Patents by Inventor Jeffrey F. Spelman
Jeffrey F. Spelman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8245051Abstract: Systems and methods directed at enhancing the capability of a federated authentication system by configuring the system with extensibility points for adding new account stores and customizing claim transformations. The federated authentication system includes accounts stores, a security token service (STS), and custom claim transformation modules. The account stores are configured to maintain data associated with accounts and to provide security claims in an intermediate format. The STS is configured to retrieve the security claims provided by the account stores and includes built-in transformations for transforming each security claim from the intermediate format to formats associated with resource providers. The STS is further configured to provide extensibility points for custom claim transformations that are not available from the built-in transformations. The custom claim transformation modules are configured to perform at least one custom claim transformation.Type: GrantFiled: May 13, 2005Date of Patent: August 14, 2012Assignee: Microsoft CorporationInventors: Ryan D. Johnson, Donald E. Schmidt, Jeffrey F. Spelman, Kahren Tevosyan, Vijayavani Nori
-
Patent number: 8108920Abstract: A system provides single sign-on capabilities for accessing a Web application through a passive client across multiple realms within a federation. A federation refers to different organizations or realms that have employed agreements, standards, and/or cooperative technologies to make user identity and entitlements portable between the organizations. Communications are redirected through a client in one realm to obtain a security token that can allow the resource server in the other realm to authenticate the user for access to the Web application.Type: GrantFiled: May 12, 2003Date of Patent: January 31, 2012Assignee: Microsoft CorporationInventors: Jeffrey F. Spelman, Yordan Rouskov, Brendan W. Dixon, Matthew Hur, Josh Thomas Gray, Michael S. Dusche, Ryan D. Johnson, John Kahren Tevosyan
-
Patent number: 7748046Abstract: Systems and methods directed at transforming security claims in a federated authentication system using an intermediate format. The systems and methods described herein are directed at transforming security claims in a federated authentication system using an intermediate format. The federated authentication system includes an identity provider and a resource provider. The identity provider receives a request for information from the resource provider to authenticate an account by an application associated with the resource provider. A security claim associated with the account is retrieved where the security claim is provided by an account store in a format specific to the account store. The security claim is transformed from the account store specific format to an intermediate format. The security claim is then transformed from the intermediate format to a federated format recognized by the resource provider. The transformed security claim is provided in a security token to the resource provider.Type: GrantFiled: April 29, 2005Date of Patent: June 29, 2010Assignee: Microsoft CorporationInventors: Ryan D. Johnson, Donald E. Schmidt, Jeffrey F. Spelman, Kahren Tevosyan, Vijayavani Nori
-
Patent number: 7702917Abstract: The described systems, methods, and data structures are directed at data transfer using Hyper-Text Transfer Protocol (HTTP) query strings. A block of data is partitioned into sections. Each section is encoded in a query string of a HTTP message. Each HTTP message is sent to a server by redirecting through a client. Multiple redirected messages are sent until the entire block of data is transferred to the server. The data block may be stored as a cookie on the client so that the data block does not have to persist on any server. Data transfer using HTTP query strings may be implemented to transfer a security token from a security token service (STS) server to an application server.Type: GrantFiled: November 19, 2004Date of Patent: April 20, 2010Assignee: Microsoft CorporationInventors: Kahren Tevosyan, Matthew Hur, Ryan D Johnson, Donald E Schmidt, Jeffrey F Spelman
-
Patent number: 7603555Abstract: A system for authenticating computer users comprising a single active directory disposed in an intranet, a web server disposed in a DMZ associated with the intranet, and a web client coupled to the web server through an internet connection that is capable of signing on to the web server.Type: GrantFiled: June 30, 2005Date of Patent: October 13, 2009Assignee: Microsoft CorporationInventors: Donald E. Schmidt, Ryan D. Johnson, Kahren Tevosyan, Jeffrey F. Spelman, Krishnanand Shenoy, Harini Raghavan, David R. Mowers, Matthew Hur
-
