Patents by Inventor Eric Fleischman
Eric Fleischman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10033731Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.Type: GrantFiled: July 31, 2017Date of Patent: July 24, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
-
Patent number: 10003611Abstract: Techniques for protecting an online service against network-based attacks are described. In some cases, protection is performed by way of a scalable protection service including a dynamically scalable set of virtual machines hosted by a cloud service that is distinct from a data center that hosts the online service. The protection service is coupled to the online service via a private link. When an attack is detected by the online service, network traffic bound for the online service is redirected from the public network to the protection service. The protection service then processes the network traffic, such as by dropping network traffic associated with the attack and forwarding legitimate network traffic to the online service via the private link.Type: GrantFiled: December 16, 2015Date of Patent: June 19, 2018Assignee: DocuSign, Inc.Inventor: Eric Fleischman
-
Patent number: 9967258Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.Type: GrantFiled: August 30, 2016Date of Patent: May 8, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
-
Patent number: 9930039Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.Type: GrantFiled: April 11, 2016Date of Patent: March 27, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
-
Publication number: 20170374048Abstract: Techniques for providing data security services with respect to cloud-based services are described. Examples include a security service provider (“SSP”) configured to perform or provide one or more security-related services or functions with respect to or on behalf of some other system or service. The other system or service may be, for example, a cloud-based system that provides network-accessible services. The SSP allows a user of the cloud-based service to provide and manage one or more security-related services, such as data storage, encryption, decryption, key management, and the like. By using and controlling the SSP, the user can be confident that his or her data is being securely represented and stored, even though it is being operated upon by a cloud-based service that is not under the user's control.Type: ApplicationFiled: August 21, 2017Publication date: December 28, 2017Inventors: Eric Fleischman, Duane E. Wald, Donald G. Peterson
-
Publication number: 20170331811Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.Type: ApplicationFiled: July 31, 2017Publication date: November 16, 2017Applicant: Microsoft Technology Licensing, LLCInventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
-
Patent number: 9800556Abstract: Embodiments described herein provide enhanced computer- and network-based systems and methods for providing data security with respect to computing services, such as a digital transaction service (DTS). Example embodiments further provide a discovery service that enables nodes that are included in, or otherwise communicatively coupled to, the DTS to actively or passively “discover” roles and keys associated with the nodes. These node roles are associated with the various services provided by the DTS. A security module provides at least a portion of the security services.Type: GrantFiled: January 30, 2015Date of Patent: October 24, 2017Assignee: DocuSign, Inc.Inventors: David Steeves, Eric Fleischman
-
Patent number: 9749313Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.Type: GrantFiled: September 30, 2015Date of Patent: August 29, 2017Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
-
Patent number: 9742746Abstract: Techniques for providing data security services with respect to cloud-based services are described. Examples include a security service provider (“SSP”) configured to perform or provide one or more security-related services or functions with respect to or on behalf of some other system or service. The other system or service may be, for example, a cloud-based system that provides network-accessible services. The SSP allows a user of the cloud-based service to provide and manage one or more security-related services, such as data storage, encryption, decryption, key management, and the like. By using and controlling the SSP, the user can be confident that his or her data is being securely represented and stored, even though it is being operated upon by a cloud-based service that is not under the user's control.Type: GrantFiled: November 13, 2015Date of Patent: August 22, 2017Assignee: DocuSign, Inc.Inventors: Eric Fleischman, Duane E. Wald, Donald G. Peterson
-
Patent number: 9736127Abstract: Techniques for providing data security services with respect to cloud-based services are described. Examples include a security service provider (“SSP”) configured to perform or provide one or more security-related services or functions with respect to or on behalf of some other system or service. The other system or service may be, for example, a cloud-based system that provides network-accessible services. The SSP allows a user of the cloud-based service to provide and manage one or more security-related services, such as data storage, encryption, decryption, key management, and the like. By using and controlling the SSP, the user can be confident that his or her data is being securely represented and stored, even though it is being operated upon by a cloud-based service that is not under the user's control.Type: GrantFiled: January 12, 2016Date of Patent: August 15, 2017Assignee: DocuSign, Inc.Inventors: Eric Fleischman, Duane E. Wald, Donald G. Peterson
-
