公开(公告)号：WO2021025769A1

公开(公告)日：2021-02-11

申请号：PCT/US2020/036877

申请日：2020-06-10

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： DE MARCO, Jonathan ,  SCHULTZ, Benjamin M. ,  SMITH, Frederick Justus, IV ,  PULAPAKA, Hari R. ,  IYIGUN, Mehmet ,  GUO, Amber Tianqi

IPC: G06F9/455 ,  G06F8/656 ,  G06F16/188 ,  G06F8/71 ,  G06F8/61 ,  G06F9/445

Abstract: Computing systems, devices, and methods of dynamic image composition for container deployment are disclosed herein. One example technique includes receiving a request for accessing a file from a container process. In response to receiving the request, the technique includes querying a mapping table corresponding to the container process to locate an entry corresponding to a file identifier of the requested file. The entry also includes data identifying a file location on the storage device from which the requested file is accessible. The technique further includes retrieving a copy of the requested file according to the file location identified by the data in the located entry in the mapping table and providing the retrieved copy of the requested file to the container process, thereby allowing the container process to access the requested file.

公开(公告)号：WO2019217219A1

公开(公告)日：2019-11-14

申请号：PCT/US2019/030509

申请日：2019-05-03

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： SCHULTZ, Benjamin M. ,  KURJANOWICZ, Matthew David ,  SRIVASTAVA, Ankit ,  KARADEMIR, Ahmed Saruhan ,  GHOSH, Sudeep Kumar ,  PASHNIAK, Michael Trevor ,  PULAPAKA, Hari R. ,  BALASUBRAMANYAN, Balaji ,  SUGANDHI, Tushar Suresh ,  VISWANATHAN, Giridhar

IPC: G06F21/53 ,  G06F21/55

Abstract: Securely storing, installing, or launching applications. A method includes determining a trust characteristic or a license characteristic assigned to an application. When the trust characteristic or the license characteristic meets or exceeds a predetermined trust condition or a predetermined license condition, then the method includes at least one of storing, installing or launching the application in a first, more secure operating system while preventing the application from, being at least one of stored, installed or launched in a second, less secure operating system. When the trust characteristic or the license characteristic does not meet or exceed the predetermined trust condition or the predetermined license condition, then the method includes at least one of storing, installing or launching the application in the second less secure operating system while preventing the application from being at least one of stored, installed or launched in the first, more secure operating system.

公开(公告)号：WO2019147394A1

公开(公告)日：2019-08-01

申请号：PCT/US2019/012008

申请日：2019-01-02

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： CHENCHEV, Margarit Simeonov ,  SCHULTZ, Benjamin M. ,  MAISURIA, Paresh ,  PULAPAKA, Hari R. ,  SRIVASTAVA, Ankit ,  WONG, Graham

IPC: G06F9/445 ,  G06F8/60

Abstract: Deploying containers constrained by power profiles on a host system. A method includes identifying a container template, a set of reusable stored characteristics, to be used for deploying a container instance. The method further includes obtaining a power profile, defining at least one power consumption threshold, for the container instance based on at least one of the set of reusable stored characteristics of the container template or other information about the container instance. The method further includes deploying the container instance on the host system by applying the set of reusable stored characteristics and the power profile by applying one or more configuration layers which causes power to the container instance to be at least one of regulated or monitored based on information in the power profile.

公开(公告)号：WO2019032189A1

公开(公告)日：2019-02-14

申请号：PCT/US2018/038141

申请日：2018-06-19

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： PEREIRA, Yolando ,  CHENCHEV, Margarit Simeonov ,  VISWANATHAN, Giridhar ,  OPREA, Constantin Sorin ,  STARKS, John Andrew ,  SABO, Kyle Patrick ,  COOK, Douglas Evan ,  BEINHART, Seth Christopher ,  JEFFRIES, Charles Glenn ,  SRIVASTAVA, Ankit ,  SCHULTZ, Benjamin M. ,  PULAPAKA, Hari R.

IPC: G06F11/34 ,  H04L12/26

CPC classification number: G06F21/552 ,  G06F9/45558 ,  G06F11/3006 ,  G06F11/3068 ,  G06F11/34 ,  G06F11/3476 ,  G06F21/57 ,  G06F2009/45562 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2201/86 ,  H04L41/5009

Abstract: The techniques described herein enable client APIs to be deployed within isolated computing environments while externally exposing and/or maintaining a log of computing events that the client APIs perform and/or attempt to perform within the isolated computing environments. Generally described, configurations disclosed herein enable audit parameters associated with client application programming interfaces (APIs) to be deployed within an isolated computing environment to generate a log of computing events performed by the client APIs. Ultimately, access to the log of computing events is provided externally to the isolated computing environment without exposing sensitive computing resources (e.g., a host operating system (OS)) to the various client APIs.

公开(公告)号：WO2018204152A1

公开(公告)日：2018-11-08

申请号：PCT/US2018/029490

申请日：2018-04-26

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： SCHULTZ, Benjamin M. ,  KINSHUMANN ,  LINSLEY, David John ,  JEFFRIES, Charles Glenn ,  VISWANATHAN, Giridhar ,  ANDERSON, Scott Daniel ,  SMITH, Frederick J. ,  PULAPAKA, Hari R. ,  ZHOU, JianMing ,  CHENCHEV, Margarit Simeonov ,  PROBERT, David B.

