Patents by Inventor Matthias Leibmann
Matthias Leibmann has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230396615Abstract: A cross-tenant authentication system is described. The system receives a user token from a client device that is registered with a first tenant of a service application of a server. The system receives a request, from the client device, to access a second feature of a second tenant of the service application. The second feature of the second tenant of the service application is separate from a first feature of the first tenant of the service application. The second feature is only accessible to devices registered with the second tenant of the service application. The system authenticates the request by validating the user token from the client device and determines a cross-tenant policy of the second tenant of the service application based on the user token. The system forms an identity object based on the cross-tenant policy.Type: ApplicationFiled: October 15, 2021Publication date: December 7, 2023Inventors: Chun Hung Lin, Vikas AHUJA, Matthias LEIBMANN, Anshul DUBE, Shankaranand ARUNACHALAM
-
Publication number: 20230198973Abstract: Techniques of service to service authentication in distributed computing systems are disclosed herein. One example technique includes identifying a token type of a security token and an authentication scheme indicated in an access request for authenticating the access request. The example technique also includes using a combination of the identified token type of the security token and the authentication scheme indicated in the access request as a key to locate an authentication pattern in a mapping table and identifying an authentication policy corresponding to the authentication pattern. The example technique can then include applying the identified authentication policy to the received data package to authenticate the access request based on the security token and conditionally providing the client service access to the platform service.Type: ApplicationFiled: December 16, 2021Publication date: June 22, 2023Inventors: Chun-Hung Lin, Matthias Leibmann
-
Patent number: 11658983Abstract: An authorization policy defines permissions that are exposed by a microservice. When a call is made to the microservice, it includes an access token. An application identifier uniquely identifying the calling application is extracted from the token. An access pattern, used by the calling application to obtain the access token and make the call to the microservice, is identified. Permissions that may be granted to the calling application are identified in the authorization policy based upon the application identifier and the access pattern that is identified. An authorization decision is made as to whether to authorize the call, based upon the granted permissions.Type: GrantFiled: February 7, 2020Date of Patent: May 23, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Matthias Leibmann, Grigory V. Kaplin, Vikas Ahuja, Kapil Kumar Jain, Qinxiao Zhou, Ran Cheng
-
Publication number: 20230111687Abstract: Systems and methods for enabling cross-tenant access are provided. In particular, a computing device may receive an access request, from a user of a first tenant, requesting access to a resource of a plurality of resources on a shared collaborative channel of a second tenant. The computing device may further evaluate cross-tenant access policies of the first and second tenants to determine that access to the plurality of resources is authorized by the first and second tenants, validate that the user is a member of the shared collaborative channel, and generate a validation token indicating the user is validated to access the plurality of resources. Based on the validation token, the computing device may further validate that the user is in compliance with the cross-tenant access policies for accessing the resource and grant the user a set of permissions to access the resource.Type: ApplicationFiled: September 30, 2021Publication date: April 13, 2023Applicant: Microsoft Technology Licensing, LLCInventors: Michael Thomas MCLEAN, Ladislau CONCEICAO, Glenn David BLOCK, Timothy Yu-Rui CHEN, Dean Shiyu CHIANG, Matthias LEIBMANN
-
Patent number: 11595220Abstract: A routing plane includes an authentication packaging system that receives client authentication information, as part of a request from a requesting client that is to be routed to a target service. The authentication packaging system combines the authentication information with assertion information indicative of an assertion as to the identity of the routing plane, using an entropy, such as a signing key. The authentication package is attached to the request and is sent to the target service. The target service validates the authentication package based on the entropy and authenticates the routing plane based on the assertion information and performs authentication processing based on the authentication information.Type: GrantFiled: November 29, 2021Date of Patent: February 28, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Matthias Leibmann, Grigory V. Kaplin, Chun-Hung Lin
-
