Patents by Inventor Charles W. Kaufman

Charles W. Kaufman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190173675
    Abstract: Providing a server polling component for remote cryptographic key erasure resilient to network outage. A set of keys received from a server are stored on data storage. The data storage sends a status request to the server. If a key enabled status is received, the data storage continues normal operations. If a key disabled status is received, a key failure action is performed. The key failure action includes deleting one or more of the keys in the set of keys or shutting down one or more storage devices of the data storage. If no response is received from the server, the data storage iteratively resends the status request at retry time intervals until a response is received from the server or until a time out period expires. On expiration of the time out period, the key failure action is performed.
    Type: Application
    Filed: February 7, 2019
    Publication date: June 6, 2019
    Inventor: Charles W. Kaufman
  • Patent number: 10205594
    Abstract: Examples are generally directed towards providing a server polling component for remote cryptographic key erasure resilient to network outage. A set of keys received from a server are stored on data storage. The data storage sends a status request to the server. If a key enabled status is received, the data storage continues normal operations. If a key disabled status is received, a key failure action is performed. The key failure action includes deleting one or more of the keys in the set of keys or shutting down one or more storage devices of the data storage. If no response is received from the server, the data storage iteratively resends the status request at retry time intervals until a response is received from the server or until a time out period expires. On expiration of the time out period, the key failure action is performed.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: February 12, 2019
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventor: Charles W. Kaufman
  • Patent number: 9467473
    Abstract: A system is described that analyzes and validates network security policies associated with network devices. The system includes a compiler and a security policy analysis and validation tool. The compiler encodes a security policy associated with a network device into a predicate expressed in bit-vector logic and generates a bit-vector formula based on the predicate. The tool receives the bit-vector formula and applies a Satisfiability Modulo Theories (SMT) solver thereto to identify and enumerate solutions to the bit-vector formula. The enumerated solutions provide information about the validity of the first security policy. The solutions may be compactly enumerated in a as product of intervals or a product of unions of intervals.
    Type: Grant
    Filed: September 19, 2013
    Date of Patent: October 11, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Karthick Jayaraman, Charles W. Kaufman, Nikolaj S. Bjorner
  • Publication number: 20150082370
    Abstract: A system is described that analyzes and validates network security policies associated with network devices. The system includes a compiler and a security policy analysis and validation tool. The compiler encodes a security policy associated with a network device into a predicate expressed in bit-vector logic and generates a bit-vector formula based on the predicate. The tool receives the bit-vector formula and applies a Satisfiability Modulo Theories (SMT) solver thereto to identify and enumerate solutions to the bit-vector formula. The enumerated solutions provide information about the validity of the first security policy. The solutions may be compactly enumerated in a as product of intervals or a product of unions of intervals.
    Type: Application
    Filed: September 19, 2013
    Publication date: March 19, 2015
    Applicant: Microsoft Corporation
    Inventors: Karthick Jayaraman, Charles W. Kaufman, Nikolaj S. Bjorner
  • Patent number: 8709460
    Abstract: A method for producing a suspension, emulsion or dispersion of de-agglomerated particles (advantageously submicron-sized particles) of pyrithione salts comprising contacting agglomerated pyrithione salt particles with a de-agglomerating agent to produce the desired de-agglomerated pyrithione salt particles. Also disclosed is a method for making de-agglomerated submicron-sized particles of pyrithione salts comprising a heating step. Also disclosed are the particles made by the above methods and compositions comprising the particles and a base medium.
    Type: Grant
    Filed: April 23, 2009
    Date of Patent: April 29, 2014
    Assignee: Arch Chemicals, Inc.
    Inventors: Saeed M. Mohseni, Charles W. Kaufman, David C. Beaty, John J. Jardas, George Polson
  • Patent number: 8555061
    Abstract: Assertions for elevated privilege associated with transparent code may be ignored, prohibited, or modified.
    Type: Grant
    Filed: May 13, 2005
    Date of Patent: October 8, 2013
    Assignee: Microsoft Corporation
    Inventors: Jeffrey M. Cooperstein, Charles W. Kaufman, Raja Krishnaswamy
  • Patent number: 8291088
    Abstract: A system for providing single sign-on (SSO) user names for Web cookies. SSO access to multiple applications is supported in situations where multiple user information directories are deployed, and users may be known by multiple identifiers. Convenient specification is enabled for which of a user's multiple names is to be used in an SSO Web cookie that is passed from application to application to enable SSO operation. The user's SSO Web cookie user name is fully separated conceptually from the user's effective name for any given application within the SSO environment. The SSO Web cookie user name provided by the disclosed system is specified independently from the effective name by which the user is known when operating in the Web application that writes the SSO Web cookie back to the user's computer system. Use of an administratively supplied user name in the SSO Web cookie is facilitated.
