Patents by Inventor Colin H. Brace
Colin H. Brace has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9197630Abstract: A certificate management system provides automated management of certificate lifecycles and certificate distribution. Rather than depend upon an administrator to manually distribute and manage certificates, the system self-generates certificates, distributes the certificates to appropriate servers or other parties, and transitions from old certificates to new certificates in a well-defined manner that avoids breaking functionality. After generating one or more certificates, the system securely shares certificates in a way that parties that use them can find the new certificates without an administrator manually distributing the certificates. When it is time to update certificates, the system generates new certificates and shares the new certificates in a similar way. During a transition period, the system provides a protocol by which both old and new certificates can be used to perform authenticated access to resources, so that the transition from an old to a new certificate does not break services.Type: GrantFiled: March 8, 2010Date of Patent: November 24, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Tariq Sharif, Colin H. Brace, Nakul Garg
-
Patent number: 8407767Abstract: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. Various methods are provided for creating new DIRs, requesting DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.Type: GrantFiled: September 17, 2007Date of Patent: March 26, 2013Assignee: Microsoft CorporationInventors: Vijay K. Gajjala, Colin H. Brace, Derek T. Del Conte, Arun K. Nanda, Stuart L. S. Kwan, Rashmi Raj, Vijayavani Nori
-
Patent number: 8087072Abstract: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. A system is provided using a common identity data store for both DIR issuance and identity token issuance, decreasing synchronization issues. Various methods are provided for creating new DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.Type: GrantFiled: September 17, 2007Date of Patent: December 27, 2011Assignee: Microsoft CorporationInventors: Vijay K. Gajjala, Colin H. Brace, Derek T. Del Conte, Kim Cameron, Arun K. Nanda, Hervey O. Wilson, Stuart L. S. Kwan, Rashmi Raj, Vijayavani Nori
-
Publication number: 20110219227Abstract: A certificate management system provides automated management of certificate lifecycles and certificate distribution. Rather than depend upon an administrator to manually distribute and manage certificates, the system self-generates certificates, distributes the certificates to appropriate servers or other parties, and transitions from old certificates to new certificates in a well-defined manner that avoids breaking functionality. After generating one or more certificates, the system securely shares certificates in a way that parties that use them can find the new certificates without an administrator manually distributing the certificates. When it is time to update certificates, the system generates new certificates and shares the new certificates in a similar way. During a transition period, the system provides a protocol by which both old and new certificates can be used to perform authenticated access to resources, so that the transition from an old to a new certificate does not break services.Type: ApplicationFiled: March 8, 2010Publication date: September 8, 2011Applicant: Microsoft CorporationInventors: Tariq Sharif, Colin H. Brace, Nakul Garg
-
Publication number: 20110126027Abstract: Accessing a data set with secret and non-secret data. A method includes accessing a data set image. The data set image comprises secret data. The data set image is derived from an authorized data set associated with a master key that authorizes access to the secret data. The master key is not provided with the data set image. The method further comprises restoring the data set image to a computing system to create a degraded data set. Data in the degraded data set other than the secret data is accessed without restoring the master key.Type: ApplicationFiled: January 27, 2011Publication date: May 26, 2011Applicant: MICROSOFT CORPORATIONInventors: Colin H. Brace, Nathan D. Muggli, William B. Lees, William J. Whalen
-
Patent number: 7921304Abstract: Accessing a data set with secret and non-secret data. A method includes accessing a data set image. The data set image comprises secret data. The data set image is derived from an authorized data set associated with a master key that authorizes access to the secret data. The master key is not provided with the data set image. The method further comprises restoring the data set image to a computing system to create a degraded data set. Data in the degraded data set other than the secret data is accessed without restoring the master key.Type: GrantFiled: December 6, 2005Date of Patent: April 5, 2011Assignee: Microsoft CorporationInventors: Colin H. Brace, Nathan D. Muggli, William B. Lees, William J. Whalen
-
