Patents by Inventor Eric Fleischman
Eric Fleischman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20160127337Abstract: Techniques for providing data security services with respect to cloud-based services are described. Examples include a security service provider (“SSP”) configured to perform or provide one or more security-related services or functions with respect to or on behalf of some other system or service. The other system or service may be, for example, a cloud-based system that provides network-accessible services. The SSP allows a user of the cloud-based service to provide and manage one or more security-related services, such as data storage, encryption, decryption, key management, and the like. By using and controlling the SSP, the user can be confident that his or her data is being securely represented and stored, even though it is being operated upon by a cloud-based service that is not under the user's control.Type: ApplicationFiled: January 12, 2016Publication date: May 5, 2016Inventors: Eric Fleischman, Duane E. Wald, Donald G. Peterson
-
Publication number: 20160080426Abstract: Techniques for providing data security services with respect to cloud-based services are described. Examples include a security service provider (“SSP”) configured to perform or provide one or more security-related services or functions with respect to or on behalf of some other system or service. The other system or service may be, for example, a cloud-based system that provides network-accessible services. The SSP allows a user of the cloud-based service to provide and manage one or more security-related services, such as data storage, encryption, decryption, key management, and the like. By using and controlling the SSP, the user can be confident that his or her data is being securely represented and stored, even though it is being operated upon by a cloud-based service that is not under the user's control.Type: ApplicationFiled: November 13, 2015Publication date: March 17, 2016Inventors: Eric Fleischman, Duane E. Wald, Donald G. Peterson
-
Patent number: 9253206Abstract: Techniques for protecting an online service against network-based attacks are described. In some cases, protection is performed by way of a scalable protection service including a dynamically scalable set of virtual machines hosted by a cloud service that is distinct from a data center that hosts the online service. The protection service is coupled to the online service via a private link. When an attack is detected by the online service, network traffic bound for the online service is redirected from the public network to the protection service. The protection service then processes the network traffic, such as by dropping network traffic associated with the attack and forwarding legitimate network traffic to the online service via the private link.Type: GrantFiled: December 18, 2014Date of Patent: February 2, 2016Assignee: DocuSign, Inc.Inventor: Eric Fleischman
-
Publication number: 20160021095Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.Type: ApplicationFiled: September 30, 2015Publication date: January 21, 2016Applicant: Microsoft Technology Licensing, LLCInventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
-
Patent number: 9219753Abstract: Techniques for providing data security services with respect to cloud-based services are described. Examples include a security service provider (“SSP”) configured to perform or provide one or more security-related services or functions with respect to or on behalf of some other system or service. The other system or service may be, for example, a cloud-based system that provides network-accessible services. The SSP allows a user of the cloud-based service to provide and manage one or more security-related services, such as data storage, encryption, decryption, key management, and the like. By using and controlling the SSP, the user can be confident that his or her data is being securely represented and stored, even though it is being operated upon by a cloud-based service that is not under the user's control.Type: GrantFiled: March 4, 2014Date of Patent: December 22, 2015Assignee: DocuSign, Inc.Inventors: Eric Fleischman, Duane Wald, Donald G. Peterson
-
Patent number: 9177125Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.Type: GrantFiled: July 6, 2011Date of Patent: November 3, 2015Assignee: Microsoft Technology Licensing, LLCInventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
-
Patent number: 8931056Abstract: A service accessible by a set of entities may be provided to each entity at a different service level (e.g., with a different set of privileges) based on the privilege level of the entity. However, many users may attempt to perform malicious activities through the service, and may do so with impunity if the penalties of detection are inconsequential. Instead, privilege levels of entities may be established based on the claims of assets having identifiable value. Such claims may be established by submitting an asset identifier to the service, such as proof of a software license identified by the submission of a license key purchased at a substantial cost. The penalties of malicious activities performed by such users may include the invalidation of such asset identifiers. Establishing the privilege levels of respective entities in this manner raises the penalties, and hence the deterrence, of attempted malicious use of the service.Type: GrantFiled: March 31, 2011Date of Patent: January 6, 2015Assignee: Microsoft CorporationInventors: Eric Fleischman, Eliot Gillum, Matthew Robert Ayers, Robert Edgar Fanfant, Hakki Tunc Bostanci
-
Publication number: 20140250491Abstract: Techniques for providing data security services with respect to cloud-based services are described. Examples include a security service provider (“SSP”) configured to perform or provide one or more security-related services or functions with respect to or on behalf of some other system or service. The other system or service may be, for example, a cloud-based system that provides network-accessible services. The SSP allows a user of the cloud-based service to provide and manage one or more security-related services, such as data storage, encryption, decryption, key management, and the like. By using and controlling the SSP, the user can be confident that his or her data is being securely represented and stored, even though it is being operated upon by a cloud-based service that is not under the user's control.Type: ApplicationFiled: March 4, 2014Publication date: September 4, 2014Applicant: DocuSign, Inc.Inventors: Eric Fleischman, Duane Wald, Donald G. Peterson
-
Publication number: 20140059664Abstract: This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.Type: ApplicationFiled: October 25, 2013Publication date: February 27, 2014Applicant: Microsoft CorporationInventors: Gaurav S. Anand, Kevin Michael Woley, Matthew R. Ayers, Rajeev Dutt, Eric Fleischman
-
