Patents by Inventor Anna Barhudarian
Anna Barhudarian has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11627138Abstract: A computing system configured to support entities having the ability to indicate capability information for capabilities of the entities is illustrated. Embodiments may include an identity provider computer system comprising at least one processor. The identity provider computer system is configured to receive requests for access tokens from entities. The requests include capability information for the entities. The identity provider computer system is further configured to provide access tokens to the entities which include the capability information. The computing system further includes a resource provider computer system comprising at least one processor configured to receive resource requests and access tokens from entities. The access tokens include the capability information. The resource providers are further configured to provide responses to the entities according to the capability information.Type: GrantFiled: October 31, 2019Date of Patent: April 11, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Violet Anna Barhudarian, Jiangfeng Lu, Caleb Geoffrey Baker, Oren Jordan Melzer, Anirban Basu, Yordan Ivanov Rouskov, William Bruce Barr, III, Radhika Kashyap
-
Patent number: 11405425Abstract: Authenticating computing entities. A method includes at an identity provider, providing a first access token to an entity for use by the entity in obtaining resources from a resource provider. The method further includes, at the identity provider, receiving response information from the entity. The response information from the entity is provided to the entity from the resource provider as a result of the resource provider enforcing policy at the resource provider. At the identity provider, a second access token is provided to the entity. The second access token is provided based on the response information, such that the second access token can be used by the entity to obtain the resources from the resource provider.Type: GrantFiled: October 31, 2019Date of Patent: August 2, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Violet Anna Barhudarian, Jiangfeng Lu, Caleb Geoffrey Baker, Oren Jordan Melzer, Anirban Basu, Yordan Ivanov Rouskov, William Bruce Barr, III, Radhika Kashyap, Carlos Adrian Lopez Castro, Pui-Yin Winfred Wong
-
Patent number: 11349844Abstract: Managing an authenticated user session. A method includes a resource provider computer system subscribing to a conditional access termination service for an entity configured to obtain resources from the resource provider computer system through a user session. The resource provider computer system receives an event, related to resource requests, for the entity from the conditional access termination service. The resource provider computer system receives a request for resources from the entity. The resource provider computer system evaluates the request with respect to the event. The resource provider computer system responds to the request based on evaluating the request with respect to the event.Type: GrantFiled: October 31, 2019Date of Patent: May 31, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Violet Anna Barhudarian, Jiangfeng Lu, Caleb Geoffrey Baker, Oren Jordan Melzer, Anirban Basu, Chandra Sekhar Surapaneni, Nitika Gupta, Murli Dharan Satagopan
-
Patent number: 11296881Abstract: An embodiment disclosed herein is related to computing systems and method for a computing system to generate an access token that includes an IP address from a request. In the embodiment, a request is received for access to one secured data items. The request may include user credentials that specify that a user making the request is permitted to access the secured data items. The user credentials are validated and an Internet Protocol (IP) address that the request was sent from is determined. An access token is generated that includes the IP address that the request was sent from.Type: GrantFiled: October 30, 2019Date of Patent: April 5, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Violet Anna Barhudarian, Jiangfeng Lu, Caleb Geoffrey Baker, Oren Jordan Melzer, Anirban Basu, Praveen Erode Murugesan
-
Patent number: 11252146Abstract: Managing user sessions in a networked computing environment. A method includes, at an identity provider computer system, providing a first id token to a resource provider for an entity. The first id token has therein a first policy check interval having a value defining a period when the first id token should be revalidated. Due to expiration of the first policy check interval, a first refresh token is received from a resource provider computer system that received the first id token. As a result of receiving the first refresh token from the resource provider computer system, the identity provider computer system evaluates conditional access policy for the entity. If the identity provider computer system determines that the conditional access policy for the entity has been met, the identity provider computer system provides a new id token and a new refresh token to the resource provider computer system.Type: GrantFiled: November 19, 2019Date of Patent: February 15, 2022Assignee: MICROSOFT TECHNOLOGLY LICENSING, LLCInventors: Violet Anna Barhudarian, Yordan Ivanov Rouskov, Radhika Kashyap, Pui-Yin Winfred Wong, George Adrian Drumea
