Patents by Inventor Anthony Joseph Nadalin

Anthony Joseph Nadalin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9444817
    Abstract: Aspects of the subject matter described herein relate to facilitating claim use in an identity framework. In aspects, a definition of a trust framework may be received and stored. A graphical interface may display a plurality of trust frameworks and allow an administrator to select which trust framework to instantiate. The graphical interface may also allow the administrator to define which rules of the trust framework to use in the instance of the trust framework. After receiving this information, the instance of the trust framework may be instantiated and configuration data provided to the administrator to allow the administrator to configure a Web service to invoke the instance of the trust framework to grant or deny access to the Web service.
    Type: Grant
    Filed: September 27, 2012
    Date of Patent: September 13, 2016
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron, Anthony Joseph Nadalin
  • Patent number: 8973123
    Abstract: Aspects of the subject matter described herein relate to identity technology. In aspects, a user device requests access to a service provided by a relying party. In response, the relying party indicates required claims and may also indicate claims providers from which the required claims may be obtained. The user device may obtain the required claims from different claims providers, and send the claims obtained from the different claims providers in one or more messages to the relying party. The relying party may verify the claims or employ a validating service to verify that the claims are valid prior to providing access to the requested service.
    Type: Grant
    Filed: October 18, 2012
    Date of Patent: March 3, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron, Anthony Joseph Nadalin
  • Patent number: 8806652
    Abstract: Aspects of the subject matter described herein relate to identity technology. In aspects, even though a cloud operator may control one or all of the entities with which a user device interacts, the employees and computers controlled by the cloud operator may still have insufficient data to determine a natural identity of the user based on interactions of the user device with the cloud operator's computers. Privacy boundaries on the user device control transmission of natural identity information to other entities such that, without user consent, computers outside of the user device have insufficient data singly or combined to determine a natural identity of the user.
    Type: Grant
    Filed: December 5, 2012
    Date of Patent: August 12, 2014
    Assignee: Microsoft Corporation
    Inventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron, Anthony Joseph Nadalin
  • Patent number: 8782759
    Abstract: The present invention provides identification and access control for an end user mobile device in a disconnected mode environment, which refers generally to the situation where, in a mobile environment, a mobile device is disconnected from or otherwise unable to connect to a wireless network. The inventive method provides the mobile device with a “long term” token, which is obtained from an identity provider coupled to the network. The token may be valid for a given time period. During that time period, the mobile device can enter a disconnected mode but still obtain a mobile device-aided function (e.g., access to a resource) by presenting for authentication the long term token. Upon a given occurrence (e.g., loss of or theft of the mobile device) the long term token is canceled to restrict unauthorized further use of the mobile device in disconnected mode.
    Type: Grant
    Filed: February 11, 2008
    Date of Patent: July 15, 2014
    Assignee: International Business Machines Corporation
    Inventors: Heather Maria Hinton, Anthony Joseph Nadalin
  • Publication number: 20140090088
    Abstract: Aspects of the subject matter described herein relate to facilitating claim use in an identity framework. In aspects, a definition of a trust framework may be received and stored. A graphical interface may display a plurality of trust frameworks and allow an administrator to select which trust framework to instantiate. The graphical interface may also allow the administrator to define which rules of the trust framework to use in the instance of the trust framework. After receiving this information, the instance of the trust framework may be instantiated and configuration data provided to the administrator to allow the administrator to configure a Web service to invoke the instance of the trust framework to grant or deny access to the Web service.
    Type: Application
    Filed: September 27, 2012
    Publication date: March 27, 2014
    Applicant: MICROSOFT CORPORATION
    Inventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron, Anthony Joseph Nadalin
  • Publication number: 20130276087
    Abstract: Aspects of the subject matter described herein relate to identity technology. In aspects, a user device requests access to a service provided by a relying party. In response, the relying party indicates required claims and may also indicate claims providers from which the required claims may be obtained. The user device may obtain the required claims from different claims providers, and send the claims obtained from the different claims providers in one or more messages to the relying party. The relying party may verify the claims or employ a validating service to verify that the claims are valid prior to providing access to the requested service.
    Type: Application
    Filed: October 18, 2012
    Publication date: October 17, 2013
    Applicant: MICROSOFT CORPORATION
    Inventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron, Anthony Joseph Nadalin
  • Publication number: 20130276131
    Abstract: Aspects of the subject matter described herein relate to identity technology. In aspects, even though a cloud operator may control one or all of the entities with which a user device interacts, the employees and computers controlled by the cloud operator may still have insufficient data to determine a natural identity of the user based on interactions of the user device with the cloud operator's computers. Privacy boundaries on the user device control transmission of natural identity information to other entities such that, without user consent, computers outside of the user device have insufficient data singly or combined to determine a natural identity of the user.
    Type: Application
    Filed: December 5, 2012
    Publication date: October 17, 2013
    Applicant: MICROSOFT CORPORATION
    Inventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron, Anthony Joseph Nadalin
  • Patent number: 8561161
    Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.