Patent number: 8572699Abstract: This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.Type: GrantFiled: November 18, 2010Date of Patent: October 29, 2013Assignee: Microsoft CorporationInventors: Gaurav S. Anand, Kevin Michael Woley, Matthew R. Ayers, Rajeev Dutt, Eric Fleischman
-
Patent number: 8412930Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.Type: GrantFiled: October 9, 2008Date of Patent: April 2, 2013Assignee: Microsoft CorporationInventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
-
Publication number: 20130067243Abstract: Techniques for secure data synchronization are described. In one or more implementations, techniques may be employed to conserve high cost data storage by storing larger portions of encrypted data in low cost storage, while storing relatively smaller encryption keys in higher cost storage. A device that is granted access to the encryption keys can retrieve the encrypted data from the low cost storage and use the encryption keys to decrypt the encrypted data.Type: ApplicationFiled: September 12, 2011Publication date: March 14, 2013Applicant: Microsoft CorporationInventors: Matthew Z. Tamayo-Rios, Saurav Sinha, Ruslan Ovechkin, Gopinathan Kannan, Vijay G. Bharadwaj, Christopher R. Macaulay, Eric Fleischman, Nathan J. Ide, Kun Liu
-
Publication number: 20120321087Abstract: A device operated by a user may store an object to which access is to be regulated, which may be achieved by encrypting the object with an encryption key and sending the key to a server having a key store. When a user of the device requests access to the object, the server may authenticate the user (e.g., according to a credential submitted by the user) and verify a trust identifier of the device (e.g., authorization to access the object through the device, and/or the integrity of the device), before sending to the device a ticket granting access to the key. The device may send the ticket to the server, receive the key from the server, decrypt the stored encrypted object, and provide the object to the user. This mechanism promotes rapid access upon request and efficient use of the server, and enables remote revocation of access.Type: ApplicationFiled: June 17, 2011Publication date: December 20, 2012Applicant: Microsoft CorporationInventors: Eric Fleischman, Tarek Kamel, Yordan Rouskov
-
Publication number: 20120304260Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.Type: ApplicationFiled: July 6, 2011Publication date: November 29, 2012Applicant: Microsoft CorporationInventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
-
Publication number: 20120254946Abstract: A service accessible by a set of entities may be provided to each entity at a different service level (e.g., with a different set of privileges) based on the privilege level of the entity. However, many users may attempt to perform malicious activities through the service, and may do so with impunity if the penalties of detection are inconsequential. Instead, privilege levels of entities may be established based on the claims of assets having identifiable value. Such claims may be established by submitting an asset identifier to the service, such as proof of a software license identified by the submission of a license key purchased at a substantial cost. The penalties of malicious activities performed by such users may include the invalidation of such asset identifiers. Establishing the privilege levels of respective entities in this manner raises the penalties, and hence the deterrence, of attempted malicious use of the service.Type: ApplicationFiled: March 31, 2011Publication date: October 4, 2012Applicant: Microsoft CorporationInventors: Eric Fleischman, Eliot Gillum, Matthew Robert Ayers, Robert Edgar Fanfant, Hakki Tunc Bostanci
-
Publication number: 20120227098Abstract: One or more techniques and/or systems are disclosed for authenticating a user of an application using an operating system. A user can log onto their device, such as at power-up, using a cloud-based ID registered to an online identity service. The user can be authenticated with the operating system on the user's device, using the cloud-based identity for the user, where the operating system may contact the online identity service to authenticate the user. When the user activates an application on the device it may request authentication of the user from the operating system, and an authentication token for the user's cloud-based identity is provided to the application. The application then uses the authentication token to authenticate the user for the application, as long as the application supports the use of the cloud-based ID of the user. In this manner, a subsequent manual user log-in operation is not required.Type: ApplicationFiled: March 3, 2011Publication date: September 6, 2012Applicant: Microsoft CorporationInventors: Oludare Victor Obasanjo, Eric Fleischman, Sarah Faulkner, Christopher Parker, Keiji Kanazawa
-
Publication number: 20120131652Abstract: This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.Type: ApplicationFiled: November 18, 2010Publication date: May 24, 2012Applicant: MICROSOFT CORPORATIONInventors: Gaurav S. Anand, Kevin Michael Woley, Matthew R. Ayers, Rajeev Dutt, Eric Fleischman
-
Publication number: 20100093310Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.Type: ApplicationFiled: October 9, 2008Publication date: April 15, 2010Applicant: Microsoft CorporationInventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
-
Publication number: 20060072478Abstract: An aggregation of a plurality of networks. The aggregation includes a plurality of peer nodes of the networks, each node including a plurality of channels operating at a plurality of interior gateway protocol (IGP) routing levels configured to provide a mesh interface between at least two of the networks. This aggregation makes it possible to configure extremely large aggregated networks. It also supports inter-autonomous system (AS) mobility and movement needs of mobile ad-hoc network (MANET) networks.Type: ApplicationFiled: September 29, 2004Publication date: April 6, 2006Inventor: Eric Fleischman
-
Publication number: 20050096065Abstract: A system and method for communicating with only a subquantity of mobile receivers operating within a geographic area that the sender wishes to communicate with, particularly for time critical messages. A system for geo-casting messages to at least one receiver within a geographic region is provided. The system includes an input for receiving the message and a circuit coupled to the input. Upon receiving the message, the circuit reads a geographic designator. Then the circuit accesses a geospatial database using the geographic designator whereby the circuit determines which receivers are in the geographic region designated by the geographic designator. From the geospatial database, the circuit also determines addresses for the receivers so that the circuit can individually forward the message to the receivers within the designated geographic region.Type: ApplicationFiled: October 31, 2003Publication date: May 5, 2005Inventor: Eric Fleischman