Abstract: Services from domainless machines are made available in a security domain under a virtual name. Each machine is not joined to the domain but can reach a security domain controller. The controller controls at least one security domain using an authentication protocol, such as a modified Kerberos protocol. One obtains a set of security domain credentials, generates a cluster name secret, gives the cluster a virtual name, and authenticates the machines to the domain controller using these items. In some cases, authentication uses a ticket-based protocol which accepts the cluster name secret in place of a proof of valid security domain membership. In some, the domain controller uses a directory service which is compatible with an active directory service; the cluster virtual name is provisioned as an account in the directory service. The cluster virtual name may concurrently serve clients on different security domains of the directory service.
October 5, 2017
Date of Patent:
April 23, 2019
Microsoft Tehnology Licensing, LLC
Sai Sudhir Anantha Padmanaban, Lokesh Srinivas Koppolu, Andrea D'Amato, Yi Zeng
Abstract: A phony profiles detector for an on-line social network system is described. The phony profiles detector uses characteristics of a profile that was associated with an indication that it represents a malicious user, a so-called seed profile, to identify other profiles that should be flagged as potentially the source of undesirable behavior. Based on the degree of similarity determined for a subject profile with respect to a seed profile, the phony profiles detector generates a malicious user indicator and stores it as associated with the subject profile.