Patents by Inventor Thomas Michael Roeder
Thomas Michael Roeder has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230039096Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.Type: ApplicationFiled: October 26, 2022Publication date: February 9, 2023Inventors: Anna Sapek, Uday Savagaonkar, Jeffrey Thomas Andersen, Thomas Michael Roeder
-
Patent number: 11509643Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.Type: GrantFiled: July 18, 2018Date of Patent: November 22, 2022Assignee: Google LLCInventors: Anna Sapek, Uday Savagaonkar, Jeffrey Thomas Andersen, Thomas Michael Roeder
-
Publication number: 20210037001Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.Type: ApplicationFiled: July 18, 2018Publication date: February 4, 2021Applicant: Google LLCInventors: Anna Sapek, Uday Savagaonkar, Jeffrey Thomas Andersen, Thomas Michael Roeder
-
Patent number: 9634831Abstract: Implementations for providing role-based distributed key management (DKM) replication are described. A server node receives a request from a requester node to perform a DKM create or update function. The server node determines the role of the requester node based on a public key of the requester node. The server node determines whether the role of the requester node indicates that the requester node is authorized to request the DKM create or update function. If the requester node's role is authorized to request the DKM create or update function, then the server node performs the requested function. The DKM create or update function may involve a replication function. Public key and trust chains may be derived from physical cryptographic processors, such as TPMs.Type: GrantFiled: April 3, 2015Date of Patent: April 25, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Tolga Acar, Henry N. Jerez, Lan Duy Nguyen, Thomas Michael Roeder
-
Patent number: 9526007Abstract: Location brokering technique embodiments are presented that employ sensor data captured by a user's mobile device to determine the device's location, encrypt the location data and store it in a database. The location data is encrypted in such a way that it is possible to determine when a user's mobile device is currently in the same vicinity as another user's mobile device who is a member of the same group as the first user. However, the actual location and relative mobility or immobility of the users cannot be ascertained except by the users themselves via a decryption procedure or by trusted components. Services are provided can read the stored encrypted location data, processes it to determine if group members are in the same vicinity, and either respond to user queries about the location of other members of a group the user belongs to, or push this information to appropriate users.Type: GrantFiled: March 24, 2014Date of Patent: December 20, 2016Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Mira Belenkiy, Henry Nelson Jerez, Thomas Michael Roeder, Matt Dyor
-
Publication number: 20150215118Abstract: Implementations for providing role-based distributed key management (DKM) replication are described. A server node receives a request from a requester node to perform a DKM create or update function. The server node determines the role of the requester node based on a public key of the requester node. The server node determines whether the role of the requester node indicates that the requester node is authorized to request the DKM create or update function. If the requester node's role is authorized to request the DKM create or update function, then the server node performs the requested function. The DKM create or update function may involve a replication function. Public key and trust chains may be derived from physical cryptographic processors, such as TPMs.Type: ApplicationFiled: April 3, 2015Publication date: July 30, 2015Inventors: Tolga Acar, Henry N. Jerez, Lan Duy Nguyen, Thomas Michael Roeder
-
Patent number: 9008316Abstract: Implementations for providing role-based distributed key management (DKM) replication are described. A server node receives a request from a requester node to perform a DKM create or update function. The server node determines the role of the requester node based on a public key of the requester node. The server node determines whether the role of the requester node indicates that the requester node is authorized to request the DKM create or update function. If the requester node's role is authorized to request the DKM create or update function, then the server node performs the requested function. The DKM create or update function may involve a replication function. Public key and trust chains may be derived from physical cryptographic processors, such as TPMs.Type: GrantFiled: March 29, 2012Date of Patent: April 14, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Tolga Acar, Henry N. Jerez, Lan Duy Nguyen, Thomas Michael Roeder
-
Publication number: 20140205097Abstract: Location brokering technique embodiments are presented that employ sensor data captured by a user's mobile device to determine the device's location, encrypt the location data and store it in a database. The location data is encrypted in such a way that it is possible to determine when a user's mobile device is currently in the same vicinity as another user's mobile device who is a member of the same group as the first user. However, the actual location and relative mobility or immobility of the users cannot be ascertained except by the users themselves via a decryption procedure or by trusted components. Services are provided can read the stored encrypted location data, processes it to determine if group members are in the same vicinity, and either respond to user queries about the location of other members of a group the user belongs to, or push this information to appropriate users.Type: ApplicationFiled: March 24, 2014Publication date: July 24, 2014Applicant: Microsoft CorporationInventors: Mira Belenkiy, Henry Nelson Jerez, Thomas Michael Roeder, Matt Dyor
-
Patent number: 8693689Abstract: Location brokering technique embodiments are presented that employ sensor data captured by a user's mobile device to determine the device's location, encrypt the location data and store it in a database. The location data is encrypted in such a way that it is possible to determine when a user's mobile device is currently in the same vicinity as another user's mobile device who is a member of the same group. However, the actual location and relative mobility or immobility of the users cannot be ascertained except by the users themselves via a decryption procedure or by trusted components. Services are provided can read the stored encrypted location data, processes it to determine if group members are in the same vicinity, and either respond to user queries about the location of other members of a group the user belongs to, or push this information to appropriate users.Type: GrantFiled: November 1, 2010Date of Patent: April 8, 2014Assignee: Microsoft CorporationInventors: Mira Belenkiy, Henry Nelson Jerez Morales, Thomas Michael Roeder, Matt Dyor
-
Publication number: 20130259234Abstract: Implementations for providing role-based distributed key management (DKM) replication are described. A server node receives a request from a requester node to perform a DKM create or update function. The server node determines the role of the requester node based on a public key of the requester node. The server node determines whether the role of the requester node indicates that the requester node is authorized to request the DKM create or update function. If the requester node's role is authorized to request the DKM create or update function, then the server node performs the requested function. The DKM create or update function may involve a replication function. Public key and trust chains may be derived from physical cryptographic processors, such as TPMs.Type: ApplicationFiled: March 29, 2012Publication date: October 3, 2013Applicant: MICROSOFT CORPORATIONInventors: Tolga Acar, Henry N. Jerez, Lan Duy Nguyen, Thomas Michael Roeder
-
Publication number: 20120106738Abstract: Location brokering technique embodiments are presented that employ sensor data captured by a user's mobile device to determine the device's location, encrypt the location data and store it in a database. The location data is encrypted in such a way that it is possible to determine when a user's mobile device is currently in the same vicinity as another user's mobile device who is a member of the same group as the first user. However, the actual location and relative mobility or immobility of the users cannot be ascertained except by the users themselves via a decryption procedure or by trusted components. Services are provided can read the stored encrypted location data, processes it to determine if group members are in the same vicinity, and either respond to user queries about the location of other members of a group the user belongs to, or push this information to appropriate users.Type: ApplicationFiled: November 1, 2010Publication date: May 3, 2012Applicant: Microsoft CorporationInventors: Mira Belenkiy, Henry Nelson Jerez Morales, Thomas Michael Roeder, Matt Dyor