Patents by Inventor Cristian Ilac
Cristian Ilac has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9461989Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.Type: GrantFiled: April 30, 2015Date of Patent: October 4, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Girish Chander, Tanmoy Dutta, Cristian Ilac, Bronislav Kavsan, Ziquian Li, Andreas K. Luther, Gennady Medvinsky, Liquiang Zhu
-
Publication number: 20150264036Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.Type: ApplicationFiled: April 30, 2015Publication date: September 17, 2015Applicant: Microsoft Technology Licensing, LLCInventors: Girish Chander, Tanmoy Dutta, Cristian Ilac, Bronislav Kavsan, Ziquian Li, Andreas K. Luther, Gennady Medvinsky, Liquiang Zhu
-
Patent number: 9032500Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.Type: GrantFiled: October 28, 2013Date of Patent: May 12, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Girish Chander, Tanmoy Dutta, Cristian Ilac, Bronislav Kavsan, Ziquian Li, Andreas K. Luther, Gennady Medvinsky, Liquiang Zhu
-
Patent number: 8799630Abstract: This disclosure describes methods, systems and application programming interfaces for creating an advanced security negotiation package. This disclosure describes creating an advanced security negotiation protocol under a Simple and Protected Negotiation Mechanism (SPNEGO) protocol to negotiate an authentication scheme. The protocol describes defining a Windows Security Type (WST) Library message to protect negotiation data during the advanced security negotiation protocol. The protocol sends an initial message that carries multiple authentication messages to reduce redundant roundtrips and implements key exchanges by a mini Security Support Provider (SSP).Type: GrantFiled: June 26, 2008Date of Patent: August 5, 2014Assignee: Microsoft CorporationInventors: Dave M. McPherson, Tanmoy Dutta, Cristian Ilac, Liqiang Zhu
-
Publication number: 20140059653Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.Type: ApplicationFiled: October 28, 2013Publication date: February 27, 2014Applicant: Microsoft CorporationInventors: Girish Chander, Tanmoy Dutta, Cristian Ilac, Bronislav Kavsan, Ziquian Li, Andreas K. Luther, Gennady Medvinsky, Liquiang Zhu
-
Patent number: 8572716Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.Type: GrantFiled: April 23, 2007Date of Patent: October 29, 2013Assignee: Microsoft CorporationInventors: Girish Chander, Tanmoy Dutta, Cristian Ilac, Bronislav Kavsan, Ziquan Li, Andreas K. Luther, Gennady Medvinsky, Liquiang Zhu
-
Patent number: 8528058Abstract: Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.Type: GrantFiled: May 31, 2007Date of Patent: September 3, 2013Assignee: Microsoft CorporationInventors: Liqiang Zhu, Gennady Medvinsky, Tanmoy Dutta, Cristian Ilac, Andreas Luther, John P Shewchuk
-
Patent number: 8281368Abstract: A secure (e.g., HTTPS) connection is established between a client and a server. Communication over the connection may utilize an application (e.g., a Web browser) that is not part of the client's trusted computing base. A password is sent from the client to the server over the connection such that the clear text password is unavailable to the application. For example, the password can be encrypted and inserted directly into the HTTPS stream from the client's trusted computing base.Type: GrantFiled: February 28, 2008Date of Patent: October 2, 2012Assignee: Microsoft CorporationInventors: Raghavendra Malpani, Cristian Ilac, Tanmoy Dutta, Klaus Schultz
-
Patent number: 8132246Abstract: An exemplary group ticket for a Kerberos protocol includes a service ticket encrypted with a dynamic group key and a plurality of enveloped pairs where each pair includes a name associated with a member of a group and an encrypted the dynamic group key for decryption by a key possessed by the member of the group where decryption of an encrypted dynamic group key allows for decryption of the service ticket. Other exemplary methods, systems, etc., are also disclosed.Type: GrantFiled: February 27, 2008Date of Patent: March 6, 2012Assignee: Microsoft CorporationInventors: Cristian Ilac, Paul J. Leach, Tarek B. Kamel, Liqiang Zhu
-
Patent number: 7913084Abstract: A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g.Type: GrantFiled: May 26, 2006Date of Patent: March 22, 2011Assignee: Microsoft CorporationInventors: Gennady Medvinsky, Cristian Ilac, Costin Hagiu, John E. Parsons, Mohamed Emad El Din Fathalla, Paul J. Leach, Tarek Bahaa El-Din Mahmoud Kamel
-
Patent number: 7810143Abstract: Systems and/or methods are described that enable a credential interface. These systems and/or methods may build a credential user interface enabling a user to choose between multiple credentials and submit an authenticator for a chosen credential. These systems and/or methods may also gather information about arbitrary credentials and build a user interface for submission of authenticators for these arbitrary credentials.Type: GrantFiled: April 22, 2005Date of Patent: October 5, 2010Assignee: Microsoft CorporationInventors: David M. Ruzyski, James H. Hong, Brian K. McNeil, Chris J. Guzak, Brian D. Wentz, Klaus U. Schutz, Stefan Richards, Eric C. Perlin, Cristian Ilac, Sterling M. Reasor, Eric R. Flo, John Stephens, Benjamin A. Hutz
-
Publication number: 20090328140Abstract: This disclosure describes methods, systems and application programming interfaces for creating an advanced security negotiation package. This disclosure describes creating an advanced security negotiation protocol under a Simple and Protected Negotiation Mechanism (SPNEGO) protocol to negotiate an authentication scheme. The protocol describes defining a Windows Security Type (WST) Library message to protect negotiation data during the advanced security negotiation protocol. The protocol sends an initial message that carries multiple authentication messages to reduce redundant roundtrips and implements key exchanges by a mini Security Support Provider (SSP).Type: ApplicationFiled: June 26, 2008Publication date: December 31, 2009Applicant: Microsoft CorporationInventors: Dave M. McPherson, Tanmoy Dutta, Cristian Ilac, Liqiang Zhu
