Patents by Inventor Bernard Aboba
Bernard Aboba has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8826307Abstract: A computer with an extensible framework for facilitating communication between a software component installed on the computer and a device driver that executes functions in response to vendor-specific command objects (e.g., OIDs). The framework defines data structures and a standardized format for defining and implementing private interfaces. After selecting a private interface that is commonly supported by a software component and a driver, a private communication path may be established by an operating system component to facilitate the transfer of command information from the software component to the driver. The private communication path allows commands packaged as OIDs to be routed from software components to intended drivers. By defining private interfaces which route commands from software components to intended drivers, the extensible framework mitigates potential incompatibilities that may arise when drivers created by different vendors include OIDs with the same OID value.Type: GrantFiled: April 18, 2008Date of Patent: September 2, 2014Assignee: Microsoft CorporationInventors: Narasimha Rao S.s. Nagampalli, Alireza Dabagh, Alok Manchanda, Taroon Mandhana, Sharad Mittal, Olivier Contant, Noel W. Anderson, Bernard Aboba, Jerry E. Peterson
-
Patent number: 8307071Abstract: Location of a communication network subscriber is determined employing confidence metrics such as remote vs. local computer usage, primary user in a multi-user computing environment, likelihood of forgery, and comparable ones. A fine-grained location determination is then made based on the metric results and directory information for the particular subscriber such that services like emergency services can be provided with accurate location information.Type: GrantFiled: January 15, 2010Date of Patent: November 6, 2012Assignee: Microsoft CorporationInventors: Austin Donnelly, Bernard Aboba, Roy Kuntz, Gabriel Montenegro, Noor-E-Gagan Singh, Tim Moore
-
Patent number: 8051191Abstract: A networked computer with a networking framework that can operate in accordance with a standard protocol or may be configured to perform one or more functions that alter or extend processing according to the standard. The framework includes extensibility points and a mechanism to receive plug-ins that may perform extensibility functions. Network profile information indicates configuration of the extensibility points, including specific extensibility functions to be executed at the extensibility points. This information may be used to configure the extensibility points so that, as the computer operates, the extensibility functions are selectively executed instead of or in addition to standard functions.Type: GrantFiled: April 28, 2008Date of Patent: November 1, 2011Assignee: Microsoft CorporationInventors: Alok Manchanda, Taroon Mandhana, Noel W. Anderson, Sharad Mittal, Deon C. Brewis, Olivier Contant, Bernard Aboba, Jerry E. Peterson
-
Publication number: 20110179158Abstract: Location of a communication network subscriber is determined employing confidence metrics such as remote vs. local computer usage, primary user in a multi-user computing environment, likelihood of forgery, and comparable ones. A fine-grained location determination is then made based on the metric results and directory information for the particular subscriber such that services like emergency services can be provided with accurate location information.Type: ApplicationFiled: January 15, 2010Publication date: July 21, 2011Applicant: Microsoft CorporationInventors: Austin Donnelly, Bernard Aboba, Roy Kuntz, Gabriel Montenegro, Noor-E-Gagan Singh, Tim Moore
-
Patent number: 7778422Abstract: Generating symmetric keys among distributed appliances, includes generating public and private values on at least one appliance, importing a public value from another appliance via an out-of-band entity, and generating a secret value as a function of the private value corresponding to the local appliance and the public value received from the other appliance.Type: GrantFiled: February 27, 2004Date of Patent: August 17, 2010Assignee: Microsoft CorporationInventors: Trevor W. Freeman, Tim Moore, Bernard Aboba
-
Patent number: 7647634Abstract: One embodiment of the invention is directed to managing access of a host computer to a network. A first communication session with the host computer may be conducted to authenticate the host computer's identity. A second communication session with the host computer may be conducted to determine the health status of the host computer.Type: GrantFiled: June 30, 2005Date of Patent: January 12, 2010Assignee: Microsoft CorporationInventors: Paul Mayfield, Bernard Aboba
-
Patent number: 7636938Abstract: One embodiment of the invention is directed to managing access of a host computer to a network. A first communication session with the host computer may be conducted to authenticate the host computer's identity. A second communication session with the host computer may be conducted to determine the health status of the host computer.Type: GrantFiled: June 30, 2005Date of Patent: December 22, 2009Assignee: Microsoft CorporationInventors: Paul Mayfield, Bernard Aboba
-
Publication number: 20090271518Abstract: A networked computer with a networking framework that can operate in accordance with a standard protocol or may be configured to perform one or more functions that alter or extend processing according to the standard. The framework includes extensibility points and a mechanism to receive plug-ins that may perform extensibility functions. Network profile information indicates configuration of the extensibility points, including specific extensibility functions to be executed at the extensibility points. This information may be used to configure the extensibility points so that, as the computer operates, the extensibility functions are selectively executed instead of or in addition to standard functions.Type: ApplicationFiled: April 28, 2008Publication date: October 29, 2009Applicant: Microsoft CorporationInventors: Alok Manchanda, Taroon Mandhana, Noel W. Anderson, Sharad Mittal, Deon C. Brewis, Olivier Contant, Bernard Aboba, Jerry E. Peterson
-
Publication number: 20090265720Abstract: A computer with an extensible framework for facilitating communication between a software component installed on the computer and a device driver that executes functions in response to vendor-specific command objects (e.g., OIDs). The framework defines data structures and a standardized format for defining and implementing private interfaces. After selecting a private interface that is commonly supported by a software component and a driver, a private communication path may be established by an operating system component to facilitate the transfer of command information from the software component to the driver. The private communication path allows commands packaged as OIDs to be routed from software components to intended drivers. By defining private interfaces which route commands from software components to intended drivers, the extensible framework mitigates potential incompatibilities that may arise when drivers created by different vendors include OIDs with the same OID value.Type: ApplicationFiled: April 18, 2008Publication date: October 22, 2009Applicant: Microsoft CorporationInventors: Narasimha Rao S.s. Nagampalli, Alireza Dabagh, Alok Manchanda, Taroon Mandhana, Sharad Mittal, Olivier Contant, Noel W. Anderson, Bernard Aboba, Jerry E. Peterson
