Patents by Inventor Ankur Taly

Ankur Taly has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20180309582
    Abstract: In a distributed system, data is shared between three or more electronic devices. The first device generates and signs an object that includes the data. A second device receives the signed object and determines whether the signed object is valid. If valid, the second device will generate a validated signed object and send it to a third device. The third device will validate the object by determining whether the object includes valid signatures of both the first and second devices.
    Type: Application
    Filed: July 2, 2018
    Publication date: October 25, 2018
    Inventors: Michael Burrows, Himabindu Pucha, Raja Daoud, Jatin Lodhia, Ankur Taly
  • Patent number: 10044718
    Abstract: In a method of controlling sharing of an object between entities in a distributed system, a processor will identify an object and generate an access control list (ACL) for the object so that the ACL includes a list of clauses. Each clause will include a blessing pattern that will match one or more blessings, and at least one of the clauses also may include a reference to one or more groups. Each group represents a set of strings that represent blessing patterns or fragments of blessing patterns. The processor may generate each clause of the ACL as either a permit clause or a deny clause to indicate whether an entity or entities that have a blessing matched by the blessing pattern are permitted to access the object. The processor will save the ACL to a data store for use in responding to a request to access the object.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: August 7, 2018
    Assignee: Google LLC
    Inventors: Michael Burrows, Martin Abadi, Himabindu Pucha, Adam Sadovsky, Asim Shankar, Ankur Taly
  • Patent number: 10038559
    Abstract: In a distributed system, data is shared between three or more electronic devices. The first device generates and signs an object that includes the data. A second device receives the signed object and determines whether the signed object is valid. If valid, the second device will generate a validated signed object and send it to a third device. The third device will validate the object by determining whether the object includes valid signatures of both the first and second devices.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: July 31, 2018
    Assignee: Google LLC
    Inventors: Michael Burrows, Himabindu Pucha, Raja Daoud, Jatin Lodhia, Ankur Taly
  • Publication number: 20170099150
    Abstract: In a distributed system, data is shared between three or more electronic devices. The first device generates and signs an object that includes the data. A second device receives the signed object and determines whether the signed object is valid. If valid, the second device will generate a validated signed object and send it to a third device. The third device will validate the object by determining whether the object includes valid signatures of both the first and second devices.
    Type: Application
    Filed: October 3, 2016
    Publication date: April 6, 2017
    Inventors: Michael Burrows, Himabindu Pucha, Raja Daoud, Jatin Lodhia, Ankur Taly
  • Publication number: 20160352744
    Abstract: In a method of controlling sharing of an object between entities in a distributed system, a processor will identify an object and generate an access control list (ACL) for the object so that the ACL includes a list of clauses. Each clause will include a blessing pattern that will match one or more blessings, and at least one of the clauses also may include a reference to one or more groups. Each group represents a set of strings that represent blessing patterns or fragments of blessing patterns. The processor may generate each clause of the ACL as either a permit clause or a deny clause to indicate whether an entity or entities that have a blessing matched by the blessing pattern are permitted to access the object. The processor will save the ACL to a data store for use in responding to a request to access the object.
    Type: Application
    Filed: August 12, 2015
    Publication date: December 1, 2016
    Inventors: Michael Burrows, Martin Abadi, Himabindu Pucha, Adam Sadovsky, Asim Shankar, Ankur Taly
  • Patent number: 9397990
    Abstract: A method of controlling the sharing of data between entities that are in electronic communication with each other may include generating an authentication credential comprising an identifier for the target service and a unique signature, attenuating the authentication credential, and determining whether a client device is authorized to access the target service, and, only if so, providing the authentication credential to the client device. In an embodiment, the method may include receiving an access request from the client device, identifying that the authentication credential includes the unique signature and a third party caveat that is associated with a third party authentication service, in response to the identifying, determining whether the request also comprises a discharge credential for the third party caveat, and if the request includes the discharge credential, providing the client device with the requested service, otherwise denying the request.
    Type: Grant
    Filed: November 8, 2013
    Date of Patent: July 19, 2016
    Assignee: Google Inc.
    Inventors: Ankur Taly, Ulfar Erlingsson, Arnar Birgisson, Joseph Gibbs Politz, Mark Lentczner
  • Patent number: 9350556
    Abstract: A client device communicates with a target entity server and one or more third party devices. The client device has a client credential that includes a client public key and a client certificate chain. The client certificate chain includes a chain of human-readable names. The client device delegates a third party device access to a service on the server by creating a delegate certificate chain for the third party device. The delegate certificate chain is bound to a public key for the third party device and includes a human-readable name with an extension selected for the third party device. The delegate certificate chain also may include a section of the human-readable name that identifies the client device. The client device transmits or otherwise presents the delegate certificate chain to the third party device.
    Type: Grant
    Filed: April 20, 2015
    Date of Patent: May 24, 2016
    Assignee: Google Inc.
    Inventors: Ankur Taly, Asim Shankar, Gautham Thambidorai, David Presotto