Patents by Inventor Karthik Jaganathan
Karthik Jaganathan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9413740Abstract: Embodiments are directed to establishing a secure connection between computing systems and to providing computer system virtualization on a secure computing device. In one scenario, a computer system receives a request that at least one specified function be initiated. The request includes user credentials and a device claim that identifies the computing device. The computer system authenticates the user using the received user credentials and determines, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the specified function. Then, upon determining that the user has been authenticated and that the computing device is approved to initiate performance the specified function, the computer system initiates performance of the specified function.Type: GrantFiled: July 22, 2014Date of Patent: August 9, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Mohamed Rouatbi, Karthik Jaganathan, Venkata K. Anumalasetty, Ramesh Chinta, Scott A. Field
-
Publication number: 20160087963Abstract: Embodiments are directed to establishing a secure connection between computing systems and to providing computer system virtualization on a secure computing device. In one scenario, a computer system receives a request that at least one specified function be initiated. The request includes user credentials and a device claim that identifies the computing device. The computer system authenticates the user using the received user credentials and determines, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the specified function. Then, upon determining that the user has been authenticated and that the computing device is approved to initiate performance the specified function, the computer system initiates performance of the specified function.Type: ApplicationFiled: December 1, 2015Publication date: March 24, 2016Inventors: Mohamed Rouatbi, Karthik Jaganathan, Venkata K. Anumalasetty, Ramesh Chinta, Scott A. Field
-
Publication number: 20160028704Abstract: Embodiments are directed to establishing a secure connection between computing systems and to providing computer system virtualization on a secure computing device. In one scenario, a computer system receives a request that at least one specified function be initiated. The request includes user credentials and a device claim that identifies the computing device. The computer system authenticates the user using the received user credentials and determines, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the specified function. Then, upon determining that the user has been authenticated and that the computing device is approved to initiate performance the specified function, the computer system initiates performance of the specified function.Type: ApplicationFiled: July 22, 2014Publication date: January 28, 2016Inventors: Mohamed Rouatbi, Karthik Jaganathan, Venkata K. Anumalasetty, Ramesh Chinta, Scott A. Field
-
Publication number: 20130283354Abstract: A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.Type: ApplicationFiled: June 18, 2013Publication date: October 24, 2013Inventors: Praerit Garg, Cliff Van Dyke, Karthik Jaganathan, Mark Pustilnik, Donald E. Schmidt
-
Patent number: 8544083Abstract: Security elevation techniques are described. In an implementation, a request is received for additional security access beyond that which is currently specified for a program. An identity that describes the program is checked with a plurality of conditions. The security level is automatically elevated to grant the additional security access when the identity corresponds to one of the conditions that indicates that the security level is to be automatically elevated.Type: GrantFiled: February 19, 2009Date of Patent: September 24, 2013Assignee: Microsoft CorporationInventors: Karthik Jaganathan, Tanmoy Dutta, Eric C Perlin, Steven L. Hiskey, Cezar Ungureanasu
-
Patent number: 8510818Abstract: A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.Type: GrantFiled: May 20, 2009Date of Patent: August 13, 2013Assignee: Microsoft CorporationInventors: Praerit Garg, Cliff Van Dyke, Karthik Jaganathan, Mark Pustilnik, Donald E. Schmidt
-
Publication number: 20100212008Abstract: Security elevation techniques are described. In an implementation, a request is received for additional security access beyond that which is currently specified for a program. An identity that describes the program is checked with a plurality of conditions. The security level is automatically elevated to grant the additional security access when the identity corresponds to one of the conditions that indicates that the security level is to be automatically elevated.Type: ApplicationFiled: February 19, 2009Publication date: August 19, 2010Applicant: Microsoft CorporationInventors: Karthik Jaganathan, Tanmoy Dutta, Eric C. Perlin, Steven L. Hiskey, Cezar Ungureanasu
-
Patent number: 7757275Abstract: A domain controller (DC) side plugin supports one time passwords natively in Kerberos, Part of the key material is static and the other part is dynamic, thereby leveraging properties unique to each to securely support one time passwords in an operating system. The user is permitted to type in the one time passcode into a logon user interface. Rather than calling the SAM APIs to get the static passwords, vendors may register callbacks on the DC to plugin their algorithm. These callback functions will return the dynamically calculated passcodes for the user at a specific point in time. This passcode will then be treated as a normal password by the DC.Type: GrantFiled: June 15, 2005Date of Patent: July 13, 2010Assignee: Microsoft CorporationInventors: Christopher J. Crall, Karthik Jaganathan, Liqiang Zhu, Paul J. Leach
-
