Patents by Inventor Ariel Gordon
Ariel Gordon has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9544310Abstract: Systems, methods, and computer-readable storage media are provided for discovering and disambiguating identity providers such that user knowledge of appropriate identity providers is minimized. Users are presented with options for selecting appropriate providers only when multiple providers have user profiles matching a user identifier. When users are presented with options for selecting appropriate providers, providers that have user profiles matching the identifier are identified utilizing identity information for the application that utilizes the identity provider for its users rather than information identifying the identity provider itself.Type: GrantFiled: January 27, 2014Date of Patent: January 10, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Ariel Gordon, Sam Franklin Williams, III, Sarat Chandra Subramaniam, William Louis Thomas, Michael Robert Van Waardhuizen, Jonathan Yoder Brenner, Tia Bianca Caldwell, Eric Wayne Doerr, Amy Caryl Nathanson
-
Patent number: 9537851Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.Type: GrantFiled: August 6, 2014Date of Patent: January 3, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Ariel Gordon, Samuel Devasahayam, Lu Zhao, Yordan Rouskov, Parmeshwar Arewar, Venkatesh Gopalakrishnan, Sarat Chandra Subramaniam, Titus Constantin Miron
-
Patent number: 9509905Abstract: Methods and systems are provided that use images to determine lighting information for an object. A computing device can receive an image of the object. For a pixel of the image, the computing device can: apply a first lighting model to determine a first estimate of a bi-directional lighting function (BRDF) for the object at the pixel, apply a second lighting model to determine a second estimate of the BRDF for the object at the pixel, determine a third estimate of the BRDF based on the first and second estimates, and store the third estimate of the BRDF in lighting-storage data. The computing device can provide the lighting-storage data. The BRDF can utilize a number of lighting parameters, such as a normal vector and albedo, reflectivity, and roughness values.Type: GrantFiled: December 17, 2013Date of Patent: November 29, 2016Assignee: Google Inc.Inventors: Ariel Gordon, Ehud Rivlin
-
Publication number: 20160044011Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.Type: ApplicationFiled: August 6, 2014Publication date: February 11, 2016Inventors: Ariel Gordon, Samuel Devasahayam, Lu Zhao, Yordan Rouskov, Parmeshwar Arewar, Venkatesh Gopalakrishnan, Sarat Chandra Subramaniam, Titus Constantin Miron
-
Patent number: 9098689Abstract: In an embodiment, an administrative computer system receives user login credentials from a user and makes at least one of the following determinations: that the user identifier does not match any existing user account, that the user identifier matches at least one existing user account, but that the user's account is in a locked state, or that the user identifier matches at least one existing user account, but the user's password does not match the user identifier. The administrative computer system then returns to the user the same response message regardless of which determination is made. The response indicates that the user's login credentials are invalid. The response also prevents the user from determining which of the credentials was invalid, as the response message is the same for each determination and is sent to the user after a measured response time that is the same for each determination.Type: GrantFiled: November 12, 2014Date of Patent: August 4, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Ariel Gordon, Richard Allen Lundeen
-
Publication number: 20150215315Abstract: Systems, methods, and computer-readable storage media are provided for discovering and disambiguating identity providers such that user knowledge of appropriate identity providers is minimized. Users are presented with options for selecting appropriate providers only when multiple providers have user profiles matching a user identifier. When users are presented with options for selecting appropriate providers, providers that have user profiles matching the identifier are identified utilizing identity information for the application that utilizes the identity provider for its users rather than information identifying the identity provider itself.Type: ApplicationFiled: January 27, 2014Publication date: July 30, 2015Applicant: MICROSOFT CORPORATIONInventors: ARIEL GORDON, FRANKLIN WILLIAMS, SARAT CHANDRA SUBRAMANIAM, WILLIAM LOUIS THOMAS, MICHAEL R. VAN WAARDHUIZEN, JONATHAN YODER BRENNER, TIA B. CALDWELL, ERIC W. DOERR, AMY CARYL NATHANSON
-
Publication number: 20150172636Abstract: Methods and systems are provided that use images to determine lighting information for an object. A computing device can receive an image of the object. For a pixel of the image, the computing device can: apply a first lighting model to determine a first estimate of a bi-directional lighting function (BRDF) for the object at the pixel, apply a second lighting model to determine a second estimate of the BRDF for the object at the pixel, determine a third estimate of the BRDF based on the first and second estimates, and store the third estimate of the BRDF in lighting-storage data. The computing device can provide the lighting-storage data. The BRDF can utilize a number of lighting parameters, such as a normal vector and albedo, reflectivity, and roughness values.Type: ApplicationFiled: December 17, 2013Publication date: June 18, 2015Applicant: Google Inc.Inventors: Ariel Gordon, Ehud Rivlin
-
Patent number: 8978115Abstract: The authentication of identities within a realm in which some identities are authenticated using direct authentication, and some identities are authenticated using federated authentication. Requests for service from valid identities in the realm that are to be authenticated by direct authentication are responded to with a direct authentication interface. Requests for service from valid identities in the realm that are to be authenticated by federated authentication are responded to with a federated authentication interface. Requests for service from invalid identities are responded to pseudo-randomly with either the direct authentication interface or the federated authentication interface.Type: GrantFiled: November 15, 2013Date of Patent: March 10, 2015Assignee: Microsoft Technology Licensing LLCInventors: Ariel Gordon, David J. Nicholson