-
Patent number: 11171948Abstract: Session lifetime can be adapted based on session reputation. Session reputation can be computed based on sign-in risk and device risk, among other things. Session lifetime corresponds to a length of time a session is valid and can be determined automatically based on the session reputation. Subsequently, a token can be generated and returned in response to successful authentication that identifies a session and is valid for the determined lifetime.Type: GrantFiled: June 27, 2018Date of Patent: November 9, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Violet Anna Barhudarian, George Adrian Drumea, Pui-Yin Winfred Wong, Radhika Kashyap, Titus Constantin Miron, Caleb Baker
-
Publication number: 20210152547Abstract: Managing user sessions in a networked computing environment. A method includes, at an identity provider computer system, providing a first id token to a resource provider for an entity. The first id token has therein a first policy check interval having a value defining a period when the first id token should be revalidated. Due to expiration of the first policy check interval, a first refresh token is received from a resource provider computer system that received the first id token. As a result of receiving the first refresh token from the resource provider computer system, the identity provider computer system evaluates conditional access policy for the entity. If the identity provider computer system determines that the conditional access policy for the entity has been met, the identity provider computer system provides a new id token and a new refresh token to the resource provider computer system.Type: ApplicationFiled: November 19, 2019Publication date: May 20, 2021Inventors: Violet Anna BARHUDARIAN, Yordan Ivanov ROUSKOV, Radhika KASHYAP, Pui-Yin Winfred WONG, George Adrian DRUMEA
-
Publication number: 20210135869Abstract: An embodiment disclosed herein is related to computing systems and method for a computing system to generate an access token that includes an IP address from a request. In the embodiment, a request is received for access to one secured data items. The request may include user credentials that specify that a user making the request is permitted to access the secured data items. The user credentials are validated and an Internet Protocol (IP) address that the request was sent from is determined. An access token is generated that includes the IP address that the request was sent from.Type: ApplicationFiled: October 30, 2019Publication date: May 6, 2021Inventors: Violet Anna Barhudarian, Jiangfeng Lu, Caleb Geoffrey Baker, Oren Jordan Melzer, Anirban Basu, Praveen Erode Murugesan
-
Publication number: 20210136076Abstract: Managing an authenticated user session. A method includes a resource provider computer system subscribing to a conditional access termination service for an entity configured to obtain resources from the resource provider computer system through a user session. The resource provider computer system receives an event, related to resource requests, for the entity from the conditional access termination service. The resource provider computer system receives a request for resources from the entity. The resource provider computer system evaluates the request with respect to the event. The resource provider computer system responds to the request based on evaluating the request with respect to the event.Type: ApplicationFiled: October 31, 2019Publication date: May 6, 2021Inventors: Violet Anna BARHUDARIAN, Jiangfeng LU, Caleb Geoffrey BAKER, Oren Jordan MELZER, Anirban BASU, Chandra Sekhar SURAPANENI, Nitika GUPTA, Murli Dharan SATAGOPAN
-
Publication number: 20210136113Abstract: Authenticating computing entities. A method includes at an identity provider, providing a first access token to an entity for use by the entity in obtaining resources from a resource provider. The method further includes, at the identity provider, receiving response information from the entity. The response information from the entity is provided to the entity from the resource provider as a result of the resource provider enforcing policy at the resource provider. At the identity provider, a second access token is provided to the entity. The second access token is provided based on the response information, such that the second access token can be used by the entity to obtain the resources from the resource provider.Type: ApplicationFiled: October 31, 2019Publication date: May 6, 2021Inventors: Violet Anna BARHUDARIAN, Jiangfeng LU, Caleb Geoffrey BAKER, Oren Jordan MELZER, Anirban BASU, Yordan Ivanov ROUSKOV, William Bruce BARR, III, Radhika KASHYAP, Carlos Adrian LOPEZ CASTRO, Pui-Yin Winfred WONG
-
