Patents by Inventor Thekkthalackal Varugis Kurien
Thekkthalackal Varugis Kurien has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20180167300Abstract: This document relates to a distributed network coordinate system. One implementation provides computer-readable storage media including instructions that may cause a processor to perform certain acts. For example, the acts may include storing an initial network location of a first device in a network. The network may include the first device and a second device. The acts may also include monitoring one or more network performance metrics related to existing application communications with the second device, and determining an updated network location of the first device, based on the initial network location and the network performance metrics. Aspects of network health can be derived from monitoring changes in the network locations of various devices within the coordinate system.Type: ApplicationFiled: December 11, 2017Publication date: June 14, 2018Inventors: Lihua YUAN, Sharad AGARWAL, Kevin DAMOUR, Thekkthalackal Varugis KURIEN, Albert G. GREENBERG, Randall KERN
-
Patent number: 9871711Abstract: This document relates to a distributed network coordinate system. One implementation provides computer-readable storage media including instructions that may cause a processor to perform certain acts. For example, the acts may include storing an initial network location of a first device in a network. The network may include the first device and a second device. The acts may also include monitoring one or more network performance metrics related to existing application communications with the second device, and determining an updated network location of the first device, based on the initial network location and the network performance metrics. Aspects of network health can be derived from monitoring changes in the network locations of various devices within the coordinate system.Type: GrantFiled: August 3, 2014Date of Patent: January 16, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Lihua Yuan, Sharad Agarwal, Kevin Damour, Thekkthalackal Varugis Kurien, Albert G. Greenberg, Randall Kern
-
Patent number: 9311483Abstract: Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.Type: GrantFiled: October 31, 2013Date of Patent: April 12, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Thekkthalackal Varugis Kurien, Paul England, Ravindra Nath Pandya, Niels Ferguson
-
Patent number: 9166797Abstract: Systems and methods that establish a secured compartment that manages sensitive user transactions/information on a user's machine. The secured compartment qualifies user interaction with the machine, and separates such qualified interaction from other user activity on the machine. A user is switched to such secured compartment upon occurrence of a predetermined event, such as in form of: an explicit request (e.g., a secure attention sequence); an implicit request (e.g., inference of user activities); and presence of a peripheral device that is bound to the secured compartment (e.g., a USB)—wherein such actions typically cannot be generated by an application running outside the secured compartment.Type: GrantFiled: October 24, 2008Date of Patent: October 20, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Thekkthalackal Varugis Kurien, Cormac E. Herley, Alice Jane Bernheim Brush, Daniel C. Robbins, Arindam Chatterjee, Scott Field
-
Patent number: 9135357Abstract: Methods for using scenario solution-related information to generate customized user experiences are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a scenario solution which may be utilized to address a particular issue relevant to the received query. At the time of authoring, each scenario solution is organized based upon one or more keywords and/or one or more categories (i.e., namespaces). Data associated with a namespace/keyword corresponding to a returned search result may be mined to determine information beyond basic scenario solution search results that may be of interest to the user.Type: GrantFiled: September 20, 2010Date of Patent: September 15, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Thekkthalackal Varugis Kurien, Steven E. Jackson, Scott A. Field
-
Publication number: 20140370482Abstract: A virtual lab is generated for a underlying learning objective defined by a lab instructor. The virtual lab is decomposed into multiple lab steps. Each lab step defines a portion of the underlying learning objective that can be performed independently. Each lab step includes pedagogical information for teaching a learner the portion of the underlying learning objective and information for specifying a portion of the underlying system that will execute the lab step. A first portion of the underlying system is caused to execute a first lab step. This allows the learner to perform the portion of the underlying learning objective defined in the first lab step. An event generated by the learner's performance of the first lab step is received. In response, a specific pedagogical procedure that is dictated by the event is caused to be performed.Type: ApplicationFiled: June 18, 2013Publication date: December 18, 2014Inventors: Thekkthalackal Varugis Kurien, Alpesh Gaglani, Arunprakash Balakrishnan, Eric . D. Schweickert, Daniel Behrendt, Vinay Balasubramaniam, Suyash Sinha
-