IPC: G06F9/455 ,  G06F21/62 ,  G06F9/445

Abstract: Facilities are provided to secure guest runtime environments (GREs). Security policy specifications may be associated with GREs. A GRE's security policy may be specific to the GRE and may also include security policy inherited from higher levels such as a host operating environment. The security policy of a GRE specifies restrictions and/or permissions for activities that may be performed within the scope of execution of the GRE. A GRE's security policy may limit what the GRE's guest software may do within the GRE. Restrictions/permissions may be applied to objects such as files, configuration data, and the like. Security specifications may be applied to execution initiated within a GRE. A GRE's security specification may restrict/permit executable objects from loading and executing within the GRE. The executability or accessibility of objects may be conditioned on factors such as the health/integrity of the GRE, the host system, requested files, and others.

公开(公告)号：WO2018204103A1

公开(公告)日：2018-11-08

申请号：PCT/US2018/028759

申请日：2018-04-23

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： VISWANATHAN, Giridhar ,  DIAZ CUELLAR, Gerardo ,  PULAPAKA, Hari R. ,  PASHOV, Ivan Dimitrov ,  PAI, Navin Narayan ,  SCHULTZ, Benjamin M.

IPC: G06F21/62 ,  G06F21/74 ,  G06F21/31

Abstract: A second operating system accessing resources from an external service. A method includes sending an anonymized request, for an anonymized user corresponding to an authorized user, for resources, through a broker. A request for proof indicating that the anonymized user is authorized to obtain the resources is received from the broker. As a result, a request is send to a first operating system for the proof that the anonymized user is authorized to obtain the resources. Proof is received from the first operating system, based on the anonymized user being associated with the authorized user, that the anonymized user is authorized to obtain the resources. The proof is provided to the broker. As a result, the resources are obtained by the second operating system from the service.

公开(公告)号：WO2018128898A1

公开(公告)日：2018-07-12

申请号：PCT/US2017/068614

申请日：2017-12-28

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： PULAPAKA, Hari R. ,  CHENCHEV, Margarit Simeonov ,  SCHULTZ, Benjamin M. ,  WISWALL, Jonathan David ,  SMITH, Frederick Justus ,  STARKS, John A. ,  WOLCOTT, Richard O. ,  EBERSOL, Michael Bishop

IPC: G06F9/54

Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.

公开(公告)号：WO2017165174A1

公开(公告)日：2017-09-28

申请号：PCT/US2017/022616

申请日：2017-03-16

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： DIAZ-CUELLAR, Gerardo ,  SCHULTZ, Benjamin M. ,  PASHOV, Ivan Dimitrov

IPC: H04L29/06

Abstract: The techniques and systems described herein improve security and improve connection reliability by providing a framework for an application to communicate its intent to an authority service so that the authority service can enforce networking security requirements. In various examples, an intent to access a resource over a network is received and queries are sent to resolve a network connection that enables access to the resource. Information for the resource is then collected and stored together in a trusted and secure environment. For instance, the information can include proxy data or can include hostname data. A ticket can be created based on the information. The ticket can be used to establish and maintain a secure network connection to the resource.

Abstract translation: 这里描述的技术和系统通过提供用于将其意图传达给授权服务的应用程序的框架来提高安全性并改善连接可靠性，使得授权服务可以实施联网安全性要求。 在各种示例中，接收通过网络访问资源的意图并且发送查询以解析使得能够访问资源的网络连接。 然后收集资源信息并将其一起存储在可信和安全的环境中。 例如，该信息可以包括代理数据或可以包括主机名数据。 可以根据信息创建票证。 该票据可用于建立和维护与资源的安全网络连接。

公开(公告)号：WO2017011607A1

公开(公告)日：2017-01-19

申请号：PCT/US2016/042176

申请日：2016-07-14

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： SCHULTZ, Benjamin M. ,  TIWARI, Abhishek ,  ARNEJA, Aman ,  GUPTA, Dhiraj

IPC: H04L12/721 ,  H04L12/715 ,  H04L12/24 ,  H04L12/26 ,  H04L12/851

CPC classification number: H04L45/38 ,  H04L41/0893 ,  H04L41/5077 ,  H04L43/0876 ,  H04L43/50 ,  H04L45/02 ,  H04L45/025 ,  H04L45/028 ,  H04L45/306 ,  H04L45/64 ,  H04L47/125 ,  H04L47/2441 ,  H04L47/2475 ,  H04L47/2483

Abstract: A control and monitoring system orders a service chain - an order of data flow through a plurality of network nodes - based on network node identifiers. The control and monitoring system provide a policy to networking nodes in order to enforce the order of the service chain. In some embodiments, features are implemented to improve the availability of service chains. Such features include load-balancing, fail-over, traffic engineering, and automated deployment of virtualized network functions at various stages of a service chain, among others.

Abstract translation: 控制和监视系统基于网络节点标识符命令服务链 - 通过多个网络节点的数据流的顺序。 控制和监控系统为网络节点提供策略，以便执行服务链的顺序。 在一些实施例中，实现特征以改善服务链的可用性。 这些功能包括负载平衡，故障转移，流量工程以及在服务链的各个阶段的虚拟化网络功能的自动部署等等。