Patents by Inventor Yevgeniy A. Samsonov
Yevgeniy A. Samsonov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10621350Abstract: Techniques are described herein that are capable of establishing system integrity using attestation for a virtual trusted platform module (vTPM). For instance, an endorsement key certificate, including an endorsement key associated with the vTPM, may be signed to issue the endorsement key certificate to the vTPM. The endorsement key certificate may be used to establish a chain of trust with regard to the vTPM. For instance, the endorsement key certificate may be used to attest the vTPM (and measurements provided by the vTPM).Type: GrantFiled: October 2, 2017Date of Patent: April 14, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Mark Fishel Novak, Yevgeniy A. Samsonov, Jingbo Wu
-
Publication number: 20190102555Abstract: Techniques are described herein that are capable of establishing system integrity using attestation for a virtual trusted platform module (vTPM). For instance, an endorsement key certificate, including an endorsement key associated with the vTPM, may be signed to issue the endorsement key certificate to the vTPM. The endorsement key certificate may be used to establish a chain of trust with regard to the vTPM. For instance, the endorsement key certificate may be used to attest the vTPM (and measurements provided by the vTPM).Type: ApplicationFiled: October 2, 2017Publication date: April 4, 2019Inventors: Mark Fishel Novak, Yevgeniy A. Samsonov, Jingbo Wu
-
Patent number: 10229272Abstract: During booting of a computing device, multiple security boundaries are generated. A security boundary refers to a manner of operation of a computing device or a portion of the computing device, with a program executing in one security boundary being prohibited from accessing data and programs in another security boundary. As part of booting the computing device measurements of (e.g., hash values or other identifications of) various modules loaded and executed as part of booting the computing device are maintained by a boot measurement system of the computing device. Additionally, as part of booting the computing device, public/private key pairs of one of the security boundaries is generated or otherwise obtained. Private keys of the public/private key pairs are provided to the one security boundary, and the public keys of the public/private key pairs are provided to the boot measurement system.Type: GrantFiled: January 31, 2017Date of Patent: March 12, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Yevgeniy A. Samsonov, Kinshumann Kinshumann
-
Patent number: 10068092Abstract: A facility for booting a virtual machine hosted on a host is described. In one example facility, the facility boots the virtual machine in accordance with a policy instance associated with the virtual machine. As part of the booting, the facility extracts information needed to complete the booting from a virtual trusted platform module associated with the virtual machine, the extraction based upon the policy instance associated with the virtual machine. At the completion of the booting, the facility copies contents of a policy instance associated with the host into the policy instance associated with the virtual machine.Type: GrantFiled: August 12, 2015Date of Patent: September 4, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Lawrence Ralph Cleeton, Yevgeniy A. Samsonov, Kinshumann Kinshumann, Jingbo Wu, Kevin Michael Broas, Samartha Chandrashekar
-
Patent number: 9934412Abstract: In one embodiment, a data storage client may establish a virtual replay protected storage system with an agnostic data storage. The virtual replay protected storage system may maintain a trusted counter and a secret key in a trusted client environment. The virtual replay protected storage system may encode a hash message authentication code signature based on the trusted counter, the secret key, and a data set. The virtual replay protected storage system may send a write request of the data set with the hash message authentication code signature to an agnostic data storage.Type: GrantFiled: June 23, 2015Date of Patent: April 3, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Yevgeniy A. Samsonov, Kinshuman Kinshumann
-
Publication number: 20170140152Abstract: During booting of a computing device, multiple security boundaries are generated. A security boundary refers to a manner of operation of a computing device or a portion of the computing device, with a program executing in one security boundary being prohibited from accessing data and programs in another security boundary. As part of booting the computing device measurements of (e.g., hash values or other identifications of) various modules loaded and executed as part of booting the computing device are maintained by a boot measurement system of the computing device. Additionally, as part of booting the computing device, public/private key pairs of one of the security boundaries is generated or otherwise obtained. Private keys of the public/private key pairs are provided to the one security boundary, and the public keys of the public/private key pairs are provided to the boot measurement system.Type: ApplicationFiled: January 31, 2017Publication date: May 18, 2017Applicant: Microsoft Technology Licensing, LLCInventors: Yevgeniy A. Samsonov, Kinshumann Kinshumann
-