Publication number: 20140337524Abstract: This document relates to a distributed network coordinate system. One implementation provides computer-readable storage media including instructions that may cause a processor to perform certain acts. For example, the acts may include storing an initial network location of a first device in a network. The network may include the first device and a second device. The acts may also include monitoring one or more network performance metrics related to existing application communications with the second device, and determining an updated network location of the first device, based on the initial network location and the network performance metrics. Aspects of network health can be derived from monitoring changes in the network locations of various devices within the coordinate system.Type: ApplicationFiled: August 3, 2014Publication date: November 13, 2014Applicant: MICROSOFT CORPORATIONInventors: Lihua YUAN, Sharad AGARWAL, Kevin DAMOUR, Thekkthalackal Varugis KURIEN, Albert G. GREENBERG, Randall KERN
-
Patent number: 8825813Abstract: This document relates to a distributed network coordinate system. One implementation provides computer-readable storage media including instructions that may cause a processor to perform certain acts. For example, the acts may include storing an initial network location of a first device in a network. The network may include the first device and a second device. The acts may also include monitoring one or more network performance metrics related to existing application communications with the second device, and determining an updated network location of the first device, based on the initial network location and the network performance metrics. Aspects of network health can be derived from monitoring changes in the network locations of various devices within the coordinate system.Type: GrantFiled: December 28, 2010Date of Patent: September 2, 2014Assignee: Microsoft CorporationInventors: Lihua Yuan, Sharad Agarwal, Kevin Damour, Thekkthalackal Varugis Kurien, Albert G. Greenberg, Randall Kern
-
Publication number: 20140059680Abstract: Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.Type: ApplicationFiled: October 31, 2013Publication date: February 27, 2014Inventors: Thekkthalackal Varugis Kurien, Paul England, Ravindra Nath Pandya, Niels Ferguson
-
Patent number: 8619971Abstract: Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.Type: GrantFiled: April 1, 2005Date of Patent: December 31, 2013Assignee: Microsoft CorporationInventors: Thekkthalackal Varugis Kurien, Paul England, Ravindra Nath Pandya, Niels Ferguson
-
Patent number: 8615801Abstract: Software is authorized in accordance with a reputation of the software. A trust in the author and/or publisher of the software is determined via digital signatures and/or CoAs, and a reputation of the software is utilized to determine the intent of the software. The reputation of the software can be determined via a local service, such as an enterprise IT department and/or via a reputation determination service. When software is downloaded or to be executed, the trust in the author/publisher is determined using digital signatures and/or CoAs associated with the software. If the author/publisher is determined to be trusted, a service is called to determine the reputation of the software. The software can be installed and/or executed dependent upon the reputation of the software and trustworthiness of the author/publisher.Type: GrantFiled: August 31, 2006Date of Patent: December 24, 2013Assignee: Microsoft CorporationInventors: David B. Cross, Thekkthalackal Varugis Kurien, Scott A. Field
-
Patent number: 8347085Abstract: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.Type: GrantFiled: December 30, 2011Date of Patent: January 1, 2013Assignee: Microsoft CorporationInventors: Thekkthalackal Varugis Kurien, Jeffrey B Hamblin, Narasimha Rao Nagampalli, Peter T Brundrett, Scott Field
-
Patent number: 8225131Abstract: Today, data networks are ever increasing in size and complexity. For example, a datacenter may comprise hundreds of thousands of service endpoints configured to perform work. To reduce network wide degradation, a load balancer may send work requests to healthy service endpoints, as opposed to unhealthy and/or inoperative service endpoints. Accordingly, among other things, one or more systems and/or techniques for monitoring service endpoints, which may be scalable for large scale networks, are provided. In particular, a consistent hash function may be performed to generate a monitoring scheme comprising assignments of service endpoints to monitoring groups. In this way, multiple monitoring components may monitor a subset of endpoints to ascertain health status. Additionally, the monitoring components may communicate between one another so that a monitoring component may know heath statuses of service endpoints both assigned and not assigned to the monitoring component.Type: GrantFiled: June 17, 2010Date of Patent: July 17, 2012Assignee: Microsoft CorporationInventors: Saurabh Mahajan, Vladimir Shubin, Kevin Thomas Damour, Thekkthalackal Varugis Kurien, Lihua Yuan
-
