Patents by Inventor Brian LaMacchia

Brian LaMacchia has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Key confirmed authenticated key exchange with derived ephemeral keys
    Publication number: 20070043946
    Abstract: Key confirmed (KC) authenticated key exchange (AKE) with derived ephemeral keys protocol using a mathematical group is described. In one aspect, a first party, using the mathematical group, determines whether a second party has received information to compute an agreed session key value for exchanging information securely with the first party. At least a subset of the received information is computed using derived ephemeral keys of the first and second parties. The first party generates the agreed session key value only when the second party has demonstrated receipt of the information.
    Type: Application
    Filed: August 18, 2005
    Publication date: February 22, 2007
    Applicant: Microsoft Corporation
    Inventors: Kristin Lauter, Brian LaMacchia, Anton Mityagin
  • Method and system for accepting preverified information
    Patent number: 7155606
    Abstract: A method for ensuring the integrity of a receiving system in a distributed computing environment includes receiving information from a transmitting system. The method also includes testing whether the information is preverified information. If the information is not preverified, the method includes verifying the information or rejecting receipt of the information. If the information is preverified, the method includes testing if the information was received from a trusted transmitting system. If the information was received from a trusted transmitting system, the method includes accepting receipt of the information without reverifying. If the information was not received from a trusted transmitting system, the method includes verifying the information or rejecting receipt of the information.
    Type: Grant
    Filed: April 12, 2000
    Date of Patent: December 26, 2006
    Assignee: Microsoft Corporation
    Inventors: Michael D. Smith, Brian A. Lamacchia, Michael J. Toutonghi
  • Evaluating initially untrusted evidence in an evidence-based security policy manager
    Patent number: 7131143
    Abstract: An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. Both code assemblies and evidence may be received from a local origin or from a remote resource location via a network (e.g., the Internet). Evidence having different levels of trust may be evaluated in combination so that a permission grant set is associated only with trusted code assemblies.
    Type: Grant
    Filed: June 21, 2000
    Date of Patent: October 31, 2006
    Assignee: Microsoft Corporation
    Inventors: Brian A. LaMacchia, Loren M. Kohnfelder, Gregory Darrell Fee
  • Delegating right to access resource or the like in access management system
    Publication number: 20060206925
    Abstract: A resource of a first organization provides access thereto to a requestor of a second organization. A first administrator of the first organization issues a first credential to a second administrator of the second organization, including policy that the second administrator may issue a second credential to the requestor on behalf of the first administrator. The second administrator issues the second credential to the requester, including the issued first credential. The requestor requests access from the resource and includes the issued first and second credentials. The resource validates that the issued first credential ties the first administrator to the second administrator, and that the issued second credential ties the second administrator to the requester. The resource thus knows that the request is based on rights delegated from the first administrator to the requester by way of the second administrator.
    Type: Application
    Filed: March 11, 2005
    Publication date: September 14, 2006
    Applicant: Microsoft Corporation
    Inventors: Blair Dillaway, Brian LaMacchia, Muthukrishnan Paramasivam, Charles Rose, Ravindra Pandya
  • Long-life digital certification for publishing long-life digital content or the like in content rights management system or the like
    Publication number: 20060206712
    Abstract: A digital certificate is employed to produce a digital signature for a digital construct. In the digital certificate is set forth a certificate validity period defining for the digital certificate a time period during which the digital certificate is to be honored as valid for producing digital signatures, and a signature validity period defining for each digital signature produced based on the digital certificate a time period during which the digital signature is to be honored as valid.
    Type: Application
    Filed: March 10, 2005
    Publication date: September 14, 2006
    Applicant: Microsoft Corporation
    Inventors: Blair Dillaway, Brian LaMacchia, John Manferdelli, Muthukrishnan Paramasivam
  • Applying a permission grant set to a call stack during runtime
    Patent number: 7076557
    Abstract: A system and method determine whether a called code frame has a requested permission available to it, so as to be able to execute a protected operation. A code frame is contained within a code assembly received from a remote or local resource location. A policy manager generates a permission grant set containing permission grant objects associated with the code assembly. Both the permission grant set and the code assembly are loaded into a runtime call stack for runtime execution of one or more code frames. Calls to other code frames may involve loading additional code assemblies and permission grant sets into the runtime call stack. In order for a called code frame to perform a protected operation, the code frame demands a requested permission from its calling code frame and all code frames preceding the calling code frame on the runtime call stack as part of a stack walk operation.