    Type: Grant
    Filed: December 31, 2002
    Date of Patent: October 15, 2013
    Assignee: International Business Machines Corporation
    Inventors: George Robert Blakley, III, Heather Maria Hinton, Anthony Joseph Nadalin, Ajamu Akinwunmi Wesley
  • Patent number: 8387111
    Abstract: A method and apparatus for type independent permission based access control are provided. The method and apparatus utilize object inheritance to provide a mechanism by which a large group of permissions may be assigned to a codesource without having to explicitly assign each individual permission to the codesource. A base permission, or superclass permission, is defined along with inherited, or subclass, permissions that fall below the base permission in a hierarchy of permissions. Having defined the permissions in such a hierarchy, a developer may assign a base permission to an installed class and thereby assign all of the inherited permissions of the base permission to the installed class. In this way, security providers need not know all the permission types defined in an application. In addition, security providers can seamlessly integrate with many applications without changing their access control and policy store semantics.
    Type: Grant
    Filed: November 1, 2001
    Date of Patent: February 26, 2013
    Assignee: International Business Machines Corporation
    Inventors: Lawrence Koved, Anthony Joseph Nadalin, Nataraj Nagaratnam, Marco Pistoia, Bruce Arland Rich
  • Patent number: 8340283
    Abstract: A client generates a session key and a delegation ticket containing information for a requested delegation operation. The client generates a first copy of the session key and encrypts it using a public key of a proxy. The client generates a second copy of the session key and encrypts it using a public key of a server. The client then puts the encrypted session keys and delegation ticket into a first message that is sent to the proxy. The proxy extracts and decrypts its copy of the session key from the first message. The proxy then encrypts a proof-of-delegation data item with the session key and places it and the delegation ticket along with the encrypted copy of the session key for the server into a second message, which is sent to the server. The server extracts and decrypts its copy of the session key from the second message and uses the session key to obtain the proof-of-delegation data. Authority is successfully delegated to the proxy only if the server can verify the proof-of-delegation data.
    Type: Grant
    Filed: June 30, 2004
    Date of Patent: December 25, 2012
    Assignee: International Business Machines Corporation
    Inventors: Anthony Joseph Nadalin, Bruce Arland Rich, Xiaoyan Zhang
  • Patent number: 8112370
    Abstract: A method, system, and computer usable program product for classification and policy management for software components are provided in the illustrative embodiments. A metadata associated with an application or component is identified. A mapping determination is made whether the metadata maps to a classification in a set of classifications. A policy that is applicable to the classification is identified and associated with the classification. If the mapping determination is deterministic, the component is assigned to the classification and the policy associated with the classification is associated with the component. If the mapping determination is not deterministic, a user intervention may be necessary, the component may be classified in a default classification, or both. Because of the policy being associated with the classification, associating the policy with the component may occur based on the metadata of the application or component and its resultant classification.
    Type: Grant
    Filed: September 23, 2008
    Date of Patent: February 7, 2012
    Assignee: International Business Machines Corporation
    Inventors: Sridhar R Muppidi, Nataraj Nagaratnam, Anthony Joseph Nadalin
  • Patent number: 8042162
    Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.
    Type: Grant
    Filed: June 12, 2007
    Date of Patent: October 18, 2011
    Assignee: International Business Machines Corporation
    Inventors: George Robert Blakley, III, Heather Maria Hinton, Anthony Joseph Nadalin
  • Publication number: 20110162034
    Abstract: A method, apparatus and computer program product are provided to model and manage context-based entitlements that govern a user's access to information, applications and systems across a loosely-coupled distributed environment. One such distributed environment is a federated environment, which may span across companies, organizations, and geographical locations and regions. According to one embodiment, an entitlement modeling framework comprises a discovery module and an entitlement generator module. The discovery framework generates a data model for storing information concerning user identity, context, relationships between users, relationships between users and contexts and relationships between contexts. Preferably, the user identity, context, relationships between users, relationships between users and contexts, and relationships between contexts, are stored as attributes in the data model. An entitlement generator generates an entitlement according to the data model, wherein the entitlement (e.g.
    Type: Application
    Filed: December 30, 2009
    Publication date: June 30, 2011
    Applicant: International Business Machines Corporation
    Inventors: NATARAJ NAGARATNAM, Anthony Joseph Nadalin
  • Patent number: 7903656
    Abstract: A method, system, apparatus, or computer program product is presented for routing event messages between data processing systems based on privacy policies associated with the data processing systems and based on event policies associated with event types for the event messages. When a system attempts to publish an event message for a particular type of event or to subscribe to those event messages, an event policy is checked to determine whether the system may publish messages for that type of event or may subscribe to those messages. Moreover, if a publishing system publishes an event message that contains personally identifiable information for a user of a data processing system, and a subscribing system has subscribed to event messages having the same event type, then the privacy policies associated with the systems are compared to determine compatibility or incompatibility between the privacy policies before routing a message between the systems.
