Patents by Inventor Javier Dalzell
Javier Dalzell has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11190501Abstract: An authentication management system receives a resource request directed to a software service, which may require password-based authentication. The system redirects the resource request to an authentication identity provider (IdP), and receives an authentication token generated by the authentication IdP. The redirecting of the resource request comprises transmission of an authentication request, which includes user identity information that can be authenticated by the IdP but does not include a password for the software service. In response to receiving the authentication token, the system causes a shadow account to be created with the software service. For password-based authentication, this may include setting a temporary, random password for the shadow account. The system is then able to generate authenticated connection information (e.g.Type: GrantFiled: August 22, 2018Date of Patent: November 30, 2021Assignee: Terawe CorporationInventors: Anilkumar Balakrishnan, Ashutosh Badwe, Hilal Al-Hilali, Ramakrishnan Peruvemba, David K. Downing, Javier Dalzell
-
Publication number: 20190068578Abstract: An authentication management system receives a resource request directed to a software service, which may require password-based authentication. The system redirects the resource request to an authentication identity provider (IdP), and receives an authentication token generated by the authentication IdP. The redirecting of the resource request comprises transmission of an authentication request, which includes user identity information that can be authenticated by the IdP but does not include a password for the software service. In response to receiving the authentication token, the system causes a shadow account to be created with the software service. For password-based authentication, this may include setting a temporary, random password for the shadow account. The system is then able to generate authenticated connection information (e.g.Type: ApplicationFiled: August 22, 2018Publication date: February 28, 2019Applicant: Terawe CorporationInventors: Anilkumar Balakrishnan, Ashutosh Badwe, Hilal Al-Hilali, Ramakrishnan Peruvemba, David K. Downing, Javier Dalzell
-
Patent number: 9769137Abstract: An extensible mechanism for providing access control for logical objects in a network environment. A security broker is able to dynamically register one or more claims providers, each of which can assert one or more claims about logical objects. The claims providers may be purpose built or may be third party applications which expose data or business rules for use. Claims may be augmented by additional claims providers after the original claim is asserted. The applicability of claims may be scope limited either at the time the claims provider is registered or when the user requests that a security token be issued.Type: GrantFiled: February 17, 2015Date of Patent: September 19, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Venkatesh Veeraraghavan, Javier Dalzell, Benoit Schmitlin, Ambrose T. Treacy, Bryant Fong, Christian Roy
-
Publication number: 20150180853Abstract: An extensible mechanism for providing access control for logical objects in a network environment. A security broker is able to dynamically register one or more claims providers, each of which can assert one or more claims about logical objects. The claims providers may be purpose built or may be third party applications which expose data or business rules for use. Claims may be augmented by additional claims providers after the original claim is asserted. The applicability of claims may be scope limited either at the time the claims provider is registered or when the user requests that a security token be issued.Type: ApplicationFiled: February 17, 2015Publication date: June 25, 2015Applicant: Microsoft Technology Licensing, LLCInventors: Venkatesh Veeraraghavan, Javier Dalzell, Benoit Schmitlin, Ambrose T. Treacy, Bryant Fong, Christian Roy
-
Patent number: 8990896Abstract: An extensible mechanism for providing access control for logical objects in a network environment. A security broker is able to dynamically register one or more claims providers, each of which can assert one or more claims about logical objects. The claims providers may be purpose built or may be third party applications which expose data or business rules for use. Claims may be augmented by additional claims providers after the original claim is asserted. The applicability of claims may be scope limited either at the time the claims provider is registered or when the user requests that a security token be issued.Type: GrantFiled: June 24, 2008Date of Patent: March 24, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Venkatesh Veeraraghavan, Javier Dalzell, Benoit Schmitlin, Ambrose T. Treacy, Bryant Fong, Christian Roy
-
Patent number: 8850550Abstract: A security token service generates a security token for a user that is associated with a client and stores the full security token within a memory. The security token includes an identity claim that represents the identity of the generated security token. Instead of passing the entire security token back to the client, the identity claim is returned to the client. For each request the client makes to the service, the client passes the identity claim in the request instead of the full security token having all of the claims. The identity claim is much smaller then the full security token. When a computing device receives the identity claim within the request from the user, the identity claim is used to access the full security token that is stored in memory.Type: GrantFiled: November 23, 2010Date of Patent: September 30, 2014Assignee: Microsoft CorporationInventors: Javier Dalzell, Alexander Hopmann, Huy Nguyen
-
