Patents by Inventor Christian Paquin
Christian Paquin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9768962Abstract: The subject disclosure is directed towards credential verification for accessing a service provider. A user may prove to the service provider the validity of the credential by communicating a non-revocation component that is based upon a prime-order cryptographic group without a bilinear pairing. In order to authenticate the user, a verification mechanism within an identity management system applies private cryptographic data, including a verifier-designated private key to the non-revocation component, which proves that the user's identity and therefore, the credential is not revoked. The presentation proof includes a hash value that is computed using the credential's commitment and the prime-order cryptographic group. By verifying that the hash value was computed using that commitment, the verification mechanism validates the credential and permits access to the service provider.Type: GrantFiled: March 15, 2013Date of Patent: September 19, 2017Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Tolga Acar, Christian Paquin, Duy Lan Nguyen, Melissa Chase
-
Patent number: 9264232Abstract: Binding a security artifact to a service provider. A method includes generating a pseudonym for a security artifact. The pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers. Further, the pseudonym uniquely identifies the particular security artifact to the service provider even when a user has available a number of different security artifacts to authenticate to the same service provider to access a user account for the user. The method further includes providing the pseudonym for the security artifact to the service provider. The pseudonym for the security artifact is bound with a user account at the service provider for a user associated with the security artifact.Type: GrantFiled: August 26, 2014Date of Patent: February 16, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Craig Henry Wittenberg, Christian Paquin, Rushmi U. Malaviarachchi
-
Publication number: 20160006567Abstract: Binding a security artifact to a service provider. A method includes generating a pseudonym for a security artifact. The pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers. Further, the pseudonym uniquely identifies the particular security artifact to the service provider even when a user has available a number of different security artifacts to authenticate to the same service provider to access a user account for the user. The method further includes providing the pseudonym for the security artifact to the service provider. The pseudonym for the security artifact is bound with a user account at the service provider for a user associated with the security artifact.Type: ApplicationFiled: August 26, 2014Publication date: January 7, 2016Inventors: Craig Henry Wittenberg, Christian Paquin, Rushmi U. Malaviarachchi
-
Patent number: 9043891Abstract: A privacy-preserving identity system is described herein that combines low disclosure tokens with an identity metasystem to allow proof of a user's identity and other claims about the user in a manner that preserves the user's privacy by avoiding disclosing unnecessary information about the user. A low or minimal disclosure token is a security token that encodes claims in such a way that (1) the token can be long-lived, (2) the token can be presented in an unlinkable manner, or (3) the user can minimally disclose the encoded information to respond to an unanticipated Relying Party policy. Using the privacy preserving system within an identity metasystem, users can obtain long-lived, low disclosure tokens from the Identity Provider and later present them to Relying Parties; thus improving both users' privacy and the system's scalability.Type: GrantFiled: February 18, 2010Date of Patent: May 26, 2015Assignee: Microsoft Technology Licensiing, LLCInventors: Christian Paquin, Gregory R. Thompson
-
Patent number: 8819437Abstract: Binding a security artifact to a service provider. A method includes generating a pseudonym for a security artifact. The pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers. Further, the pseudonym uniquely identifies the particular security artifact to the service provider even when a user has available a number of different security artifacts to authenticate to the same service provider to access a user account for the user. The method further includes providing the pseudonym for the security artifact to the service provider. The pseudonym for the security artifact is bound with a user account at the service provider for a user associated with the security artifact.Type: GrantFiled: September 30, 2010Date of Patent: August 26, 2014Assignee: Microsoft CorporationInventors: Craig Henry Wittenberg, Christian Paquin, Rushmi U. Malaviarachchi
-
Publication number: 20130073460Abstract: The claimed subject matter provides a system and method for enabling paid-for exchange of identity attributes with minimal disclosure credentials. An exemplary method includes requesting a credential from an identity provider by one of a user or a credential agent. The credential may be presented to a relying party, and the presented credential may be verified. Based on verification of the presented credential, a service of the relying party may be accessed by the user. The user, the relying party, a neutral third party, or the credential agent may provide payment for the credential to the identity provider, and the identity provider is unable to determine whether, where, when or by whom the credential has been used.Type: ApplicationFiled: September 15, 2011Publication date: March 21, 2013Applicant: Microsoft CorporationInventors: Christian Paquin, Ariel Gordon, Melissa Chase
-
Patent number: 8255870Abstract: One embodiment of the invention relates to a system for providing a support function in maintaining a computing system. The system includes a computer-implemented interface configured to receive a support user identification and a system user identification. The system also includes a support user implementation engine configured to set a support mode based on the support user identification and to log the support user into the computing system based on the system user identification. The system also includes one or more applications implemented by the computing system configured to perform one or more functions on the computing system in accordance with the system user identification and the support user identification.Type: GrantFiled: August 31, 2006Date of Patent: August 28, 2012Assignee: SAP AktiengesellschaftInventors: Anne Banino, Christian Paquin
-
Publication number: 20120084565Abstract: Binding a security artifact to a service provider. A method includes generating a pseudonym for a security artifact. The pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers. Further, the pseudonym uniquely identifies the particular security artifact to the service provider even when a user has available a number of different security artifacts to authenticate to the same service provider to access a user account for the user. The method further includes providing the pseudonym for the security artifact to the service provider. The pseudonym for the security artifact is bound with a user account at the service provider for a user associated with the security artifact.Type: ApplicationFiled: September 30, 2010Publication date: April 5, 2012Applicant: Microsoft CorporationInventors: Craig Henry Wittenberg, Christian Paquin, Rushmi U. Malaviarachchi
-
Publication number: 20110202991Abstract: A privacy-preserving identity system is described herein that combines low disclosure tokens with an identity metasystem to allow proof of a user's identity and other claims about the user in a manner that preserves the user's privacy by avoiding disclosing unnecessary information about the user. A low or minimal disclosure token is a security token that encodes claims in such a way that (1) the token can be long-lived, (2) the token can be presented in an unlinkable manner, or (3) the user can minimally disclose the encoded information to respond to an unanticipated Relying Party policy. Using the privacy preserving system within an identity metasystem, users can obtain long-lived, low disclosure tokens from the Identity Provider and later present them to Relying Parties; thus improving both user' privacy and the system's scalability.Type: ApplicationFiled: February 18, 2010Publication date: August 18, 2011Applicant: Microsoft CorporationInventors: Christian Paquin, Gregory R. Thompson
-
Publication number: 20080126227Abstract: One embodiment of the invention relates to a system for providing a support function in maintaining a computing system. The system includes a computer-implemented interface configured to receive a support user identification and a system user identification. The system also includes a support user implementation engine configured to set a support mode based on the support user identification and to log the support user into the computing system based on the system user identification. The system also includes one or more applications implemented by the computing system configured to perform one or more functions on the computing system in accordance with the system user identification and the support user identification.Type: ApplicationFiled: August 31, 2006Publication date: May 29, 2008Inventors: Anne Banino, Christian Paquin