    Type: Grant
    Filed: September 28, 2008
    Date of Patent: October 16, 2012
    Assignee: International Business Machines Corporation
    Inventors: Jane B. Marcus, Scott M. Davidson, Russell L. Holden, Srinivasa R. Kolaparthi, Charles W. Kaufman
  • Patent number: 8225390
    Abstract: The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.
    Type: Grant
    Filed: June 27, 2008
    Date of Patent: July 17, 2012
    Assignee: Microsoft Corporation
    Inventors: Kenneth D. Ray, Pankaj M. Kamat, Charles W. Kaufman, Paul J. Leach, William R. Tipton, Andrew Herron, Krassimir E. Karamfilov, Duncan G. Bryce, Jonathan D. Schwartz, Matthew C. Setzer, John McDowell
  • Patent number: 8011008
    Abstract: Performing security sensitive operations with an application security model. Security agnostic code is executed. The security agnostic code is identified as not having authorization to perform a security sensitive operation. Executing the security agnostic code includes calling code identified as security safe critical code. In response to the security agnostic code calling the security safe critical code, the security safe critical code is executed. The security safe critical code includes functionality for performing validity checks. Executing the security safe critical code includes performing an validity check for the security agnostic code. When the security agnostic code passes the validity check, code identified as security critical code is called. In response to the security safe critical code calling the security critical code, the security critical code is executed. The security critical code is authorized to perform the security sensitive operation.
    Type: Grant
    Filed: November 13, 2007
    Date of Patent: August 30, 2011
    Assignee: Microsoft Corporation
    Inventors: Michael D. Downen, Raja Krishnaswamy, Arun Moorthy, Charles W. Kaufman
  • Patent number: 8006295
    Abstract: The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.
    Type: Grant
    Filed: June 28, 2007
    Date of Patent: August 23, 2011
    Assignee: Microsoft Corporation
    Inventors: Carl M. Ellison, Paul J. Leach, Butler W. Lampson, Melissa W. Dunn, Ravindra N. Pandya, Charles W. Kaufman
  • Patent number: 7949880
    Abstract: A method, system and apparatus for secure password validation can include a local authentication process configured for coupling both to local authentication data and to a remote authentication process. The system also can include a comparator disposed in the local authentication process and programmed to detect an extended password string in the local authentication data. Finally, the system can include a remote authentication handler disposed in the local authentication process and programmed to outsource password validation to the remote authentication process responsive to the comparator detecting an extended password string retrieved for a supplied user identifier. Preferably, the remote authentication handler can be a remote procedure call to the remote authentication process.
    Type: Grant
    Filed: January 25, 2010
    Date of Patent: May 24, 2011
    Assignee: International Business Machines Corporation
    Inventors: Mark A. Champine, Charles W. Kaufman
  • Patent number: 7926105
    Abstract: Described is a technology including an evaluation methodology by which a set of privileged code such as a platform's API method may be marked as being security critical and/or safe for being called by untrusted code. The set of code is evaluated to determine whether the code is security critical code, and if so, it is identified as security critical. Such code is further evaluated to determine whether the code is safe with respect to being called by untrusted code, and if so, is marked as safe. To determine whether the code is safe, a determination is made as to whether the first set of code leaks criticality, including by evaluating one or more code paths corresponding to one or more callers of the first set of code, and by evaluating one or more code paths corresponding to one or more callees of the first set of code.
    Type: Grant
    Filed: February 28, 2006
    Date of Patent: April 12, 2011
    Assignee: Microsoft Corporation
    Inventors: Karen Elizabeth Corby, Mark Alcazar, Viresh Ramdatmisier, Ariel Jorge Kirsman, Andre A. Needham, Akhilesh Kaza, Raja Krishnaswamy, Jeff Cooperstein, Charles W Kaufman, Chris Anderson, Venkata Rama Prasad Tammana, Aaron R Goldfeder, John Hawkins
  • Patent number: 7925752
    Abstract: A system for providing single sign-on (SSO) user names for Web cookies in a multiple user information directory environment. SSO access to multiple applications is supported in situations where multiple user information directories are deployed, and users may be known by multiple identifiers. Convenient specification is enabled for which of a user's multiple names is to be used in an SSO Web cookie that is passed from application to application to enable SSO operation. The user's SSO Web cookie user name is fully separated conceptually from the user's effective name for any given application within the SSO environment. The SSO Web cookie user name provided by the disclosed system is specified independently from the effective name by which the user is known when operating in the Web application that writes the SSO Web cookie back to the user's computer system. Use of an administratively supplied user name in the SSO Web cookie is facilitated.
    Type: Grant
    Filed: September 28, 2008
    Date of Patent: April 12, 2011
    Assignee: International Business Machines Corporation
    Inventors: Jane B. Marcus, Scott M. Davidson, Russell L. Holden, Srinivasa R. Kolaparthi, Charles W. Kaufman
  • Publication number: 20100180126
    Abstract: A method, system and apparatus for secure password validation can include a local authentication process configured for coupling both to local authentication data and to a remote authentication process. The system also can include a comparator disposed in the local authentication process and programmed to detect an extended password string in the local authentication data. Finally, the system can include a remote authentication handler disposed in the local authentication process and programmed to outsource password validation to the remote authentication process responsive to the comparator detecting an extended password string retrieved for a supplied user identifier. Preferably, the remote authentication handler can be a remote procedure call to the remote authentication process.
