Patents by Inventor Ariel N. Gordon
Ariel N. Gordon has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10530768Abstract: Systems, methods, and computer-readable storage media are provided for authenticating users to secure services or apps utilizing reversed, hands-free and/or continuous two-factor authentication. When a user desires to access a secure service or app for which s/he is already registered, the user, having a registered mobile computing device in proximity to his or her presence, comes within a threshold distance of a computing device that includes the desired secure service or app. The computing device authenticates the particular mobile computing device as associated with the particular registered user that utilized that mobile device during registration. Subsequent to such device authentication, the user is able to login to the service or app by simply providing his or her user credentials at a login form associated therewith. Two-factor authentication in accordance with embodiments hereof is more secure and more efficient that traditional authentication methodologies.Type: GrantFiled: April 19, 2016Date of Patent: January 7, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Hanan Shteingart, Ariel N. Gordon, Jonathan Gazit
-
Patent number: 10069630Abstract: A system includes a target directory service, a domain mesh with a plurality of domains, and a synchronization host coupled to the domain mesh. The synchronization host is configured to synchronize password changes received in the domain mesh with the target directory service. Synchronizing the password changes includes receiving at the synchronization host a hash value representative of a plaintext password from the domain mesh, performing at the synchronization host an additional hash on the hash value to generate protected password data, and exporting the protected password data from the synchronization host to the target directory service.Type: GrantFiled: June 28, 2017Date of Patent: September 4, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Jonathan M. Luk, Ariel N. Gordon, Raman N. Chikkamagalur, Ziad Elmalki, Sergii Gubenko, Girish Chander, Anandhi Somasekaran, Murli Dharan Satagopan
-
Publication number: 20170302659Abstract: Systems, methods, and computer-readable storage media are provided for authenticating users to secure services or apps utilizing reversed, hands-free and/or continuous two-factor authentication. When a user desires to access a secure service or app for which s/he is already registered, the user, having a registered mobile computing device in proximity to his or her presence, comes within a threshold distance of a computing device that includes the desired secure service or app. The computing device authenticates the particular mobile computing device as associated with the particular registered user that utilized that mobile device during registration. Subsequent to such device authentication, the user is able to login to the service or app by simply providing his or her user credentials at a login form associated therewith. Two-factor authentication in accordance with embodiments hereof is more secure and more efficient that traditional authentication methodologies.Type: ApplicationFiled: April 19, 2016Publication date: October 19, 2017Inventors: HANAN SHTEINGART, ARIEL N. GORDON, JONATHAN GAZIT
-
Publication number: 20170302448Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.Type: ApplicationFiled: June 28, 2017Publication date: October 19, 2017Inventors: Jonathan M. LUK, Ariel N. GORDON, Raman N. CHIKKAMAGALUR, Ziad ELMALKI, Sergii GUBENKO, Girish CHANDER, Anandhi SOMASEKARAN, Murli Dharan SATAGOPAN
-
Patent number: 9769170Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.Type: GrantFiled: February 11, 2016Date of Patent: September 19, 2017Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Jonathan M. Luk, Ariel N. Gordon, Raman N. Chikkamagalur, Ziad Elmalki, Sergii Gubenko, Girish Chander, Anandhi Somasekaran, Murli D. Satagopan
-
Patent number: 9716717Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.Type: GrantFiled: February 11, 2016Date of Patent: July 25, 2017Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Jonathan M. Luk, Ariel N. Gordon, Raman N. Chikkamagalur, Ziad Elmalki, Sergii Gubenko, Girish Chander, Anandhi Somasekaran, Murli D. Satagopan
-
Publication number: 20160301694Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.Type: ApplicationFiled: February 11, 2016Publication date: October 13, 2016Inventors: Jonathan M. Luk, Ariel N. Gordon, Raman N. Chikkamagalur, Ziad Elmalki, Sergii Gubenko, Girish Chander, Anandhi Somasekaran, Murli D. Satagopan
-
Patent number: 9282093Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.Type: GrantFiled: April 30, 2013Date of Patent: March 8, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Jonathan M. Luk, Ariel N. Gordon, Raman N. Chikkamagalur, Ziad Elmalki, Sergii Gubenko, Girish Chander, Anandhi Somasekaran, Murli D. Satagopan
-
Patent number: 9246894Abstract: When a user account is in an alternate (fault) state, communication or sync between an application provider and a device or client application typically is interrupted. When parties do not support rich fault messaging, communication of the reason for the interruption and remediation steps has been impossible. An application server provides rich fault messaging using applications that do not provide explicit error messaging and protocols that do not provide explicit error messaging without changing either the application or the protocol by additional interactions between an identity provider and the application server. The application server uses authentication state information provided by the identity server to generate a notification sync event that appears to the application and the protocol to be a normal sync event. The notification sync event is used to provide the user with information needed to determine what the problem with the account is and how to fix it.Type: GrantFiled: October 30, 2012Date of Patent: January 26, 2016Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.Inventors: Ariel N. Gordon, David J. Steeves, Luke T. Abrams, Pui-Yin Wong, Krishna C. Vitaldevara
-
Patent number: 8973099Abstract: Described is using a client-side account selector in a passive authentication protocol environment (such as OpenID) in which a relying party website trusts the authentication response from an identity provider website. The account selector may access and maintain historical information so as to provide user-specific identity provider selection options (rather than only general identity provider selection options). The account selector is invoked based upon an object tag in the page, e.g., as invoked by a browser extension associated with that particular object tag. The account selector may communicate with a reputation service to obtain reputation information corresponding to the identity providers, and vary its operation based upon the reputation information.Type: GrantFiled: June 15, 2010Date of Patent: March 3, 2015Assignee: Microsoft CorporationInventors: Charles Ronald Reeves, Jr., Oren J. Melzer, Michael Blair Jones, Ariel N. Gordon, Arun K. Nanda
-
Publication number: 20140123257Abstract: When a user account is in an alternate (fault) state, communication or sync between an application provider and a device or client application typically is interrupted. When parties do not support rich fault messaging, communication of the reason for the interruption and remediation steps has been impossible. An application server provides rich fault messaging using applications that do not provide explicit error messaging and protocols that do not provide explicit error messaging without changing either the application or the protocol by additional interactions between an identity provider and the application server. The application server uses authentication state information provided by the identity server to generate a notification sync event that appears to the application and the protocol to be a normal sync event. The notification sync event is used to provide the user with information needed to determine what the problem with the account is and how to fix it.Type: ApplicationFiled: October 30, 2012Publication date: May 1, 2014Applicant: Microsoft CorporationInventors: Ariel N. Gordon, David J. Steeves, Luke T. Abrams, Pui-Yin Wong, Krishna C. Vitaldevara
-
Publication number: 20110307938Abstract: Described is using a client-side account selector in a passive authentication protocol environment (such as OpenID) in which a relying party website trusts the authentication response from an identity provider website. The account selector may access and maintain historical information so as to provide user-specific identity provider selection options (rather than only general identity provider selection options). The account selector is invoked based upon an object tag in the page, e.g., as invoked by a browser extension associated with that particular object tag. The account selector may communicate with a reputation service to obtain reputation information corresponding to the identity providers, and vary its operation based upon the reputation information.Type: ApplicationFiled: June 15, 2010Publication date: December 15, 2011Applicant: MICROSOFT CORPORATIONInventors: Charles Ronald Reeves, JR., Oren J. Melzer, Michael Blair Jones, Ariel N. Gordon, Arun K. Nanda