    Type: Grant
    Filed: July 10, 2000
    Date of Patent: July 11, 2006
    Assignee: Microsoft Corporation
    Inventors: Brian A. LaMacchia, Gregory Darrell Fee, Loren M. Kohnfelder, Ashok Cholpady Kamath
  • Evidence-based security policy manager
    Patent number: 7051366
    Abstract: An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. Both code assemblies and evidence may be received from a local origin or from a remote resource location via a network (e.g., the Internet). The policy manager may comprise execution modules for parsing a security policy specification, generating a one or more code hierarchies, evaluating membership of the received code assembly in one or more code groups, and generating a permission grant set based upon this membership evaluation.
    Type: Grant
    Filed: June 21, 2000
    Date of Patent: May 23, 2006
    Assignee: Microsoft Corporation
    Inventors: Brian A LaMacchia, Loren M. Kohnfelder, Gregory Darrell Fee, Michael J. Toutonghi
  • Intelligent trust management method and system
    Publication number: 20060069590
    Abstract: Intelligent Trust Management provides a centralized security facility that gives system components a flexible mechanism for implementing security policies. System components such as applications create a request describing an action that needs to be checked against an appropriate security policy. The request is given to a trust system that determines which policy object applies to the request, and may pass request arguments to the policy. The policy objects include executable code that uses any arguments along with dynamically obtained variable information to make a decision. The decision is returned to the system component, which then operates accordingly. Policy objects may maintain state and interface with the user independent of the system component in order to obtain information to make their decisions. Policy objects may call other policy objects and/or mathematically combine the results of other policy objects to make a decision.
    Type: Application
    Filed: November 14, 2005
    Publication date: March 30, 2006
    Applicant: Microsoft Corporation
    Inventors: Barbara Fox, Brian LaMacchia
  • Filtering a permission set using permission requests associated with a code assembly
    Publication number: 20060070112
    Abstract: A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly.
    Type: Application
    Filed: November 14, 2005
    Publication date: March 30, 2006
    Applicant: Microsoft Corporation
    Inventors: Brian LaMacchia, Loren Kohnfelder, Gregory Fee, Michael Toutonghi
  • Application program interface for network software platform
    Patent number: 7017162
    Abstract: An application program interface (API) provides a set of functions, including a set of base classes and types that are used in substantially all applications accessing the API, for application developers who build Web applications on Microsoft Corporation's .NET™ platform.
    Type: Grant
    Filed: July 10, 2001
    Date of Patent: March 21, 2006
    Assignee: Microsoft Corporation
    Inventors: Adam W. Smith, Anthony J. Moore, Brian A. LaMacchia, Anders Hejlsberg, Brian M. Grunkemeyer, Caleb L. Doise, Christopher W. Brumme, Christopher L. Anderson, Corina E. Feuerstein, Craig T. Sinclair, Daniel Takacs, David S. Ebbo, David O. Driver, David S. Mortenson, Erik B. Christensen, Erik B. Olson, Fabio A. Yeon, Gopala Krishna R. Kakivaya, Gregory D. Fee, Hany E. Ramadan, Henry L. Sanders, Jayanth V. Rajan, Jeffrey M. Cooperstein, Jonathan C. Hawkins, James H. Hogg, Joe D. Long, John I. McConnell, Jesus Ruiz-Scougall, James S. Miller, Julie D. Bennett, Krzysztof J. Cwalina, Lance E. Olson, Loren M. Kohnfelder, Michael M. Magruder, Manish S. Prabhu, Radu Rares Palanca, Raja Krishnaswamy, Shawn P. Burke, Sean E. Trowbridge, Seth M. Demsey, Shajan Dasan, Stefan H. Pharies, Suzanne M. Cook, Tarun Anand, Travis J. Muhlestein, Yann E. Christensen, Yung-shin Lin, Ramasamy Krishnaswamy, Joseph Roxe, Alan Boshier, David Bau
  • Application program interface for network software platform
    Patent number: 7013469
    Abstract: An application program interface (API) provides a set of functions, including a set of base classes and types that are used in substantially all applications accessing the API, for application developers who build Web applications on Microsoft Corporation's .NET™ platform.