Publication number: 20210136078Abstract: A computing system configured to support entities having the ability to indicate capability information for capabilities of the entities is illustrated. Embodiments may include an identity provider computer system comprising at least one processor. The identity provider computer system is configured to receive requests for access tokens from entities. The requests include capability information for the entities. The identity provider computer system is further configured to provide access tokens to the entities which include the capability information. The computing system further includes a resource provider computer system comprising at least one processor configured to receive resource requests and access tokens from entities. The access tokens include the capability information. The resource providers are further configured to provide responses to the entities according to the capability information.Type: ApplicationFiled: October 31, 2019Publication date: May 6, 2021Inventors: Violet Anna BARHUDARIAN, Jiangfeng LU, Caleb Geoffrey BAKER, Oren Jordan MELZER, Anirban BASU, Yordan Ivanov ROUSKOV, William Bruce BARR, III, Radhika KASHYAP
-
Publication number: 20210136114Abstract: Implementing policy at a resource provider computer system. The method includes a resource provider computer system receiving policy from an identity provider system, the policy being related to an entity that authenticates using the identity provider computer system. The resource provider computer system receives a request for resources from the entity and an access token from the entity. The access token was obtained by the entity from the identity provider computer system as a result of the entity authenticating with the identity provider computer system. The resource provider computer system evaluates the request with respect to the policy. The resource provider computer system responds to the request based on evaluating the request with respect to the policy.Type: ApplicationFiled: October 31, 2019Publication date: May 6, 2021Inventors: Violet Anna BARHUDARIAN, Jiangfeng LU, Caleb Geoffrey BAKER, Oren Jordan MELZER, Anirban BASU, Carlos Adrian LOPEZ CASTRO
-
Patent number: 10977053Abstract: Remote administration of initial computer operating system setup options is facilitated by systems and mechanisms that provide such initial setup options to a computing device during an earlier stage of the operating system setup. An administrator defines, in a profile, how such initial setup options are to be set and when an operating system is being set up it communicates with licensing servers to validate the copy of the operating system. If authorized, and if set up by an administrator, initial setup options are provided to the computing device at such an early stage of the operating system setup. Processes executing on the computing device then utilize software licensing application program interfaces to not only validate the copy of the operating system, but also to set the initial setup options in the manner pre-specified by the administrator. A customized directory service login user interface is one such initial setup option.Type: GrantFiled: June 27, 2019Date of Patent: April 13, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Namrata Shankar Puri, Anna Barhudarian, Siddharth Mantri, Hakki Tunc Bostanci, Marc Shepard
-
Publication number: 20200007535Abstract: Session lifetime can be adapted based on session reputation. Session reputation can be computed based on sign-in risk and device risk, among other things. Session lifetime corresponds to a length of time a session is valid and can be determined automatically based on the session reputation. Subsequently, a token can be generated and returned in response to successful authentication that identifies a session and is valid for the determined lifetime.Type: ApplicationFiled: June 27, 2018Publication date: January 2, 2020Inventors: Violet Anna Barhudarian, George Adrian Drumea, Pui-Yin Winfred Wong, Radhika Kashyap, Titus Constantin Miron, Caleb Baker
-
Publication number: 20190317775Abstract: Remote administration of initial computer operating system setup options is facilitated by systems and mechanisms that provide such initial setup options to a computing device during an earlier stage of the operating system setup. An administrator defines, in a profile, how such initial setup options are to be set and when an operating system is being set up it communicates with licensing servers to validate the copy of the operating system. If authorized, and if set up by an administrator, initial setup options are provided to the computing device at such an early stage of the operating system setup. Processes executing on the computing device then utilize software licensing application program interfaces to not only validate the copy of the operating system, but also to set the initial setup options in the manner pre-specified by the administrator. A customized directory service login user interface is one such initial setup option.Type: ApplicationFiled: June 27, 2019Publication date: October 17, 2019Inventors: Namrata Shankar PURI, Anna BARHUDARIAN, Siddharth MANTRI, Hakki Tunc BOSTANCI, Marc SHEPARD
-
Patent number: 10419488Abstract: A system may delegate authority to manage aspects of a security policy developed by administrative personnel to standard users (e.g. non-administrative personnel) corresponding to managed accounts within an administrative hierarchy. An exemplary security policy may include application management settings that allow or deny individual applications with access to various enterprise resources. The system may expose one or more user interfaces to standard users of an enterprise network to enable these standard users to modify the security policy being deployed for their managed account and/or to at least temporarily exempt a particular application from the enterprise's security policy. For example, upon a standard user attempting to access enterprise data with a particular application that is not permitted such access, the system may enable this standard user to change the security policy as applied to her device or to simply exempt the particular application from the security policy.Type: GrantFiled: March 3, 2017Date of Patent: September 17, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Preston Derek Adam, Violet Anna Barhudarian, Narendra S. Acharya, Richard June, Shayak Lahiri, Qiongzhi Wu