    Type: Application
    Filed: January 25, 2010
    Publication date: July 15, 2010
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Mark A. Champine, Charles W. Kaufman
  • Patent number: 7669058
    Abstract: A method, system and apparatus for secure password validation can include a local authentication process configured for coupling both to local authentication data and to a remote authentication process. The system also can include a comparator disposed in the local authentication process and programmed to detect an extended password string in the local authentication data. Finally, the system can include a remote authentication handler disposed in the local authentication process and programmed to outsource password validation to the remote authentication process responsive to the comparator detecting an extended password string retrieved for a supplied user identifier. Preferably, the remote authentication handler can be a remote procedure call to the remote authentication process.
    Type: Grant
    Filed: August 10, 2004
    Date of Patent: February 23, 2010
    Assignee: International Business Machines Corporation
    Inventors: Mark A. Champine, Charles W. Kaufman
  • Publication number: 20090328134
    Abstract: The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.
    Type: Application
    Filed: June 27, 2008
    Publication date: December 31, 2009
    Applicant: Microsoft Corporation
    Inventors: Kenneth D. Ray, Pankaj M. Kamat, Charles W. Kaufman, Paul J. Leach, William R. Tipton, Andrew Herron, Krassimir E. Karamifilov, Duncan G. Bryce, Jonathan D. Schwartz, Matthew C. Setzer, John McDowell
  • Patent number: 7603712
    Abstract: In accordance with the present invention, a system, method, and computer-readable medium for identifying malware in a request to a Web service is provided. One aspect of the present invention is a computer-implemented method for protecting a computer that provides a Web service from malware made in a Web request. When a request is received, an on-demand compilation system compiles high-level code associated with the request into binary code that may be executed. However, before the code is executed, antivirus software designed to identify malware scans the binary code for malware. If malware is identified, the antivirus software prevents the binary code associated with the request from being executed.
    Type: Grant
    Filed: April 21, 2005
    Date of Patent: October 13, 2009
    Assignee: Microsoft Corporation
    Inventors: Marc E Seinfeld, Adrian M Marinescu, Charles W Kaufman, Jeffrey M Cooperstein, Michael Kramer
  • Publication number: 20090215739
    Abstract: A method for producing a suspension, emulsion or dispersion of de-agglomerated particles (advantageously submicron-sized particles) of pyrithione salts comprising contacting agglomerated pyrithione salt particles with a de-agglomerating agent to produce the desired de-agglomerated pyrithione salt particles. Also disclosed is a method for making de-agglomerated submicron-sized particles of pyrithione salts comprising a heating step. Also disclosed are the particles made by the above methods and compositions comprising the particles and a base medium.
    Type: Application
    Filed: April 23, 2009
    Publication date: August 27, 2009
    Inventors: Saeed M. Mohseni, Charles W. Kaufman, David C. Beaty, John J. Jardas, George Polson
  • Patent number: 7544367
    Abstract: A method for producing a suspension, emulsion or dispersion of de-agglomerated particles (advantageously submicron-sized particles) of pyrithione salts comprising contacting agglomerated pyrithione salt particles with a de-agglomerating agent to produce the desired de-agglomerated pyrithione salt particles. Also disclosed is a method for making de-agglomerated submicron-sized particles of pyrithione salts comprision a heating step. Also disclosed are the particles made by the above methods and compositions comprising the particles and a base medium.
    Type: Grant
    Filed: June 20, 2002
    Date of Patent: June 9, 2009
    Assignee: Arch Chemicals, Inc.
    Inventors: Saeed M. Mohseni, Charles W. Kaufman, David C. Beaty, John J. Jardas, George Polson
  • Publication number: 20090126011
    Abstract: Performing security sensitive operations with an application security model. Security agnostic code is executed. The security agnostic code is identified as not having authorization to perform a security sensitive operation. Executing the security agnostic code includes calling code identified as security safe critical code. In response to the security agnostic code calling the security safe critical code, the security safe critical code is executed. The security safe critical code includes functionality for performing validity checks. Executing the security safe critical code includes performing an validity check for the security agnostic code. When the security agnostic code passes the validity check, code identified as security critical code is called. In response to the security safe critical code calling the security critical code, the security critical code is executed. The security critical code is authorized to perform the security sensitive operation.
    Type: Application
    Filed: November 13, 2007
    Publication date: May 14, 2009
    Applicant: MICROSOFT CORPORATION
    Inventors: Michael D. Downen, Raja Krishnaswamy, Arun Moorthy, Charles W. Kaufman