-
Publication number: 20070016679Abstract: One embodiment of the invention is directed to managing access of a host computer to a network. A first communication session with the host computer may be conducted to authenticate the host computer's identity. A second communication session with the host computer may be conducted to determine the health status of the host computer.Type: ApplicationFiled: June 30, 2005Publication date: January 18, 2007Applicant: Microsoft CorporationInventors: Paul Mayfield, Bernard Aboba
-
Publication number: 20070006288Abstract: One embodiment of the invention is directed to managing access of a host computer to a network. A first communication session with the host computer may be conducted to authenticate the host computer's identity. A second communication session with the host computer may be conducted to determine the health status of the host computer.Type: ApplicationFiled: June 30, 2005Publication date: January 4, 2007Applicant: Microsoft CorporationInventors: Paul Mayfield, Bernard Aboba
-
Publication number: 20060015935Abstract: The distributed firewall performs user authentication at a first level to establish a user security context for traffic from that user, and an authority context provides authorization for subsequent traffic. This authority context may be based on an underlying policy for particular types of traffic, access to particular applications, etc. Additionally, the system includes the ability to allow a user/process/application to define its own access control. The linking of the user security context from the traffic to the application is accomplished by enabling IPSec on a socket and forcing the socket to be bound in exclusive mode. The most common policy definitions may be included by default. Extensions of the Internet key exchange protocol (IKE) to provide the desired user authentication plus application/purpose are also provided. The architecture includes pluggable authorization module(s) that are called after IKE has successfully authenticated the peer, but before the connection is allowed to complete.Type: ApplicationFiled: September 22, 2005Publication date: January 19, 2006Applicant: Microsoft CorporationInventors: William Dixon, Gurdeep Pall, Ashwin Palekar, Bernard Aboba, Brian Swander
-
Publication number: 20050286722Abstract: A trust web keying process provides secure peer networking of computing devices on an open network. A device is initially keyed at distribution to an end user or installer with a device-specific cryptographic key, and programmed to respond only to peer networking communication secured using the device's key. The device-specific key is manually entered into a keying device that transmits a re-keying command secured with the device-specific key to the device for re-keying the device with a group cryptographic key. The device then securely peer networks with other devices also keyed with the group cryptographic key, forming a trust web. Guest devices can be securely peer networked with the trust web devices via a trust web gateway.Type: ApplicationFiled: April 11, 2005Publication date: December 29, 2005Applicant: Microsoft CorporationInventors: Bernard Aboba, Toby Nixon
-
Publication number: 20050210252Abstract: The principles of the present invention relate to systems, methods, and computer program products for more efficiently and securely authenticating computing systems. In some embodiments, a limited use credential is used to provision more permanent credentials. A client receives a limited-use (e.g., a single-use) credential and submits the limited-use credential over a secure link to a server. The server provisions an additional credential (for subsequent authentication) and sends the additional credential to the client over the secure link. In other embodiments, computing systems automatically negotiate authentication methods using an extensible protocol. A mutually deployed authentication method is selected and secure authentication is facilitated with a tunnel key that is used encrypt (and subsequently decrypt) authentication content transferred between a client and a server. The tunnel key is derived from a shared secret (e.g., a session key) and nonces.Type: ApplicationFiled: March 19, 2004Publication date: September 22, 2005Applicant: Microsoft CorporationInventors: Trevor Freeman, Timothy Moore, Bernard Aboba, Daniel Simon
-
Publication number: 20050193203Abstract: Generating symmetric keys among distributed appliances, includes generating public and private values one at least one appliance, importing a public value from another appliance via an out-of-band entity, and generating a secret value as a function of the private value corresponding to the local appliance and the public value received from the other appliance.Type: ApplicationFiled: February 27, 2004Publication date: September 1, 2005Inventors: Trevor Freeman, Tim Moore, Bernard Aboba
-
Publication number: 20050091527Abstract: A system is provided for establishing a secure link among multiple users on a single machine with a remote machine. The system includes a subsystem to filter traffic so that traffic from each user is separate. The subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user and the traffic, and employs the SA to establish the secure link. An Internet Key Exchange module and a policy module may be included to generate and associate the security association, wherein the policy module is configured via Internet Protocol Security (IPSEC).Type: ApplicationFiled: December 20, 2000Publication date: April 28, 2005Inventors: Brian Swander, Bernard Aboba
-
Publication number: 20050055572Abstract: An abstraction module that facilitates security configuration amongst a number of initiators in a manner that there are no conflicts in the security information across all initiators. The abstraction module exposes a common interface that may be used to configure any of the initiators, receives through this common interface an indication that a selected one of the initiators is to be configured to communicate with a selected target device, and retrieves security information from a common database, the database including information that is relevant to configuring security for any of the plurality of initiators. The abstraction module identifies a security configuration for the selected initiator using the retrieved security information and, if the settings would not cause a conflict with any of the other of the initiators, uses the identified security configuration to configure the selected initiator.Type: ApplicationFiled: September 8, 2003Publication date: March 10, 2005Inventors: Alan Warwick, Bernard Aboba