Publication number: 20170223022Abstract: Systems, and methods are provided to provide cloud-based coordination of customer premise service appliances. A system can include a cloud-based service platform, which includes a coordination server and a cloud-based service appliance, and an on-premise service appliance. The coordination server is configured to establish a service session, select a service appliance, and control a sequence of operations on the selected service appliance. Establishing the service session can include establishing a service session with a first client in response to a service request received from the first client, the first client associated with an account including a service policy. Selecting the service appliance can include selecting the cloud-based service appliance or the on-premise service appliance, based on the service policy, to handle the service request.Type: ApplicationFiled: July 12, 2016Publication date: August 3, 2017Inventors: Donald Grant Peterson, Eric Fleischman
-
Publication number: 20170223093Abstract: Devices, systems, and methods are provided to provide cloud-based coordination of customer premise service appliances. A system can include a computing device comprising a communication module, a policy module, an appliance selection module, and a coordination module. The communication module receives a document request from a first client over a network connection, establishes a session with the first client in response to the document request, and receives metadata representing collected signatures at after completion of the electronic signature operation portion of the document request. The policy module manages a policy associate with a first account corresponding to the document request. The appliance selection module selects one of a plurality of document appliances.Type: ApplicationFiled: July 12, 2016Publication date: August 3, 2017Inventors: Donald Grant Peterson, Eric Fleischman
-
Publication number: 20170134354Abstract: This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.Type: ApplicationFiled: January 23, 2017Publication date: May 11, 2017Applicant: Microsoft Technology Licensing, LLCInventors: Gaurav S. Anand, Kevin Michael Woley, Matthew R. Ayers, Rajeev Dutt, Eric Fleischman
-
Patent number: 9553858Abstract: This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.Type: GrantFiled: October 25, 2013Date of Patent: January 24, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Gaurav S. Anand, Kevin Michael Woley, Matthew R. Ayers, Rajeev Dutt, Eric Fleischman
-
Publication number: 20160373451Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.Type: ApplicationFiled: August 30, 2016Publication date: December 22, 2016Inventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
-
Publication number: 20160321464Abstract: Techniques for secure data synchronization are described. In one or more implementations, a determination is made as to whether enterprise data is stored locally on a first device corresponding to an enterprise device. Based on a determination that the second device is a non-enterprise device, a determination is made as to whether a permission associated with the first device indicates that the first device is permitted to propagate the enterprise data to non-enterprise devices. If the first device lacks permission to propagate the enterprise data to non-enterprise devices, the enterprise data is prevented from being propagated to the second device.Type: ApplicationFiled: July 14, 2016Publication date: November 3, 2016Applicant: Microsoft Technology Licensing, LLCInventors: Matthew Z. Tamayo-Rios, Saurav Sinha, Ruslan Ovechkin, Gopinathan Kannan, Vijay G. Bharadwaj, Christopher R. Macaulay, Eric Fleischman, Nathan J. Ide, Kun Liu
-
Patent number: 9461985Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.Type: GrantFiled: March 25, 2013Date of Patent: October 4, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
-
Patent number: 9424439Abstract: Techniques for secure data synchronization are described. In one or more implementations, techniques may be employed to conserve high cost data storage by storing larger portions of encrypted data in low cost storage, while storing relatively smaller encryption keys in higher cost storage. A device that is granted access to the encryption keys can retrieve the encrypted data from the low cost storage and use the encryption keys to decrypt the encrypted data.Type: GrantFiled: September 12, 2011Date of Patent: August 23, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Matthew Z. Tamayo-Rios, Saurav Sinha, Ruslan Ovechkin, Gopinathan Kannan, Vijay G. Bharadwaj, Christopher R. Macaulay, Eric Fleischman, Nathan J. Ide, Kun Liu
-
Publication number: 20160226875Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.Type: ApplicationFiled: April 11, 2016Publication date: August 4, 2016Inventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
-
Publication number: 20160182560Abstract: Techniques for protecting an online service against network-based attacks are described. In some cases, protection is performed by way of a scalable protection service comprising a dynamically scalable set of virtual machines hosted by a cloud service that is distinct from a data center that hosts the online service. The protection service is coupled to the online service via a private link. When an attack is detected by the online service, network traffic bound for the online service is redirected from the public network to the protection service. The protection service then processes the network traffic, such as by dropping network traffic associated with the attack and forwarding legitimate network traffic to the online service via the private link.Type: ApplicationFiled: December 16, 2015Publication date: June 23, 2016Inventor: Eric Fleischman