-
Patent number: 10365931Abstract: Remote administration of initial computer operating system setup options is facilitated by systems and mechanisms that provide such initial setup options to a computing device during an earlier stage of the operating system setup. An administrator defines, in a profile, how such initial setup options are to be set and when an operating system is being set up it communicates with licensing servers to validate the copy of the operating system. If authorized, and if set up by an administrator, initial setup options are provided to the computing device at such an early stage of the operating system setup. Processes executing on the computing device then utilize software licensing application program interfaces to not only validate the copy of the operating system, but also to set the initial setup options in the manner pre-specified by the administrator. A customized directory service login user interface is one such initial setup option.Type: GrantFiled: February 27, 2017Date of Patent: July 30, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Namrata Shankar Puri, Anna Barhudarian, Siddharth Mantri, Hakki Tunc Bostanci, Marc Shepard
-
Publication number: 20180255101Abstract: A system may delegate authority to manage aspects of a security policy developed by administrative personnel to standard users (e.g. non-administrative personnel) corresponding to managed accounts within an administrative hierarchy. An exemplary security policy may include application management settings that allow or deny individual applications with access to various enterprise resources. The system may expose one or more user interfaces to standard users of an enterprise network to enable these standard users to modify the security policy being deployed for their managed account and/or to at least temporarily exempt a particular application from the enterprise's security policy. For example, upon a standard user attempting to access enterprise data with a particular application that is not permitted such access, the system may enable this standard user to change the security policy as applied to her device or to simply exempt the particular application from the security policy.Type: ApplicationFiled: March 3, 2017Publication date: September 6, 2018Inventors: Preston Derek Adam, Violet Anna Barhudarian, Narendra S. Acharya, Richard June, Shayak Lahiri, Qiongzhi Wu
-
Publication number: 20180246732Abstract: Remote administration of initial computer operating system setup options is facilitated by systems and mechanisms that provide such initial setup options to a computing device during an earlier stage of the operating system setup. An administrator defines, in a profile, how such initial setup options are to be set and when an operating system is being set up it communicates with licensing servers to validate the copy of the operating system. If authorized, and if set up by an administrator, initial setup options are provided to the computing device at such an early stage of the operating system setup. Processes executing on the computing device then utilize software licensing application program interfaces to not only validate the copy of the operating system, but also to set the initial setup options in the manner pre-specified by the administrator. A customized directory service login user interface is one such initial setup option.Type: ApplicationFiled: February 27, 2017Publication date: August 30, 2018Inventors: Namrata Shankar Puri, Anna Barhudarian, Siddharth Mantri, Hakki Tunc Bostanci, Marc Shepard
-
Patent number: 9330513Abstract: The techniques and systems disclosed herein pertain to preventing unauthorized access to computing resources by unauthorized persons by deploying biometric security. To implement biometric security, the computing device, possibly by the OS, may obtain samples of one or more biometric factors unique to the owner. The computing device may construct pattern-matching templates corresponding to the biometric samples, which may be stored for later use when a protected resource is requested. Computing resources may be selected for protection by a biometric security mechanism by an authorized user or by other techniques or default settings. Before allowing certain restricted actions, the OS may request that the user provide one of the previously registered biometric samples. If the biometric sample matches the user's stored pattern-matching template, the OS may grant access to the computing resource, otherwise, the OS may deny access to the computing resource.Type: GrantFiled: September 5, 2013Date of Patent: May 3, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Himanshu Soni, Karanbir Singh, Arthur H. Baker, Vijay G. Bharadwaj, Nelly L. Porter, Violet Anna Barhudarian, John D. T. Wood, Jeffrey E. Shipman, Jeremy D. Viegas