Patents by Inventor David Hetherington
David Hetherington has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10715530Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.Type: GrantFiled: September 6, 2017Date of Patent: July 14, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Liqiang Zhu, Anand Menon, Guanghui He, Jiahui Wang, Neil Shipp, Nick Voicu, Yi Zeng, Yu Huang, Rajalakshmi Dani, David Hetherington, Zhaoan Liu, Gavin Ackroyd
-
Patent number: 10326795Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.Type: GrantFiled: November 3, 2017Date of Patent: June 18, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
-
Publication number: 20180063153Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.Type: ApplicationFiled: September 6, 2017Publication date: March 1, 2018Inventors: Liqiang Zhu, Anand Menon, Guanghui He, Jiahui Wang, Neil Shipp, Nick Voicu, Yi Zeng, Yu (Kyle) Huang, Rajalakshmi Dani, David Hetherington, Zhaoan Liu, Gavin Ackroyd
-
Publication number: 20180054460Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.Type: ApplicationFiled: November 3, 2017Publication date: February 22, 2018Applicant: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
-
Patent number: 9838424Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.Type: GrantFiled: March 20, 2014Date of Patent: December 5, 2017Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
-
Patent number: 9787690Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.Type: GrantFiled: May 18, 2015Date of Patent: October 10, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Liqiang Zhu, Anand Menon, Guanghui He, Jiahui Wang, Neil Shipp, Nick Voicu, Yi Zeng, Yu (Kyle) Huang, Rajalakshmi Dani, David Hetherington, Zhaoan Liu, Gavin Ackroyd
-
Publication number: 20160182525Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.Type: ApplicationFiled: May 18, 2015Publication date: June 23, 2016Inventors: Liqiang Zhu, Anand Menon, Guanghui He, Jiahui Wang, Neil Shipp, Nick Voicu, Yi Zeng, Yu (Kyle) Huang, Rajalakshmi Dani, David Hetherington, Zhaoan Liu, Gavin Ackroyd
-
Publication number: 20150281225Abstract: Techniques to operate a service with machine generated authentication tokens comprising a authentication token management component to establish a secure connection with a client device based at least partially on client authentication information associated with a first account of the client, receive a request for account information of one or more accounts associated with the first account of the client, provide account information for a second account associated with the first account to the client via the client device, receive a request to generate an authentication token for the second account, validate the request to generate the authentication token based on the client authentication information associated with the client, and a token generation component to generate the authentication token for the second account. Other embodiments are described and claimed.Type: ApplicationFiled: March 27, 2014Publication date: October 1, 2015Applicant: Microsoft CorporationInventors: Luke Schoen, Santosh Kumar, Rajalakshmi Dani, Siddhartha Mathur, Shane Brady, Ramesh Arimilli, David Hetherington, Vikas Ahuja
-
Publication number: 20150271200Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.Type: ApplicationFiled: March 20, 2014Publication date: September 24, 2015Inventors: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
-
Publication number: 20050234710Abstract: Systems and method for canceling a speech interaction session are disclosed. In one exemplary implementation a method of canceling a speech interaction session, comprises receiving a signal indicating that a predetermined switch has been set to a first state, monitoring a time parameter indicative of the time the switch remains in the first state, and canceling the speech interaction session if the time parameter exceeds a threshold.Type: ApplicationFiled: April 20, 2004Publication date: October 20, 2005Inventors: Stephen Falcon, David Hetherington