Patents by Inventor Benjamin R. Vincent
Benjamin R. Vincent has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11328086Abstract: User privacy information related to an application or service handling of user privacy is received by a computer device. A formatted declaration based on the user privacy information is populated by the computer device. Privacy disclosure to the user based on the populated formatted declaration is provided by the computer device.Type: GrantFiled: September 6, 2018Date of Patent: May 10, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Steven Ball, Benjamin R. Vincent, Jeffrey Thomas Sakowicz
-
Patent number: 11228594Abstract: A least-privilege permission or permissions is automatically assigned to a client application in order to ensure that the client application is able to perform the bare minimum actions on a resource. The client application accesses the protected resource using a web API. The determination of the least-privilege permission(s) is based on actions previously performed on the resource by the client application. The identity provider monitors the actions performed on a resource by the client application and determines the bare minimum permission needed for the client application.Type: GrantFiled: September 17, 2019Date of Patent: January 18, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.Inventors: Jeffrey Thomas Sakowicz, Benjamin R Vincent
-
Patent number: 11194601Abstract: Generally discussed herein are devices, systems, and methods for guiding a user through a cloud application creation or deployment process using a development platform, the method performed by a checklist engine, the method comprising receiving, from the development platform, application data indicating a state of the cloud application, determining, based on the application data, that an item of a checklist has been completed, the checklist indicating tasks to be performed for configuring and securing the cloud application for deployment, storing data indicating the completed item is completed in a checklist data database, and causing a view of the checklist to be provided on a display.Type: GrantFiled: January 15, 2020Date of Patent: December 7, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Lesia Nalepa, Benjamin R. Vincent, Arielle Dorothy Crowe, Jeffrey Thomas Sakowicz
-
Publication number: 20210200564Abstract: Generally discussed herein are devices, systems, and methods for guiding a user through a cloud application creation or deployment process using a development platform, the method performed by a checklist engine, the method comprising receiving, from the development platform, application data indicating a state of the cloud application, determining, based on the application data, that an item of a checklist has been completed, the checklist indicating tasks to be performed for configuring and securing the cloud application for deployment, storing data indicating the completed item is completed in a checklist data database, and causing a view of the checklist to be provided on a display.Type: ApplicationFiled: January 15, 2020Publication date: July 1, 2021Inventors: Lesia Nalepa, Benjamin R. Vincent, Arielle Dorothy Crowe, Jeffrey Thomas Sakowicz
-
Publication number: 20210084040Abstract: A least-privilege permission or permissions is automatically assigned to a client application in order to ensure that the client application is able to perform the bare minimum actions on a resource. The client application accesses the protected resource using a web API. The determination of the least-privilege permission(s) is based on actions previously performed on the resource by the client application. The identity provider monitors the actions performed on a resource by the client application and determines the bare minimum permission needed for the client application.Type: ApplicationFiled: September 17, 2019Publication date: March 18, 2021Inventors: JEFFREY THOMAS SAKOWICZ, BENJAMIN R VINCENT
-
Patent number: 10924578Abstract: Performing late binding of a social network identification (ID) to a guest ID for use in an identity platform. A guest ID is created for a second user that gives access to a shared application of an identity platform that is associated with a first user. Subsequent to creating the guest ID, permission is requested from the second user to bind social network IDs of social networks of which the second user is a member to the guest ID. In response to receiving permission, binding the social network IDs to the guest ID is performed. The binding gives the identity platform access to profile attributes of the second user from the social networks, and allows it to write information such as a merit badge back on the second user's social network profile. A federation binding may also be created that allows the second user to sign into the shared application using their social network ID.Type: GrantFiled: March 27, 2019Date of Patent: February 16, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Ariel Gordon, Ankur Patel, Benjamin R. Vincent
-
Publication number: 20200314202Abstract: Performing late binding of a social network identification (ID) to a guest ID for use in an identity platform. A guest ID is created for a second user that gives access to a shared application of an identity platform that is associated with a first user. Subsequent to creating the guest ID, permission is requested from the second user to bind social network IDs of social networks of which the second user is a member to the guest ID. In response to receiving permission, binding the social network IDs to the guest ID is performed. The binding gives the identity platform access to profile attributes of the second user from the social networks, and allows it to write information such as a merit badge back on the second user's social network profile. A federation binding may also be created that allows the second user to sign into the shared application using their social network ID.Type: ApplicationFiled: March 27, 2019Publication date: October 1, 2020Inventors: Ariel GORDON, Ankur PATEL, Benjamin R. VINCENT
-
Patent number: 10693882Abstract: The automatic selection of an identity provider to be used to authenticate users when requesting to access network resources for a tenant. The authentication is initiated by checking the username against the directory of the tenant. If that check results in finding an entry for the username in that directory, the entry is checked for an identity provider. If that check results in finding an identity provider, the user is directed to that found identity provider for authentication. Thus, in many, most, or all cases, an identity provider is found and selected for authentication of the user without the user having to manually select the identity provider. The username may be an internal user of an entity. The selection of the identity provider works in either case since there would still be an entry for that user in the directory of the tenant.Type: GrantFiled: October 31, 2017Date of Patent: June 23, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Ariel Gordon, Sarat Chandra Subramaniam, Yordan I. Rouskov, Paul H. J. Garner, Benjamin R. Vincent
