Patents by Inventor Cem Paya

Cem Paya has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 7454508
    Abstract: A method, system, and computer-readable medium are provided for managing consent between online entities to perform tasks. The consent mechanism uses an asynchronous protocol for submitting consent requests, managing consent requests, and resolving consent requests. An application that requires consent to perform a task submits a request for consent to the consent mechanism. The resolving authority obtains pending request information from the consent mechanism and sends the consent mechanism request resolution information. The application obtains resolved request information from the consent mechanism. If the resolved request is approved, the consent mechanism allows the application to perform the task. If the resolved request is denied, the consent mechanism does not allow the application to perform the task.
    Type: Grant
    Filed: January 15, 2003
    Date of Patent: November 18, 2008
    Assignee: Microsoft Corporation
    Inventors: Ashvin J. Mathew, Puhazholi Vetrivel, Brian Jones, Danpo Zhang, Laurel S. Abbott, Cem Paya, Melissa Dunn
  • Patent number: 7444518
    Abstract: A permission level associated with a child's access to a Web server is identified. A relationship ticket is obtained from an authentication server and a request is generated to set the identified permission level. The request and the relationship ticket are sent to the Web server and a success code is received from the Web server if the requested permission level is established.
    Type: Grant
    Filed: September 29, 2003
    Date of Patent: October 28, 2008
    Assignee: Microsoft Corporation
    Inventors: Baskaran Dharmarajan, Cem Paya, Ashvin Mathew
  • Publication number: 20080229111
    Abstract: A forwarding signature comprises a modified digital signature, modified using a predetermined parameter between a sender and an intended recipient. An intended recipient of the forwarding signature can verify that the forwarding signature corresponds to the message, but, can neither derive the original digital signature nor generate a new forwarding signature for a different parameter. Generation and verification of the forwarding signature is accomplished with access to the public key of a public/private cryptographic key pair, the original signed message, and the predetermined parameter. Access to the private key is not needed.
    Type: Application
    Filed: March 16, 2007
    Publication date: September 18, 2008
    Applicant: Microsoft Corporation
    Inventors: Cem Paya, Josh Benaloh
  • Publication number: 20080115200
    Abstract: A system enabling an application desiring access to a resource addressable by a URI to produce a response to an authentication challenge to a request to access the URI without including code specific to an authentication system and/or method is provided. The system includes an authentication manager that can pass an authentication challenge to authentication modules and/or objects operable to produce a response to the authentication challenge. The system may also include a cache adapted to store one or more responses to the authentication challenge communicated from the authentication modules, with such cache also being employed to facilitate pre-authenticating test challenges and/or pseudo-challenges.
    Type: Application
    Filed: January 14, 2008
    Publication date: May 15, 2008
    Applicant: MICROSOFT CORPORATION
    Inventors: Lance Olson, Henrik Nielsen, Cem Paya
  • Patent number: 7360092
    Abstract: Distinctively marking authentication forms and preemptively searching for and detecting unauthorized authentication forms. The invention includes creating a sign-in module having an identifying characteristic and presenting the created sign-in module to the user via a user interface. The invention also includes searching a plurality of web pages for the identifying characteristic and determining whether each of the searched web pages is authorized to include the created sign-in module.
    Type: Grant
    Filed: April 28, 2003
    Date of Patent: April 15, 2008
    Assignee: Microsoft Corporation
    Inventors: Christopher N. Peterson, Ismail Cem Paya
  • Patent number: 7359976
    Abstract: A system and method that prevents certain cookies, as specified by an Internet server, from being accessed through client-side script, thereby mitigating the amount of damage that cross-site scripting attacks can accomplish. The server marks selected cookies with an attribute that flags such cookies as being protected, and a security mechanism in the client prevents protected cookies from being accessed via script. A protected (flagged) cookie can still be accessed by the server, (e.g., via HTTP), while non-flagged cookies can be accessed by the server or script. An API or similar layer implements the security mechanism that checks for the attribute, and fails requests for any cookies having that attribute set. The present invention can also be adapted to prevent a malicious script from overwriting existing HTTP-only cookies on a client machine.
    Type: Grant
    Filed: November 23, 2002
    Date of Patent: April 15, 2008
    Assignee: Microsoft Corporation
    Inventors: David A. Ross, Cem Paya, Aaron Goldfeder
  • Patent number: 7337324
    Abstract: A system and method for automatically determining if a computer user is a human or an automated script. Human interactive proofs (HIPs) are currently used to deter automated registration for web services by automated computer scripts. Unfortunately, HIPs entail multiple steps (request service, receive challenge, respond to challenge) that can be burdensome. The system and method of the invention in one embodiment provides a “black-box” to potential users consisting of a challenge generator and a secret key. The challenge is generated for the user and the response can be provided as part of the service request, eliminating the need for a separate challenge from a service provider and response to the challenge.
    Type: Grant
    Filed: December 1, 2003
    Date of Patent: February 26, 2008
    Assignee: Microsoft Corp.
