Patents by Inventor Caleb Geoffrey Baker
Caleb Geoffrey Baker has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11902327Abstract: Techniques are described herein that are capable of evaluating a result of enforcement of access control policies instead of enforcing the access control policies. For instance, a result of enforcement of an access control policy with regard to sign-in processes is evaluated instead of enforcing the access control policy with regard to the sign-in processes. The evaluation includes monitoring access requests that are received during the sign-in processes. Each access request requests access to a resource. The evaluation further includes comparing attributes of each access request against the access control policy that specifies criteria that are to be satisfied as a prerequisite to granting access to the resource to which access is requested by the respective access request. Metadata associated with the sign-in processes is generated instead of enforcing the access control policy with regard to the sign-in processes.Type: GrantFiled: January 6, 2020Date of Patent: February 13, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Daniel Edward Lee Wood, Caleb Geoffrey Baker, Sarat Subramaniam, Etan Micah Basseri, Carlos Adrian Lopez Castro, Sandra Jiang, Dilesh Dhokia, Jessica Tian-Hueih Lin, Pui Yin Winfred Wong, Robyn Nicole Hicock
-
Publication number: 20230401332Abstract: Some embodiments control access by applications to resources in a computing environment. An embodiment notes a request from an application to access a resource, determines a compliance status of the application based on access control policy compliance criteria, ascertains an authorization status of the request based on an authorization credential of the request and an authorization requirement of the resource, and responds to the request based on the compliance status and also based on the authorization status, thereby providing fine-grained access control. Access may also be controlled based on a request's beneficiary. An access request response may allow access, deny access, or ask for additional authorization. A compliance classifier reduces risk by dynamically updating compliance status after compliance criteria changes or attribute changes. An identity service access control architecture uses a compliance attribute to improve efficiency.Type: ApplicationFiled: June 8, 2022Publication date: December 14, 2023Inventors: Arash VAHIDNIA, Vasundhara PUTTAGUNTA, Rajalakshmi DANI, Anand Madhava MENON, Neha ARORA, Himani ARORA, Richa SEHGAL, Rufino Louie MAYOR, JR., Sanjoyan MUSTAFI, Himanshu JINDAL, Sumit Kumar CHAUHAN, Caleb Geoffrey BAKER, Nikhil Reddy BOREDDY, Shuvam Singha ROY
-
Publication number: 20230254321Abstract: Generally discussed herein are devices, systems, and methods for adaptive authorization using a local route as a named location. A method can include defining a local route and a corresponding local route endpoint, associating a compute resource as a destination of the local route endpoint, defining an adaptive authorization policy that limits access to the compute resource to be through the local route endpoint, and enforcing access to the compute resource based on the defined adaptive authorization policy.Type: ApplicationFiled: February 9, 2022Publication date: August 10, 2023Inventors: Abhijeet KUMAR SINHA, Caleb Geoffrey BAKER, Stuart KWAN, Zhifeng WANG, Adam EDWARDS, William Bruce BARR, III, Arturo Huato LUCATERO, Christopher Adam BROOKS, Carlos Adrian LOPEZ CASTRO
-
Patent number: 11627138Abstract: A computing system configured to support entities having the ability to indicate capability information for capabilities of the entities is illustrated. Embodiments may include an identity provider computer system comprising at least one processor. The identity provider computer system is configured to receive requests for access tokens from entities. The requests include capability information for the entities. The identity provider computer system is further configured to provide access tokens to the entities which include the capability information. The computing system further includes a resource provider computer system comprising at least one processor configured to receive resource requests and access tokens from entities. The access tokens include the capability information. The resource providers are further configured to provide responses to the entities according to the capability information.Type: GrantFiled: October 31, 2019Date of Patent: April 11, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Violet Anna Barhudarian, Jiangfeng Lu, Caleb Geoffrey Baker, Oren Jordan Melzer, Anirban Basu, Yordan Ivanov Rouskov, William Bruce Barr, III, Radhika Kashyap
-