-
Publication number: 20150058959Abstract: In an embodiment, an administrative computer system receives user login credentials from a user and makes at least one of the following determinations: that the user identifier does not match any existing user account, that the user identifier matches at least one existing user account, but that the user's account is in a locked state, or that the user identifier matches at least one existing user account, but the user's password does not match the user identifier. The administrative computer system then returns to the user the same response message regardless of which determination is made. The response indicates that the user's login credentials are invalid. The response also prevents the user from determining which of the credentials was invalid, as the response message is the same for each determination and is sent to the user after a measured response time that is the same for each determination.Type: ApplicationFiled: November 12, 2014Publication date: February 26, 2015Inventors: Ariel Gordon, Richard Allen Lundeen
-
Patent number: 8898752Abstract: In an embodiment, an administrative computer system receives user login credentials from a user and makes at least one of the following determinations: that the user identifier does not match any existing user account, that the user identifier matches at least one existing user account, but that the user's account is in a locked state, or that the user identifier matches at least one existing user account, but the user's password does not match the user identifier. The administrative computer system then returns to the user the same response message regardless of which determination is made. The response indicates that the user's login credentials are invalid. The response also prevents the user from determining which of the credentials was invalid, as the response message is the same for each determination and is sent to the user after a measured response time that is the same for each determination.Type: GrantFiled: February 1, 2012Date of Patent: November 25, 2014Assignee: Microsoft CorporationInventors: Ariel Gordon, Richard Allen Lundeen
-
Publication number: 20140075529Abstract: The authentication of identities within a realm in which some identities are authenticated using direct authentication, and some identities are authenticated using federated authentication. Requests for service from valid identities in the realm that are to be authenticated by direct authentication are responded to with a direct authentication interface. Requests for service from valid identities in the realm that are to be authenticated by federated authentication are responded to with a federated authentication interface. Requests for service from invalid identities are responded to pseudo-randomly with either the direct authentication interface or the federated authentication interface.Type: ApplicationFiled: November 15, 2013Publication date: March 13, 2014Applicant: Microsoft CorporationInventors: Ariel Gordon, David J. Nicholson
-
Patent number: 8639750Abstract: The present invention extends to methods, systems, and computer program products for orchestrating notifications between identity platforms and relying parties. Embodiments enable identity platforms to ensure that users consistently receive notifications, even when the identity platforms lack knowledge of which relying parties are notification capable and which relying parties are incapable of notification. Embodiments include an identity platform generating a frameset having a first content frame for displaying a notification and a second content frame for displaying a relying party web page. When the relying party is notification capable, the relying party web page includes functionality for removing the frameset established by the frameset and displaying the notification within the context of the relying party web page. When a client renders the frameset, the client retrieves and renders the relying party web page, removing the frameset and displaying the notification as directed by the relying party.Type: GrantFiled: October 6, 2011Date of Patent: January 28, 2014Assignee: Microsoft CorporationInventors: Ariel Gordon, Andrew McManama Smith
-
Patent number: 8601554Abstract: The authentication of identities within a realm in which some identities are authenticated using direct authentication, and some identities are authenticated using federated authentication. Requests for service from valid identities in the realm that are to be authenticated by direct authentication are responded to with a direct authentication interface. Requests for service from valid identities in the realm that are to be authenticated by federated authentication are responded to with a federated authentication interface. Requests for service from invalid identities are responded to pseudo-randomly with either the direct authentication interface or the federated authentication interface.Type: GrantFiled: November 9, 2011Date of Patent: December 3, 2013Assignee: Microsoft CorporationInventors: Ariel Gordon, David J. Nicholson
-
Patent number: 8505085Abstract: A flexible authentication system is described herein that fluidly switches between a federated authentication model and a local short-lived token model that does not require sophisticated authentication infrastructure at the relying party site. Upon detecting an event that causes the identity provider to be unavailable for authentication, the relying party switches to a temporary token model. The system generates a bearer token or challenge associated with the user's identity and (optionally) associated with time data that limits the period during which the token is valid. The relying party communicates the short-lived token to the user using contact information associated with the user and already stored by the relying party. Upon receiving the short-lived token, the user provides the short-lived token to the relying party, and the relying party processes the token to validate the user's identity and then allows the user to access the relying party's online services.Type: GrantFiled: April 8, 2011Date of Patent: August 6, 2013Assignee: Microsoft CorporationInventors: Angus P. D. Logan, Mark Ryland, Ariel Gordon, Vittorio Bertocci
-
