Patents by Inventor David R. Mowers
David R. Mowers has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9819666Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: GrantFiled: March 1, 2016Date of Patent: November 14, 2017Assignee: Microsoft Technology Licensing, LLCInventors: David R. Mowers, John A. Banes, Daniel R. Simon, Paul J. Leach
-
Patent number: 9407617Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: GrantFiled: January 6, 2014Date of Patent: August 2, 2016Assignee: Microsoft Licensing Technology, LLCInventors: David R. Mowers, John A. Banes, Daniel R. Simon, Paul J. Leach
-
Publication number: 20160182488Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: ApplicationFiled: March 1, 2016Publication date: June 23, 2016Inventors: David R. Mowers, John A. Banes, Daniel R. Simon, Paul J. Leach
-
Patent number: 8918525Abstract: An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.Type: GrantFiled: December 22, 2010Date of Patent: December 23, 2014Assignee: Microsoft CorporationInventors: John A. Banes, Joseph M. Joy, David R. Mowers, Cem Paya, Feng Sun
-
Publication number: 20140189823Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: ApplicationFiled: January 6, 2014Publication date: July 3, 2014Applicant: Microsoft CorporationInventors: David R. Mowers, John A. Banes, Daniel R. Simon, Paul J. Leach
-
Patent number: 8627440Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: GrantFiled: December 24, 2009Date of Patent: January 7, 2014Assignee: Microsoft CorporationInventors: David R. Mowers, Daniel R. Simon, Paul J. Leach, John A. Banes
-
Patent number: 8266294Abstract: A first exemplary media implementation includes processor-executable instructions that direct a device to perform actions including: creating a session identifier using a host identifier; and formulating a host session initiation message with the created session identifier. A first exemplary device implementation includes: at least one processor; and one or more media including processor-executable instructions that direct the device to perform actions including: formulating a host session message with a session identifier that is created responsive to a host identifier; and sending the formulated host session message that includes the session identifier from the device. A second exemplary media implementation includes a data structure that has a message including a session identifier field, at least part of the session identifier field including a host identifier.Type: GrantFiled: August 13, 2003Date of Patent: September 11, 2012Assignee: Microsoft CorporationInventors: John A. Banes, Joseph M. Joy, David R. Mowers, Cem Paya, Feng Sun
-
Publication number: 20110093613Abstract: An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.Type: ApplicationFiled: December 22, 2010Publication date: April 21, 2011Applicant: Microsoft CorporationInventors: John A. Banes, Joseph M. Joy, David R. Mowers, Cem Paya, Feng Sun
-
Patent number: 7882251Abstract: An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.Type: GrantFiled: August 13, 2003Date of Patent: February 1, 2011Assignee: Microsoft CorporationInventors: John A. Banes, Joseph M. Joy, David R. Mowers, Cem Paya, Feng Sun
-
Patent number: 7747647Abstract: A permission information system and method are provided. The system facilitates management of permissions across a wide variety of systems and applications in a network environment. The system includes a data store which is a central repository that maintains permissions (e.g., in a user readable format). The permissions can, optionally, be translated into a format that is useable by endpoint system(s). The system further includes a metadirectory component which notices change(s) that are created in the data store and sends the security information to the endpoint system(s). The new security policy can then installed and enforced on the endpoint systems. The system can thus employ the capabilities of a metadirectory to distribute security policy(ies) to these end-point systems. The system can, optionally, include one or more translator(s) which transform the user readable format into a format that is consumable by the endpoint system(s).Type: GrantFiled: December 30, 2005Date of Patent: June 29, 2010Assignee: Microsoft CorporationInventors: William P. Canning, David R. Mowers, Geeman Yip, Cezar Ungureanasu
-
Publication number: 20100100953Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: ApplicationFiled: December 24, 2009Publication date: April 22, 2010Applicant: Microsoft CorporationInventors: David R. Mowers, John Banes, Daniel R. Simon, Paul J. Leach
