公开(公告)号：US09253195B2

公开(公告)日：2016-02-02

申请号：US13915271

申请日：2013-06-11

Applicant: Microsoft Technology Licensing, LLC

Inventor： Carl M. Ellison ,  Paul J. Leach ,  Butler W. Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

IPC: G06F21/00 ,  H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0823

Abstract: The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL.

公开(公告)号：US09311483B2

公开(公告)日：2016-04-12

申请号：US14068996

申请日：2013-10-31

Applicant: Microsoft Technology Licensing, LLC

Inventor： Thekkthalackal Varugis Kurien ,  Paul England ,  Ravindra Nath Pandya ,  Niels Ferguson

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F21/57 ,  G06F9/50

CPC classification number: G06F21/57 ,  G06F9/5077 ,  G06F2221/2149

Abstract: Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.

公开(公告)号：US09875120B2

公开(公告)日：2018-01-23

申请号：US14228129

申请日：2014-03-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Sergey I. Bykov ,  Alan S. Geller ,  Gabriel Kliot ,  Ravindra Nath Pandya ,  Jorgen Thelin

IPC: G06F9/46 ,  G06F9/455 ,  G06F9/44

CPC classification number: G06F9/455 ,  G06F9/4488 ,  G06F9/465

Abstract: The subject disclosure is directed towards virtual components, e.g., comprising software components such as virtual components of a distributed computing system. Virtual components are available for use by distributed computing system applications, yet managed by the distributed computing system runtime transparent to the application with respect to automatic activation and deactivation on runtime-selected distributed computing system servers. Virtualization of virtual components is based upon mapping virtual components to their physical instantiations that are currently running, such as maintained in a global data store.