Patents by Inventor Paul G. Mayfield
Paul G. Mayfield has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9521119Abstract: Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.Type: GrantFiled: October 14, 2015Date of Patent: December 13, 2016Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Anthony M. Leibovitz, Mark C. Schurman, Mudit Goel, Paul G. Mayfield, Sudhakar Pasupuleti, Taroon Mandhana, Vivek P. Kamath, Wei Zheng, Xuemei Bao
-
Publication number: 20160036781Abstract: Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.Type: ApplicationFiled: October 14, 2015Publication date: February 4, 2016Inventors: Anthony M. Leibovitz, Mark C. Schurman, Mudit Goel, Paul G. Mayfield, Sudhakar Pasupuleti, Taroon Mandhana, Vivek P. Kamath, Wei Zheng, Xuemei Bao
-
Patent number: 9185091Abstract: Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.Type: GrantFiled: September 28, 2012Date of Patent: November 10, 2015Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Anthony M. Leibovitz, Mark C. Schurman, Mudit Goel, Paul G. Mayfield, Sudhakar Pasupuleti, Taroon Mandhana, Vivek P. Kamath, Wei Zheng, Xuemei Bao
-
Patent number: 8875160Abstract: A library operating system is employed in conjunction with an application in a virtual environment to facilitate dynamic application migration. An application executing in a virtual environment with a library operating system on a first machine can be suspended, and application state can be captured. Subsequently, the state can be restored and execution resumed on the first machine or a second machine.Type: GrantFiled: January 6, 2012Date of Patent: October 28, 2014Assignee: Microsoft CorporationInventors: Galen C. Hunt, Reuben R. Olinsky, Adam B. Anderson, Paul G. Mayfield, William Street, Russell T. Young, Barry Bond, Andrew A. Baumann
-
Patent number: 8689315Abstract: A method and system are provided for adding, removing, and managing a plurality of network policy filters in a network device. Filters are installed in a framework and designated as active or disabled. Each filter has a priority. When a new filter is to be installed into the framework, it is compared to installed filters to determine if a conflict exists. If no conflict exists, the new filter is added as an active filter. If a conflict exists, a higher priority conflicting filter is added as active and a lower priority filter is added as inactive.Type: GrantFiled: July 31, 2008Date of Patent: April 1, 2014Assignee: Microsoft CorporationInventors: Brian D. Swander, Avnish Kumar Chhabra, Paul G. Mayfield
-
Publication number: 20130024911Abstract: Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.Type: ApplicationFiled: September 28, 2012Publication date: January 24, 2013Applicant: Microsoft CorporationInventors: Anthony M. Leibovitz, Mark C. Schurman, Mudit Goel, Paul G. Mayfield, Sudhakar Pasupuleti, Taroon Mandhana, Vivek P. Kamath, Wei Zheng, Xuemei Bao
-
Patent number: 8286223Abstract: Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.Type: GrantFiled: July 8, 2005Date of Patent: October 9, 2012Assignee: Microsoft CorporationInventors: Anthony M. Leibovitz, Mark C. Schurman, Mudit Goel, Paul G. Mayfield, Sudhakar Pasupuleti, Taroon Mandhana, Vivek P. Kamath, Wei Zheng, Xuemei Bao
-
Patent number: 8275989Abstract: A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.Type: GrantFiled: July 9, 2009Date of Patent: September 25, 2012Assignee: Microsoft CorporationInventors: Christian Huitema, Paul G. Mayfield, Brian D. Swander, Sara Bitan, Daniel R. Simon
-
Publication number: 20120227058Abstract: A library operating system is employed in conjunction with an application in a virtual environment to facilitate dynamic application migration. An application executing in a virtual environment with a library operating system on a first machine can be suspended, and application state can be captured. Subsequently, the state can be restored and execution resumed on the first machine or a second machine.Type: ApplicationFiled: January 6, 2012Publication date: September 6, 2012Applicant: MICROSOFT CORPORATIONInventors: Galen C. Hunt, Reuben R. Olinsky, Adam B. Anderson, Paul G. Mayfield, William Street, Russell T. Young, Barry Bond, Andrew A. Baumann
-
Patent number: 8185740Abstract: Consumer computers that are not properly configured for safe access to a web service are protected from damage by controlling access to web services based on the health of the client computer. A client health web service receives health information from the client computer, determines the health status of the consumer computer, and issues a token to the consumer computer indicating its health status. The consumer computer can provide this token to other web services, which in turn may provide access to the consumer computer based on the health status indicated in the token. The client health web service may be operated as a web service specifically to determine the health of consumer computers or may have other functions, including providing access to the Internet. Also, the health information may be proxied to another device, such as a gateway device, that manages interactions with the client health web service.Type: GrantFiled: March 26, 2007Date of Patent: May 22, 2012Assignee: Microsoft CorporationInventors: Calvin Choon-Hwan Choe, Paul G. Mayfield
-
Patent number: 8166538Abstract: A unified architecture for enabling remote access to a network is provided. The network may comprise, as examples, a virtual private network (VPN) and/or a peer-to-peer network. In one embodiment, the architecture includes components installed on a client device/node and a gateway/supernode. Components implemented on the client device may facilitate access in a manner similar to that of a traditional VPN, while components on the gateway may facilitate access in a manner similar to an application proxy. Communication between the client device and gateway may occur, as an example, via a Secure Sockets Layer (SSL) communication protocol.Type: GrantFiled: July 8, 2005Date of Patent: April 24, 2012Assignee: Microsoft CorporationInventors: Abolade Gbadegesin, Arvind M. Murching, David G. Thaler, Henry L. Sanders, Narendra C. Gidwani, Paul G. Mayfield
-
