公开(公告)号：US12189764B2

公开(公告)日：2025-01-07

申请号：US17828903

申请日：2022-05-31

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ishwar Agarwal ,  Stefan Saroiu ,  Alastair Wolman ,  Daniel Sebastian Berger

IPC: G11C8/20 ,  G06F21/55 ,  G11C11/406

Abstract: The present disclosure relates to systems and methods implemented on a memory controller for detecting and mitigating memory attacks (e.g., row hammer attacks). For example, a memory controller may track activations of row addresses within a memory hardware (e.g., a DRAM device) and determine whether a pattern of activations is indicative of a row hammer attack. This is determined using a counting mode for corresponding memory sub-banks. Where a likely row hammer attack is detected, the memory controller may activate a sampling mode (rather than the counting mode) for a particular sub-bank to identify which of the row addresses should be refreshed on the memory hardware. The implementations described herein provide a low computational cost alternative to heavy-handed detection mechanisms that require access to significant computing resources to accurately detect and mitigate row hammer attacks.

公开(公告)号：US11900127B2

公开(公告)日：2024-02-13

申请号：US17545767

申请日：2021-12-08

Applicant: Microsoft Technology Licensing, LLC

Inventor： Stefan Saroiu ,  Varun Gandhi ,  Alastair Wolman ,  Landon Prentice Cox

IPC: G06F21/60 ,  G06F9/44 ,  G06F9/4401 ,  H04W24/04

CPC classification number: G06F9/4406 ,  G06F21/606 ,  H04W24/04

Abstract: Cryptographically-secured deferral tickets provided by a minting process that runs in a secure enclave on a computing device reset an authenticated watchdog timer that reboots the device from a hardware-protected recovery operating system to re-image the device into a known good state if the timer expires. The deferral tickets are written to a secure channel using a symmetric key that is provisioned by repurposing an existing Intel SGX (Software Guard Extension) Versioning Support protocol that enables migration of secrets between enclaves that have the same author. In an illustrative embodiment, the deferral ticket minting process and authenticated watchdog timer execute locally to enable automated recovery of the computing device when utilized in far edge infrastructure of a fifth generation (5G) network such as a distributed unit (DU) of a radio access network (RAN).

公开(公告)号：US20200092599A1

公开(公告)日：2020-03-19

申请号：US16694241

申请日：2019-11-25

Applicant: Microsoft Technology Licensing, LLC

Inventor： David Chiyuan Chu ,  Eduardo Alberto Cuervo Laffaye ,  Johannes Peter Kopf ,  Alastair Wolman ,  Yury Degtyarev ,  Kyungmin Lee ,  Sergey Grizan

IPC: H04N21/426 ,  A63F13/35 ,  G06T15/20

Abstract: A server device and method are provided for use in predictive server-side rendering of scenes based on client-side user input. The server device may include a processor and a storage device holding instructions for an application program executable by the processor to receive, at the application program, a current navigation input in a stream of navigation inputs from a client device over a network, calculate a predicted future navigation input based on the current navigation input and a current application state of the application program, render a future scene based on the predicted future navigation input to a rendering surface, and send the rendering surface to the client device over the network.

公开(公告)号：US10404466B2

公开(公告)日：2019-09-03

申请号：US15459593

申请日：2017-03-15

Applicant: Microsoft Technology Licensing, LLC

Inventor： Himanshu Raj ,  Stefan Saroiu ,  Alastair Wolman ,  Chen Chen

IPC: H04L9/32 ,  H04L29/08 ,  G06F21/62 ,  G06F21/72 ,  G06F21/78 ,  H04L9/12 ,  H04L29/06 ,  H04L9/08 ,  G06F21/10

Abstract: Various technologies described herein pertain to a computing device that includes secure hardware (e.g., a TPM, a secure processor of a processing platform, protected memory that includes a software-based TPM, etc.). The secure hardware includes a shared secret, which is shared by the secure hardware and a server computing system. The shared secret is provisioned by the server computing system or a provisioning computing system of a party affiliated with the server computing system. The secure hardware further includes a cryptographic engine that can execute a cryptographic algorithm using the shared secret or a key generated from the shared secret. The cryptographic engine can execute the cryptographic algorithm to perform encryption, decryption, authentication, and/or attestation.

