Patents by Inventor John A. Banes
John A. Banes has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9819666Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: GrantFiled: March 1, 2016Date of Patent: November 14, 2017Assignee: Microsoft Technology Licensing, LLCInventors: David R. Mowers, John A. Banes, Daniel R. Simon, Paul J. Leach
-
Patent number: 9407617Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: GrantFiled: January 6, 2014Date of Patent: August 2, 2016Assignee: Microsoft Licensing Technology, LLCInventors: David R. Mowers, John A. Banes, Daniel R. Simon, Paul J. Leach
-
Publication number: 20160182488Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: ApplicationFiled: March 1, 2016Publication date: June 23, 2016Inventors: David R. Mowers, John A. Banes, Daniel R. Simon, Paul J. Leach
-
Patent number: 8918525Abstract: An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.Type: GrantFiled: December 22, 2010Date of Patent: December 23, 2014Assignee: Microsoft CorporationInventors: John A. Banes, Joseph M. Joy, David R. Mowers, Cem Paya, Feng Sun
-
Publication number: 20140189823Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: ApplicationFiled: January 6, 2014Publication date: July 3, 2014Applicant: Microsoft CorporationInventors: David R. Mowers, John A. Banes, Daniel R. Simon, Paul J. Leach
-
Patent number: 8627440Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: GrantFiled: December 24, 2009Date of Patent: January 7, 2014Assignee: Microsoft CorporationInventors: David R. Mowers, Daniel R. Simon, Paul J. Leach, John A. Banes
-
Patent number: 8332650Abstract: A password reset disk is created using a private key/public key pair. The private key is stored on a removable computer-readable medium so that it can be removed and securely stored remote from the computer system on which it was created. The public key is stored on the computer system and used to maintain an encrypted copy of the current password to be stored on the computer system. If the user forgets a password, the user may insert the password reset disk into the computer system. The private key is retrieved from the password reset disk and the encrypted password is decrypted using the private key. If the decryption is successful, the user is allowed to set a new password. The password reset disk is effective even if the user password has been changed since the creation of the password reset disk.Type: GrantFiled: March 22, 2002Date of Patent: December 11, 2012Assignee: Microsoft CorporationInventors: John Banes, George Masters, Glenn D. Pittaway, Jonathan David Hubbard, Peter J. Skelly
-
Patent number: 8266294Abstract: A first exemplary media implementation includes processor-executable instructions that direct a device to perform actions including: creating a session identifier using a host identifier; and formulating a host session initiation message with the created session identifier. A first exemplary device implementation includes: at least one processor; and one or more media including processor-executable instructions that direct the device to perform actions including: formulating a host session message with a session identifier that is created responsive to a host identifier; and sending the formulated host session message that includes the session identifier from the device. A second exemplary media implementation includes a data structure that has a message including a session identifier field, at least part of the session identifier field including a host identifier.Type: GrantFiled: August 13, 2003Date of Patent: September 11, 2012Assignee: Microsoft CorporationInventors: John A. Banes, Joseph M. Joy, David R. Mowers, Cem Paya, Feng Sun
-
Publication number: 20110093613Abstract: An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.Type: ApplicationFiled: December 22, 2010Publication date: April 21, 2011Applicant: Microsoft CorporationInventors: John A. Banes, Joseph M. Joy, David R. Mowers, Cem Paya, Feng Sun
-
Patent number: 7882251Abstract: An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.Type: GrantFiled: August 13, 2003Date of Patent: February 1, 2011Assignee: Microsoft CorporationInventors: John A. Banes, Joseph M. Joy, David R. Mowers, Cem Paya, Feng Sun
-
Publication number: 20100100953Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: ApplicationFiled: December 24, 2009Publication date: April 22, 2010Applicant: Microsoft CorporationInventors: David R. Mowers, John Banes, Daniel R. Simon, Paul J. Leach
-
Patent number: 7644275Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: GrantFiled: April 15, 2003Date of Patent: January 5, 2010Assignee: Microsoft CorporationInventors: David R. Mowers, John Banes, Daniel R. Simon, Paul J. Leach
-
Publication number: 20050038906Abstract: A first exemplary media implementation includes processor-executable instructions that direct a device to perform actions including: creating a session identifier using a host identifier; and formulating a host session initiation message with the created session identifier. A first exemplary device implementation includes: at least one processor; and one or more media including processor-executable instructions that direct the device to perform actions including: formulating a host session message with a session identifier that is created responsive to a host identifier; and sending the formulated host session message that includes the session identifier from the device. A second exemplary media implementation includes a data structure that has a message including a session identifier field, at least part of the session identifier field including a host identifier.Type: ApplicationFiled: August 13, 2003Publication date: February 17, 2005Inventors: John Banes, Joseph Joy, David Mowers, Cem Paya, Feng Sun
-
Publication number: 20050038905Abstract: An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.Type: ApplicationFiled: August 13, 2003Publication date: February 17, 2005Inventors: John Banes, Joseph Joy, David Mowers, Cem Paya, Feng Sun
-
Publication number: 20040210756Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.Type: ApplicationFiled: April 15, 2003Publication date: October 21, 2004Applicant: MICROSOFT CORPORATIONInventors: David R. Mowers, John Banes, Daniel R. Simon, Paul J. Leach
-
Publication number: 20030182584Abstract: Systems and methods for recovering from a lost password are described. A password reset disk is created by generating a key pair consisting of a private key and a corresponding public key. The private key is stored on a removable computer-readable medium so that it can be removed and securely stored remote from the computer system on which it was created. The public key is stored on the computer system and used to maintain an up-to-date encrypted copy of the current password. This encrypted copy is stored on the computer system. If, at a later time, the user forgets a user password, the user may insert the password reset disk into the computer system. The private key is retrieved from the password reset disk and the encrypted password is decrypted using the private key. If the decryption is successful, the user is allowed to set a new password. The password reset disk is effective even if the user password has been changed since the creation of the password reset disk.Type: ApplicationFiled: March 22, 2002Publication date: September 25, 2003Inventors: John Banes, George Masters, Glenn D. Pittaway, Jonathan David Hubbard, Peter J. Skelly