Patent number: 7571199Abstract: A system collects entropy data and stores the entropy data in a nonvolatile memory. The entropy data stored in the nonvolatile memory is updated with newly collected entropy data. The entropy data stored in the nonvolatile memory is used to generate a string of random bits. The entropy data is collected from multiple sources within a computer system and may include data related to a processor in the computer system and an operating system executing on the computer system. The entropy data is maintained in a protected portion of an operating system kernel. A hashing algorithm is applied to the entropy data to generate random seed data.Type: GrantFiled: November 15, 2000Date of Patent: August 4, 2009Assignee: Microsoft CorporationInventors: Scott A. Field, Jeffrey F. Spelman
-
Publication number: 20040230831Abstract: A system provides single sign-on capabilities for accessing a Web application through a passive client across multiple realms within a federation. A federation refers to different organizations or realms that have employed agreements, standards, and/or cooperative technologies to make user identity and entitlements portable between the organizations. Communications are redirected through a client in one realm to obtain a security token that can allow the resource server in the other realm to authenticate the user for access to the Web application.Type: ApplicationFiled: May 12, 2003Publication date: November 18, 2004Applicant: MICROSOFT CORPORATIONInventors: Jeffrey F. Spelman, Yordan Rouskov, Brendan W. Dixon, Matthew Hur, Josh Thomas Gray, Michael S. Dusche, Ryan D. Johnson, John Kahren Tevosyan
-
Patent number: 6560581Abstract: An electronic commerce system facilitates secure electronic commerce transactions among multiple participants. Each electronic commerce transaction involves at least one commerce document defining the transaction and at least one commerce instrument defining a payment for the transaction. The electronic commerce system has a credential binding server at a trusted credential authority, multiple computing units at associated participants, and a communication system interconnecting the credential binding server and the multiple computing units. The electronic commerce system operates in two phases: a registration phase and a transaction phase. During the registration phase, each of the computing units generate and send a registration packet over the communication system to the credential binding server. Unique credentials are produced by the credential binding server based upon the registration packets sent back to the computing units.Type: GrantFiled: June 8, 1998Date of Patent: May 6, 2003Assignee: Visa International Service AssociationInventors: Barbara L. Fox, Lester L. Waters, Jeffrey F. Spelman, Robert B. Seidensticker, Matthew W. Thomlinson
-
Patent number: 5790677Abstract: An electronic commerce system facilitates secure electronic commerce transactions among multiple participants. Each electronic commerce transaction involves at least one commerce document defining the transaction and at least one commerce instrument defining a payment for the transaction. The electronic commerce system has a credential binding server at a trusted credential authority, multiple computing units at associated participants, and a communication system interconnecting the credential binding server and the multiple computing units. The electronic commerce system operates in two phases: a registration phase and a transaction phase. During the registration phase, each of the computing units generate and send a registration packet over the communication system to the credential binding server. Unique credentials are produced by the credential binding server based upon the registration packets sent back to the computing units.Type: GrantFiled: June 29, 1995Date of Patent: August 4, 1998Assignee: Microsoft CorporationInventors: Barbara L. Fox, Lester L. Waters, Jeffrey F. Spelman, Robert B. Seidensticker, Matthew W. Thomlinson
-
Patent number: 5764768Abstract: A method of processing encrypted communications sent by a first party, the method including the steps of: receiving from the first party a message that has a first part, a second part, a third part and a fourth part, wherein the first part includes a first block of information that is encrypted by using a key k1, the second part includes a second block of information that is encrypted by using a key k2, the third part includes a third block of information that is encrypted by using a key R, and the fourth part includes a fourth block of information that is encrypted by using the key R, wherein the third block of information includes k1 and the fourth block of information includes k2; blinding the fourth part; sending the third part and the blinded fourth part to a recryptor; receiving from the recryptor the k1 key re-encrypted by using a first key; and receiving from the recryptor a fifth block of information which is the blinded fourth block of information that has been encrypted by using a second key.Type: GrantFiled: April 9, 1997Date of Patent: June 9, 1998Assignee: Microsoft CorporationInventors: Jeffrey F. Spelman, Matthew W. Thomlinson
-