Publication number: 20120166598Abstract: This document relates to a distributed network coordinate system. One implementation provides computer-readable storage media including instructions that may cause a processor to perform certain acts. For example, the acts may include storing an initial network location of a first device in a network. The network may include the first device and a second device. The acts may also include monitoring one or more network performance metrics related to existing application communications with the second device, and determining an updated network location of the first device, based on the initial network location and the network performance metrics. Aspects of network health can be derived from monitoring changes in the network locations of various devices within the coordinate system.Type: ApplicationFiled: December 28, 2010Publication date: June 28, 2012Applicant: MICROSOFT CORPORATIONInventors: Lihua Yuan, Sharad Agarwal, Kevin Damour, Thekkthalackal Varugis Kurien, Albert G. Greenberg, Randall Kern
-
Publication number: 20120102577Abstract: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.Type: ApplicationFiled: December 30, 2011Publication date: April 26, 2012Applicant: Microsoft CorporationInventors: Thekkthalackal Varugis Kurien, Jeffrey B. Hamblin, Narasimha Rao Nagampalli, Peter T. Brundrett, Scott Field
-
Patent number: 8117441Abstract: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.Type: GrantFiled: June 20, 2006Date of Patent: February 14, 2012Assignee: Microsoft CorporationInventors: Thekkthalackal Varugis Kurien, Jeffrey B Hamblin, Narasimha Rao Nagampalli, Peter T Brundrett, Scott Field
-
Publication number: 20110314326Abstract: Today, data networks are ever increasing in size and complexity. For example, a datacenter may comprise hundreds of thousands of service endpoints configured to perform work. To reduce network wide degradation, a load balancer may send work requests to healthy service endpoints, as opposed to unhealthy and/or inoperative service endpoints. Accordingly, among other things, one or more systems and/or techniques for monitoring service endpoints, which may be scalable for large scale networks, are provided. In particular, a consistent hash function may be performed to generate a monitoring scheme comprising assignments of service endpoints to monitoring groups. In this way, multiple monitoring components may monitor a subset of endpoints to ascertain health status. Additionally, the monitoring components may communicate between one another so that a monitoring component may know heath statuses of service endpoints both assigned and not assigned to the monitoring component.Type: ApplicationFiled: June 17, 2010Publication date: December 22, 2011Applicant: Microsoft CorporationInventors: Saurabh Mahajan, Vladimir Shubin, Kevin Thomas Damour, Thekkthalackal Varugis Kurien, Lihua Yuan
-
Patent number: 8078604Abstract: Systems, methods, and computer-readable media for identifying executable scenario solutions relevant to a user query and returning such executable scenario solutions as search results in response to the user query are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a series of steps which may be implemented to address a particular issue relevant to the received user query. Often, a series of steps or scenario includes a number of sub-scenarios, each of which is to be executed sequentially to achieve the desired result. Accordingly, upon selection of a particular search result, the user may be guided through a series of sub-scenario result options until an item having direct association to a series of steps is selected. Once selected, the executable scenario solution is presented to the user for execution.Type: GrantFiled: March 19, 2007Date of Patent: December 13, 2011Assignee: Microsoft CorporationInventors: Thekkthalackal Varugis Kurien, Steven E. Jackson, Scott A. Field, Philip J. Lafornara
-
Publication number: 20110010354Abstract: Methods for using scenario solution-related information to generate customized user experiences are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a scenario solution which may be utilized to address a particular issue relevant to the received query. At the time of authoring, each scenario solution is organized based upon one or more keywords and/or one or more categories (i.e., namespaces). Data associated with a namespace/keyword corresponding to a returned search result may be mined to determine information beyond basic scenario solution search results that may be of interest to the user.Type: ApplicationFiled: September 20, 2010Publication date: January 13, 2011Applicant: MICROSOFT CORPORATIONInventors: THEKKTHALACKAL VARUGIS KURIEN, STEVEN E. JACKSON, SCOTT A. FIELD
-
Patent number: 7818341Abstract: Methods for using scenario solution-related information to generate customized user experiences are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a scenario solution which may be utilized to address a particular issue relevant to the received query. At the time of authoring, each scenario solution is organized based upon one or more keywords and/or one or more categories (i.e., namespaces). Data associated with a namespace/keyword corresponding to a returned search result may be mined to determine information beyond basic scenario solution search results that may be of interest to the user.Type: GrantFiled: March 19, 2007Date of Patent: October 19, 2010Assignee: Microsoft CorporationInventors: Thekkthalackal Varugis Kurien, Steven E. Jackson, Scott A. Field