Nicholas J Allen

US Patent:

8074117, Dec 6, 2011

Filed:

Sep 25, 2009

Appl. No.:

12/567610

Inventors:

Kenneth D. Wolf - Seattle WA, US
Nicholas Alexander Allen - Redmond WA, US
Kirill Gavrylyuk - Seattle WA, US
Edmund Samuel Victor Pinto - Duvall WA, US
Tao Xie - Bellevue WA, US
Asad Jawahar - Woodinville WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 11/00

US Classification:

714 381, 714 471, 714 48, 717117

Abstract:

A declarative program definition. The definition is analyzed to produce an application contract that describes semantics for sending and receiving application messages during the successful execution of operations by the program. In addition, this analysis may also generate local behaviors associated with the local execution of the program. Alternatively or in addition, the analysis may infer secondary contracts regarding the sending and receiving of application messages, even though the full details of the secondary contracts are not present in the declarative program definition. For instance, the secondary contracts might include error contracts or consistency contracts.

US Patent:

20210326442, Oct 21, 2021

Filed:

May 14, 2021

Appl. No.:

17/321356

Inventors:

- Seattle WA, US
Gregory Alan Rubin - Seattle WA, US
Eric Jason Brandwine - Haymarket VA, US
Nicholas Alexander Allen - Kirkland WA, US
Andrew Kyle Driggs - Seattle WA, US

International Classification:

G06F 21/57
H04L 29/06
H04L 9/32
H04L 9/08
G06F 21/64
H04L 9/14

Abstract:

A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.

US Patent:

20200220735, Jul 9, 2020

Filed:

Mar 23, 2020

Appl. No.:

16/826973

Inventors:

- Seattle WA, US
Matthew John Campagna - Bainbridge Island WA, US
Nicholas Alexander Allen - Kirkland WA, US
Petr Praus - Seattle WA, US

International Classification:

H04L 9/32
H04L 9/06
H04L 9/08
H04L 9/14
H04L 9/30

Abstract:

A first public key is generated based at least in part on a first plurality of signing keys and a second public key is generated based at least in part on a second plurality of signing keys. The signing keys may be used to generate digital signatures. The second public key may be made available to verify a digital signature generated using a signing key from the second plurality of signing keys. In some cases, a first Merkle tree may be formed by the first public key and the first plurality of signing keys, and a second Merkle tree may be formed by the second public key, the first public key, and the second plurality of signing keys.

US Patent:

20200167276, May 28, 2020

Filed:

Feb 3, 2020

Appl. No.:

16/780107

Inventors:

- Seattle WA, US
Nicholas Alexander Allen - Seattle WA, US

International Classification:

G06F 12/02

Abstract:

Non-volatile devices may be configured such that a clear operation on a single bit clears an entire block of bits. The representation of particular data structures may be optimized to reduce the number of clear operations required to store the representation in non-volatile memory. A data schema may indicate that a data structure of an application may be optimized for storage in non-volatile memory. A translation layer may convert an application level representation of a data value associated with the data structure to an optimized storage representation of the data value before storing the optimized storage representation of the data value in non-volatile memory.

US Patent:

20200119928, Apr 16, 2020

Filed:

Dec 16, 2019

Appl. No.:

16/716037

Inventors:

- Seattle WA, US
Matthew John Campagna - Bainbridge Island WA, US
Nicholas Alexander Allen - Kirkland WA, US

International Classification:

H04L 9/32
H04L 9/08
H04L 29/06

Abstract:

A digital signature over a message may be compressed by determining a plurality of values based at least in part on the message. A mapping of the plurality of values over a digital signature scheme may be used to determine a value from which a portion of the compressed digital signature is decompressible by cryptographically deriving one or more components of the uncompressed digital signature. A public key may be used to verify the authenticity of the compressed digital signature and message.

US Patent:

20200076607, Mar 5, 2020

Filed:

Oct 28, 2019

Appl. No.:

16/666245

Inventors:

- Seattle WA, US
Nicholas Alexander Allen - Seattle WA, US

International Classification:

H04L 9/32

Abstract:

A secret is securely maintained on a virtualized computer system by configuring a specialized virtual machine to manage and maintain the secret on behalf of an application. When the application requests access to the secret, a controlling domain, in combination with the specialized virtual machine, validates that the application is authorized to make the request and that the application has not been compromised prior to making the request. If the request is validated, the controlling domain and the specialized virtual machine fulfill the request by providing the application with access to the secret.

US Patent:

20190332368, Oct 31, 2019

Filed:

Jul 8, 2019

Appl. No.:

16/505579

Inventors:

- Seattle WA, US
Nicholas Alexander Allen - Seattle WA, US

International Classification:

G06F 8/61
G06F 9/455

Abstract:

As requests are received, virtual computer systems are provisioned to process the requests. The virtual computer systems may be configured without various components typically implemented by virtual computer systems, such as traditional operating systems, network interfaces and the like. Application images for the virtual computer systems are configured so that execution of the applications can begin soon after provisioning, with minimal overhead the provisioning process contributing relatively little to any latency in processing the request.

US Patent:

20190081972, Mar 14, 2019

Filed:

Nov 12, 2018

Appl. No.:

16/186807

Inventors:

- Seattle WA, US
Nicholas Alexander Allen - Seattle WA, US

International Classification:

H04L 29/06

Abstract:

A method and apparatus for detecting covert routing is disclosed. In the method and apparatus, data addressed to a remote computer system are forwarded over a first network path, whereby the data is associated with a computer system of a plurality of computer systems. Further, a plurality of first network performance metrics is obtained. A likelihood of covert routing is determined based at least in part on the plurality of first network performance metrics.