-
Patent number: 7644275Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: GrantFiled: April 15, 2003Date of Patent: January 5, 2010Assignee: Microsoft CorporationInventors: David R. Mowers, John Banes, Daniel R. Simon, Paul J. Leach
-
Patent number: 7603555Abstract: A system for authenticating computer users comprising a single active directory disposed in an intranet, a web server disposed in a DMZ associated with the intranet, and a web client coupled to the web server through an internet connection that is capable of signing on to the web server.Type: GrantFiled: June 30, 2005Date of Patent: October 13, 2009Assignee: Microsoft CorporationInventors: Donald E. Schmidt, Ryan D. Johnson, Kahren Tevosyan, Jeffrey F. Spelman, Krishnanand Shenoy, Harini Raghavan, David R. Mowers, Matthew Hur
-
Patent number: 7401235Abstract: Methods and systems are provided to allow users that are authenticated by a trusted external service to gain controlled levels of access to selected local computing resources without requiring the user to also have conventional access control capabilities for the resources.Type: GrantFiled: May 10, 2002Date of Patent: July 15, 2008Assignee: Microsoft CorporationInventors: David R. Mowers, Daniel Doubrovkine, Roy Leban, Donald E. Schmidt, Ram Viswanathan, John E. Brezak, Richard B. Ward
-
Publication number: 20080027940Abstract: An operating system automatically classifies a new file by instructing the application that generated the file to modify the file by applying one or more settings for data usage attributes to the file prior to the application saving the file in a folder.Type: ApplicationFiled: July 27, 2006Publication date: January 31, 2008Applicant: Microsoft CorporationInventors: William P. Canning, Darrell J. Cannon, David R. Mowers
-
Publication number: 20070153814Abstract: A permission information system and method are provided. The system facilitates management of permissions across a wide variety of systems and applications in a network environment. The system includes a data store which is a central repository that maintains permissions (e.g., in a user readable format). The permissions can, optionally, be translated into a format that is useable by endpoint system(s). The system further includes a metadirectory component which notices change(s) that are created in the data store and sends the security information to the endpoint system(s). The new security policy can then installed and enforced on the endpoint systems. The system can thus employ the capabilities of a metadirectory to distribute security policy(ies) to these end-point systems. The system can, optionally, include one or more translator(s) which transform the user readable format into a format that is consumable by the endpoint system(s).Type: ApplicationFiled: December 30, 2005Publication date: July 5, 2007Applicant: Microsoft CorporationInventors: William P. Canning, David R. Mowers, Geeman Yip, Cezar Ungureanasu
-
Publication number: 20040210756Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: ApplicationFiled: April 15, 2003Publication date: October 21, 2004Applicant: MICROSOFT CORPORATIONInventors: David R. Mowers, John Banes, Daniel R. Simon, Paul J. Leach
-
Publication number: 20040098615Abstract: Systems and related methods enable a web service to map a unique identifier received from a client to the client's user account in a directory service using an authentication protocol and thereby receive permission to access resources for the client in the service's domain or in a distant domain. When the unique identifier is a web service unique identifier (PUID), the PUID is changed to a user principal name (UPN) mappable to the client's user account object in the directory service.Type: ApplicationFiled: November 16, 2002Publication date: May 20, 2004Inventors: David R. Mowers, John E. Brezak, Richard B. Ward, Scott A. Field, Todd F. Stecher, Paul J. Leach, Donald E. Schmidt
-
Publication number: 20030212806Abstract: Methods and systems are provided to allow users that are authenticated by a trusted external service to gain controlled levels of access to selected local computing resources without requiring the user to also have conventional access control capabilities for the resources.Type: ApplicationFiled: May 10, 2002Publication date: November 13, 2003Inventors: David R. Mowers, Daniel Doubrovkine, Roy Leban, Donald E. Schmidt, Ram Viswanathan, John E. Brezak, Richard B. Ward