    Type: Grant
    Filed: June 23, 2005
    Date of Patent: March 14, 2006
    Assignee: Microsoft Corporation
    Inventors: Adam W. Smith, Anthony J. Moore, Brian A. LaMacchia, Anders Hejlsberg, Brian M. Grunkemeyer, Caleb L. Doise, Christopher W. Brumme, Christopher L. Anderson, Corina E. Feuerstein, Craig T. Sinclair, Daniel Takacs, David S. Ebbo, David O. Driver, David S. Mortenson, Erik B. Christensen, Erik B. Olson, Fabio A. Yeon, Gopala Krishna R. Kakivaya, Gregory D. Fee, Hany E. Ramadan, Henry L. Sanders, Jayanth V. Rajan, Jeffrey M. Cooperstein, Jonathan C. Hawkins, James H. Hogg, Joe D. Long, John I. McConnell, Jesus Ruiz-Scougall, James S. Miller, Julie D. Bennett, Krzysztof J. Cwalina, Lance E. Olson, Loren M. Kohnfelder, Michael M. Magruder, Manish S. Prabhu, Radu Rares Palanca, Raja Krishnaswamy, Shawn P. Burke, Sean E. Trowbridge, Seth M. Demsey, Shajan Dasan, Stefan H. Pharies, Suzanne M. Cook, Tarun Anand, Travis J. Muhlestein, Yann E. Christensen, Yung-shin Lin, Ramasamy Krishnaswamy, Joseph Roxe, Alan Boshier, David Bau
  • GUMP: grand unified meta-protocol for simple standards-based electronic commerce transactions
    Patent number: 7003480
    Abstract: A method for facilitating two-party electronic commerce transactions between trading partners on an unsecure network, such as the Internet. In one example, a client makes application for registration by a financial institution in which the client has one or more accounts. The client submits satisfactory proof of identity and a public key portion for a digital signature to the financial institution. The financial institution may provide the client a one time secret by a secure route, such as conventional mail, which can then be used by the client to show proof of its identity. The financial institution authenticates the one time secret and combines it with the client's public key in a GUMP Relationship Certificate (GRC), which it issues to the client over the network. Once issued, the GRC can be used by the client to authenticate its right to access its account(s) or other products or services at the financial institution and when conducting other electronic transactions over the network.
    Type: Grant
    Filed: February 27, 1998
    Date of Patent: February 21, 2006
    Assignee: Microsoft Corporation
    Inventors: Barbara L. Fox, Brian A. LaMacchia, Brian C. Beckman
  • Filtering a permission set using permission requests associated with a code assembly
    Publication number: 20060037082
    Abstract: A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly.
    Type: Application
    Filed: October 20, 2005
    Publication date: February 16, 2006
    Applicant: Microsoft Corporation
    Inventors: Brian LaMacchia, Loren Kohnfelder, Gregory Fee, Michael Toutonghi
  • Filtering a permission set using permission requests associated with a code assembly
    Patent number: 6981281
    Abstract: A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly.
    Type: Grant
    Filed: June 21, 2000
    Date of Patent: December 27, 2005
    Assignee: Microsoft Corporation
    Inventors: Brian A. LaMacchia, Loren M. Kohnfelder, Gregory Darrell Fee, Michael J. Toutonghi
  • Intelligent trust management method and system
    Patent number: 6965999
    Abstract: Intelligent Trust Management provides a centralized security facility that gives system components a flexible mechanism for implementing security policies. System components such as applications create a request describing an action that needs to be checked against an appropriate security policy. The request is given to a trust system that determines which policy object applies to the request, and may pass request arguments to the policy. The policy objects include executable code that uses any arguments along with dynamically obtained variable information to make a decision. The decision is returned to the system component, which then operates accordingly. Policy objects may maintain state and interface with the user independent of the system component in order to obtain information to make their decisions. Policy objects may call other policy objects and/or mathematically combine the results of other policy objects to make a decision.
    Type: Grant
    Filed: May 1, 1998
    Date of Patent: November 15, 2005
    Assignee: Microsoft Corporation
    Inventors: Barbara L. Fox, Brian A. LaMacchia
  • Application program interface for network software platform
    Publication number: 20050246716
    Abstract: An application program interface (API) provides a set of functions, including a set of base classes and types that are used in substantially all applications accessing the API, for application developers who build Web applications on Microsoft Corporation's .NET™ platform.
    Type: Application
    Filed: June 23, 2005
    Publication date: November 3, 2005
    Applicant: Microsoft Corporation
    Inventors: Adam Smith, Anthony Moore, Brian LaMacchia, Anders Hejlsberg, Brian Grunkemeyer, Caleb Doise, Christopher Brumme, Christopher Anderson, Corina Feuerstein, Craig Sinclair, Daniel Takacs, David Ebbo, David Driver, David Mortenson, Erik Christensen, Erik Olson, Fabio Yeon, Gopala Kakivaya, Gregory Fee, Hany Ramadan, Henry Sanders, Jayanth Rajan, Jeffrey Cooperstein, Jonathan Hawkins, James Hogg, Joe Long, John McConnell, Jesus Ruiz-Scougall, James Miller, Julie Bennett, Krzysztof Cwalina, Lance Olson, Loren Kohnfelder, Michael Magruder, Manish Prabhu, Radu Palanca, Raja Krishnaswamy, Shawn Burke, Sean Trowbridge, Seth Demsey, Shajan Dasan, Stefan Pharies, Suzanne Cook, Tarun Anand, Travis Muhlestein, Yann Christensen, Yung-shin Lin, Ramasamy Krishnaswamy, Joseph Roxe, Alan Boshier, David Bau
  • Application program interface for network software platform
    Publication number: 20050240943
    Abstract: An application program interface (API) provides a set of functions, including a set of base classes and types that are used in substantially all applications accessing the API, for application developers who build Web applications on Microsoft Corporation's .NET™ platform.
