公开(公告)号：US20160087963A1

公开(公告)日：2016-03-24

申请号：US14955819

申请日：2015-12-01

Applicant: Microsoft Technology Licensing, LLC

Inventor： Mohamed Rouatbi ,  Karthik Jaganathan ,  Venkata K. Anumalasetty ,  Ramesh Chinta ,  Scott A. Field

IPC: H04L29/06 ,  G06F21/31

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/44 ,  G06F21/57 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/101 ,  H04L63/20

Abstract: Embodiments are directed to establishing a secure connection between computing systems and to providing computer system virtualization on a secure computing device. In one scenario, a computer system receives a request that at least one specified function be initiated. The request includes user credentials and a device claim that identifies the computing device. The computer system authenticates the user using the received user credentials and determines, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the specified function. Then, upon determining that the user has been authenticated and that the computing device is approved to initiate performance the specified function, the computer system initiates performance of the specified function.

Abstract translation: 实施例涉及在计算系统之间建立安全连接并且在安全计算设备上提供计算机系统虚拟化。 在一种情况下，计算机系统接收到启动至少一个指定功能的请求。 该请求包括用户凭证和识别计算设备的设备声明。 计算机系统使用接收到的用户凭证对用户进行认证，并且基于设备权利要求确定计算设备是已经被批准以发起指定功能的执行的被许可的计算设备。 然后，当确定用户已经被认证并且计算设备被批准发起指定功能的性能时，计算机系统启动指定功能的执行。

公开(公告)号：US11327558B2

公开(公告)日：2022-05-10

申请号：US16839062

申请日：2020-04-02

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Benjamin Brown ,  Mohamed Rouatbi ,  Jeffrey Scott Shaw

IPC: G06F3/01 ,  G06F16/245 ,  G06F3/0486 ,  G06F3/04883 ,  G06T11/00 ,  H04L29/06

Abstract: Disclosed herein is a system for facilitating fast and intuitive investigations of security incidents by responding to physical gestures performed by security analysts within a virtual scene. A query triggers an alert for detecting security incidents that occur with respect to computing resources. Following the alert, the security analyst dons a Near-Eye-Display (NED) device and is presented with a virtual scene having control elements representing various data sets and/or data analysis operations relevant to a security incident. The security analyst investigates the security incident by performing hand motions to “grab-and-drag” control elements representing data sets. The security analyst may also perform hand motions to “tap on” control elements that represents a data analysis operation. Responsive to the hand motions, the system performs data analysis operations and displays a result within the virtual scene. Then, the security analyst performs another hand motion to remediate any threat caused by the security incident.

公开(公告)号：US20190098024A1

公开(公告)日：2019-03-28

申请号：US15718393

申请日：2017-09-28

Applicant: Microsoft Technology Licensing, LLC

Inventor： Svetlana Gaivoronski ,  Paul England ,  Mohamed Rouatbi ,  Mariusz H. Jakubowski ,  Marcus Peinado ,  Julian Federico Gonzalez, JR.

IPC: H04L29/06

Abstract: A process to detect intrusions with an intrusion detection system is disclosed. The intrusion detection system identifies instance types, and each instance type includes an instance. A know compromised instance is identified from the plurality of instances. A link between the plurality instance types is traversed from the compromised instance to discover an additional compromised instance.

公开(公告)号：US10735457B2

公开(公告)日：2020-08-04

申请号：US15723832

申请日：2017-10-03

Applicant: Microsoft Technology Licensing, LLC

Inventor： Mohamed Rouatbi ,  Julian Federico Gonzalez, Jr. ,  Marcus Peinado ,  Mariusz H. Jakubowski ,  Svetlana Gaivoronski

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/55 ,  H04W12/00

Abstract: A process to investigate intrusions with an investigation system is disclosed. The process receives forensic facts from a set of forensic events on a system or network. A suspicious fact is identified from the forensic facts. A related fact from the forensic facts is identified based on the suspicious fact.

公开(公告)号：US10791128B2

公开(公告)日：2020-09-29

申请号：US15718393

申请日：2017-09-28

Applicant: Microsoft Technology Licensing, LLC

Inventor： Svetlana Gaivoronski ,  Paul England ,  Mohamed Rouatbi ,  Mariusz H. Jakubowski ,  Marcus Peinado ,  Julian Federico Gonzalez, Jr.

IPC: H04L29/06 ,  G06F21/56 ,  H04L12/26

Abstract: A process to detect intrusions with an intrusion detection system is disclosed. The intrusion detection system identifies instance types, and each instance type includes an instance. A know compromised instance is identified from the plurality of instances. A link between the plurality instance types is traversed from the compromised instance to discover an additional compromised instance.

公开(公告)号：US20190104147A1

公开(公告)日：2019-04-04

申请号：US15723832

申请日：2017-10-03

Applicant: Microsoft Technology Licensing, LLC

Inventor： Mohamed Rouatbi ,  Julian Federico Gonzalez, JR. ,  Marcus Peinado ,  Mariusz H. Jakubowski ,  Svetlana Gaivoronski

IPC: H04L29/06

Abstract: A process to investigate intrusions with an investigation system is disclosed. The process receives forensic facts from a set of forensic events on a system or network. A suspicious fact is identified from the forensic facts. A related fact from the forensic facts is identified based on the suspicious fact.

公开(公告)号：US20190065754A1

公开(公告)日：2019-02-28

申请号：US15692393

申请日：2017-08-31

Applicant: Microsoft Technology Licensing, LLC

Inventor： Rebecca Jean Ochs ,  Ramesh Chinta ,  Amrita Satapathy ,  Jeffrey Cooperstein ,  Harini Parthasarathy ,  Scott Antony Field ,  Mohamed Rouatbi ,  Julian Federico Gonzalez

IPC: G06F21/57

Abstract: Security risks associated with scanning a computer are at least mitigated by performing the scanning off node. State data of a target node, or computer, can be acquired in various ways. The acquired state data can be subsequently employed to generate a virtual replica of the target computer or portion thereof on a second computer isolated from the target computer. The virtual replica of the target computer provides a scanner access to the data needed to perform a scan on the second computer without accessing or being able to impact the target computer.

公开(公告)号：US09413740B2

公开(公告)日：2016-08-09

申请号：US14337936

申请日：2014-07-22

Applicant: Microsoft Technology Licensing, LLC

Inventor： Mohamed Rouatbi ,  Karthik Jaganathan ,  Venkata K. Anumalasetty ,  Ramesh Chinta ,  Scott A. Field

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/31

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/44 ,  G06F21/57 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/101 ,  H04L63/20

Abstract: Embodiments are directed to establishing a secure connection between computing systems and to providing computer system virtualization on a secure computing device. In one scenario, a computer system receives a request that at least one specified function be initiated. The request includes user credentials and a device claim that identifies the computing device. The computer system authenticates the user using the received user credentials and determines, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the specified function. Then, upon determining that the user has been authenticated and that the computing device is approved to initiate performance the specified function, the computer system initiates performance of the specified function.

Abstract translation: 实施例涉及在计算系统之间建立安全连接并且在安全计算设备上提供计算机系统虚拟化。 在一种情况下，计算机系统接收到启动至少一个指定功能的请求。 该请求包括用户凭证和识别计算设备的设备声明。 计算机系统使用接收到的用户凭证对用户进行认证，并且基于设备权利要求确定计算设备是已经被批准以发起指定功能的执行的被许可的计算设备。 然后，当确定用户已经被认证并且计算设备被批准发起指定功能的性能时，计算机系统启动指定功能的执行。