    Type: Grant
    Filed: October 4, 2007
    Date of Patent: March 8, 2011
    Assignee: International Business Machines Corporation
    Inventors: Maryann Hondo, Anthony Joseph Nadalin, Ajamu Akinwunmi Wesley
  • Patent number: 7810135
    Abstract: A method and apparatus for implementing a new Permission for methods that perform callback operations are provided. The method and apparatus provide an AdoptPermission Permission type that allows a method to pass a Java 2 authorization test without having the specific required Permissions expressly granted to the method and without the method having the AllPermission Permission granted to it. With the apparatus and method, an AdoptPermission Permission type is defined that operates to allow a ProtectionDomain to “adopt” a required Permission. However, this adoption of a required Permission can only be performed if the ProtectionDomain of at least one method in the thread stack has been granted a Permission that implies the required Permission.
    Type: Grant
    Filed: January 3, 2008
    Date of Patent: October 5, 2010
    Assignee: International Business Machines Corporation
    Inventors: Lawrence Koved, Anthony Joseph Nadalin, Marco Pistoia
  • Patent number: 7725562
    Abstract: A computer system is presented for facilitating storage and retrieval of user attribute information within a federated environment at entities that manage such information as a service. Through enrollment processes, certain domains inform online service providers of identities of attribute information providers that may be used to retrieve user attribute information for a particular user. When performing a user-specific operation with respect to a requested resource, e.g., for personalizing documents using user attribute information or for determining user access privileges for the resource, an e-commerce service provider requires user attribute information, which is retrieved from an attribute information provider that has been previously specified through an enrollment operation. The e-commerce service provider may store the identity of the user's attribute information providers in a persistent token, e.g., an HTTP cookie, that is available when the user sends a request for access to a resource.
    Type: Grant
    Filed: December 31, 2002
    Date of Patent: May 25, 2010
    Assignee: International Business Machines Corporation
    Inventors: George Robert Blakley, III, Heather Maria Hinton, Anthony Joseph Nadalin, Birgit Monika Pfitzmann
  • Publication number: 20100076914
    Abstract: A method, system, and computer usable program product for classification and policy management for software components are provided in the illustrative embodiments. A metadata associated with an application or component is identified. A mapping determination is made whether the metadata maps to a classification in a set of classifications. A policy that is applicable to the classification is identified and associated with the classification. If the mapping determination is deterministic, the component is assigned to the classification and the policy associated with the classification is associated with the component. If the mapping determination is not deterministic, a user intervention may be necessary, the component may be classified in a default classification, or both. Because of the policy being associated with the classification, associating the policy with the component may occur based on the metadata of the application or component and its resultant classification.
    Type: Application
    Filed: September 23, 2008
    Publication date: March 25, 2010
    Applicant: International Business Machines Corporation
    Inventors: Sridhar R. Muppidi, Nataraj Nagaratnam, Anthony Joseph Nadalin
  • Publication number: 20090205032
    Abstract: The present invention provides identification and access control for an end user mobile device in a disconnected mode environment, which refers generally to the situation where, in a mobile environment, a mobile device is disconnected from or otherwise unable to connect to a wireless network. The inventive method provides the mobile device with a “long term” token, which is obtained from an identity provider coupled to the network. The token may be valid for a given time period. During that time period, the mobile device can enter a disconnected mode but still obtain a mobile device-aided function (e.g., access to a resource) by presenting for authentication the long term token. Upon a given occurrence (e.g., loss of or theft of the mobile device) the long term token is canceled to restrict unauthorized further use of the mobile device in disconnected mode.
    Type: Application
    Filed: February 11, 2008
    Publication date: August 13, 2009
    Inventors: Heather Maria Hinton, Anthony Joseph Nadalin
  • Patent number: 7496757
    Abstract: A software security system is arranged to verify the authenticity of each element of a Java Virtual Machine installation. A digital signature is attached to each file of the JVM installation. A loader (20) verifies the digital signature of the JVM DLL (30). The JVM DLL 30 then verifies the digital signature of each other DLL and configuration file to be loaded (40, 50, 60, 70), and only loads those files which have successfully verified digital signatures. In this way the security of the JVM is enhanced, a user has greater confidence that the Java applications will function correctly, and the detection of incorrect or damaged JVM installations is improved.
    Type: Grant
    Filed: January 14, 2002
    Date of Patent: February 24, 2009
    Assignee: International Business Machines Corporation
    Inventors: Paul Harry Abbott, Lawrence Koved, Anthony Joseph Nadalin, Marco Pistoia
  • Patent number: 7475239
    Abstract: A pluggable trust adapter architecture that accommodates a plurality of interceptors is provided. Each interceptor is adapted to perform security processing of communications having a specific protocol. Specifically, when a communication is received, it will be routed from a channel router to a specific interceptor based on the protocol of the communication. The interceptor will then “security” process the communication (e.g., extract data, perform verification, etc.). Once the interceptor has processed the communication, the extracted data and the communication itself will be passed to an authorization system for authorization.
    Type: Grant
    Filed: September 20, 2002
    Date of Patent: January 6, 2009
    Assignee: International Business Machines Corporation
    Inventors: Carroll Eugene Fulkerson, Jr., Anthony Joseph Nadalin, Nataraj Nagaratnam