Publication number: 20090307744Abstract: A federated identity verification system includes an identity provider that provides security tokens ultimately to one or more relying parties for access by the client to services at a relying party. Specifically, the relying party can validate the security token from an identity provider (whether directly or via a client) when verifying that the received security token conforms to security configuration data previously exchanged with the identity provider. To establish the trust relationship, the identity provider and one or more relying parties exchange security configuration information through an agreed-to communication channel. The security configuration information indicates the settings that the other party needs to use for establishing, maintaining, and/or monitoring the trust relationship. The communication channel allows both parties to flexibly and continually synchronize changes to security configurations, and thus maintain, change, or end the trust relationship automatically, as desired.Type: ApplicationFiled: June 9, 2008Publication date: December 10, 2009Applicant: MICROSOFT CORPORATIONInventors: Arun K. Nanda, Matthew F. Steele, Danver W. Hartop, Sriram Vasudevan, Edward P. Johns, Colin H. Brace, Vijay K. Gajjala
-
Publication number: 20080178272Abstract: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. Various methods are provided for creating new DIRs, requesting DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.Type: ApplicationFiled: September 17, 2007Publication date: July 24, 2008Applicant: Microsoft CorporationInventors: Vijay K. Gajjala, Colin H. Brace, Derek T. Del Conte, Arun K. Nanda, Stuart L.S. Kwan, Rashmi Raj, Vijayavani Nori
-
Publication number: 20080178271Abstract: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. A system is provided using a common identity data store for both DIR issuance and identity token issuance, decreasing synchronization issues. Various methods are provided for creating new DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.Type: ApplicationFiled: September 17, 2007Publication date: July 24, 2008Applicant: Microsoft CorporationInventors: Vijay K Gajjala, Colin H. Brace, Derek T. Del Conte, Kim Cameron, Arun K. Nanda, Hervey O. Wilson, Stuart L.S. Kwan, Rashmi Raj, Vijayavani Nori
-
Patent number: 7085833Abstract: A network system server, at a first network site, maintains network access information that identifies users authorized to access a network and a network controller, at a second network site, caches the network access information for individual users that request access to the network from the second network site. The network controller tracks the individual users that request access to the network from the second network site and updates the cached network access information for the individual users that request access to the network from the second network site within a defined time interval.Type: GrantFiled: January 17, 2001Date of Patent: August 1, 2006Assignee: Microsoft CorporationInventors: Murli D. Satagopan, Colin H. Brace, Mark R. Brown
-
Patent number: 6457053Abstract: A system for multi-master unique identifier allocation comprises a server for allocating pools of identifiers to requesting servers and at least one server for requesting pools of identifiers and allocating individual identifiers as necessary. A single master server allocates “pools” of unique identifiers to network servers upon request. The network servers in turn allocate unique identifiers from their pool as necessary when the server generates new system objects. When a network server's pool of unique identifiers is nearly depleted, the network server requests an additional pool of identifiers from the master server.Type: GrantFiled: September 21, 1998Date of Patent: September 24, 2002Assignee: Microsoft CorporationInventors: Murli D. Satagopan, Dave D. Straube, Colin H. Brace, Chris L. Mayhall, Donald J. Hacherl
-
Patent number: 6457011Abstract: A Knowledge Consistency Checker (KCC) that periodically executes on each server of the computer network is provided. The KCC interacts with a data structure contained within a copy of a database located on each server, and with a replication program that executes on each server when called by the KCC. The data structure contains a list of server objects representing the servers in the network. Associated with each server objects is a list or replication objects that describe how the server is obtain a copy of a change to the database. Each replication object represents a server other than the server with which it is associated. The KCC uses the replication objects to inform the replication program from which servers to periodically request an update to the database and to the data structure. Thus, while each KCC is only responsible for creating the objects required for its own server, the replication topology of the entire network is provided to every server in the network by the periodic requests.Type: GrantFiled: July 23, 1999Date of Patent: September 24, 2002Assignee: Microsoft CorporationInventors: Colin H. Brace, Donald J. Hacherl, Jeffrey B. Parham
-
Publication number: 20020095497Abstract: A network system server, at a first network site, maintains network access information that identifies users authorized to access a network and a network controller, at a second network site, caches the network access information for individual users that request access to the network from the second network site. The network controller tracks the individual users that request access to the network from the second network site and updates the cached network access information for the individual users that request access to the network from the second network site within a defined time interval.Type: ApplicationFiled: January 17, 2001Publication date: July 18, 2002Inventors: Murli D. Satagopan, Colin H. Brace, Mark R. Brown