Publication number: 20220086014Abstract: A routing plane includes an authentication packaging system that receives client authentication information, as part of a request from a requesting client that is to be routed to a target service. The authentication packaging system combines the authentication information with assertion information indicative of an assertion as to the identity of the routing plane, using an entropy, such as a signing key. The authentication package is attached to the request and is sent to the target service. The target service validates the authentication package based on the entropy and authenticates the routing plane based on the assertion information and performs authentication processing based on the authentication information.Type: ApplicationFiled: November 29, 2021Publication date: March 17, 2022Inventors: Matthias LEIBMANN, Grigory V. KAPLIN, Chun-Hung LIN
-
Patent number: 11223488Abstract: A routing plane includes an authentication packaging system that receives client authentication information, as part of a request from a requesting client that is to be routed to a target service. The authentication packaging system combines the authentication information with assertion information indicative of an assertion as to the identity of the routing plane, using an entropy, such as a signing key. The authentication package is attached to the request and is sent to the target service. The target service validates the authentication package based on the entropy and authenticates the routing plane based on the assertion information and performs authentication processing based on the authentication information.Type: GrantFiled: May 28, 2020Date of Patent: January 11, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Matthias Leibmann, Grigory V. Kaplin, Chun-Hung Lin
-
Publication number: 20210377055Abstract: A routing plane includes an authentication packaging system that receives client authentication information, as part of a request from a requesting client that is to be routed to a target service. The authentication packaging system combines the authentication information with assertion information indicative of an assertion as to the identity of the routing plane, using an entropy, such as a signing key. The authentication package is attached to the request and is sent to the target service. The target service validates the authentication package based on the entropy and authenticates the routing plane based on the assertion information and performs authentication processing based on the authentication information.Type: ApplicationFiled: May 28, 2020Publication date: December 2, 2021Inventors: Matthias Leibmann, Grigory V. Kaplin, Chun-Hung Lin
-
Publication number: 20210250361Abstract: An authorization policy defines permissions that are exposed by a microservice. When a call is made to the microservice, it includes an access token. An application identifier uniquely identifying the calling application is extracted from the token. An access pattern, used by the calling application to obtain the access token and make the call to the microservice, is identified. Permissions that may be granted to the calling application are identified in the authorization policy based upon the application identifier and the access pattern that is identified. An authorization decision is made as to whether to authorize the call, based upon the granted permissions.Type: ApplicationFiled: February 7, 2020Publication date: August 12, 2021Inventors: Matthias Leibmann, Grigory V. Kaplin, Vikas Ahuja, Kapil Kumar Jain, Qinxiao Zhou, Ran Cheng
-
Patent number: 10726395Abstract: Calendar repair may be provided. Calendar events, such as appointments and meetings, may be created and copied to a plurality of attendee calendars. A first copy of the event may be compared to a second copy of the event, and an event property of the second event may be updated to match a corresponding event property of the first event.Type: GrantFiled: January 3, 2019Date of Patent: July 28, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Vanessa C. Feliberti, Cliff M. Don, Firdosh R. Ghyara, Sina Hakami, Matthias Leibmann, Roberto Ribeiro Da Fonseca Mendes, Paul David Tischhauser
-
Patent number: 10623410Abstract: A computing system controls access between components. A token issuer issues an access token to a requesting component, that is requesting access to a requested service component, based at least in part on an access policy. The requesting component sends the token to the requested service component, which includes a token authentication module that validates the access token and authorizes the requesting component to access a requested service component, and receives the authorization to access the requested service component.Type: GrantFiled: April 24, 2017Date of Patent: April 14, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Matthias Leibmann, Joel T. Hendrickson, Grigory V. Kaplin, Corneliu Manescu
-
Publication number: 20190139003Abstract: Calendar repair may be provided. Calendar events, such as appointments and meetings, may be created and copied to a plurality of attendee calendars. A first copy of the event may be compared to a second copy of the event, and an event property of the second event may be updated to match a corresponding event property of the first event.Type: ApplicationFiled: January 3, 2019Publication date: May 9, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Vanessa C. FELIBERTI, Cliff M. DON, Firdosh R. GHYARA, Sina HAKAMI, Matthias LEIBMANN, Roberto Ribeiro Da Fonseca MENDES, Paul David TISCHHAUSER
-