公开(公告)号：US20180239990A1

公开(公告)日：2018-08-23

申请号：US15958943

申请日：2018-04-20

Applicant: Microsoft Technology Licensing, LLC

Inventor： Matthai Philipose ,  Haichen Shen ,  Alastair Wolman ,  Sharad Agarwal

IPC: G06K9/62 ,  G06K9/00 ,  G06N3/08

CPC classification number: G06K9/6285 ,  G06K9/00718 ,  G06K9/6227 ,  G06K9/6256 ,  G06K9/628 ,  G06N3/08

Abstract: A classification system classifies different aspects of content of an input image stream, such as faces, landmarks, events, and so forth. The classification system includes a general classifier and at least one specialized classifier template. The general classifier is trained to classify a large number of different aspects of content, and a specialized classifier can be trained based on a specialized classifier template during operation of the classification system to classify a particular subset of the multiple different aspects of content. The classification system determines when to use the general classifier and when to use a specialized classifier based on class skew, which refers to the temporal locality of a subset of aspects of content in the image stream.

公开(公告)号：US09965823B2

公开(公告)日：2018-05-08

申请号：US14630830

申请日：2015-02-25

Applicant: Microsoft Technology Licensing, LLC

Inventor： Kiryong Ha ,  Paramvir Bahl ,  David Chiyuan Chu ,  Eduardo Cuervo ,  Lenin Ravindranath Sivalingam ,  Alastair Wolman

IPC: G06T1/20 ,  G06F9/455 ,  G06F9/48

CPC classification number: G06T1/20 ,  G06F9/455 ,  G06F9/45558 ,  G06F9/48 ,  G06F2009/4557

Abstract: The claimed subject matter includes techniques for live migration of a graphics processing unit (GPU) state. An example method includes receiving recorded GPU commands from a relay at a destination GPU. The method also includes replaying the recorded GPU commands at the destination GPU. The method also includes detecting a downtime for the GPU commands. The method further includes establishing a connection between the destination GPU and the client during the detected downtime.

公开(公告)号：US09756375B2

公开(公告)日：2017-09-05

申请号：US14603213

申请日：2015-01-22

Applicant: Microsoft Technology Licensing, LLC

Inventor： David Chiyuan Chu ,  Eduardo Alberto Cuervo Laffaye ,  Johannes Peter Kopf ,  Alastair Wolman ,  Yury Degtyarev ,  Kyungmin Lee ,  Sergey Grizan

IPC: G06T11/20 ,  H04N21/426 ,  A63F13/35 ,  G06T15/20 ,  H04L29/08

CPC classification number: H04N21/42653 ,  A63F13/35 ,  G06T15/20 ,  H04L67/36

Abstract: A server device and method are provided for use in predictive server-side rendering of scenes based on client-side user input. The server device may include a processor and a storage device holding instructions for an application program executable by the processor to receive, at the application program, a current navigation input in a stream of navigation inputs from a client device over a network, calculate a predicted future navigation input based on the current navigation input and a current application state of the application program, render a future scene based on the predicted future navigation input to a rendering surface, and send the rendering surface to the client device over the network.

公开(公告)号：US09686077B2

公开(公告)日：2017-06-20

申请号：US14629501

申请日：2015-02-24

Applicant: Microsoft Technology Licensing, LLC

Inventor： Himanshu Raj ,  Stefan Saroiu ,  Alastair Wolman ,  Chen Chen

IPC: H04L9/32 ,  H04L29/08 ,  G06F21/62 ,  G06F21/72 ,  G06F21/78 ,  H04L9/12 ,  H04L29/06 ,  H04L9/08 ,  G06F21/10

CPC classification number: H04L9/3234 ,  G06F21/10 ,  G06F21/6272 ,  G06F21/72 ,  G06F21/78 ,  G06F2221/0706 ,  G06F2221/0771 ,  G06F2221/2115 ,  H04L9/085 ,  H04L9/0869 ,  H04L9/0877 ,  H04L9/0897 ,  H04L9/12 ,  H04L63/0428 ,  H04L63/0435 ,  H04L67/1002 ,  H04L67/1095 ,  H04L2209/127