Patent number: 8086701Abstract: A network state platform for managing a network having a number of network nodes is disclosed. A user provides a policy layer a high level instruction indicative of the desired network performance. The policy layer parses the high level instruction to generate a number of configuration instructions for the network nodes. The network nodes provide data logs of their activity to a data layer that collates the logs into a single entry that is stored, and can be accessed by an observation layer. External applications interface with the observation layer to access the stored data and use this information to generate requests to change portions of the network configuration. These requests are provided to a control layer that converts the requests from the applications to a high level instruction that is then provided to the policy layer to implement.Type: GrantFiled: April 28, 2008Date of Patent: December 27, 2011Assignee: Microsoft CorporationInventors: Mudit Goel, Paul G Mayfield
-
Patent number: 7793096Abstract: A method is provided for use in a computer system including a client and a health registration authority. The health registration authority is configured to accept requests for assertions, and the client has a health state described by at least one health claim. The method may include an act of including an indication of the at least one health claim of the client in a request for an assertion. A second method is provided for use in a computer system comprising a client, an assertion authority, and a plurality of health policies. The method can include an act of including an indication of at least one health policy that the health claim of the client satisfies in an assertion.Type: GrantFiled: March 31, 2006Date of Patent: September 7, 2010Assignee: Microsoft CorporationInventors: Ryan M. Hurst, Ekta H. Manaktala, Paul G. Mayfield, Vivek P. Kamath
-
Publication number: 20090276828Abstract: A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.Type: ApplicationFiled: July 9, 2009Publication date: November 5, 2009Applicant: Microsoft CorporationInventors: Brian D. Swander, Sara Bitan, Christian Huitema, Paul G. Mayfield, Daniel R. Simon
-
Publication number: 20090271510Abstract: A network state platform for managing a network having a number of network nodes is disclosed. A user provides a policy layer a high level instruction indicative of the desired network performance. The policy layer parses the high level instruction to generate a number of configuration instructions for the network nodes. The network nodes provide data logs of their activity to a data layer that collates the logs into a single entry that is stored, and can be accessed by an observation layer. External applications interface with the observation layer to access the stored data and use this information to generate requests to change portions of the network configuration. These requests are provided to a control layer that converts the requests from the applications to a high level instruction that is then provided to the policy layer to implement.Type: ApplicationFiled: April 28, 2008Publication date: October 29, 2009Applicant: MICROSOFT CORPORATIONInventors: Mudit Goel, Paul G. Mayfield
-
Patent number: 7574603Abstract: A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.Type: GrantFiled: November 14, 2003Date of Patent: August 11, 2009Assignee: Microsoft CorporationInventors: Brian D. Swander, Sara Bitan, Christian Huitema, Paul G. Mayfield, Daniel R. Simon
-
Patent number: 7509673Abstract: A method and system are provided for implementing a firewall architecture in a network device. The firewall architecture includes a plurality of network layers, a first firewall engine, and one or more callout modules. The layers send packets and packet information to the first firewall engine, maintain and pass packet context to subsequent layers, and process the packets. The first firewall engine compares the packet information to one or more installed filters and returns an action to the layers indicating how to treat the packet. The callouts provide additional functionality such as intrusion detection, logging, and parental control features.Type: GrantFiled: June 6, 2003Date of Patent: March 24, 2009Assignee: Microsoft CorporationInventors: Brian D. Swander, Paul G. Mayfield
-
Publication number: 20090077648Abstract: A method and system are provided for adding, removing, and managing a plurality of network policy filters in a network device. Filters are installed in a framework and designated as active or disabled. Each filter has a priority. When a new filter is to be installed into the framework, it is compared to installed filters to determine if a conflict exists. If no conflict exists, the new filter is added as an active filter. If a conflict exists, a higher priority conflicting filter is added as active and a lower priority filter is added as inactive.Type: ApplicationFiled: July 31, 2008Publication date: March 19, 2009Applicant: Microsoft CorporationInventors: Brian D. Swander, Avnish Kumar Chhabra, Paul G. Mayfield
-
Publication number: 20080244724Abstract: Consumer computers that are not properly configured for safe access to a web service are protected from damage by controlling access to web services based on the health of the client computer. A client health web service receives health information from the client computer, determines the health status of the consumer computer, and issues a token to the consumer computer indicating its health status. The consumer computer can provide this token to other web services, which in turn may provide access to the consumer computer based on the health status indicated in the token. The client health web service may be operated as a web service specifically to determine the health of consumer computers or may have other functions, including providing access to the Internet. Also, the health information may be proxied to another device, such as a gateway device, that manages interactions with the client health web service.Type: ApplicationFiled: March 26, 2007Publication date: October 2, 2008Applicant: Microsoft CorporationInventors: Calvin Choon-Hwan Choe, Paul G. Mayfield
-
Patent number: 7409707Abstract: A method and system are provided for adding, removing, and managing a plurality of network policy filters in a network device. Filters are installed in a framework and designated as active or disabled. Each filter has a priority. When a new filter is to be installed into the framework, it is compared to installed filters to determine if a conflict exists. If no conflict exists, the new filter is added as an active filter. If a conflict exists, a higher priority conflicting filter is added as active and a lower priority filter is added as inactive.Type: GrantFiled: June 6, 2003Date of Patent: August 5, 2008Assignee: Microsoft CorporationInventors: Brian D. Swander, Avnish Kumar Chhabra, Paul G. Mayfield