Patents by Inventor Douglas A. Walter

Douglas A. Walter has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Securely roaming digital identities
    Patent number: 8051469
    Abstract: A cryptographic session key is utilized to maintain security of a digital identity. The session key is valid only for a limited period of time. Additional security is provided via a bimodal credential allowing different levels of access to the digital identify. An identity token contains pertinent information associated with the digital identity. The identity token is encrypted utilizing public-key cryptography. An identifier utilized to verify the validity of the digital identity is encrypted with the cryptographic session key. The encrypted identity token and the encrypted identifier are provided to a service for example. The service decrypts the encrypted identity token utilizing public key cryptography, and decrypts, with the cryptographic session key obtained from the identity token, the encrypted identifier. If the identifier is determined to be valid, the transaction proceeds normally. If the identifier is determined to be invalid, the transaction is halted.
    Type: Grant
    Filed: November 17, 2009
    Date of Patent: November 1, 2011
    Assignee: Microsoft Corporation
    Inventors: John P. Shewchuk, Arun K. Nanda, Donald F. Box, Douglas A. Walter, Hervey O. Wilson
  • Efficient transformation of interchange format messages
    Patent number: 7860989
    Abstract: In a computerized system, a sending computer system and recipient computer system exchange an interchange format message in a resource-efficient manner. For example, a transformation writer at the sending computer system selects and transforms only one or few of a plurality of units of the message at the time. The transformed message units are then streamed to the recipient computer system in accordance with a relevant transformation standard, such as the canonicalization standard in the case of XML messages. A transformation reader at the recipient computer system transforms the messages using a buffer big enough for received message units, and passes the transformed units to a file. Thus, the transformation writer acts as a stream writer to pass a message, and the transformation reader acts as a stream reader at the recipient computer system.
    Type: Grant
    Filed: February 2, 2005
    Date of Patent: December 28, 2010
    Assignee: Microsoft Corporation
    Inventors: Vaithialingam B. Balayoghan, Douglas A. Walter, Giovanni Della-Libera
  • Selecting policy for compatible communication
    Patent number: 7836489
    Abstract: The present invention extends to methods, systems, and computer program products for selecting policy for compatible communication. Hierarchical policy document data structures represent communication (e.g., security) aspects and options such that lower aspects and options are accessed in the context of corresponding higher aspects and options to define applicable scope. Use of a hierarchical description also facilitates separation of what is being protected from how it is being protected thereby allowing security policy to be considered at different locations of a description document.
    Type: Grant
    Filed: June 15, 2006
    Date of Patent: November 16, 2010
    Assignee: Microsoft Corporation
    Inventors: Christopher G. Kaler, Douglas A. Walter, Martin Gudgin
  • CONTROLLING APPLICATIONS THROUGH INTER-PROCESS COMMUNICATION
    Publication number: 20100162275
    Abstract: The present invention extends to methods, systems, and computer program products for controlling applications through inter-process communication. Applications are extended with application specific extensibility points. The application specific extensibility points permit applications that natively lack inter-process communication capabilities to participate in inter-process communication. Application specific extensibility points can provide an application with a Web based interface thereby making the functionality of the application available to other Web services and other extended applications. Accordingly, application specific extensibility points extend the functionality of applications to interoperate and be integrated with other Web services and other extended applications.
    Type: Application
    Filed: December 19, 2008
    Publication date: June 24, 2010
    Applicant: Microsoft Corporation Way
    Inventors: Quetzalcoatl Bradley, Lui Lui Wong, Douglas A. Walter
  • COMPACT SYNTAX FOR DATA SCRIPTING LANGUAGE
    Publication number: 20100088672
    Abstract: The subject disclosure relates to a syntax for a scripting language that allows data intensive applications to be written in a compact, human friendly, textual format. The scripting language can be a declarative programming language, such as the ā€œDā€ programming language, which is well suited to the authoring of data intensive programs. A compact query syntax is provided for D that simplifies the expression of complex and data intensive programs. In another non-limiting aspect, conventional operator precedence is modified to accommodate the compact syntax and other unique features of a general purpose declarative programming language.
    Type: Application
    Filed: October 3, 2008
    Publication date: April 8, 2010
    Applicant: MICROSOFT CORPORATION
    Inventors: David E. Langworthy, Bradford H. Lovering, Donald F. Box, Douglas A. Walter, Giovanni M. Della-Libera, Jeffrey S. Pinkston, John D. Doty, John L. Hamby
  • SECURELY ROAMING DIGITAL IDENTITIES
    Publication number: 20100064361
    Abstract: A cryptographic session key is utilized to maintain security of a digital identity. The session key is valid only for a limited period of time. Additional security is provided via a bimodal credential allowing different levels of access to the digital identify. An identity token contains pertinent information associated with the digital identity. The identity token is encrypted utilizing public-key cryptography. An identifier utilized to verify the validity of the digital identity is encrypted with the cryptographic session key. The encrypted identity token and the encrypted identifier are provided to a service for example. The service decrypts the encrypted identity token utilizing public key cryptography, and decrypts, with the cryptographic session key obtained from the identity token, the encrypted identifier. If the identifier is determined to be valid, the transaction proceeds normally. If the identifier is determined to be invalid, the transaction is halted.
