism may correspond to a gadget that is embedded in an application user interface provided by the application, and/or logic for detecting a permission-granting input sequence. The access system accommodates different types of intent-based access mechanisms. One type is a scheduled intent-based access mechanism. Another type provides access to two or more user-owned resources. Further, the access system includes a mechanism for determining whether the application is permitted to use an intent-based access mechanism.
    Type: Application
    Filed: February 8, 2012
    Publication date: August 8, 2013
    Applicant: Microsoft Corporation
    Inventors: Franziska Roesner, Tadayoshi Kohno, Alexander Moshchuk, Bryan J. Parno, Helen J. Wang
  • Publication number: 20130198522
    Abstract: Systems and methods for providing an auditing file system for theft-prone devices are disclosed. The auditing file system supports fine-grained file auditing: a user may obtain reliable, explicit evidence that no files have been accessed after a device's loss. A user may also disable future file access after a device's loss, even in the absence of device network connectivity. In one embodiment, files are encrypted locally but the encryption keys are stored remotely, so that an audit server is queried for encryption keys to access protected files. By configuring the audit server to refuse to return a particular file's key, the user can prevent new accesses after the device is lost.
    Type: Application
    Filed: April 8, 2011
    Publication date: August 1, 2013
    Inventors: Tadayoshi Kohno, Roxana Geambasu, Henry Levy, Steven Gribble
  • Publication number: 20130117840
    Abstract: An access system is described herein which allows an application module to access a user-owned resource based on an indication of a user's intent to interact with the user-owned resource. For example, the application module can provide an application user interface which embeds a gadget associated with a particular user-owned resource. The access system can interpret the user's interaction with the gadget as conferring implicit permission to the application module to access the user-owned resource associated with the gadget. In addition, or alternatively, the user may make a telltale gesture in the course of interacting with the application module. The access system can interpret this gesture as conferring implicit permission to the application module to access a user-owned resource that is associated with the gesture.
    Type: Application
    Filed: November 9, 2011
    Publication date: May 9, 2013
    Applicant: MICROSOFT CORPORATION
    Inventors: Franziska Roesner, Tadayoshi Kohno, Alexander Moshchuk, Bryan J. Parno, Helen J. Wang