Patents by Inventor Yordan I Rouskov
Yordan I Rouskov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8549298Abstract: Computer-readable media, systems, and methods for encrypting communications between a client and an online service provider to ensure the communications are secure. In embodiments an authentication request is received from a user agent associated with the client and the authentication request includes identification information and authentication information. Additionally, it is determined that the identification and authentication information are associated with a user. An authentication ticket is created that includes a user identification and an authentication and indicates to the online service provider that the user is authenticated to access one or more services. Further, a session key is generated and an encrypted session key is embedded into the authentication ticket. The session key is encrypted and the private key is known only to the online service provider and the public key is known at least by an authentication server.Type: GrantFiled: February 29, 2008Date of Patent: October 1, 2013Assignee: Microsoft CorporationInventors: Yordan I. Rouskov, Rui Chen
-
Patent number: 8490201Abstract: One or more strong proofs are maintained as associated with an account of a user. In response to a request to change a security setting of the account, an attempt is made to confirm the request by using one of the one or more strong proofs to notify the user. The change is permitted if the request is confirmed via one or more of the strong proofs, and otherwise the change to the security setting of the account is kept unchanged.Type: GrantFiled: March 26, 2010Date of Patent: July 16, 2013Assignee: Microsoft CorporationInventors: Tarek Bahaa El-Din Mahmoud Kamel, Yordan I. Rouskov, David J. Steeves, Rammohan Nagasubramani, Pui-Yin Winfred Wong, WeiQiang Michael Guo, Vikas Rajvanshy, Orville C. McDonald, Sean Christian Wohlgemuth, Vikrant Minhas
-
Patent number: 8341718Abstract: An integrated authentication service is described which may receive a bundled request from one or more clients. One or more of the described techniques may be utilized to provide, in response to a single bundled request, a token for proof of identity and a certificate for establishing secure communications.Type: GrantFiled: December 10, 2010Date of Patent: December 25, 2012Assignee: Microsoft CorporationInventors: Trevin M Chow, Pui-Yin Winfred Wong, Yordan I Rouskov, Kok Wai Chan, Wei Jiang, Colin Chow, Sanjeev M Nagvekar, Matt Sullivan, Kalyan Sayyaparaju, Dilip K. Pai, Avinash Belur
-
Patent number: 8327428Abstract: Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.Type: GrantFiled: November 30, 2006Date of Patent: December 4, 2012Assignee: Microsoft CorporationInventors: David W. Bailey, Lynn C. Ayres, Lin Huang, Yordan I Rouskov, Weiqiang Michael Guo
-
Patent number: 8225385Abstract: Embodiments of multiple security token transactions are described herein. One or more of the described techniques may be utilized to provide, in a single request and response, an authentication token and a plurality security tokens for proof of identity at respective service providers.Type: GrantFiled: March 23, 2006Date of Patent: July 17, 2012Assignee: Microsoft CorporationInventors: Trevin M Chow, Colin Chow, Pui-Yin Winfred Wong, Dilip K. Pai, Sanjeev M Nagvekar, Wei Jiang, Yordan I Rouskov
-
Publication number: 20120102553Abstract: Techniques for mixed-mode authentication are described. In one or more embodiments, an authentication service may be implemented to selectively configure and issue authentication tokens based upon an optional secure mode that enables enhanced security. Clients may be provided with an option to choose between an insecure mode and a secure mode for authentications. Based on this choice, tokens may be configured to include an indication of whether the secure mode is disabled or enabled. When secure mode is disabled, an insecure token valid for both secure sites and other sites is issued to a client when the client is authenticated. When the optional secure mode is enabled, both secure and insecure tokens are provided to the client. The authentication services and/or other services may be configured to reject an insecure token when secure mode is enabled to prevent unauthorized use of a stolen token to access secure resources.Type: ApplicationFiled: October 22, 2010Publication date: April 26, 2012Applicant: MICROSOFT CORPORATIONInventors: Walter C. Hsueh, Yordan I. Rouskov, Spencer Wong Low, Daniel W. Crevier
-
Publication number: 20120079585Abstract: Embodiments of proxy authentication and indirect certificate chaining are described herein. In an implementation, authentication for a client occurs via a proxy service. Proxy service communicates between client and server, and caches security tokens on behalf of the client. In an implementation, trustworthiness of certificate presented to a client to establish trust is determined utilizing a signed data package which incorporates a plurality of known certificates. The presented certificate is verified without utilizing root certificates installed on the client device.Type: ApplicationFiled: December 6, 2011Publication date: March 29, 2012Applicant: MICROSOFT CORPORATIONInventors: Kok Wai Chan, Colin Chow, Trevin M. Chow, Lin Huang, Ryan Hurst, Naresh Jain, Wei Jiang, Yordan I. Rouskov, Pui-Yin Winfred Wong, Ismail Cem Paya, Ryan Hurst