    Type: Application
    Filed: November 17, 2009
    Publication date: March 11, 2010
    Applicant: Microsoft Corporation
    Inventors: John P. Shewchuk, Arun K. Nanda, Donald F. Box, Douglas A. Walter, Hervey O. Wilson
  • Securely roaming digital identities
    Patent number: 7640579
    Abstract: A cryptographic session key is utilized to maintain security of a digital identity. The session key is valid only for a limited period of time. Additional security is provided via a bimodal credential allowing different levels of access to the digital identify. An identity token contains pertinent information associated with the digital identity. The identity token is encrypted utilizing public-key cryptography. An identifier utilized to verify the validity of the digital identity is encrypted with the cryptographic session key. The encrypted identity token and the encrypted identifier are provided to a service for example. The service decrypts the encrypted identity token utilizing public key cryptography, and decrypts, with the cryptographic session key obtained from the identity token, the encrypted identifier. If the identifier is determined to be valid, the transaction proceeds normally. If the identifier is determined to be invalid, the transaction is halted.
    Type: Grant
    Filed: September 9, 2005
    Date of Patent: December 29, 2009
    Assignee: Microsoft Corporation
    Inventors: John P. Shewchuk, Arun K. Nanda, Donald F. Box, Douglas A. Walter, Hervey O. Wilson
  • Endpoint identification and security
    Patent number: 7636939
    Abstract: A data structure with endpoint address and security information. The data structure includes an address field that includes one or more endpoint addresses for an entity. The data structure further includes a security field that includes one or more keys for facilitating secure communications with the entity. The data structure may also be such that the contents of the address field and the security field are serialized in the data structure. The data structure may be extensible such that new address fields and security fields may be added.
    Type: Grant
    Filed: December 10, 2004
    Date of Patent: December 22, 2009
    Assignee: Microsoft Corporation
    Inventors: Christopher G. Kaler, Douglas A. Walter, Giovanni M. Della-Libera, Melissa W. Dunn, Richard L. Hasha, Tomasz Janczuk
  • LOW-COST SECURITY USING WELL-DEFINED MESSAGES
    Publication number: 20090217383
    Abstract: Well-defined messages may be transmitted from a sending device to a recipient device in order to reduce the processing and resource requirements imposed by the security semantics of general message standards. The well-defined messages may include an expression of a collective intent of the security semantics included in the message. The expression of the security semantics within the message simplifies the discovery process for devices processing the message. The well-defined message may also require that any intermediary devices that process the well-defined message as it is transmitted from the sender device to the receiver device follow the expressed collective intent of the security semantics. If an intermediary device cannot understand or adhere to the expressed intent, the well-defined message must be rejected.
    Type: Application
    Filed: February 26, 2008
    Publication date: August 27, 2009
    Applicant: Microsoft Corporation
    Inventors: Douglas A. Walter, Christopher G. Kaler, John P. Shewchuk, Arun K. Nanda
  • Interface infrastructure for creating and interacting with web services
    Patent number: 7512957
    Abstract: A web services namespace pertains to an infrastructure for enabling creation of a wide variety of applications. The infrastructure provides a foundation for building message-based applications of various scale and complexity. The infrastructure or framework provides APIs for basic messaging, secure messaging, reliable messaging and transacted messaging. In some embodiments, the associated APIs are factored into a hierarchy of namespaces in a manner that balances utility, usability, extensibility and versionability.
