Patents by Inventor David Hetherington

David Hetherington has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10715530
    Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.
    Type: Grant
    Filed: September 6, 2017
    Date of Patent: July 14, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Liqiang Zhu, Anand Menon, Guanghui He, Jiahui Wang, Neil Shipp, Nick Voicu, Yi Zeng, Yu Huang, Rajalakshmi Dani, David Hetherington, Zhaoan Liu, Gavin Ackroyd
  • Patent number: 10326795
    Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 3, 2017
    Date of Patent: June 18, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
  • Publication number: 20180063153
    Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.
    Type: Application
    Filed: September 6, 2017
    Publication date: March 1, 2018
    Inventors: Liqiang Zhu, Anand Menon, Guanghui He, Jiahui Wang, Neil Shipp, Nick Voicu, Yi Zeng, Yu (Kyle) Huang, Rajalakshmi Dani, David Hetherington, Zhaoan Liu, Gavin Ackroyd
  • Publication number: 20180054460
    Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.
    Type: Application
    Filed: November 3, 2017
    Publication date: February 22, 2018
    Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
  • Patent number: 9838424
    Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.
    Type: Grant
    Filed: March 20, 2014
    Date of Patent: December 5, 2017
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
  • Patent number: 9787690
    Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.
    Type: Grant
    Filed: May 18, 2015
    Date of Patent: October 10, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Liqiang Zhu, Anand Menon, Guanghui He, Jiahui Wang, Neil Shipp, Nick Voicu, Yi Zeng, Yu (Kyle) Huang, Rajalakshmi Dani, David Hetherington, Zhaoan Liu, Gavin Ackroyd
  • Publication number: 20160182525
    Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.
    Type: Application
    Filed: May 18, 2015
    Publication date: June 23, 2016
    Inventors: Liqiang Zhu, Anand Menon, Guanghui He, Jiahui Wang, Neil Shipp, Nick Voicu, Yi Zeng, Yu (Kyle) Huang, Rajalakshmi Dani, David Hetherington, Zhaoan Liu, Gavin Ackroyd
  • Publication number: 20150281225
    Abstract: Techniques to operate a service with machine generated authentication tokens comprising a authentication token management component to establish a secure connection with a client device based at least partially on client authentication information associated with a first account of the client, receive a request for account information of one or more accounts associated with the first account of the client, provide account information for a second account associated with the first account to the client via the client device, receive a request to generate an authentication token for the second account, validate the request to generate the authentication token based on the client authentication information associated with the client, and a token generation component to generate the authentication token for the second account. Other embodiments are described and claimed.
    Type: Application
    Filed: March 27, 2014
    Publication date: October 1, 2015
    Applicant: Microsoft Corporation
    Inventors: Luke Schoen, Santosh Kumar, Rajalakshmi Dani, Siddhartha Mathur, Shane Brady, Ramesh Arimilli, David Hetherington, Vikas Ahuja
  • Publication number: 20150271200
    Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.
    Type: Application
    Filed: March 20, 2014
    Publication date: September 24, 2015
    Inventors: Shane Brady, Siddhartha Mathur, Rajalakshmi Dani, Santosh Kumar, Luke Schoen, David Hetherington
  • Publication number: 20050234710
    Abstract: Systems and method for canceling a speech interaction session are disclosed. In one exemplary implementation a method of canceling a speech interaction session, comprises receiving a signal indicating that a predetermined switch has been set to a first state, monitoring a time parameter indicative of the time the switch remains in the first state, and canceling the speech interaction session if the time parameter exceeds a threshold.
    Type: Application
    Filed: April 20, 2004
    Publication date: October 20, 2005
    Inventors: Stephen Falcon, David Hetherington