-
Publication number: 20200082115Abstract: User privacy information related to an application or service handling of user privacy is received by a computer device. A formatted declaration based on the user privacy information is populated by the computer device. Privacy disclosure to the user based on the populated formatted declaration is provided by the computer device.Type: ApplicationFiled: September 6, 2018Publication date: March 12, 2020Applicant: Microsoft Technology Licensing, LLCInventors: Steven Ball, Benjamin R. Vincent, Jeffrey Thomas Sakowicz
-
Publication number: 20190132325Abstract: The automatic selection of an identity provider to be used to authenticate users when requesting to access network resources for a tenant. The authentication is initiated by checking the username against the directory of the tenant. If that check results in finding an entry for the username in that directory, the entry is checked for an identity provider. If that check results in finding an identity provider, the user is directed to that found identity provider for authentication. Thus, in many, most, or all cases, an identity provider is found and selected for authentication of the user without the user having to manually select the identity provider. The username may be an internal user of an entity. The selection of the identity provider works in either case since there would still be an entry for that user in the directory of the tenant.Type: ApplicationFiled: October 31, 2017Publication date: May 2, 2019Inventors: Ariel GORDON, Sarat Chandra SUBRAMANIAM, Yordan I. ROUSKOV, Paul H. J. GARNER, Benjamin R. VINCENT
-
Patent number: 9787654Abstract: Authenticating issues involving the re-authenticating of a first device that was previously authenticated are resolved by use of a second device which receives a notification of the failed authentication. The second device sends a response to the notification which is operable to facilitate re-authentication of the primary device and without requiring the user to provide credentials at the first device prior to obtaining the re-authentication at the primary device and/or without requiring the primary device to obtain a code to be entered into the secondary device and/or prior to the primary device being notified of a failure condition associated with the primary device.Type: GrantFiled: October 29, 2015Date of Patent: October 10, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Benjamin R. Vincent, Adrian Frei, James Shang Kai Chou
-
Patent number: 9706401Abstract: User-authentication-based approval of a first device via communication with a second device over a channel (e.g., an insecure channel) is described. The first device receives a session ID and first user-observable information, or an identifier thereof, from an identity provider, presents the first user-observable information to a user, and sends the session ID to the second device. The second device sends the session ID to the identity provider to obtain therefrom second user-observable information, or an identifier thereof, and a security challenge. The second user-observable information bears a user-discernable relationship to the first user-observable information and is presented to the user by the second device. The second device is capable of generating a response to the security challenge for transmission to the identity provider based at least on input received from the user, the response to the security challenge being indicative of the suitability of the first device for approval.Type: GrantFiled: November 25, 2014Date of Patent: July 11, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Benjamin R. Vincent, Tarek B. Kamel, Sparky Toews, Dejan Subotic, Peter E. Zenzerovich, James Shang Kai Chou
-
Publication number: 20170126640Abstract: Authenticating issues involving the re-authenticating of a first device that was previously authenticated are resolved by use of a second device which receives a notification of the failed authentication. The second device sends a response to the notification which is operable to facilitate re-authentication of the primary device and without requiring the user to provide credentials at the first device prior to obtaining the re-authentication at the primary device and/or without requiring the primary device to obtain a code to be entered into the secondary device and/or prior to the primary device being notified of a failure condition associated with the primary device.Type: ApplicationFiled: October 29, 2015Publication date: May 4, 2017Inventors: Benjamin R. Vincent, Adrian Frei, James Shang Kai Chou
-
Publication number: 20160150406Abstract: User-authentication-based approval of a first device via communication with a second device over a channel (e.g., an insecure channel) is described. The first device receives a session ID and first user-observable information, or an identifier thereof, from an identity provider, presents the first user-observable information to a user, and sends the session ID to the second device. The second device sends the session ID to the identity provider to obtain therefrom second user-observable information, or an identifier thereof, and a security challenge. The second user-observable information bears a user-discernable relationship to the first user-observable information and is presented to the user by the second device. The second device is capable of generating a response to the security challenge for transmission to the identity provider based at least on input received from the user, the response to the security challenge being indicative of the suitability of the first device for approval.Type: ApplicationFiled: November 25, 2014Publication date: May 26, 2016Inventors: Benjamin R. Vincent, Tarek B. Kamel, Sparky Toews, Dejan Subotic, Peter E. Zenzerovich, James Shang Kai Chou
-
Publication number: 20160142409Abstract: Methods, systems, apparatuses, and computer program products are provided for authentication of users in a service-to-service context. At a first service, a user authentication token is received from a client device that was obtained from an identity provider. The user authentication token was received to enable access to the first service by a user. The user is authenticated based on the user authentication token. A second service is determined to be needed to be accessed by the first service on behalf of the user. The user authentication token is converted into a proxy token that is not convertible back to the user authentication token. The proxy token is forwarded from the first service to the second service to enable access to the second service. A response is received by the first service from the second service due to the user having been authenticated based on the proxy token.Type: ApplicationFiled: November 18, 2014Publication date: May 19, 2016Inventors: Adrian Frei, Tarek B. Kamel, Allan Edwin Wetter, Benjamin R. Vincent