David S Mcpherson

US Patent:

8555069, Oct 8, 2013

Filed:

Mar 6, 2009

Appl. No.:

12/399615

Inventors:

Liqiang Zhu - Redmond WA, US
Paul J. Leach - Seattle WA, US
Kevin Thomas Damour - Redmond WA, US
David McPherson - Bothell WA, US
Tanmoy Dutta - Sammamish WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 29/06

US Classification:

713175

Abstract:

Modern network communications often require a client application requesting data to authenticate itself to an application providing the data. Such authentication requests can be redundant, especially in the case of stateless network protocols. When a full authentication is performed, a conversation identifier and one or more encryption keys can be agreed upon. Subsequent authentication requests can be answered with a fast reconnect token comprising the conversation identifier and a cryptographically signed version of it using the one or more encryption keys. Should additional security be desirable, a sequence number can be established and incremented in a pre-determined or a random manner to enable detection of replayed fast reconnect tokens. If the recipient can verify the fast reconnect token, the provider can be considered to have been authenticated based on the prior authentication. If an aspect of the fast re-authentication should fail, recourse can be had to the original full authentication process.

US Patent:

8561152, Oct 15, 2013

Filed:

May 17, 2011

Appl. No.:

13/109530

Inventors:

Mark F. Novak - Newcastle WA, US
Karanbir Singh - Seattle WA, US
David M. McPherson - Bothell WA, US
Andrey Popov - Renton WA, US
Ming Tang - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 21/00

US Classification:

726 4, 726 1, 726 8, 713150, 713165, 709229, 705 51

Abstract:

A context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource. An authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource, and an indication of whether the principal is permitted to access the resource is provided (e. g. , to an administrator). Modifications can be made to the context and the authorization re-applied to determine whether a principal having the modified context is permitted to access the resource.

US Patent:

20120167158, Jun 28, 2012

Filed:

Dec 24, 2010

Appl. No.:

12/978451

Inventors:

Paul Leach - Seattle WA, US
David McPherson - Bothell WA, US
Vishal Agarwal - Bothell WA, US
Mark Fishel Novak - Newcastle WA, US
Ming Tang - Redmond WA, US
Ramaswamy Ranganathan - Bellevue WA, US
Pranav Kukreja - Bellevue WA, US
Andrey Popov - Renton WA, US
Nir Ben Zvi - Redmond WA, US
Arun K. Nanda - Sammamish WA, US

Assignee:

MICROSOFT CORPORATION - Redmond WA

International Classification:

G06F 17/00

US Classification:

726 1, 726 21

Abstract:

Resource authorization policies and resource scopes may be defined separately, thereby decoupling a set of authorization rules from the scope of resources to which those rules apply. In one example, a resource includes anything that can be used in a computing environment (e.g., a file, a device, etc.). A scope describes a set of resources (e.g., all files in folder X, all files labeled “Y”, etc.). Policies describe what can be done with a resource (e.g., “read-only,” “read/write,” “delete, if requestor is a member of the admin group,” etc.). When scopes and policies have been defined, they may be linked, thereby indicating that the policy applies to any resource within the scope. When a request for the resource is made, the request is evaluated against all policies associated with scopes that contain the resource. If the conditions specified in the policies apply, then the request may be granted.

US Patent:

20130125199, May 16, 2013

Filed:

Nov 10, 2011

Appl. No.:

13/294162

Inventors:

Mark F. Novak - Newcastle WA, US
Paul Leach - Seattle WA, US
Vishal Agarwal - Bothell WA, US
David McPherson - Bothell WA, US
Sunil Gottumukkala - Redmond WA, US
Jignesh Shah - Redmond WA, US
Arun K. Nanda - Sammamish WA, US
Nir Ben Zvi - Redmond WA, US
Pranav Kukreja - Bellevue WA, US
Ramaswamy Ranganathan - Bellevue WA, US

Assignee:

MICROSOFT CORPORATION - Redmond WA

International Classification:

G06F 21/00

US Classification:

726 1

Abstract:

A policy that governs access to a resource may be tested against real-world access requests before being used to control access to the resource. In one example, access to a resource is governed by a policy, referred to as an effective policy. When the policy is to be modified or replaced, the modification or replacement may become a test policy. When a request is made to access the resource, the request may be evaluated under both the effective policy and the test policy. Whether access is granted is determined under the effective policy, but the decision that would be made under the test policy is noted, and may be logged. If the test policy is determined to behave acceptably when confronted with real-world access requests, then the current effective policy may be replaced with the test policy.