    Type: Grant
    Filed: December 3, 2004
    Date of Patent: March 31, 2009
    Assignee: Microsoft Corporation
    Inventors: Shy Cohen, Geary L. Eppley, Douglas M. Purdy, James E. Johnson, Stephen J. Millet, Stephen T. Swartz, Vijay K. Gajjala, Aaron Abraham Stern, Alexander Martin DeJarnatt, Alfred M. Lee, IV, Anand Rjagopalan, Anastasios Kasiolas, Chaitanya D. Upadhyay, Christopher G. Kaler, Craig Andrew Critchley, David Edwin Levin, David Owen Driver, David Wortendyke, Douglas A. Walter, Elliot Lee Waingold, Erik Bo Christensen, Erin P. Honeycutt, Eugene Shvets, Evgeny Osovetsky, Giovanni M. Della-Libera, Jesus Ruiz-Scougall, John David Doty, Jonathan T. Wheeler, Kapil Gupta, Kenneth David Wolf, Krishnan Srinivasan, Lance E. Olson, Matthew Thomas Tavis, Mauro Ottaviani, Max Attar Feingold, Michael James Coulson, Michael Jon Marucheck, Michael Steven Vernal, Michael Thomas Dice, Mohamed-Hany Essam Ramadan, Mohammad Makarechian, Natasha Harish Jethanandani, Richard Dievendorff, Richard Douglas Hill, Ryan Thomas Sturgell, Saurab Nog, Scott Christopher Seely, Serge Sverdlov, Siddhartha Puri, Sowmyanarayanan K. Srinivasan, Stefan Batres, Stefan Harrington Pharies, Tirunelveli Vishwanath, Tomasz Janczuk, Uday S. Hegde, Umesh Madan, Vaithialingam B. Balayogan, Vipul Arunkant Modi, Yaniv Pessach, Yasser Shohoud
  • TYPED AUTHORIZATION DATA
    Publication number: 20080082626
    Abstract: Requesting security tokens with typed information. A method includes accessing at a client, information to allow the client to request a token for accessing functionality of a service. The method further includes sending a client request from the client to a token issuer in a token request. The client request includes the information and at least one of information defining the source of the information, proof of the source of the information; or usage information specifying how the information should be used.
    Type: Application
    Filed: September 29, 2006
    Publication date: April 3, 2008
    Applicant: MICROSOFT CORPORATION
    Inventors: Christopher G. Kaler, Douglas A. Walter, Arun K. Nanda, Hervey O. Wilson
  • POLICY FAULT
    Publication number: 20080083009
    Abstract: Communicating and requesting specialized policy information. A message is sent by a client to a service which provides the services requested by the message or a specialized processor that evaluates messages. The message is evaluated for compliance with a policy particular to the message. If the message does not comply with a policy particular to the message, policy information is sent, where the policy information indicates the correct policy particular to the message. In one embodiment, if the message complies with a policy particular to the message, policy information is sent, where the policy information indicates that the message complies with a policy particular to the message.
    Type: Application
    Filed: September 29, 2006
    Publication date: April 3, 2008
    Applicant: MICROSOFT CORPORATION
    Inventors: Christopher G. Kaler, Douglas A. Walter
  • SELECTING POLICY FOR COMPATIBLE COMMUNICATION
    Publication number: 20070294743
    Abstract: The present invention extends to methods, systems, and computer program products for selecting policy for compatible communication. Hierarchical policy document data structures represent communication (e.g., security) aspects and options such that lower aspects and options are accessed in the context of corresponding higher aspects and options to define applicable scope. Use of a hierarchical description also facilitates separation of what is being protected from how it is being protected thereby allowing security policy to be considered at different locations of a description document.
    Type: Application
    Filed: June 15, 2006
    Publication date: December 20, 2007
    Applicant: Microsoft Corporation
    Inventors: Christopher G. Kaler, Douglas A. Walter, Martin Gudgin
  • Message processing pipeline for streams
    Patent number: 7185060
    Abstract: Methods, systems, and computer program products that reduce buffer requirements in a messaging system so that the messaging system can send or receive relatively larger messages using a given buffer size. Message handlers are provided, each identifying a corresponding processing operation to perform on a message object having a streamed portion with a stream oriented interface. Pipelines comprising ordered collections of the message handlers are provided as well. The message object is processed by the message handlers in the message pipelines, such that at least one message handler encapsulates the streamed portion of the message object with its corresponding processing operation. The corresponding processing operation is to be performed at a future time, and encapsulates the streamed portion of the message object without materializing the stream portion in a buffer. The messaging system may be an intermediary for routing a message object or an endpoint.
    Type: Grant
    Filed: March 26, 2003
    Date of Patent: February 27, 2007
    Assignee: Microsoft Corporation
    Inventors: Erik B. Christensen, Douglas A. Walter, Michael J. Coulson, Kenneth D. Wolf
  • Message processing pipeline for streams
    Publication number: 20040193687
    Abstract: Methods, systems, and computer program products that reduce buffer requirements in a messaging system so that the messaging system can send or receive relatively larger messages using a given buffer size. Message handlers are provided, each identifying a corresponding processing operation to perform on a message object having a streamed portion with a stream oriented interface. Pipelines comprising ordered collections of the message handlers are provided as well. The message object is processed by the message handlers in the message pipelines, such that at least one message handler encapsulates the streamed portion of the message object with its corresponding processing operation. The corresponding processing operation is to be performed at a future time, and encapsulates the streamed portion of the message object without materializing the stream portion in a buffer. The messaging system may be an intermediary for routing a message object or an endpoint.
    Type: Application
    Filed: March 26, 2003
    Publication date: September 30, 2004
    Inventors: Erik B. Christensen, Douglas A. Walter, Michael J. Coulson, Kenneth D. Wolf