Publication number: 20130198819Abstract: In an embodiment, an administrative computer system receives user login credentials from a user and makes at least one of the following determinations: that the user identifier does not match any existing user account, that the user identifier matches at least one existing user account, but that the user's account is in a locked state, or that the user identifier matches at least one existing user account, but the user's password does not match the user identifier. The administrative computer system then returns to the user the same response message regardless of which determination is made. The response indicates that the user's login credentials are invalid. The response also prevents the user from determining which of the credentials was invalid, as the response message is the same for each determination and is sent to the user after a measured response time that is the same for each determination.Type: ApplicationFiled: February 1, 2012Publication date: August 1, 2013Applicant: MICROSOFT CORPORATIONInventors: Ariel Gordon, Richard Allen Lundeen
-
Publication number: 20130117826Abstract: The authentication of identities within a realm in which some identities are authenticated using direct authentication, and some identities are authenticated using federated authentication. Requests for service from valid identities in the realm that are to be authenticated by direct authentication are responded to with a direct authentication interface. Requests for service from valid identities in the realm that are to be authenticated by federated authentication are responded to with a federated authentication interface. Requests for service from invalid identities are responded to pseudo-randomly with either the direct authentication interface or the federated authentication interface.Type: ApplicationFiled: November 9, 2011Publication date: May 9, 2013Applicant: MICROSOFT CORPORATIONInventors: Ariel Gordon, David J. Nicholson
-
Publication number: 20130091195Abstract: The present invention extends to methods, systems, and computer program products for orchestrating notifications between identity platforms and relying parties. Embodiments enable identity platforms to ensure that users consistently receive notifications, even when the identity platforms lack knowledge of which relying parties are notification capable and which relying parties are incapable of notification. Embodiments include an identity platform generating a frameset having a first content frame for displaying a notification and a second content frame for displaying a relying party web page. When the relying party is notification capable, the relying party web page includes functionality for removing the frameset established by the frameset and displaying the notification within the context of the relying party web page. When a client renders the frameset, the client retrieves and renders the relying party web page, removing the frameset and displaying the notification as directed by the relying party.Type: ApplicationFiled: October 6, 2011Publication date: April 11, 2013Applicant: Microsoft CorporationInventors: Ariel Gordon, Andrew McManama Smith
-
Publication number: 20130073460Abstract: The claimed subject matter provides a system and method for enabling paid-for exchange of identity attributes with minimal disclosure credentials. An exemplary method includes requesting a credential from an identity provider by one of a user or a credential agent. The credential may be presented to a relying party, and the presented credential may be verified. Based on verification of the presented credential, a service of the relying party may be accessed by the user. The user, the relying party, a neutral third party, or the credential agent may provide payment for the credential to the identity provider, and the identity provider is unable to determine whether, where, when or by whom the credential has been used.Type: ApplicationFiled: September 15, 2011Publication date: March 21, 2013Applicant: Microsoft CorporationInventors: Christian Paquin, Ariel Gordon, Melissa Chase
-
Publication number: 20120260322Abstract: A flexible authentication system is described herein that fluidly switches between a federated authentication model and a local short-lived token model that does not require sophisticated authentication infrastructure at the relying party site. Upon detecting an event that causes the identity provider to be unavailable for authentication, the relying party switches to a temporary token model. The system generates a bearer token or challenge associated with the user's identity and (optionally) associated with time data that limits the period during which the token is valid. The relying party communicates the short-lived token to the user using contact information associated with the user and already stored by the relying party. Upon receiving the short-lived token, the user provides the short-lived token to the relying party, and the relying party processes the token to validate the user's identity and then allows the user to access the relying party's online services.Type: ApplicationFiled: April 8, 2011Publication date: October 11, 2012Applicant: Microsoft CorporationInventors: Angus P.D. Logan, Mark Ryland, Ariel Gordon, Vittorio Bertocci
-
Patent number: 8205247Abstract: A method is provided of authenticating a client to access a service provided by a service provider, whereby the service provider queries an identity provider to verify identity of the client and authorize access the service. The method includes: verifying using the identity provider to verify that an identity level corresponding to an earlier authentication of the client is stored with the identity provider, and granting service access authorization to the client, which is performed either (i) directly following the verification step when the identity level required is less than the stored identity level, or (ii) after the following steps when the identity level required is greater than the stored identity level or when no client authentication is available, namely requesting authentication of the client having the required identity level and replacing the stored identity level with the required identity level if the client is authenticated by the identity provider.Type: GrantFiled: October 4, 2006Date of Patent: June 19, 2012Assignee: France TelecomInventors: Eric Lexcellent, Gaƫl Gourmelen, Ariel Gordon