Bryan Jeffrey Parno

US Patent:

8307443, Nov 6, 2012

Filed:

Sep 28, 2007

Appl. No.:

11/863870

Inventors:

Jiahe Helen Wang - Issaquah WA, US
Jacob R. Lorch - Bellevue WA, US
Bryan Jeffrey Parno - Pittsburgh PA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 11/00

US Classification:

726 24, 726 26, 713187, 713188

Abstract:

The subject disclosure relates to systems and methods that secure anti-virus software through virtualization. Anti-virus systems can be maintained separate from user applications and operating system through virtualization. The user applications and operating system run in a guest virtual machine while anti-virus systems are isolated in a secure virtual machine. The virtual machines are partially interdependent such that the anti-virus systems can monitor user applications and operating systems while the anti-virus systems remain free from possible malicious attack originating from a user environment. Further, the anti-virus system is secured against zero-day attacks so that detection and recovery may occur post zero-day.

US Patent:

8352738, Jan 8, 2013

Filed:

Dec 3, 2007

Appl. No.:

11/998890

Inventors:

Bryan Parno - Pittsburgh PA, US
Cynthia Kuo - Pittsburgh PA, US
Adrian Perrig - Pittsburgh PA, US

Assignee:

Carnegie Mellon University - Pittsburgh PA

International Classification:

H04L 9/32
G06Q 20/00

US Classification:

713168, 726 5, 705 73

Abstract:

Phishing attacks succeed by exploiting a user's inability to distinguish legitimate websites from spoofed websites. Most prior work focuses on assisting the user in making this distinction; however, users must make the right security decision every time. Unfortunately, humans are ill-suited for performing the security checks necessary for secure site identification, and a single mistake may result in a total compromise of the user's online account. Fundamentally, users should be authenticated using information that they cannot readily reveal to malicious parties. Placing less reliance on the user during the authentication process enhances security and eliminates many forms of fraud. We disclose using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware.

US Patent:

8627414, Jan 7, 2014

Filed:

Mar 9, 2010

Appl. No.:

12/720008

Inventors:

Jonathan M. McCune - Pittsburgh PA, US
Adrian M. Perrig - Pittsburgh PA, US
Anupam Datta - Pittsburgh PA, US
Virgil Dorin Gligor - Pittsburgh PA, US
Yanlin Li - Pittsburgh PA, US
Bryan Jeffrey Parno - Pittsburgh PA, US
Amit Vasudevan - Pittsburgh PA, US
Ning Qu - San Jose CA, US

Assignee:

Carnegie Mellon University - Pittsburgh PA

International Classification:

G06F 7/04
G06F 12/14
H04L 29/06
H04L 9/32
G06F 15/167
G06F 15/16

US Classification:

726 4, 726 7, 726 23, 726 27, 713165, 713166, 713168, 709212, 709217

Abstract:

A computer including a processor and a verification device. The processor in the computer performs the steps of authenticating a secure connection between a hypervisor and the verification device, measuring the identity of at least a portion of a select guest before the select guest executes any instruction, and sending a measurement of the identity of the select guest to the verification device. The verification device compares the policy stored in the verification device with the measurement of the select guest received by the verification device. The steps of authenticating, measuring, sending, and comparing are performed after receiving a signal indicative of a request to execute the select guest and without rebooting the computer.

US Patent:

20130055396, Feb 28, 2013

Filed:

Oct 25, 2012

Appl. No.:

13/660808

Inventors:

Microsoft Corporation - Redmond WA, US
Jacob R. Lorch - Bellevue WA, US
Bryan Jeffrey Parno - Pittsburgh PA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 21/00

US Classification:

726 24

Abstract:

The subject disclosure relates to systems and methods that secure anti-virus software through virtualization. Anti-virus systems can be maintained separate from user applications and operating system through virtualization. The user applications and operating system run in a guest virtual machine while anti-virus systems are isolated in a secure virtual machine. The virtual machines are partially interdependent such that the anti-virus systems can monitor user applications and operating systems while the anti-virus systems remain free from possible malicious attack originating from a user environment. Further, the anti-virus system is secured against zero-day attacks so that detection and recovery may occur post zero-day.