Patent number: 5761311Abstract: A method of processing encrypted communications sent by a first party, the method including the steps of: receiving from the first party a message that has a first part, a second part, a third part and a fourth part, wherein the first part includes a first block of information that is encrypted by using a key k1, the second part includes a second block of information that is encrypted by using a key k2, the third part includes a third block of information that is encrypted by using a key R, and the fourth part includes a fourth block of information that is encrypted by using the key R, wherein the third block of information includes k1 and the fourth block of information includes k2; blinding the fourth part; sending the third part and the blinded fourth part to a recryptor; receiving from the recryptor the k1 key re-encrypted by using a first key; and receiving from the recryptor a fifth block of information which is the blinded fourth block of information that has been encrypted by using a second key.Type: GrantFiled: April 9, 1997Date of Patent: June 2, 1998Assignee: Microsoft CorporationInventors: Jeffrey F. Spelman, Matthew W. Thomlinson
-
Patent number: 5689565Abstract: A cryptography system architecture provides cryptographic functionality to support an application requiring encryption, decryption, signing, and verification of electronic messages. The cryptography system has a cryptographic application program interface (CAPI) which interfaces with the application to receive requests for cryptographic functions. The cryptographic system further includes at least one cryptography service provider (CSP) that is independent from, but dynamically accessible by, the CAPI. The CSP provides the cryptographic functionality and manages the secret cryptographic keys. In particular, the CSP prevents exposure of the encryption keys in a non-encrypted form to the CAPI or application. The cryptographic system also has a private application program interface (PAPI) to provide direct access between the CSP and the user. The PAPI enables the user to confirm or reject certain requested cryptographic functions, such as digitally signing the messages or exportation of keys.Type: GrantFiled: June 29, 1995Date of Patent: November 18, 1997Assignee: Microsoft CorporationInventors: Terrence R. Spies, Jeffrey F. Spelman, Daniel R. Simon
-
Patent number: 5680458Abstract: A method of recovering from a compromise of a root key which is the private key of a first public key-private key pair, the method including the steps of electronically sending out an emergency message indicating that the root key has been compromised and also containing a replacement key and a digital signature which was generated by using the root key; and publishing in an out-of-band channel a value V, wherein V is derived from the emergency message.Type: GrantFiled: November 14, 1995Date of Patent: October 21, 1997Assignee: Microsoft CorporationInventors: Jeffrey F. Spelman, Matthew W. Thomlinson
-
Patent number: 5638445Abstract: A method of processing encrypted communications sent by a first party, the method including the steps of: receiving from the first party a message that has a first part, a second part, a third part and a fourth part, wherein the first part includes a first block of information that is encrypted by using a key k1, the second part includes a second block of information that is encrypted by using a key k2, the third part includes a third block of information that is encrypted by using a key R, and the fourth part includes a fourth block of information that is encrypted by using the key R, wherein the third block of information includes k1 and the fourth block of information includes k2; blinding the fourth part; sending the third part and the blinded fourth part to a recryptor; receiving from the recryptor the k1 key re-encrypted by using a first key; and receiving from the recryptor a fifth block of information which is the blinded fourth block of information that has been encrypted by using a second key.Type: GrantFiled: September 19, 1995Date of Patent: June 10, 1997Assignee: Microsoft CorporationInventors: Jeffrey F. Spelman, Matthew W. Thomlinson
-
Patent number: RE38070Abstract: A cryptography system architecture provides cryptographic functionality to support an application requiring encryption. decryption, signing, and verification of electronic messages. The cryptography system has a cryptographic application program interface (CAPI) which interfaces with the application to receive requests for cryptographic functions. The cryptographic system further includes at least one cryptography service provider (CSP) that is independent from, but dynamically accessible by, the CAPI. The CSP provides the cryptographic functionality and manages the secret cryptographic keys. In particular, the CSP prevents exposure of the encryption keys in a non-encrypted form to the CAPI or application. The cryptographic system also has a private application program interface (PAPI) to provide direct access between the CSP and the user. The PAPI enables the user to confirm or reject certain requested cryptographic functions, such as digitally signing the messages or exportation of keys.Type: GrantFiled: August 30, 1999Date of Patent: April 8, 2003Assignee: Microsoft CorporationInventors: Terrence R. Spies, Jeffrey F. Spelman, Daniel R. Simon