Abstract: Various technologies described herein pertain to a computing device that includes secure hardware (e.g., a TPM, a secure processor of a processing platform, protected memory that includes a software-based TPM, etc.). The secure hardware includes a shared secret, which is shared by the secure hardware and a server computing system. The shared secret is provisioned by the server computing system or a provisioning computing system of a party affiliated with the server computing system. The secure hardware further includes a cryptographic engine that can execute a cryptographic algorithm using the shared secret or a key generated from the shared secret. The cryptographic engine can execute the cryptographic algorithm to perform encryption, decryption, authentication, and/or attestation.

公开(公告)号：US09477486B2

公开(公告)日：2016-10-25

申请号：US14462113

申请日：2014-08-18

Applicant: Microsoft Technology Licensing, LLC

Inventor： Himanshu Raj ,  Stefan Saroiu ,  Alastair Wolman ,  Paul England ,  Anh M. Nguyen ,  Shravan Rayanchu

IPC: G06F9/44 ,  G06F9/45 ,  G06F21/57 ,  G06F21/50 ,  G06F21/53 ,  G06F9/455

CPC classification number: G06F9/4406 ,  G06F9/4416 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/50 ,  G06F21/53 ,  G06F21/57 ,  G06F21/575 ,  G06F2009/45587 ,  G06F2221/034 ,  G06F2221/2105 ,  G06F2221/2149

Abstract: In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode.

Abstract translation: 在云计算环境中，最小化生产服务器虚拟化堆栈，以减少在虚拟机中运行的恶意软件的安全漏洞。 最小的虚拟化堆栈包括对客户操作系统的操作所需的那些虚拟设备的支持，这些虚拟设备的代码基础进一步减少。 此外，专用的隔离引导服务器提供安全引导客户机操作系统的功能。 引导服务器通过使用认证协议进行隔离，引导服务器向网络交换机提供秘密，以证明引导服务器以干净的模式运行。 认证协议可以进一步采用安全协处理器来密封秘密，使得仅当引导服务器以干净模式操作时才可访问。

公开(公告)号：US20160219325A1

公开(公告)日：2016-07-28

申请号：US14603213

申请日：2015-01-22

Applicant: Microsoft Technology Licensing, LLC

Inventor： David Chiyuan Chu ,  Eduardo Alberto Cuervo Laffaye ,  Johannes Peter Kopf ,  Alastair Wolman ,  Yury Degtyarev ,  Kyungmin Lee ,  Sergey Grizan

IPC: H04N21/426 ,  H04N21/2385 ,  A63F13/35 ,  H04L29/08

CPC classification number: H04N21/42653 ,  A63F13/35 ,  G06T15/20 ,  H04L67/36

Abstract: A server device and method are provided for use in predictive server-side rendering of scenes based on client-side user input. The server device may include a processor and a storage device holding instructions for an application program executable by the processor to receive, at the application program, a current navigation input in a stream of navigation inputs from a client device over a network, calculate a predicted future navigation input based on the current navigation input and a current application state of the application program, render a future scene based on the predicted future navigation input to a rendering surface, and send the rendering surface to the client device over the network.

Abstract translation: 提供了一种服务器设备和方法，用于基于客户端用户输入来预测服务器端呈现场景。 服务器设备可以包括处理器和存储设备，其存储用于可由处理器执行的应用程序的指令，以在应用程序处接收来自客户端设备的通过网络的导航输入流中的当前导航输入，计算预测 基于当前导航输入的未来导航输入和应用程序的当前应用状态，基于预测的未来导航输入到渲染表面来呈现未来场景，并通过网络将渲染表面发送到客户端设备。