-
Publication number: 20090222888Abstract: A secure (e.g., HTTPS) connection is established between a client and a server. Communication over the connection may utilize an application (e.g., a Web browser) that is not part of the client's trusted computing base. A password is sent from the client to the server over the connection such that the clear text password is unavailable to the application. For example, the password can be encrypted and inserted directly into the HTTPS stream from the client's trusted computing base.Type: ApplicationFiled: February 28, 2008Publication date: September 3, 2009Applicant: MICROSOFT CORPORATIONInventors: Raghavendra Malpani, Cristian Ilac, Tanmoy Dutta, Klaus Schutz
-
Publication number: 20090217029Abstract: An exemplary group ticket for a Kerberos protocol includes a service ticket encrypted with a dynamic group key and a plurality of enveloped pairs where each pair includes a name associated with a member of a group and an encrypted the dynamic group key for decryption by a key possessed by the member of the group where decryption of an encrypted dynamic group key allows for decryption of the service ticket. Other exemplary methods, systems, etc., are also disclosed.Type: ApplicationFiled: February 27, 2008Publication date: August 27, 2009Applicant: Microsoft CorporationInventors: Cristian Ilac, Paul J. Leach, Tarek B. Kamel, Liqiang Zhu
-
Patent number: 7577659Abstract: A credential is translated with one of different credential provider modules each translating a corresponding different type of credential into a common protocol. The translated credential is communicated through an API to a logon UI module to an operating system (OS) of a local machine. An OS logon module is called by the logon UI module to authenticate the translated credential against a credential database. A user identified by the translated credential is logged on to access the local machine when the authentication is successful. The credential can also be used with a selection received from the logon UI module via a corresponding one of different pre-log access provider (PLAP) modules that each communicate with the API. The API establishes a network session with an access service specified by the selected PLAP module when the credential is authenticated with the credential database.Type: GrantFiled: October 24, 2003Date of Patent: August 18, 2009Assignee: Microsoft CorporationInventors: Klaus U. Schutz, Stefan Richards, Eric C. Perlin, Cristian Ilac, Sterling M. Reasor, Eric Flo, John Stephens, Benjamin A. Hutz
-
Publication number: 20080301784Abstract: Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.Type: ApplicationFiled: May 31, 2007Publication date: December 4, 2008Applicant: MICROSOFT CORPORATIONInventors: Liqiang Zhu, Gennady Medvinsky, Tanmoy Dutta, Cristian Ilac, Andreas Luther, John P. Shewchuk
-
Publication number: 20080263651Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.Type: ApplicationFiled: April 23, 2007Publication date: October 23, 2008Applicant: Microsoft CorporationInventors: Girish Chander, Tanmoy Dutta, Cristian Ilac, Bronislav Kavsan, Ziquian Li, Andreas K. Luther, Gennady Medvinsky, Liquiang Zhu
-
Publication number: 20070277231Abstract: A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g.Type: ApplicationFiled: May 26, 2006Publication date: November 29, 2007Applicant: Microsoft CorporationInventors: Gennady Medvinsky, Cristian Ilac, Costin Hagiu, John E. Parsons, Mohamed Emad El Din Fathalla, Paul J. Leach, Tarek Buhaa El-Din Mahmoud Kamel
-
Publication number: 20060242427Abstract: Systems and/or methods are described that enable a credential interface. These systems and/or methods may build a credential user interface enabling a user to choose between multiple credentials and submit an authenticator for a chosen credential. These systems and/or methods may also gather information about arbitrary credentials and build a user interface for submission of authenticators for these arbitrary credentials.Type: ApplicationFiled: April 22, 2005Publication date: October 26, 2006Applicant: Microsoft CorporationInventors: David Ruzyski, James Hong, Brian McNeil, Chris Guzak, Brian Wentz, Klaus Schutz, Stefan Richards, Eric Perlin, Cristian Ilac, Sterling Reasor, Eric Flo, John Stephens, Benjamin Hutz
-
Publication number: 20060224891Abstract: Branch domain controllers (DCs) contain read only replicas of the data in a normal domain DC. This includes information about the groups a user belongs to so it can be used to determine authorization information. Password information, however, is desirably replicated to the branch DCs only for users and services (including machines) designated for that particular branch. Moreover, all write operations are desirably handled by hub DCs, the primary domain controller (PDC), or other DCs trusted by the corporate office. Rapid authentication and authorization in branch offices is supported using Kerberos sub-realms in which each branch office operates as a virtual realm. The Kerberos protocol employs different key version numbers to distinguish between the virtual realms of the head and branch key distribution centers (KDCs).Type: ApplicationFiled: April 1, 2005Publication date: October 5, 2006Applicant: Microsoft CorporationInventors: Cristian Ilac, Karthik Jaganathan, Murli Satagopan, Tarek Bahna Mahmoud Kamel, Todd Stecher