Patent number: 7591012Abstract: Systems and methods for negotiating an encryption algorithm may be implemented in the context of encryption-based authentication protocols. The invention has the added benefit of providing a system an method that need not interfere with the standard operation of authentication protocols. A first computer, or client computer, can send a negotiation request to a second computer, or server computer. The negotiation request can specify that the client computer supports a selected encryption algorithm. In response, the server computer can return a subsession key for encryption using the selected encryption algorithm. Both client and server may then switch to encryption in the selected encryption algorithm, using the subsession key to encrypt future communications.Type: GrantFiled: March 2, 2004Date of Patent: September 15, 2009Assignee: Microsoft CorporationInventors: Karthik Jaganathan, Liqiang Zhu
-
Publication number: 20090228969Abstract: A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.Type: ApplicationFiled: May 20, 2009Publication date: September 10, 2009Applicant: Microsoft CorporationInventors: Praerit Garg, Cliff Van Dyke, Karthik Jaganathan, Mark Pustilnik, Donald E. Schmidt
-
Patent number: 7571311Abstract: Branch domain controllers (DCs) contain read only replicas of the data in a normal domain DC. This includes information about the groups a user belongs to so it can be used to determine authorization information. Password information, however, is desirably replicated to the branch DCs only for users and services (including machines) designated for that particular branch. Moreover, all write operations are desirably handled by hub DCs, the primary domain controller (PDC), or other DCs trusted by the corporate office. Rapid authentication and authorization in branch offices is supported using Kerberos sub-realms in which each branch office operates as a virtual realm. The Kerberos protocol employs different key version numbers to distinguish between the virtual realms of the head and branch key distribution centers (KDCs).Type: GrantFiled: April 1, 2005Date of Patent: August 4, 2009Assignee: Microsoft CorporationInventors: Cristian Marius Ilac, Karthik Jaganathan, Murli D. Satagopan, Tarek Bahna El-Din Mahmoud Kamel, Todd F. Stecher
-
Patent number: 7568218Abstract: A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.Type: GrantFiled: October 31, 2002Date of Patent: July 28, 2009Assignee: Microsoft CorporationInventors: Praerit Garg, Cliff Van Dyke, Karthik Jaganathan, Mark Pustilnik, Donald E. Schmidt
-
Patent number: 7434253Abstract: A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding.Type: GrantFiled: July 14, 2005Date of Patent: October 7, 2008Assignee: Microsoft CorporationInventors: Christopher J. Crall, Gennady Medvinsky, Joshua Ball, Karthik Jaganathan, Paul J. Leach, Liqiang Zhu, David B. Cross
-
Publication number: 20070016782Abstract: A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding.Type: ApplicationFiled: July 14, 2005Publication date: January 18, 2007Applicant: Microsoft CorporationInventors: Christopher Crall, Gennady Medvinsky, Joshua Ball, Karthik Jaganathan, Paul Leach, Liqiang Zhu, David Cross
-
Publication number: 20060288230Abstract: A domain controller (DC) side plugin supports one time passwords natively in Kerberos, Part of the key material is static and the other part is dynamic, thereby leveraging properties unique to each to securely support one time passwords in an operating system. The user is permitted to type in the one time passcode into a logon user interface. Rather than calling the SAM APIs to get the static passwords, vendors may register callbacks on the DC to plugin their algorithm. These callback functions will return the dynamically calculated passcodes for the user at a specific point in time. This passcode will then be treated as a normal password by the DC.Type: ApplicationFiled: June 15, 2005Publication date: December 21, 2006Applicant: Microsoft CorporationInventors: Christopher Crall, Karthik Jaganathan, Liqiang Zhu, Paul Leach
-
Publication number: 20060224891Abstract: Branch domain controllers (DCs) contain read only replicas of the data in a normal domain DC. This includes information about the groups a user belongs to so it can be used to determine authorization information. Password information, however, is desirably replicated to the branch DCs only for users and services (including machines) designated for that particular branch. Moreover, all write operations are desirably handled by hub DCs, the primary domain controller (PDC), or other DCs trusted by the corporate office. Rapid authentication and authorization in branch offices is supported using Kerberos sub-realms in which each branch office operates as a virtual realm. The Kerberos protocol employs different key version numbers to distinguish between the virtual realms of the head and branch key distribution centers (KDCs).Type: ApplicationFiled: April 1, 2005Publication date: October 5, 2006Applicant: Microsoft CorporationInventors: Cristian Ilac, Karthik Jaganathan, Murli Satagopan, Tarek Bahna Mahmoud Kamel, Todd Stecher
-
Publication number: 20050198490Abstract: Systems and methods for negotiating an encryption algorithm may be implemented in the context of encryption-based authentication protocols. The invention has the added benefit of providing a system an method that need not interfere with the standard operation of authentication protocols. A first computer, or client computer, can send a negotiation request to a second computer, or server computer. The negotiation request can specify that the client computer supports a selected encryption algorithm. In response, the server computer can return a subsession key for encryption using the selected encryption algorithm. Both client and server may then switch to encryption in the selected encryption algorithm, using the subsession key to encrypt future communications.Type: ApplicationFiled: March 2, 2004Publication date: September 8, 2005Inventors: Karthik Jaganathan, Liqiang Zhu
-
Publication number: 20040088543Abstract: A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.Type: ApplicationFiled: October 31, 2002Publication date: May 6, 2004Inventors: Praerit Garg, Cliff Van Dyke, Karthik Jaganathan, Mark Pustilnik, Donald E. Schmidt