Publication number: 20220343922Abstract: Techniques are described herein that are capable of selectively authenticating a user using voice recognition and random representations. A credential that is received from an entity is compared to a reference credential associated with a user. The random representations are caused to be displayed to the entity based at least in part on the credential corresponding to the reference credential. Each random representation has a random entropy. A representation of speech of the entity is analyzed to determine whether a voice characterized by the speech corresponds to a voice profile that characterizes a voice of the user and to determine whether the speech includes a verbal identification of each random representation. The user is selectively authenticated based at least in part on whether the voice corresponds to the voice profile and further based at least in part on whether the speech includes the verbal identification of each random representation.Type: ApplicationFiled: April 26, 2021Publication date: October 27, 2022Inventors: Daniel Edward Lee WOOD, Caleb Geoffrey BAKER, Amit DHARIWAL, Akshay NAIK, Pedro Miguel Neno LEITE, Sabina Lauren SMITH, Juyoung SONG, Kushal JHUNJHUNWALLA
-
Patent number: 11405425Abstract: Authenticating computing entities. A method includes at an identity provider, providing a first access token to an entity for use by the entity in obtaining resources from a resource provider. The method further includes, at the identity provider, receiving response information from the entity. The response information from the entity is provided to the entity from the resource provider as a result of the resource provider enforcing policy at the resource provider. At the identity provider, a second access token is provided to the entity. The second access token is provided based on the response information, such that the second access token can be used by the entity to obtain the resources from the resource provider.Type: GrantFiled: October 31, 2019Date of Patent: August 2, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Violet Anna Barhudarian, Jiangfeng Lu, Caleb Geoffrey Baker, Oren Jordan Melzer, Anirban Basu, Yordan Ivanov Rouskov, William Bruce Barr, III, Radhika Kashyap, Carlos Adrian Lopez Castro, Pui-Yin Winfred Wong
-
Patent number: 11349844Abstract: Managing an authenticated user session. A method includes a resource provider computer system subscribing to a conditional access termination service for an entity configured to obtain resources from the resource provider computer system through a user session. The resource provider computer system receives an event, related to resource requests, for the entity from the conditional access termination service. The resource provider computer system receives a request for resources from the entity. The resource provider computer system evaluates the request with respect to the event. The resource provider computer system responds to the request based on evaluating the request with respect to the event.Type: GrantFiled: October 31, 2019Date of Patent: May 31, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Violet Anna Barhudarian, Jiangfeng Lu, Caleb Geoffrey Baker, Oren Jordan Melzer, Anirban Basu, Chandra Sekhar Surapaneni, Nitika Gupta, Murli Dharan Satagopan
-
Patent number: 11296881Abstract: An embodiment disclosed herein is related to computing systems and method for a computing system to generate an access token that includes an IP address from a request. In the embodiment, a request is received for access to one secured data items. The request may include user credentials that specify that a user making the request is permitted to access the secured data items. The user credentials are validated and an Internet Protocol (IP) address that the request was sent from is determined. An access token is generated that includes the IP address that the request was sent from.Type: GrantFiled: October 30, 2019Date of Patent: April 5, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Violet Anna Barhudarian, Jiangfeng Lu, Caleb Geoffrey Baker, Oren Jordan Melzer, Anirban Basu, Praveen Erode Murugesan
-
Publication number: 20210211470Abstract: Techniques are described herein that are capable of evaluating a result of enforcement of access control policies instead of enforcing the access control policies. For instance, a result of enforcement of an access control policy with regard to sign-in processes is evaluated instead of enforcing the access control policy with regard to the sign-in processes. The evaluation includes monitoring access requests that are received during the sign-in processes. Each access request requests access to a resource. The evaluation further includes comparing attributes of each access request against the access control policy that specifies criteria that are to be satisfied as a prerequisite to granting access to the resource to which access is requested by the respective access request. Metadata associated with the sign-in processes is generated instead of enforcing the access control policy with regard to the sign-in processes.Type: ApplicationFiled: January 6, 2020Publication date: July 8, 2021Inventors: Daniel Edward Lee Wood, Caleb Geoffrey Baker, Sarat Subramaniam, Etan Micah Basseri, Carlos Adrian Lopez Castro, Sandra Jiang, Dilesh Dhokia, Jessica Tian-Hueih Lin, Pui Yin Winfred Wong, Robyn Nicole Hicock
