Patents by Inventor Charles W. Kaufman
Charles W. Kaufman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10394646Abstract: Described are techniques for performing data validation processing. An expected sequence of characters is determined that includes a plurality of groups. Each of the plurality of groups includes a first expected sequence of one or more characters representing encoded information and a second expected sequence of one or more data validation characters determined in accordance with a corresponding portion of the expected sequence. The portion includes at least the first expected sequence of one or more characters of the group. Data validation processing is incrementally performed as data for each of the plurality of groups is received. The data validation processing performed as data for each group is received uses a received sequence of one or more data validation characters corresponding to the second expected sequence of one or more data validation characters of each group.Type: GrantFiled: December 30, 2015Date of Patent: August 27, 2019Assignee: EMC IP Holding Company LLCInventors: Charles W. Kaufman, Radia J. Perlman
-
Publication number: 20190238346Abstract: A challenge/response authentication procedure determines whether a response is a correct response, a unique incorrect response, or a non-unique incorrect response, the unique incorrect response and non-unique incorrect response being differentiated by comparing the response value with a store of unique incorrect response values. For the correct response, client access to protected computer system resources is allowed, and the challenge value is discarded so as not to be used again. For the unique incorrect response, (1) when a predetermined limit of unique incorrect responses has not been reached, then the response value is added to the store of unique incorrect response values and the process is repeated with reuse of the challenge value, and (2) when the predetermined limit has been reached, then the client is locked out. For the non-unique incorrect response, the process is repeated with reuse of the challenge value.Type: ApplicationFiled: January 30, 2018Publication date: August 1, 2019Inventors: Radia J. Perlman, Charles W. Kaufman, Xuan Tang
-
Publication number: 20190173675Abstract: Providing a server polling component for remote cryptographic key erasure resilient to network outage. A set of keys received from a server are stored on data storage. The data storage sends a status request to the server. If a key enabled status is received, the data storage continues normal operations. If a key disabled status is received, a key failure action is performed. The key failure action includes deleting one or more of the keys in the set of keys or shutting down one or more storage devices of the data storage. If no response is received from the server, the data storage iteratively resends the status request at retry time intervals until a response is received from the server or until a time out period expires. On expiration of the time out period, the key failure action is performed.Type: ApplicationFiled: February 7, 2019Publication date: June 6, 2019Inventor: Charles W. Kaufman
-
Patent number: 10205594Abstract: Examples are generally directed towards providing a server polling component for remote cryptographic key erasure resilient to network outage. A set of keys received from a server are stored on data storage. The data storage sends a status request to the server. If a key enabled status is received, the data storage continues normal operations. If a key disabled status is received, a key failure action is performed. The key failure action includes deleting one or more of the keys in the set of keys or shutting down one or more storage devices of the data storage. If no response is received from the server, the data storage iteratively resends the status request at retry time intervals until a response is received from the server or until a time out period expires. On expiration of the time out period, the key failure action is performed.Type: GrantFiled: March 30, 2016Date of Patent: February 12, 2019Assignee: EMC IP HOLDING COMPANY LLCInventor: Charles W. Kaufman
-
Patent number: 9467473Abstract: A system is described that analyzes and validates network security policies associated with network devices. The system includes a compiler and a security policy analysis and validation tool. The compiler encodes a security policy associated with a network device into a predicate expressed in bit-vector logic and generates a bit-vector formula based on the predicate. The tool receives the bit-vector formula and applies a Satisfiability Modulo Theories (SMT) solver thereto to identify and enumerate solutions to the bit-vector formula. The enumerated solutions provide information about the validity of the first security policy. The solutions may be compactly enumerated in a as product of intervals or a product of unions of intervals.Type: GrantFiled: September 19, 2013Date of Patent: October 11, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Karthick Jayaraman, Charles W. Kaufman, Nikolaj S. Bjorner
-
Publication number: 20150082370Abstract: A system is described that analyzes and validates network security policies associated with network devices. The system includes a compiler and a security policy analysis and validation tool. The compiler encodes a security policy associated with a network device into a predicate expressed in bit-vector logic and generates a bit-vector formula based on the predicate. The tool receives the bit-vector formula and applies a Satisfiability Modulo Theories (SMT) solver thereto to identify and enumerate solutions to the bit-vector formula. The enumerated solutions provide information about the validity of the first security policy. The solutions may be compactly enumerated in a as product of intervals or a product of unions of intervals.Type: ApplicationFiled: September 19, 2013Publication date: March 19, 2015Applicant: Microsoft CorporationInventors: Karthick Jayaraman, Charles W. Kaufman, Nikolaj S. Bjorner