US Patent:

20130117840, May 9, 2013

Filed:

Nov 9, 2011

Appl. No.:

13/292090

Inventors:

Franziska Roesner - Seattle WA, US
Tadayoshi Kohno - Seattle WA, US
Alexander Moshchuk - Kirkland WA, US
Bryan J. Parno - Seattle WA, US
Helen J. Wang - Redmond WA, US

Assignee:

MICROSOFT CORPORATION - Redmond WA

International Classification:

G06F 21/00
G06F 3/048

US Classification:

726 17, 715781

Abstract:

An access system is described herein which allows an application module to access a user-owned resource based on an indication of a user's intent to interact with the user-owned resource. For example, the application module can provide an application user interface which embeds a gadget associated with a particular user-owned resource. The access system can interpret the user's interaction with the gadget as conferring implicit permission to the application module to access the user-owned resource associated with the gadget. In addition, or alternatively, the user may make a telltale gesture in the course of interacting with the application module. The access system can interpret this gesture as conferring implicit permission to the application module to access a user-owned resource that is associated with the gesture.

US Patent:

20130205385, Aug 8, 2013

Filed:

Feb 8, 2012

Appl. No.:

13/368334

Inventors:

Franziska Roesner - Seattle WA, US
Tadayoshi Kohno - Seattle WA, US
Alexander Moshchuk - Kirkland WA, US
Bryan J. Parno - Seattle WA, US
Helen J. Wang - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 21/00

US Classification:

726 17

Abstract:

An access system is described herein which allows an application to access a system-level and/or application-specific user-owned resource based on a user's interaction with an intent-based access mechanism. For example, the intent-based access mechanism may correspond to a gadget that is embedded in an application user interface provided by the application, and/or logic for detecting a permission-granting input sequence. The access system accommodates different types of intent-based access mechanisms. One type is a scheduled intent-based access mechanism. Another type provides access to two or more user-owned resources. Further, the access system includes a mechanism for determining whether the application is permitted to use an intent-based access mechanism.

US Patent:

20130212385, Aug 15, 2013

Filed:

Feb 10, 2012

Appl. No.:

13/370331

Inventors:

Stuart Edward Schechter - Kirkland WA, US
David Alexander Molnar - Bellevue WA, US
Jacob Rubin Lorch - Bellevue WA, US
Barry Clayton Bond - Redmond WA, US
Bryan Jeffrey Parno - Seattle WA, US

Assignee:

MICROSOFT CORPORATION - Redmond WA

International Classification:

H04L 9/28

US Classification:

713168

Abstract:

Various technologies pertaining to authenticating a password in a manner that prevents offline dictionary attacks are described. A protected module, which can be a hardware security module, a trusted platform module, or the like, is in communication with an authentication server. The protected module comprises a key that is restricted to the protected module. The key is employed in connection with authenticating the password on the protected module.

US Patent:

20130251216, Sep 26, 2013

Filed:

Mar 23, 2012

Appl. No.:

13/429261

Inventors:

Christopher Stephen Frederick Smowton - Cambridge, GB
Ronnie Chaiken - Redmond WA, US
Weidong Cui - Redmond WA, US
Oliver H. Foehr - Bellevue WA, US
Jacob Rubin Lorch - Bellevue WA, US
David Molnar - Seattle WA, US
Bryan Jeffrey Parno - Seattle WA, US
Stefan Saroiu - Redmond WA, US
Alastair Wolman - Seattle WA, US

Assignee:

MICROSOFT CORPORATION - Redmond WA

International Classification:

G06K 9/00
H04L 9/00

US Classification:

382118, 382115, 713150

Abstract:

Described is a technology by which the identity of a person (e.g., a customer in a commercial transaction) is determinable without active identification effort, via biometric data is obtained without action by the person. Machine processing of the biometric data over a set of possible persons, determined from secondary proximity sensing, is used to determine or assist in determining the identity of the person.