Andrey V Lelikov

7725739, May 25, 2010

Nov 18, 2005

11/283593

Andrey V. Lelikov - Redmond WA, US

Microsoft Corporation - Redmond WA

G06F 11/30

713193, 726 26

Sensitive data is stored in a secure buffer, and never in an unencrypted, accessible location at any time. The data is accessed only by low-level processor instructions that load only a portion of the data into processor registers. The portion of data can then be used before the next portion of data is transferred from the secure buffer into the processor registers. In some embodiments, only one portion is available at any time. In other embodiments, a number of portions may be available at one time. However, the entirety of the sensitive data is never present in the clear. Thus, the entirety of the sensitive data will never be available if an adversary gains access to the contents of memory.

7788496, Aug 31, 2010

Oct 8, 2003

10/681017

Andrey Lelikov - Bellevue WA, US
Caglar Gunyakti - Sammamish WA, US
Kristjan E. Hatlelid - Sammamish WA, US

Microsoft Corporation - Redmond WA

H04L 9/00

713182, 726 2, 726 26, 713150

A first process operating on a computer comprises code to be executed in connection therewith, where the code includes at least one triggering device. A digital license corresponds to the first process and sets forth terms and conditions for operating the first process. A second process operating on the computer proxy-executes code corresponding to each triggering device of the first process on behalf of such first process. The second process includes a license evaluator for evaluating the license to determine whether the first process is to be operated in accordance with the terms and conditions set forth in such license, and the second process chooses whether to in fact proxy-execute based at least in part on determination of the license evaluator. Thus, the first process is dependent upon the second process for operation thereof.

7380269, May 27, 2008

Apr 14, 2006

11/404448

Nir Ben Zvi - Redmond WA, US
Kristjan E. Hatlelid - Sammamish WA, US
Andrey V. Lelikov - Redmond WA, US

Microsoft Corporation - Redmond WA

G06F 7/04
G06F 17/30
G06K 9/00
H03M 1/68

726 2, 726 22, 726 26

A mechanism for redirecting a code execution path in a running process. A one-byte interrupt instruction (e. g. , INT 3) is inserted into the code path. The interrupt instruction passes control to a kernel handler, which after executing a replacement function, returns to continue executing the process. The replacement function resides in a memory space that is accessible to the kernel handler. The redirection mechanism may be applied without requiring a reboot of the computing device on which the running process is executing. In addition, the redirection mechanism may be applied without overwriting more than one byte in the original code.

20060069653, Mar 30, 2006

Nov 14, 2005

11/273775

Andrey Lelikov - Redmond WA, US
Donald Rule - Mercer Island WA, US
Kristjan Hatlelid - Sammamish WA, US
Nir Zvi - Redmond WA, US

Microsoft Corporation - Redmond WA

G06Q 99/00

705059000

Upon a first process encountering a triggering device, a second process chooses whether to proxy-execute code corresponding to the triggering device of the first process on behalf of such first process based at least in part on whether a license evaluator of the second process has determined that the first process is to be operated in accordance with the terms and conditions of a corresponding digital license. The license evaluator at least in part performs such determination by running a script corresponding to the triggering device in the code of the first process. Thus, the first process is dependent upon the second process and the license for operation thereof.

20070143223, Jun 21, 2007

Dec 16, 2005

11/305640

Ajay Bhave - Redmond WA, US
Andrey Lelikov - Redmond WA, US
Caglar Gunyakti - Sammamish WA, US
Ning Zhang - Sammamish WA, US
Wen-Pin Hsu - Redmond WA, US

Microsoft Corporation - Redmond WA

G06Q 99/00

705059000

A cache is provided that stores licensing policies and information for components. The cache is available early in the boot cycle, such as during initialization and startup of the operating system, for use by the kernel and early boot components. Kernel and early boot components can then call a kernel application programming interface (API) to query the policy values. The policy values are read from a registry value into memory very early in the boot sequence. Using the kernel cache, the system may be started with proper licensable limits.

20090293041, Nov 26, 2009

May 20, 2008

12/123471

Matthias Wollnik - Seattle WA, US
Nathan Ide - Bothell WA, US
Andrey Lelikov - Bellevue WA, US
John Richard McDowell - Seattle WA, US
Aaron Payne Goldsmid - New York NY, US
Karan Singh Dhillon - Renton WA, US

MICROSOFT CORPORATION - Redmond WA

G06F 9/44

717110

Methods and a tool or instrument for performing the methods of protecting a computer program with a parameter cloud are disclosed. A parameter cloud comprising a plurality of elements may be created. Called functions of a computer program may have defined expected parameter cloud states so that proper behavior of the called function is achieved when the parameter cloud state is the expected parameter cloud state. An expected parameter cloud state may include a selected set of elements of the parameter cloud having assigned values. Static portions of the called functions may depend on a current parameter cloud state, and calling functions may transform the parameter cloud state prior to calling their respective called functions. The methods and instrument may operate on original source code or post-binary targets of the computer program. A fingerprint may be used to identify a specific computer program from a sequence of state transitions.