Oren J Melzer

US Patent:

20110307938, Dec 15, 2011

Filed:

Jun 15, 2010

Appl. No.:

12/815413

Inventors:

Oren J. Melzer - Redmond WA, US
Michael Blair Jones - Kirkland WA, US
Ariel N. Gordon - Kirkland WA, US
Arun K. Nanda - Sammamish WA, US

Assignee:

MICROSOFT CORPORATION - Redmond WA

International Classification:

H04L 29/06
G06F 15/16

US Classification:

726 3

Abstract:

Described is using a client-side account selector in a passive authentication protocol environment (such as OpenID) in which a relying party website trusts the authentication response from an identity provider website. The account selector may access and maintain historical information so as to provide user-specific identity provider selection options (rather than only general identity provider selection options). The account selector is invoked based upon an object tag in the page, e.g., as invoked by a browser extension associated with that particular object tag. The account selector may communicate with a reputation service to obtain reputation information corresponding to the identity providers, and vary its operation based upon the reputation information.

US Patent:

20090217362, Aug 27, 2009

Filed:

Apr 29, 2009

Appl. No.:

12/432606

Inventors:

Arun K. Nanda - Sammamish WA, US
Hervey Wilson - Bellevue WA, US
Dan Guberman - Bellevue WA, US
Vijay K. Gajjala - Sammamish WA, US
Raman Chikkamagalur - Sammamish WA, US
Oren Melzer - Redmond WA, US

Assignee:

MICROSOFT CORPORATION - Redmond WA

International Classification:

G06F 21/22
G06F 15/16

US Classification:

726 5, 726 12, 709203

Abstract:

A server provisions a client with digital identity representations such as information cards. A provisioning request to the server includes filtering parameters. The server assembles a provisioning response containing cards that satisfy the filtering parameters, and transmits the response to a client, possibly by way of a proxy. The provisioning response may include provisioning state information to help a server determine in subsequent exchanges which cards are already present on the client. A client may keep track the source of information cards and discard cards which a server has discarded. A proxy may make the provisioning request on behalf of a client, providing the server with the proxy's own authentication and with a copy of the request from the client to the proxy.

US Patent:

20220385646, Dec 1, 2022

Filed:

May 28, 2021

Appl. No.:

17/334648

Inventors:

- Redmond WA, US
Oren Jordan MELZER - Redmond WA, US
Kamen K. MOUTAFOV - Sammamish WA, US
Victor BOCTOR - Bellevue WA, US
Shuang LU - Bellevue WA, US
Sarvani Kumar BHAMIDIPATI - Snoqualmie WA, US

International Classification:

H04L 29/06
H04L 9/32
H04L 29/08

Abstract:

Techniques are described herein that are capable of using an authentication package from a primary authentication system to authenticate a principal by a backup authentication system. The authentication package includes an authentication artifact, which is signed with a cryptographic key by the primary authentication system and which includes claim(s) that are usable to authenticate the principal, and further includes metadata. The metadata includes credential verification information that is usable to verify a credential of the principal and a first principal identifier that identifies the principal. A request to authenticate the principal is received at the backup authentication system. The request includes the credential and a second principal identifier that identifies the principal. The principal is authenticated by the backup authentication system by verifying the credential using the credential verification information and further by determining that the first principal identifier corresponds to the second principal identifier.

US Patent:

20220385649, Dec 1, 2022

Filed:

May 28, 2021

Appl. No.:

17/334649

Inventors:

- Redmond WA, US
Oren Jordan MELZER - Redmond WA, US
Kamen K. MOUTAFOV - Sammamish WA, US
Victor BOCTOR - Bellevue WA, US
Shuang LU - Bellevue WA, US

International Classification:

H04L 29/06
H04L 29/08

Abstract:

Techniques are described herein that are capable of dynamically failing over authentication traffic to a backup authentication system by a proxy system. An authentication request, which requests authentication of a principal, is received at the proxy system. The authentication request is directed to a primary authentication system. A determination is made, by the proxy system, that the primary authentication system is incapable of providing a valid response to the authentication request. The backup authentication system is caused, by the proxy system, to authenticate the principal using an authentication package received from the primary authentication system by dynamically routing the authentication request to the backup authentication system as a result of the primary authentication system being incapable of providing a valid response to the authentication request.