    Inventors: Josh Benaloh, Ismail Cem Paya
  • Patent number: 7322040
    Abstract: A system enabling an application desiring access to a resource addressable by a URI to produce a response to an authentication challenge to a request to access the URI without including code specific to an authentication system and/or method is provided. The system includes an authentication manager that can pass an authentication challenge to authentication modules and/or objects operable to produce a response to the authentication challenge. The system may also include a cache adapted to store one or more responses to the authentication challenge communicated from the authentication modules, with such cache also being employed to facilitate pre-authenticating test challenges and/or pseudo-challenges.
    Type: Grant
    Filed: March 27, 2001
    Date of Patent: January 22, 2008
    Assignee: Microsoft Corporation
    Inventors: Lance E. Olson, Henrik Frystyk Nielsen, Cem Paya
  • Publication number: 20070260871
    Abstract: Encrypted communications between peers are inspected by a proxy server, for bugs, viruses, malicious software and the like, while the proxy server is prevented from modifying the encrypted communications. A proxy server functioning as a gateway processor between the peers includes a security processor. The security processor is coupled to one of the peers via a channel that is separate from the channel carrying the encrypted communications between the peers. Cryptographic keys needed to decrypt the encrypted communications are provided via the separate channel to the security processor prior to commencement of encrypted communications. The security processor monitors the encrypted communications. The security processor decrypts the monitored encrypted communications without perturbing the encrypted communications. The security processor decrypts the encrypted communications utilizing the previously provided cryptographic keys. The security processor inspects the decrypted communications.
    Type: Application
    Filed: October 27, 2005
    Publication date: November 8, 2007
    Applicant: Microsoft Corporation
    Inventors: Cem Paya, Opher Dubrovsky
  • Patent number: 7293034
    Abstract: Enabling dynamic aggregation of content from a plurality of content providers. The invention stores references associated with specific display areas in a document for a particular data source. Responsive to a request for the document, the invention retrieves the references associated with the data source and dynamically inserts the references into the appropriate display area of the document. A client renders the document by obtaining the content associated with the references. In an embodiment, the invention includes a web service for cobranding a login user interface for a user authentication system. The web service places cobranding content provided by an affiliate content provider and sign-in user interface content provided by a user authentication service into different frames of a single web page.
    Type: Grant
    Filed: February 23, 2004
    Date of Patent: November 6, 2007
    Assignee: Microsoft Coporation
    Inventors: Ismail Cem Paya, Gilbert M. McQuillan
  • Patent number: 7240192
    Abstract: Combining a browser cache and cookies to improve the security of token-based authentication protocols. A client stores a first portion of an authentication token as information (e.g., a cookie) in a first memory area. The client stores a second portion of the authentication token as server-inaccessible information (e.g., cached web content) in a second memory area. A server obtains the first and second portions from the client to recreate the authentication token to authenticate the client.
    Type: Grant
    Filed: March 12, 2003
    Date of Patent: July 3, 2007
    Assignee: Microsoft Corporation
    Inventors: Ismail Cem Paya, Trevin Chow
  • Publication number: 20070124578
    Abstract: A hierarchical identity based cryptographic system (“HIBC”) is integrated with the domain name system (“DNS”). A private key is assigned to each of the top level domain name authorities responsible for assigning the top level domain names (e.g., net, .com, etc.). The private key is generated according to an HIBC system, wherein the corresponding public key is based on the identity of the particular domain authority. When user requests a domain name from one of the top level domain name authorities, the user is issued a private key that is generated by the top level domain authority using its private key and the identity of the user according to the particular HIBC system implemented. The user's corresponding public key can be derived from the identity of the user and the public key of the top level domain name authority.
    Type: Application
    Filed: November 30, 2005
    Publication date: May 31, 2007
    Applicant: Microsoft Corporation
    Inventors: Cem Paya, Josh Benaloh
  • Patent number: 6993663
    Abstract: A method, apparatus, and article of manufacture for detecting and preventing input data buffer overrun storing a security token containing a randomly generated data pattern in memory between an input data buffer and memory locations containing instruction address pointers. First one pushes all arguments to a function onto the stack data structure and pushes a return address onto the stack data structure for use in obtaining the memory address for the instruction to be executed upon completion of the function before it pushes onto the stack data structure a security token. This security token comprises a randomly generated data value.
    Type: Grant
    Filed: August 31, 2000
    Date of Patent: January 31, 2006
    Assignee: Microsoft Corporation
    Inventors: Cem Paya, Sanjay G. Shenoy, Louis Lafreniere
  • Publication number: 20050257250
    Abstract: A system and method that evaluates privacy policies from web sites to determine whether each site is permitted to perform operations (e.g., store, retrieve or delete) directed to cookies on a user's computer. Various properties of each cookie and the context in which it is being used are evaluated against a user's privacy preference settings to make the determination. An evaluation engine accomplishes the evaluation and determination via a number of criteria and considerations, including the cookie properties, its current context, the site, the zone that contains the site, and any P3P data (compact policy) provided with the site's response. The user privacy preferences are evaluated against these criteria to determine whether a requested cookie operation is allowed, denied or modified. A formalized distinction between first-party cookies versus third-party cookies may be used in the determination, along with whether the cookie is a persistent cookie or a session cookie.
