The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jun. 21, 2022
Filed:
Jun. 05, 2020
Microsoft Technology Licensing, Llc, Redmond, WA (US);
Matthew Ronald Shadbolt, Redmond, WA (US);
Michael Joseph Healy, Duvall, WA (US);
Shweta Jha, Issaquah, WA (US);
Gokhan Ozhan, Redmond, WA (US);
Adrian Mihail Marinescu, Sammamish, WA (US);
Alemeshet Yismaw Alemu, Redmond, WA (US);
Karthik Selvaraj, Redmond, WA (US);
Milind Amrutrao Pawar, Sammamish, WA (US);
Vladimir Soroka, Redmond, WA (US);
Hayk Hovsepyan, Redmond, WA (US);
Chaohong Ou, Bellevue, WA (US);
Patanjal Digant Vyas, Bothell, WA (US);
David Torosyan, Seattle, WA (US);
Microsoft Technology Licensing, LLC, Redmond, WA (US);
Abstract
A system and method for providing stringent tamper resistant protection against changes to key system security features. The tamper protection is configured such that any changes to the policy can only occur from a configuration manager console, thereby preventing local device admin users or other malicious actors from altering the setting. Thus, tamper protection locks the selected service and prevents security settings from being changed through third-party apps and methods. When a system administrator enables the feature for an enterprise's workstations, only administrators will be able to change the service settings across a company's computers. The tamper protection policy is digitally signed in the backend before being deployed to endpoints, and the endpoint verifies the validity and intent of the policy, establishing that it is a signed package that only security operations personnel with the necessary administrator rights can control.