Patent number: 9584317Abstract: During booting of a computing device, multiple security boundaries are generated. A security boundary refers to a manner of operation of a computing device or a portion of the computing device, with a program executing in one security boundary being prohibited from accessing data and programs in another security boundary. As part of booting the computing device measurements of (e.g., hash values or other identifications of) various modules loaded and executed as part of booting the computing device are maintained by a boot measurement system of the computing device. Additionally, as part of booting the computing device, a public/private key pair of one of the security boundaries is generated or otherwise obtained. The private key of the public/private key pair is provided to the one security boundary, and the public key of the public/private key pair is provided to the boot measurement system.Type: GrantFiled: February 4, 2015Date of Patent: February 28, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Kinshuman Kinshumann, Yevgeniy A. Samsonov, Niels T. Ferguson, Mark Fishel Novak
-
Publication number: 20160379015Abstract: In one embodiment, a data storage client may establish a virtual replay protected storage system with an agnostic data storage. The virtual replay protected storage system may maintain a trusted counter and a secret key in a trusted client environment. The virtual replay protected storage system may encode a hash message authentication code signature based on the trusted counter, the secret key, and a data set. The virtual replay protected storage system may send a write request of the data set with the hash message authentication code signature to an agnostic data storage.Type: ApplicationFiled: June 23, 2015Publication date: December 29, 2016Applicant: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Yevgeniy A. Samsonov, Kinshuman Kinshumann
-
Publication number: 20160210457Abstract: A facility for booting a virtual machine hosted on a host is described. In one example facility, the facility boots the virtual machine in accordance with a policy instance associated with the virtual machine. As part of the booting, the facility extracts information needed to complete the booting from a virtual trusted platform module associated with the virtual machine, the extraction based upon the policy instance associated with the virtual machine. At the completion of the booting, the facility copies contents of a policy instance associated with the host into the policy instance associated with the virtual machine.Type: ApplicationFiled: August 12, 2015Publication date: July 21, 2016Inventors: Lawrence Ralph Cleeton, Yevgeniy A. Samsonov, Kinshumann Kinshumann, Jingbo Wu, Kevin Michael Broas, Samartha Chandrashekar
-
Publication number: 20160105280Abstract: During booting of a computing device, multiple security boundaries are generated. A security boundary refers to a manner of operation of a computing device or a portion of the computing device, with a program executing in one security boundary being prohibited from accessing data and programs in another security boundary. As part of booting the computing device measurements of (e.g., hash values or other identifications of) various modules loaded and executed as part of booting the computing device are maintained by a boot measurement system of the computing device. Additionally, as part of booting the computing device, a public/private key pair of one of the security boundaries is generated or otherwise obtained. The private key of the public/private key pair is provided to the one security boundary, and the public key of the public/private key pair is provided to the boot measurement system.Type: ApplicationFiled: February 4, 2015Publication date: April 14, 2016Inventors: Kinshuman Kinshumann, Yevgeniy A. Samsonov, Niels T. Ferguson, Mark Fishel Novak
-
Patent number: 7672928Abstract: A searchable index is created using a query process and an indexing process. The query process cooperates with the indexing process to catalogue items that are located within a specified search scope. Previously indexed items are evaluated to ensure that their indexes are up-to-date. Items that are out-of-date have unreliable indexes that should be updated. Items to be indexed within the specified search scope are grouped in batches for processing. As processing of each batch is completed their respective indexing results become available such that partially indexed search scopes are useable while the indexing process continues. Since indexing results trickle in on an ongoing basis, users are permitted to process and/or view indexing results without waiting for the complete indexing process to be completed.Type: GrantFiled: September 30, 2004Date of Patent: March 2, 2010Assignee: Microsoft CorporationInventors: Michael J. Maloney, Yevgeniy A. Samsonov, Chris J. Guzak
-
Patent number: 7392253Abstract: Documents are indexed in accordance with a process that separates the filtering and word breaking portions of the process so that they are performed under a restricted security setting. When a document is requested by an indexer, the document is retrieved and then passed to the higher security process. The document is then filtered one or more filters and tokenized by one or more wordbreakers under the restricted security setting before being passed to the indexer. The restricted security setting prevents security vulnerabilities from being exploited during the filtering and word breaking processes.Type: GrantFiled: March 3, 2005Date of Patent: June 24, 2008Assignee: Microsoft CorporationInventors: Dennis Gursky, Kyle G. Peltonen, Yevgeniy A. Samsonov