Patent number: 10176462Abstract: Calendar repair may be provided. Calendar events, such as appointments and meetings, may be created and copied to a plurality of attendee calendars. A first copy of the event may be compared to a second copy of the event, and an event property of the second event may be updated to match a corresponding event property of the first event.Type: GrantFiled: November 23, 2015Date of Patent: January 8, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Vanessa C. Feliberti, Cliff M. Don, Firdosh R. Ghyara, Sina Hakami, Matthias Leibmann, Roberto Ribeiro Da Fonseca Mendes, Paul David Tischhauser
-
Publication number: 20180309759Abstract: A computing system controls access between components. A token issuer issues an access token to a requesting component, that is requesting access to a requested service component, based at least in part on an access policy. The requesting component sends the token to the requested service component, which includes a token authentication module that validates the access token and authorizes the requesting component to access a requested service component, and receives the authorization to access the requested service component.Type: ApplicationFiled: April 24, 2017Publication date: October 25, 2018Inventors: Matthias Leibmann, Joel T. Hendrickson, Grigory V. Kaplin, Corneliu Manescu
-
Publication number: 20160078412Abstract: Calendar repair may be provided. Calendar events, such as appointments and meetings, may be created and copied to a plurality of attendee calendars. A first copy of the event may be compared to a second copy of the event, and an event property of the second event may be updated to match a corresponding event property of the first event.Type: ApplicationFiled: November 23, 2015Publication date: March 17, 2016Applicant: Microsoft Technology Licensing, LLCInventors: Vanessa C. Feliberti, Cliff M. Don, Firdosh R. Ghyara, Sina Hakami, Matthias Leibmann, Roberto Ribeiro Da Fonseca Mendes, Paul David Tischhauser
-
Patent number: 9213964Abstract: Calendar repair may be provided. Calendar events, such as appointments and meetings, may be created and copied to a plurality of attendee calendars. A first copy of the event may be compared to a second copy of the event, and an event property of the second event may be updated to match a corresponding event property of the first event.Type: GrantFiled: February 12, 2013Date of Patent: December 15, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Vanessa C. Feliberti, Cliff M. Don, Firdosh R. Ghyara, Sina Hakami, Matthias Leibmann, Roberto Ribeiro Da Fonseca Mendes, Paul David Tischhauser
-
Patent number: 8898764Abstract: A web extension authenticates a user using a token based authentication scheme. A token is retrieved from a client application to authenticate the user. The web extension transmits the token to a server component to have the server component authenticate the user. The server component validates the token using a validation library. The user is mapped to the token and authenticated upon validating the token.Type: GrantFiled: November 16, 2012Date of Patent: November 25, 2014Assignee: Microsoft CorporationInventors: Brian Kress, Andrew Salamatov, Matthias Leibmann, Jason Henderson
-
Patent number: 8819794Abstract: Online and on-premise applications identify trusted authentication providers. The applications are configured with a list of trusted issuers of authentication credentials. When an application receives a request requiring authentication, the application returns a 401 response that includes the trusted issuer list. The requesting application compares the trusted issuer list from the 401 response to its own list of authentication providers. If there is a match between the two lists, then the requesting application creates a self-issued token for the authentication provider. The authentication provider uses the self-issued token to generate an authentication token for the requesting application. The requesting application may also directly create a token for a target partner application, without an authentication provider, if there is a direct trust between the two applications.Type: GrantFiled: January 19, 2012Date of Patent: August 26, 2014Assignee: Microsoft CorporationInventors: Vadim Eydelman, Brian Kress, Matthias Leibmann, Moustafa Noureddine, Lei Yu, Haibo Luo
-
Patent number: 8713435Abstract: Dynamic time rebasing may be provided. After receiving a request to view a calendar item, a base time associated with the calendar item may be retrieved. A local bias associated with the request to view the calendar item may be identified. The base time may be converted to a local time according to the local bias. The calendar item may then be displayed according to the converted local time.Type: GrantFiled: August 26, 2010Date of Patent: April 29, 2014Assignee: Microsoft CorporationInventors: Hongchao Guan, Jason Buckingham, Alessio Roic, Matthias Leibmann
-
Patent number: 8621205Abstract: Certificate remoting and recovery may be provided. A computer may identify required security certificates and determine whether at least one required security certificate is not available. If the certificate is not available, the computer may identify a peer server and request the missing certificate from the peer server. The computer may also be operative to receive certificate management instructions from other computers.Type: GrantFiled: February 12, 2010Date of Patent: December 31, 2013Assignee: Microsoft CorporationInventors: Steven Quentin Hubbell, Frank Byrum, Ladislau Conceicao, Trevor William Freeman, Jeffrey Brian Kay, Matthias Leibmann