    Type: Application
    Filed: June 23, 2005
    Publication date: October 27, 2005
    Applicant: Microsoft Corporation
    Inventors: Adam Smith, Anthony Moore, Brian LaMacchia, Anders Hejlsberg, Biran Grunkemeyer, Caleb Doise, Christopher Brumme, Christopher Anderson, Corina Feuerstein, Craig Sinclair, Daniel Takacs, David Ebbo, David Driver, David Mortenson, Erik Christensen, Erik Olson, Fabio Yeon, Gopala Kakivaya, George Fee, Hany Ramadan, Henry Sanders, Jayanth Rajan, Jeffrey Cooperstein, Jonathan Hawkins, James Hogg, Joe Long, John McConnell, Jesus Ruiz-Scougall, James Miller, Julie Bennett, Krzysztof Cwalina, Lance Olson, Loren Kohnfelder, Michael Magruder, Manish Prabhu, Radu Palanca, Raja Krishnaswamy, Shawn Burke, Sean Trowbridge, Seth Demsey, Shajan Dasan, Stefan Pharies, Suzanne Cook, Tarun Anand, Travis Muhlestein, Yann Christensen, Yung-shin Lin, Ramasamy Krishnaswamy, Joseph Roxe, Alan Boshier, David Bau
  • Certificate reissuance for checking the status of a certificate in financial transactions
    Publication number: 20050138363
    Abstract: A system for using a certificate authority to first provide a customer with a digital certificate, and then having a relying party that receives that digital certificate access a status authority (the certificate authority or its designated agent) to receive a reissued certificate on that certificate. The reissued certificate has a much shorter validity period, which ensures that the information is timely. Moreover, the certificate may serve as a receipt, including an accumulated record of the signatures (digital certificates) and policy applied throughout the financial transaction. As a result, each transfer of the transaction forms a digitally-signed chain of evidence recording each step of the transaction and policy applied thereto, whereby risk may be assumed and charged for appropriately and in accordance with the risk purchaser's policy.
    Type: Application
    Filed: January 10, 2005
    Publication date: June 23, 2005
    Applicant: Microsoft Corporation
    Inventors: Barbara Fox, Brian LaMacchia
  • Certificate reissuance for checking the status of a certificate in financial transactions
    Patent number: 6842863
    Abstract: A system for using a certificate authority to first provide a customer with a digital certificate, and then having a relying party that receives that digital certificate access a status authority (the certificate authority or its designated agent) to receive a reissued certificate on that certificate. The reissued certificate has a much shorter validity period, which ensures that the information is timely. Moreover, the certificate may serve as a receipt, including an accumulated record of the signatures (digital certificates) and policy applied throughout the financial transaction. As a result, each transfer of the transaction forms a digitally-signed chain of evidence recording each step of the transaction and policy applied thereto, whereby risk may be assumed and charged for appropriately and in accordance with the risk purchaser's policy.
    Type: Grant
    Filed: November 23, 1999
    Date of Patent: January 11, 2005
    Assignee: Microsoft Corporation
    Inventors: Barbara L. Fox, Brian A. LaMacchia
  • Trusted data store for use in connection with trusted computer operating system
    Publication number: 20040250036
    Abstract: A trusted data store is provided for use with a trusted element of a trusted operating system on a computing machine. In the trusted data store, a storage medium stores data in a pre-determined arrangement, where the data includes trusted data from the trusted element of the trusted operating system on the computing machine. An access controller writes data to and reads data from the storage medium, and a trust controller is interposed between the computing machine and the access controller. The trust controller allows only the trusted element to perform operations on the trusted data thereof on the storage medium.
    Type: Application
    Filed: June 6, 2003
    Publication date: December 9, 2004
    Inventors: Bryan Mark Willman, Paul England, Keith Kaplan, Alan Stuart Geller, Brian A. LaMacchia, Blair Brewster Dillaway, Marcus Peinado, Michael Alfred Aday, Selena Wilson