-
Publication number: 20110214173Abstract: One or more strong proofs are maintained as associated with an account of a user. In response to a request to change a security setting of the account, an attempt is made to confirm the request by using one of the one or more strong proofs to notify the user. The change is permitted if the request is confirmed via one or more of the strong proofs, and otherwise the change to the security setting of the account is kept unchanged.Type: ApplicationFiled: March 26, 2010Publication date: September 1, 2011Applicant: Microsoft CorporationInventors: Tarek Bahaa El-Din Mahmoud Kamel, Yordan I. Rouskov, David J. Steeves, Rammohan Nagasubramani, Pui-Yin Winfred Wong, WeiQiang Michael Guo, Vikas Rajvanshy, Orville C. McDonald, Sean Christian Wohlgemuth
-
Publication number: 20100299716Abstract: Authentication is widely used to protect consumer data and computing services, such as email, document storage, and online banking. Current authentication models, such as those employed by online identity providers, may have limited options and configurations for authentication schemes. Accordingly, as provided herein, a model based authentication scheme may be configured based upon a policy and/or an authentication mechanism list. The policy may define the target resource, a user, a group the user belongs to, devices used to connect to the target resource, a service owning the target resource, etc. The authentication mechanism list may comprise predefined authentication mechanisms and/or user plug-in authentication mechanisms (e.g., user created authentication mechanism). Once the authentication scheme is configured, it may be enforced upon authentication requests from a user. Feedback may be provided to the user based upon patterns of usage of the target resource.Type: ApplicationFiled: May 22, 2009Publication date: November 25, 2010Applicant: Microsoft CorporationInventors: Yordan I. Rouskov, Wei-Qiang Michael Guo, Orville Charles McDonald, Ramu Movva, Kyle Stapley Young, Kok Wai Chau
-
Publication number: 20100293608Abstract: Techniques to provide evidence-based dynamic scoring to limit guesses in knowledge based authentication are disclosed herein. In some aspects, an authenticator may receive an input from a user in response to a presentation of a personal question that enables user access to a restricted resource. The authenticator may determine that the input is not equivalent to a stored value, and thus is an incorrect input. The authenticator may then determine whether the input is similar to a previous input received from the user. A score may be assigned to the input. When the input is determined to be similar to the previous input, the score may be reduced. Another request for an input may be transmitted by the authenticator when a sum of the score and any previous scores of the session is less than a threshold.Type: ApplicationFiled: May 14, 2009Publication date: November 18, 2010Applicant: MICROSOFT CORPORATIONInventors: Stuart Schechter, Yordan I. Rouskov, Cormac E. Herley, Charles William Kaufman
-
Publication number: 20090260072Abstract: Systems, computer-implemented methods, and computer-readable media for establishing an online account with a resource provider are provided. An authentication token including identification of a user from an authentication server is received. The identification of the user from the authentication token is utilized to establish an online account for the user with the resource provider. Additional credentialing information from the user for the online account is received. The additional information received from the user is associated with the online account for the user with the resource provider.Type: ApplicationFiled: April 14, 2008Publication date: October 15, 2009Applicant: MICROSOFT CORPORATIONInventors: YORDAN I. ROUSKOV, TORE SUNDELIN, MRIGANKKA FOTEDAR, SARAH FAULKNER, PUI-YIN WINFRED WONG, WEI-QUIANG MICHAEL GUO, LYNN AYRES
-
Publication number: 20090222656Abstract: Computer-readable media, systems, and methods for encrypting communications between a client and an online service provider to ensure the communications are secure. In embodiments an authentication request is received from a user agent associated with the client and the authentication request includes identification information and authentication information. Additionally, it is determined that the identification and authentication information are associated with a user. An authentication ticket is created that includes a user identification and an authentication and indicates to the online service provider that the user is authenticated to access one or more services. Further, a session key is generated and an encrypted session key is embedded into the authentication ticket. The session key is encrypted and the private key is known only to the online service provider and the public key is known at least by an authentication server.Type: ApplicationFiled: February 29, 2008Publication date: September 3, 2009Applicant: MICROSOFT CORPORATIONInventors: YORDAN I. ROUSKOV, RUI CHEN
-
Publication number: 20080134295Abstract: Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.Type: ApplicationFiled: November 30, 2006Publication date: June 5, 2008Applicant: Microsoft CorporationInventors: David W. Bailey, Lynn C. Ayres, Lin Huang, Yordan I. Rouskov, Weiqiang Michael Guo