US Patent:

20220385660, Dec 1, 2022

Filed:

May 28, 2021

Appl. No.:

17/334650

Inventors:

- Redmond WA, US
Oren Jordan MELZER - Redmond WA, US
Kamen K. MOUTAFOV - Sammamish WA, US
Victor BOCTOR - Bellevue WA, US

International Classification:

H04L 29/06
H04L 9/32

Abstract:

Techniques are described herein that are capable of dynamically routing an authentication request to a backup authentication system by a client device. For instance, the client device stores a list, which identifies authentication systems that are authorized to respond to authentication requests from the client device. The client device sends the authentication request toward a primary authentication system based at least in part on the authentication request identifying the primary authentication system as a recipient of the authentication request. The authentication request requests authentication of a principal by the primary authentication system. The client device causes the backup authentication system to authenticate the principal using an authentication package received from the primary authentication system by dynamically routing the authentication request to the backup authentication system based at least in part on not receiving a valid response to the authentication request and further based at least in part on the list.

US Patent:

20210135869, May 6, 2021

Filed:

Oct 30, 2019

Appl. No.:

16/668373

Inventors:

- Redmond WA, US
Jiangfeng Lu - Bothell WA, US
Caleb Geoffrey Baker - Seattle WA, US
Oren Jordan Melzer - Redmond WA, US
Anirban Basu - Sammamish WA, US
Praveen Erode Murugesan - Redmond WA, US

International Classification:

H04L 9/32
H04L 9/08

Abstract:

An embodiment disclosed herein is related to computing systems and method for a computing system to generate an access token that includes an IP address from a request. In the embodiment, a request is received for access to one secured data items. The request may include user credentials that specify that a user making the request is permitted to access the secured data items. The user credentials are validated and an Internet Protocol (IP) address that the request was sent from is determined. An access token is generated that includes the IP address that the request was sent from.

US Patent:

20210136076, May 6, 2021

Filed:

Oct 31, 2019

Appl. No.:

16/670563

Inventors:

- Redmond WA, US
Jiangfeng LU - Bothell WA, US
Caleb Geoffrey BAKER - Seattle WA, US
Oren Jordan MELZER - Redmond WA, US
Anirban BASU - Sammamish WA, US
Chandra Sekhar SURAPANENI - Sammamish WA, US
Nitika GUPTA - Seattle WA, US
Murli Dharan SATAGOPAN - Kirkland WA, US

International Classification:

H04L 29/06

Abstract:

Managing an authenticated user session. A method includes a resource provider computer system subscribing to a conditional access termination service for an entity configured to obtain resources from the resource provider computer system through a user session. The resource provider computer system receives an event, related to resource requests, for the entity from the conditional access termination service. The resource provider computer system receives a request for resources from the entity. The resource provider computer system evaluates the request with respect to the event. The resource provider computer system responds to the request based on evaluating the request with respect to the event.

US Patent:

20210136078, May 6, 2021

Filed:

Oct 31, 2019

Appl. No.:

16/670878

Inventors:

- Redmond WA, US
Jiangfeng LU - Bothell WA, US
Caleb Geoffrey BAKER - Seattle WA, US
Oren Jordan MELZER - Redmond WA, US
Anirban BASU - Sammamish WA, US
Yordan Ivanov ROUSKOV - Seattle WA, US
Radhika KASHYAP - Redmond WA, US

International Classification:

H04L 29/06
H04L 9/32
G06Q 10/06

Abstract:

A computing system configured to support entities having the ability to indicate capability information for capabilities of the entities is illustrated. Embodiments may include an identity provider computer system comprising at least one processor. The identity provider computer system is configured to receive requests for access tokens from entities. The requests include capability information for the entities. The identity provider computer system is further configured to provide access tokens to the entities which include the capability information. The computing system further includes a resource provider computer system comprising at least one processor configured to receive resource requests and access tokens from entities. The access tokens include the capability information. The resource providers are further configured to provide responses to the entities according to the capability information.