-
Publication number: 20210135869Abstract: An embodiment disclosed herein is related to computing systems and method for a computing system to generate an access token that includes an IP address from a request. In the embodiment, a request is received for access to one secured data items. The request may include user credentials that specify that a user making the request is permitted to access the secured data items. The user credentials are validated and an Internet Protocol (IP) address that the request was sent from is determined. An access token is generated that includes the IP address that the request was sent from.Type: ApplicationFiled: October 30, 2019Publication date: May 6, 2021Inventors: Violet Anna Barhudarian, Jiangfeng Lu, Caleb Geoffrey Baker, Oren Jordan Melzer, Anirban Basu, Praveen Erode Murugesan
-
Publication number: 20210136113Abstract: Authenticating computing entities. A method includes at an identity provider, providing a first access token to an entity for use by the entity in obtaining resources from a resource provider. The method further includes, at the identity provider, receiving response information from the entity. The response information from the entity is provided to the entity from the resource provider as a result of the resource provider enforcing policy at the resource provider. At the identity provider, a second access token is provided to the entity. The second access token is provided based on the response information, such that the second access token can be used by the entity to obtain the resources from the resource provider.Type: ApplicationFiled: October 31, 2019Publication date: May 6, 2021Inventors: Violet Anna BARHUDARIAN, Jiangfeng LU, Caleb Geoffrey BAKER, Oren Jordan MELZER, Anirban BASU, Yordan Ivanov ROUSKOV, William Bruce BARR, III, Radhika KASHYAP, Carlos Adrian LOPEZ CASTRO, Pui-Yin Winfred WONG
-
Publication number: 20210136078Abstract: A computing system configured to support entities having the ability to indicate capability information for capabilities of the entities is illustrated. Embodiments may include an identity provider computer system comprising at least one processor. The identity provider computer system is configured to receive requests for access tokens from entities. The requests include capability information for the entities. The identity provider computer system is further configured to provide access tokens to the entities which include the capability information. The computing system further includes a resource provider computer system comprising at least one processor configured to receive resource requests and access tokens from entities. The access tokens include the capability information. The resource providers are further configured to provide responses to the entities according to the capability information.Type: ApplicationFiled: October 31, 2019Publication date: May 6, 2021Inventors: Violet Anna BARHUDARIAN, Jiangfeng LU, Caleb Geoffrey BAKER, Oren Jordan MELZER, Anirban BASU, Yordan Ivanov ROUSKOV, William Bruce BARR, III, Radhika KASHYAP
-
Publication number: 20210136076Abstract: Managing an authenticated user session. A method includes a resource provider computer system subscribing to a conditional access termination service for an entity configured to obtain resources from the resource provider computer system through a user session. The resource provider computer system receives an event, related to resource requests, for the entity from the conditional access termination service. The resource provider computer system receives a request for resources from the entity. The resource provider computer system evaluates the request with respect to the event. The resource provider computer system responds to the request based on evaluating the request with respect to the event.Type: ApplicationFiled: October 31, 2019Publication date: May 6, 2021Inventors: Violet Anna BARHUDARIAN, Jiangfeng LU, Caleb Geoffrey BAKER, Oren Jordan MELZER, Anirban BASU, Chandra Sekhar SURAPANENI, Nitika GUPTA, Murli Dharan SATAGOPAN
-
