The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Oct. 08, 2024
Filed:
Jun. 08, 2021
Microsoft Technology Licensing, Llc, Redmond, WA (US);
Claire Novotny, New York, NY (US);
Jared Parsons, Kirkland, WA (US);
Jason R. Shaver, Redmond, WA (US);
Jobst-Immo Landwerth, Redmond, WA (US);
Richard Steele Gibson, Covington, WA (US);
Tomas Matousek, Redmond, WA (US);
Microsoft Technology Licensing, LLC, Redmond, WA (US);
Abstract
Software provenance validation reports whether a validation binary matches the source code, resources, and other parts, as well as the compiler, runtime, operating system, and other context, which is specified in a provenance manifest for a release binary. Part context checksums, software versions, tool parameters, and other aspects of a build are checked. Certification signatures, timestamps, certain version differences, source code locations, and other data may be ignored for validation purposes. A provenance manifest may include other provenance manifests, including binary rewrite manifests. The provenance manifest may be stored in a debugger file with symbol information, or stored separately. Partial matches may be reported, with details of what matches or does not match. After provenance of a binary is validated, the binary's source code can be analyzed for vulnerabilities, thereby enhancing software supply chain security.