Execution of Subset of Driver Code in Separate Protection Domain

US 20180314651A1
Filed: 01/09/2018
Published: 11/01/2018
Est. Priority Date: 04/30/2017
Status: Active Grant

First Claim

Patent Images

1. A system for driver execution, comprising:

a computer comprising a processor and a memory having computer-executable instructions stored thereupon which, when executed by the processor, cause the computing device to;

load the driver in a first domain, wherein the driver controls an associated device;

in response to a request from the driver, load the driver companion in a second domain different than the first domain, the second domain comprising a secure environment, the driver companion communicates with the associated device;

manage communications between the driver and the driver companion; and

in response to a request from the driver, unload the driver companion.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein is a system for driver execution. A driver is loaded in a first domain with the driver controlling an associated device. In response to a request from the driver, the driver companion is loaded in a second domain different than the first domain, the second domain comprising a secure environment. The driver companion communicates with the associated device. Communications between the driver and the driver companion are managed (e.g., by an operating system framework). In response to a request from the driver, the driver companion is unloaded.

Citations

20 Claims

1. A system for driver execution, comprising:
- a computer comprising a processor and a memory having computer-executable instructions stored thereupon which, when executed by the processor, cause the computing device to;
  
  load the driver in a first domain, wherein the driver controls an associated device;
  
  in response to a request from the driver, load the driver companion in a second domain different than the first domain, the second domain comprising a secure environment, the driver companion communicates with the associated device;
  
  manage communications between the driver and the driver companion; and
  
  in response to a request from the driver, unload the driver companion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the driver executes in a kernel mode and the driver companion executes in a user mode.
  - 3. The system of claim 1, wherein the driver executes in a first virtual trust level and the driver companion executes in a second higher virtual trust level.
  - 4. The system of claim 1, wherein the driver executes in a first address space and the driver companion executes in a second different address space.
  - 5. The system of claim 1, wherein the driver companion securely stores biometric information about a user of the computer.
  - 6. The system of claim 1, wherein the driver companion securely stores at least one of an encryption key or a decryption key.
  - 7. The system of claim 1, wherein the driver companion securely executes at least one of a sensitive input transaction or a sensitive output transaction.
  - 8. The system of claim 1, wherein a task queue facilitates communications between the driver and the driver companion.
  - 9. The system of claim 1, wherein a framework manages a lifetime associated with the driver companion.
  - 10. The system of claim 1, wherein the driver manages a plug and play (PnP) state and a power state of a device associated with the driver.

11. A method of executing a driver and an associated driver companion, comprising:
- loading the driver in a first domain, wherein the driver controls an associated device;
  
  in response to a request from the driver, loading the driver companion in a second domain different than the first domain, the second domain comprising a secure environment, the driver companion communicating with the associated device;
  
  managing communications between the driver and the driver companion; and
  
  in response to a request from the driver, unloading the driver companion.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the first domain is kernel mode and the second domain is user mode.
  - 13. The method of claim 11, wherein the driver manages the associated device using the driver companion.
  - 14. The method of claim 11, wherein the driver executes in a first address space and the driver companion executes in a second different address space.
  - 15. The method of claim 11, wherein the driver companion securely stores information about a user of the computer.

16. A computer storage media storing computer-readable instructions that when executed cause a computing device to:
- load a driver in a first domain, the driver controls an associated device;
  
  in response to a request from the driver, load a driver companion in a second domain different than the first domain, the second domain comprising a secure environment, the driver companion communicates with the associated device;
  
  manage communications between the driver and the driver companion; and
  
  in response to a request from the driver, unload the driver companion.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer storage media of claim 16, wherein the first domain is kernel mode and the second domain is user mode.
  - 18. The computer storage media of claim 16, wherein the first domain is a first virtual trust level and the second domain is a second higher virtual trust level.
  - 19. The computer storage media of claim 16, wherein the driver executes in a first address space and the driver companion executes in a second different address space.
  - 20. The computer storage media of claim 16, wherein the driver companion securely stores information about a user of the computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
VARMA, Shyamal, RAJEEV, Kumar, WIELAND, Peter William

Granted Patent

US 10,445,257 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/0715   in a system implementing mu...

G06F 13/102   where the programme perform...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 9/526   Mutual exclusion algorithms

G06F 9/545   where tasks reside in diffe...

H04L 9/40   Network security protocols

Execution of Subset of Driver Code in Separate Protection Domain

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Execution of Subset of Driver Code in Separate Protection Domain

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links