-
Patent number: 8709460Abstract: A method for producing a suspension, emulsion or dispersion of de-agglomerated particles (advantageously submicron-sized particles) of pyrithione salts comprising contacting agglomerated pyrithione salt particles with a de-agglomerating agent to produce the desired de-agglomerated pyrithione salt particles. Also disclosed is a method for making de-agglomerated submicron-sized particles of pyrithione salts comprising a heating step. Also disclosed are the particles made by the above methods and compositions comprising the particles and a base medium.Type: GrantFiled: April 23, 2009Date of Patent: April 29, 2014Assignee: Arch Chemicals, Inc.Inventors: Saeed M. Mohseni, Charles W. Kaufman, David C. Beaty, John J. Jardas, George Polson
-
Patent number: 8555061Abstract: Assertions for elevated privilege associated with transparent code may be ignored, prohibited, or modified.Type: GrantFiled: May 13, 2005Date of Patent: October 8, 2013Assignee: Microsoft CorporationInventors: Jeffrey M. Cooperstein, Charles W. Kaufman, Raja Krishnaswamy
-
Patent number: 8291088Abstract: A system for providing single sign-on (SSO) user names for Web cookies. SSO access to multiple applications is supported in situations where multiple user information directories are deployed, and users may be known by multiple identifiers. Convenient specification is enabled for which of a user's multiple names is to be used in an SSO Web cookie that is passed from application to application to enable SSO operation. The user's SSO Web cookie user name is fully separated conceptually from the user's effective name for any given application within the SSO environment. The SSO Web cookie user name provided by the disclosed system is specified independently from the effective name by which the user is known when operating in the Web application that writes the SSO Web cookie back to the user's computer system. Use of an administratively supplied user name in the SSO Web cookie is facilitated.Type: GrantFiled: September 28, 2008Date of Patent: October 16, 2012Assignee: International Business Machines CorporationInventors: Jane B. Marcus, Scott M. Davidson, Russell L. Holden, Srinivasa R. Kolaparthi, Charles W. Kaufman
-
Patent number: 8225390Abstract: The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.Type: GrantFiled: June 27, 2008Date of Patent: July 17, 2012Assignee: Microsoft CorporationInventors: Kenneth D. Ray, Pankaj M. Kamat, Charles W. Kaufman, Paul J. Leach, William R. Tipton, Andrew Herron, Krassimir E. Karamfilov, Duncan G. Bryce, Jonathan D. Schwartz, Matthew C. Setzer, John McDowell
-
Patent number: 8011008Abstract: Performing security sensitive operations with an application security model. Security agnostic code is executed. The security agnostic code is identified as not having authorization to perform a security sensitive operation. Executing the security agnostic code includes calling code identified as security safe critical code. In response to the security agnostic code calling the security safe critical code, the security safe critical code is executed. The security safe critical code includes functionality for performing validity checks. Executing the security safe critical code includes performing an validity check for the security agnostic code. When the security agnostic code passes the validity check, code identified as security critical code is called. In response to the security safe critical code calling the security critical code, the security critical code is executed. The security critical code is authorized to perform the security sensitive operation.Type: GrantFiled: November 13, 2007Date of Patent: August 30, 2011Assignee: Microsoft CorporationInventors: Michael D. Downen, Raja Krishnaswamy, Arun Moorthy, Charles W. Kaufman
-
Patent number: 8006295Abstract: The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.Type: GrantFiled: June 28, 2007Date of Patent: August 23, 2011Assignee: Microsoft CorporationInventors: Carl M. Ellison, Paul J. Leach, Butler W. Lampson, Melissa W. Dunn, Ravindra N. Pandya, Charles W. Kaufman
-
Patent number: 7949880Abstract: A method, system and apparatus for secure password validation can include a local authentication process configured for coupling both to local authentication data and to a remote authentication process. The system also can include a comparator disposed in the local authentication process and programmed to detect an extended password string in the local authentication data. Finally, the system can include a remote authentication handler disposed in the local authentication process and programmed to outsource password validation to the remote authentication process responsive to the comparator detecting an extended password string retrieved for a supplied user identifier. Preferably, the remote authentication handler can be a remote procedure call to the remote authentication process.Type: GrantFiled: January 25, 2010Date of Patent: May 24, 2011Assignee: International Business Machines CorporationInventors: Mark A. Champine, Charles W. Kaufman
-
Patent number: 7925752Abstract: A system for providing single sign-on (SSO) user names for Web cookies in a multiple user information directory environment. SSO access to multiple applications is supported in situations where multiple user information directories are deployed, and users may be known by multiple identifiers. Convenient specification is enabled for which of a user's multiple names is to be used in an SSO Web cookie that is passed from application to application to enable SSO operation. The user's SSO Web cookie user name is fully separated conceptually from the user's effective name for any given application within the SSO environment. The SSO Web cookie user name provided by the disclosed system is specified independently from the effective name by which the user is known when operating in the Web application that writes the SSO Web cookie back to the user's computer system. Use of an administratively supplied user name in the SSO Web cookie is facilitated.Type: GrantFiled: September 28, 2008Date of Patent: April 12, 2011Assignee: International Business Machines CorporationInventors: Jane B. Marcus, Scott M. Davidson, Russell L. Holden, Srinivasa R. Kolaparthi, Charles W. Kaufman