Publication number: 20210136114Abstract: Implementing policy at a resource provider computer system. The method includes a resource provider computer system receiving policy from an identity provider system, the policy being related to an entity that authenticates using the identity provider computer system. The resource provider computer system receives a request for resources from the entity and an access token from the entity. The access token was obtained by the entity from the identity provider computer system as a result of the entity authenticating with the identity provider computer system. The resource provider computer system evaluates the request with respect to the policy. The resource provider computer system responds to the request based on evaluating the request with respect to the policy.Type: ApplicationFiled: October 31, 2019Publication date: May 6, 2021Inventors: Violet Anna BARHUDARIAN, Jiangfeng LU, Caleb Geoffrey BAKER, Oren Jordan MELZER, Anirban BASU, Carlos Adrian LOPEZ CASTRO
-
Patent number: 9143501Abstract: Authenticating internet application sessions. A method includes downloading client side code that when executed implements one or more client side modules including at least one module with message interception functionality. The method includes executing the client side code to implement the one or more client side modules. A request is sent to an internet application server. In response to the request, a message is received from the internet application server indicating that the request is not authorized. The message from the internet application server indicating that the request is not authorized is intercepted at the one or more client side modules. The one or more client side modules, as a result of the message indicating that the request is not authorized, send a request for authentication in a required format for authentication. Authentication is performed without losing user state associated with the request to the internet application server.Type: GrantFiled: September 3, 2010Date of Patent: September 22, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Caleb Geoffrey Baker, Seng Lin Shee, Jan Lyk Choo, Marcelo Albuquerque Fernandes Mas, Krishnanand K. Shenoy, Samuel R. Devasahayam
-
Patent number: 8763093Abstract: The subject disclosure relates to authorization based on a determination of permissions that can be granted for an action(s) to be performed on a resource. The determination of the permission is based on a set of rules that represent a theory including a notion of trust that has been divided into different sized tables. The tables are utilized to evaluate two or more input claims and to facilitate a determination of whether access to at least one system resource is to be granted. The evaluation can include matching the two or more input claims to rows in the table, wherein access is allowed if a match is found.Type: GrantFiled: September 12, 2011Date of Patent: June 24, 2014Assignee: Microsoft CorporationInventors: David E. Langworthy, Qian Wang, Andrew John Layman, John Peter Shewchuk, Jr., Shiung-Vei Yong, Charles Edgar Passmore, Hervey Oliver Wilson, Caleb Geoffrey Baker
-
Publication number: 20130067539Abstract: The subject disclosure relates to authorization based on a determination of permissions that can be granted for an action(s) to be performed on a resource. The determination of the permission is based on a set of rules that represent a theory including a notion of trust that has been divided into different sized tables. The tables are utilized to evaluate two or more input claims and to facilitate a determination of whether access to at least one system resource is to be granted. The evaluation can include matching the two or more input claims to rows in the table, wherein access is allowed if a match is found.Type: ApplicationFiled: September 12, 2011Publication date: March 14, 2013Applicant: MICROSOFT CORPORATIONInventors: David E. Langworthy, Qian Wang, Andrew John Layman, John Peter Shewchuk, JR., Shiung-Vei Yong, Charles Edgar Passmore, Hervey Oliver Wilson, Caleb Geoffrey Baker
-
Publication number: 20120060210Abstract: Authenticating internet application sessions. A method includes downloading client side code that when executed implements one or more client side modules including at least one module with message interception functionality. The method includes executing the client side code to implement the one or more client side modules. A request is sent to an internet application server. In response to the request, a message is received from the internet application server indicating that the request is not authorized. The message from the internet application server indicating that the request is not authorized is intercepted at the one or more client side modules. The one or more client side modules, as a result of the message indicating that the request is not authorized, send a request for authentication in a required format for authentication. Authentication is performed without losing user state associated with the request to the internet application server.Type: ApplicationFiled: September 3, 2010Publication date: March 8, 2012Applicant: Microsoft CorporationInventors: Caleb Geoffrey Baker, Seng Lin Shee, Jan Lyk Choo, Marcelo Albuquerque Fernandes Mas, Krishnanand K. Shenoy, Samuel R. Devasahayam