-
Patent number: 7240069Abstract: An improved system and method for building a large index is provided. The system and method may be used by many applications to build a large index, including a search engine for crawling the World Wide Web. An indexing engine with an index merger may build an index of content by using a staged pipeline for merging sub-indexes. The index merger may concurrently merge sub-indexes created at multiple stages during indexing of content by using threads from a merging thread pool. When all the content has been indexed, the system may proceed to perform a final merge of all available sub-indexes to form a master index. The system and method may build a large index of any type of content including documents, images, audio streams, video streams and other types of content.Type: GrantFiled: November 14, 2003Date of Patent: July 3, 2007Assignee: Microsoft CorporationInventor: Yevgeniy A. Samsonov
-
Publication number: 20070067455Abstract: Computer resources are dynamically adjusted based on the frequency of user input. A process monitors the user input and adjusts the resource utilization level for a managed process based on the period of time since the last user input. The more recent the user input, the less processing is performed by the managed process and the more the process sleeps. The more distant the user input, the more processing is performed by the background process and the process sleeps less. Even during constant and frequent user input, however, the managed process continues to perform some work.Type: ApplicationFiled: August 8, 2005Publication date: March 22, 2007Applicant: Microsoft CorporationInventors: Dennis Gursky, Yevgeniy Samsonov
-
Publication number: 20060294049Abstract: Indexing documents is performed using low priority I/O requests. This aspect can be implemented in systems having an operating system that supports at least two priority levels for I/O requests to its filing system. Low priority I/O requests can be used for accessing documents to be indexed. Low priority I/O requests can also be used for writing information into the index. Higher priority requests can be used for I/O requests to access the index in response queries from a user. I/O request priority can be set on a per-thread basis as opposed to being set on a per-process basis (which may generate two or more threads for which it may be desirable to assign different priorities).Type: ApplicationFiled: June 27, 2005Publication date: December 28, 2006Applicant: Microsoft CorporationInventors: Stuart Sechrest, Yevgeniy Samsonov
-
Publication number: 20060200446Abstract: Documents are indexed in accordance with a process that separates the filtering and word breaking portions of the process so that they are performed under a restricted security setting. When a document is requested by an indexer, the document is retrieved and then passed to the higher security process. The document is then filtered one or more filters and tokenized by one or more wordbreakers under the restricted security setting before being passed to the indexer. The restricted security setting prevents security vulnerabilities from being exploited during the filtering and word breaking processes.Type: ApplicationFiled: March 3, 2005Publication date: September 7, 2006Applicant: Microsoft CorporationInventors: Dennis Gursky, Kyle Peltonen, Yevgeniy Samsonov
-
Publication number: 20060069672Abstract: A searchable index is created using a query process and an indexing process. The query process cooperates with the indexing process to catalogue items that are located within a specified search scope. Previously indexed items are evaluated to ensure that their indexes are up-to-date. Items that are out-of-date have unreliable indexes that should be updated. Items to be indexed within the specified search scope are grouped in batches for processing. As processing of each batch is completed their respective indexing results become available such that partially indexed search scopes are useable while the indexing process continues. Since indexing results trickle in on an ongoing basis, users are permitted to process and/or view indexing results without waiting for the complete indexing process to be completed.Type: ApplicationFiled: September 30, 2004Publication date: March 30, 2006Applicant: Microsoft CorporationInventors: Michael Maloney, Yevgeniy Samsonov, Chris Guzak
-
Publication number: 20050108189Abstract: An improved system and method for building a large index is provided. The system and method may be used by many applications to build a large index, including a search engine for crawling the World Wide Web. An indexing engine with an index merger may build an index of content by using a staged pipeline for merging sub-indexes. The index merger may concurrently merge sub-indexes created at multiple stages during indexing of content by using threads from a merging thread pool. When all the content has been indexed, the system may proceed to perform a final merge of all available sub-indexes to form a master index. The system and method may build a large index of any type of content including documents, images, audio streams, video streams and other types of content.Type: ApplicationFiled: November 14, 2003Publication date: May 19, 2005Inventor: Yevgeniy Samsonov