Patent number: 8689004Abstract: A server system receives and installs multiple claim provider plug-ins. Each of the claim provider plug-ins implements the same software interface. However, each of the claim provider plug-ins can provide claims that assert different things. Claims provided by the claim provider plug-ins can be used to control access of users to a resource.Type: GrantFiled: December 15, 2010Date of Patent: April 1, 2014Assignee: Microsoft CorporationInventors: Javier Dalzell, Bryant Fong, Sarat Chandra Subramaniam, Christian Roy, Sadia Sharmin, Benoit Schmitlin, Venkatesh Veeraraghavan
-
Patent number: 8370914Abstract: A server system sends a first credential request to a passive requestor at a client device. After sending the first credential request, the server system receives a credential for a user of the client device. If the credential is valid, the server system can provide the passive requestor with access to a resource provided by the server system. After providing the passive requestor with access to the resource, the server system provides an active requestor at the client device with access to the resource without sending a second credential request to the active requestor. Consequently, it may not be necessary for a user of the client device to provide credentials twice in order for the passive requestor and the active requestor to access the resource.Type: GrantFiled: December 15, 2010Date of Patent: February 5, 2013Assignee: Microsoft CorporationInventors: Javier Dalzell, Christian Roy, William David Taylor, Venkatesh Veeraraghavan
-
Patent number: 8296828Abstract: Claim based identities are transformed to a set of credentials and securely stored in a secure data store using a number of encryption schemes. The credentials are then used to authenticate applications requiring specific credential types. For each call to the secure store system, a client application may provide a claims token issued by a trusted source, which is used to search for corresponding credentials in the secure data store if the credentials have been created previously for the user.Type: GrantFiled: December 16, 2008Date of Patent: October 23, 2012Assignee: Microsoft CorporationInventors: Javier Dalzell, Saji Varkey, Kaushik Raj
-
Publication number: 20120159601Abstract: A server system sends a first credential request to a passive requestor at a client device. After sending the first credential request, the server system receives a credential for a user of the client device. If the credential is valid, the server system can provide the passive requestor with access to a resource provided by the server system. After providing the passive requestor with access to the resource, the server system provides an active requestor at the client device with access to the resource without sending a second credential request to the active requestor. Consequently, it may not be necessary for a user of the client device to provide credentials twice in order for the passive requestor and the active requestor to access the resource.Type: ApplicationFiled: December 15, 2010Publication date: June 21, 2012Applicant: MICROSOFT CORPORATIONInventors: Javier Dalzell, Christian Roy, William David Taylor, Venkatesh Veeraraghavan
-
Publication number: 20120131660Abstract: A security token service generates a security token for a user that is associated with a client and stores the full security token within a memory. The security token includes an identity claim that represents the identity of the generated security token. Instead of passing the entire security token back to the client, the identity claim is returned to the client. For each request the client makes to the service, the client passes the identity claim in the request instead of the full security token having all of the claims. The identity claim is much smaller then the full security token. When a computing device receives the identity claim within the request from the user, the identity claim is used to access the full security token that is stored in memory.Type: ApplicationFiled: November 23, 2010Publication date: May 24, 2012Applicant: MICROSOFT CORPORATIONInventors: Javier Dalzell, Alexander Hopmann, Huy Nguyen
-
Publication number: 20120117609Abstract: A server system receives and installs multiple claim provider plug-ins. Each of the claim provider plug-ins implements the same software interface. However, each of the claim provider plug-ins can provide claims that assert different things. Claims provided by the claim provider plug-ins can be used to control access of users to a resource.Type: ApplicationFiled: December 15, 2010Publication date: May 10, 2012Applicant: MICROSOFT CORPORATIONInventors: Javier Dalzell, Bryant Fong, Sarat Chandra Subramaniam, Christian Roy, Sadia Sharmin, Benoit Schmitlin, Venkatesh Veeraraghavan
-
Publication number: 20100154041Abstract: Claim based identities are transformed to a set of credentials and securely stored in a secure data store using a number of encryption schemes. The credentials are then used to authenticate applications requiring specific credential types. For each call to the secure store system, a client application may provide a claims token issued by a trusted source, which is used to search for corresponding credentials in the secure data store if the credentials have been created previously for the user.Type: ApplicationFiled: December 16, 2008Publication date: June 17, 2010Applicant: Microsoft CorporationInventors: Javier Dalzell, Saji Varkey, Kaushik Raj
-
Publication number: 20090320103Abstract: An extensible mechanism for providing access control for logical objects in a network environment. A security broker is able to dynamically register one or more claims providers, each of which can assert one or more claims about logical objects. The claims providers may be purpose built or may be third party applications which expose data or business rules for use. Claims may be augmented by additional claims providers after the original claim is asserted. The applicability of claims may be scope limited either at the time the claims provider is registered or when the user requests that a security token be issued.Type: ApplicationFiled: June 24, 2008Publication date: December 24, 2009Applicant: Microsoft CorporationInventors: Venkatesh Veeraraghavan, Javier Dalzell, Benoit Schmitlin, Ambrose T. Treacy, Bryant Fong, Christian Roy