    Type: Application
    Filed: July 1, 2005
    Publication date: November 17, 2005
    Applicant: Microsoft Corporation
    Inventors: Darren Mitchell, Cem Paya, Rajeev Dujari, Stephen Purpura, Aaron Goldfeder, Frank Schwieterman
  • Patent number: 6959420
    Abstract: A system and method that evaluates privacy policies from web sites to determine whether each site is permitted to perform operations (e.g., store, retrieve or delete) directed to cookies on a user's computer. Various properties of each cookie and the context in which it is being used are evaluated against a user's privacy preference settings to make the determination. An evaluation engine accomplishes the evaluation and determination via a number of criteria and considerations, including the cookie properties, its current context, the site, the zone that contains the site, and any P3P data (compact policy) provided with the site's response. The user privacy preferences are evaluated against these criteria to determine whether a requested cookie operation is allowed, denied or modified. A formalized distinction between first-party cookies versus third-party cookies may be used in the determination, along with whether the cookie is a persistent cookie or a session cookie.
    Type: Grant
    Filed: November 30, 2001
    Date of Patent: October 25, 2005
    Assignee: Microsoft Corporation
    Inventors: Darren Mitchell, Cem Paya, Rajeev Dujari, Stephen J. Purpura, Aaron R. Goldfeder, Frank M. Schwieterman
  • Publication number: 20050038905
    Abstract: An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.
    Type: Application
    Filed: August 13, 2003
    Publication date: February 17, 2005
    Inventors: John Banes, Joseph Joy, David Mowers, Cem Paya, Feng Sun
  • Publication number: 20050038906
    Abstract: A first exemplary media implementation includes processor-executable instructions that direct a device to perform actions including: creating a session identifier using a host identifier; and formulating a host session initiation message with the created session identifier. A first exemplary device implementation includes: at least one processor; and one or more media including processor-executable instructions that direct the device to perform actions including: formulating a host session message with a session identifier that is created responsive to a host identifier; and sending the formulated host session message that includes the session identifier from the device. A second exemplary media implementation includes a data structure that has a message including a session identifier field, at least part of the session identifier field including a host identifier.
    Type: Application
    Filed: August 13, 2003
    Publication date: February 17, 2005
    Inventors: John Banes, Joseph Joy, David Mowers, Cem Paya, Feng Sun
  • Publication number: 20040181598
    Abstract: Managing state information across communication sessions between a client and a server via a stateless protocol. The server delivers to the client a cacheable web page with a hyperlink to non-cacheable embedded content. In the hyperlink to the non-cacheable embedded content, the server adds a token or an identifier uniquely associated with the user. When the user obtains embedded content from the cached web page via the hyperlink, the identifier is also sent to the server. Upon receipt of the identifier from the client, the server accesses the stored state information. In this manner, the server manages state information related to the client across communication sessions without the use of cookies as long as the client caches the web page with the unique identifier.
    Type: Application
    Filed: April 29, 2003
    Publication date: September 16, 2004
    Applicant: Microsoft Corporation
    Inventors: Ismail Cem Paya, Trevin Chow, Stephen J. Purpura
  • Publication number: 20040103200
    Abstract: A system and method that prevents certain cookies, as specified by an Internet server, from being accessed through client-side script, thereby mitigating the amount of damage that cross-site scripting attacks can accomplish. The server marks selected cookies with an attribute that flags such cookies as being protected, and a security mechanism in the client prevents protected cookies from being accessed via script. A protected (flagged) cookie can still be accessed by the server, (e.g., via HTTP), while non-flagged cookies can be accessed by the server or script. An API or similar layer implements the security mechanism that that checks for the attribute, and fails requests for any cookies having that attribute set. The present invention can also be adapted to prevent a malicious script from overwriting existing HTTP-only cookies on a client machine.
    Type: Application
    Filed: November 23, 2002
    Publication date: May 27, 2004
    Applicant: Microsoft Corporation
    Inventors: David A. Ross, Cem Paya, Aaron Goldfeder
  • Publication number: 20040003072
    Abstract: A method, system, and computer-readable medium are provided for managing consent between online entities to perform tasks. The consent mechanism uses an asynchronous protocol for submitting consent requests, managing consent requests, and resolving consent requests. An application that requires consent to perform a task submits a request for consent to the consent mechanism. The resolving authority obtains pending request information from the consent mechanism and sends the consent mechanism request resolution information. The application obtains resolved request information from the consent mechanism. If the resolved request is approved, the consent mechanism allows the application to perform the task. If the resolved request is denied, the consent mechanism does not allow the application to perform the task.
    Type: Application
    Filed: January 15, 2003
    Publication date: January 1, 2004
    Applicant: Microsoft Corporation
    Inventors: Ashvin J. Mathew, Puhazholi Vetrivel, Brian Jones, Danpo Zhang, Laurel S. Abbott, Cem Paya, Melissa Dunn