-
Patent number: 7926105Abstract: Described is a technology including an evaluation methodology by which a set of privileged code such as a platform's API method may be marked as being security critical and/or safe for being called by untrusted code. The set of code is evaluated to determine whether the code is security critical code, and if so, it is identified as security critical. Such code is further evaluated to determine whether the code is safe with respect to being called by untrusted code, and if so, is marked as safe. To determine whether the code is safe, a determination is made as to whether the first set of code leaks criticality, including by evaluating one or more code paths corresponding to one or more callers of the first set of code, and by evaluating one or more code paths corresponding to one or more callees of the first set of code.Type: GrantFiled: February 28, 2006Date of Patent: April 12, 2011Assignee: Microsoft CorporationInventors: Karen Elizabeth Corby, Mark Alcazar, Viresh Ramdatmisier, Ariel Jorge Kirsman, Andre A. Needham, Akhilesh Kaza, Raja Krishnaswamy, Jeff Cooperstein, Charles W Kaufman, Chris Anderson, Venkata Rama Prasad Tammana, Aaron R Goldfeder, John Hawkins
-
Publication number: 20100180126Abstract: A method, system and apparatus for secure password validation can include a local authentication process configured for coupling both to local authentication data and to a remote authentication process. The system also can include a comparator disposed in the local authentication process and programmed to detect an extended password string in the local authentication data. Finally, the system can include a remote authentication handler disposed in the local authentication process and programmed to outsource password validation to the remote authentication process responsive to the comparator detecting an extended password string retrieved for a supplied user identifier. Preferably, the remote authentication handler can be a remote procedure call to the remote authentication process.Type: ApplicationFiled: January 25, 2010Publication date: July 15, 2010Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Mark A. Champine, Charles W. Kaufman
-
Patent number: 7669058Abstract: A method, system and apparatus for secure password validation can include a local authentication process configured for coupling both to local authentication data and to a remote authentication process. The system also can include a comparator disposed in the local authentication process and programmed to detect an extended password string in the local authentication data. Finally, the system can include a remote authentication handler disposed in the local authentication process and programmed to outsource password validation to the remote authentication process responsive to the comparator detecting an extended password string retrieved for a supplied user identifier. Preferably, the remote authentication handler can be a remote procedure call to the remote authentication process.Type: GrantFiled: August 10, 2004Date of Patent: February 23, 2010Assignee: International Business Machines CorporationInventors: Mark A. Champine, Charles W. Kaufman
-
Publication number: 20090328134Abstract: The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.Type: ApplicationFiled: June 27, 2008Publication date: December 31, 2009Applicant: Microsoft CorporationInventors: Kenneth D. Ray, Pankaj M. Kamat, Charles W. Kaufman, Paul J. Leach, William R. Tipton, Andrew Herron, Krassimir E. Karamifilov, Duncan G. Bryce, Jonathan D. Schwartz, Matthew C. Setzer, John McDowell
-
Patent number: 7603712Abstract: In accordance with the present invention, a system, method, and computer-readable medium for identifying malware in a request to a Web service is provided. One aspect of the present invention is a computer-implemented method for protecting a computer that provides a Web service from malware made in a Web request. When a request is received, an on-demand compilation system compiles high-level code associated with the request into binary code that may be executed. However, before the code is executed, antivirus software designed to identify malware scans the binary code for malware. If malware is identified, the antivirus software prevents the binary code associated with the request from being executed.Type: GrantFiled: April 21, 2005Date of Patent: October 13, 2009Assignee: Microsoft CorporationInventors: Marc E Seinfeld, Adrian M Marinescu, Charles W Kaufman, Jeffrey M Cooperstein, Michael Kramer
-
Publication number: 20090215739Abstract: A method for producing a suspension, emulsion or dispersion of de-agglomerated particles (advantageously submicron-sized particles) of pyrithione salts comprising contacting agglomerated pyrithione salt particles with a de-agglomerating agent to produce the desired de-agglomerated pyrithione salt particles. Also disclosed is a method for making de-agglomerated submicron-sized particles of pyrithione salts comprising a heating step. Also disclosed are the particles made by the above methods and compositions comprising the particles and a base medium.Type: ApplicationFiled: April 23, 2009Publication date: August 27, 2009Inventors: Saeed M. Mohseni, Charles W. Kaufman, David C. Beaty, John J. Jardas, George Polson