Patents by Inventor Kevin Thomas Damour
Kevin Thomas Damour has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230336547Abstract: Methods, systems, apparatuses, and computer-readable storage mediums are described for authorizing publishing of a message and/or a subscription from an Internet of Things (IoT) device. In an example system, a message broker receives a list of attributes from a claims provider. The message broker determines whether publishing of the message is authorized based at least on the list of attributes, and publishes the message if it is determined that the publishing is authorized. The message broker may also receive a subscription specifying a topic filter. The message broker determines whether the subscription is authorized for the IoT device based at least on the list of attributes, and transmits a subscription message to the IoT device if it is determined that the subscription is authorized.Type: ApplicationFiled: May 31, 2022Publication date: October 19, 2023Inventors: Kevin Thomas DAMOUR, David Michael SAUNTRY, Peter Gregg MILLER, Jeroen VANTURENNOUT, Murli Dharan SATAGOPAN, William Alexander STEVENSON, Michael Richard YAGLEY
-
Publication number: 20230336509Abstract: Methods, systems, apparatuses, and computer-readable storage mediums are described for handing retained messages among brokers of Internet of Things (IoT) messages. In an example system, a retained message coordinator of a first message broker receives an indication of a subscription specifying a topic filter from an IoT device. The retained message coordinator identifies, from a data structure shared by a second message broker, a retained message set for a topic within a scope of the topic filter. The retained message coordinator retrieves the retained message set from a shared data store, and provides the retained message set to the IoT device.Type: ApplicationFiled: May 31, 2022Publication date: October 19, 2023Inventors: Peter Gregg MILLER, David Michael SAUNTRY, Kevin Thomas DAMOUR, Bhawandeep Singh PANESAR, Dmitri Alexandrovich KLEMENTIEV
-
Publication number: 20230336510Abstract: Methods, systems, apparatuses, and computer-readable storage mediums are described for bridging brokers of messages from Internet of Things (IoT) devices. In an example system, a first message broker receives a message and an associated topic from an IoT device. A bridging coordinator accesses a topic-to-broker map that indicates, for a second broker, a list of topic filters for which the second message broker has at least one subscriber. The bridging coordinator determines whether the list of topics includes the associated topic. In response to a determination that the list of topic filters in the topic-to-broker map includes the associated topic, the bridging coordinator forward the message to the second message broker. In response to a determination that the list of topic filters does not include the associated topic, the bridging coordinator prevents forwarding of the message to the second message broker.Type: ApplicationFiled: May 31, 2022Publication date: October 19, 2023Inventors: Peter Gregg MILLER, David Michael SAUNTRY, Kevin Thomas DAMOUR, Bhawandeep Singh PANESAR, Dmitri Alexandrovich KLEMENTIEV
-
Patent number: 11381575Abstract: Systems and methods for controlling an edge computing device. The method includes, receiving a user input requesting access to a resource of the edge computing device, determining whether the user has privileges to access the resource by: formulating a claims request which requests claims based on the determined identity of the user, sending the claims request to a local claims provider agent executed by a processor of the edge computing device, determining, based on claim request handling factors, whether the local claims provider agent can generate a token including the requested claims, and if so, generating the token with the requested claims; if not, a request may be sent to a cloud service-side claims provider to receive the token. The method includes authorizing access to the resource based on a predetermined policy that specifies the presence of a predefined resource parameter in the requested claims is sufficient.Type: GrantFiled: July 12, 2019Date of Patent: July 5, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Kevin Thomas Damour, David Michael Sauntry, Peter Gregg Miller, Sindhura Tokala, Tara Sanathanan Prakriya, Bhawandeep Singh Panesar, Lawrence Brozak Sullivan, Jr.
-
Publication number: 20200351274Abstract: Systems and methods for controlling an edge computing device. The method includes, receiving a user input requesting access to a resource of the edge computing device, determining whether the user has privileges to access the resource by: formulating a claims request which requests claims based on the determined identity of the user, sending the claims request to a local claims provider agent executed by a processor of the edge computing device, determining, based on claim request handling factors, whether the local claims provider agent can generate a token including the requested claims, and if so, generating the token with the requested claims; if not, a request may be sent to a cloud service-side claims provider to receive the token. The method includes authorizing access to the resource based on a predetermined policy that specifies the presence of a predefined resource parameter in the requested claims is sufficient.Type: ApplicationFiled: July 12, 2019Publication date: November 5, 2020Applicant: Microsoft Technology Licensing, LLCInventors: Kevin Thomas DAMOUR, David Michael SAUNTRY, Peter Gregg MILLER, Sindhura TOKALA, Tara Sanathanan PRAKRIYA, Bhawandeep Singh PANESAR, Lawrence Brozak SULLIVAN, JR.
-
Patent number: 8555069Abstract: Modern network communications often require a client application requesting data to authenticate itself to an application providing the data. Such authentication requests can be redundant, especially in the case of stateless network protocols. When a full authentication is performed, a conversation identifier and one or more encryption keys can be agreed upon. Subsequent authentication requests can be answered with a fast reconnect token comprising the conversation identifier and a cryptographically signed version of it using the one or more encryption keys. Should additional security be desirable, a sequence number can be established and incremented in a pre-determined or a random manner to enable detection of replayed fast reconnect tokens. If the recipient can verify the fast reconnect token, the provider can be considered to have been authenticated based on the prior authentication. If an aspect of the fast re-authentication should fail, recourse can be had to the original full authentication process.Type: GrantFiled: March 6, 2009Date of Patent: October 8, 2013Assignee: Microsoft CorporationInventors: Liqiang Zhu, Paul J. Leach, Kevin Thomas Damour, David McPherson, Tanmoy Dutta
-
Patent number: 8225131Abstract: Today, data networks are ever increasing in size and complexity. For example, a datacenter may comprise hundreds of thousands of service endpoints configured to perform work. To reduce network wide degradation, a load balancer may send work requests to healthy service endpoints, as opposed to unhealthy and/or inoperative service endpoints. Accordingly, among other things, one or more systems and/or techniques for monitoring service endpoints, which may be scalable for large scale networks, are provided. In particular, a consistent hash function may be performed to generate a monitoring scheme comprising assignments of service endpoints to monitoring groups. In this way, multiple monitoring components may monitor a subset of endpoints to ascertain health status. Additionally, the monitoring components may communicate between one another so that a monitoring component may know heath statuses of service endpoints both assigned and not assigned to the monitoring component.Type: GrantFiled: June 17, 2010Date of Patent: July 17, 2012Assignee: Microsoft CorporationInventors: Saurabh Mahajan, Vladimir Shubin, Kevin Thomas Damour, Thekkthalackal Varugis Kurien, Lihua Yuan
-
Publication number: 20110314326Abstract: Today, data networks are ever increasing in size and complexity. For example, a datacenter may comprise hundreds of thousands of service endpoints configured to perform work. To reduce network wide degradation, a load balancer may send work requests to healthy service endpoints, as opposed to unhealthy and/or inoperative service endpoints. Accordingly, among other things, one or more systems and/or techniques for monitoring service endpoints, which may be scalable for large scale networks, are provided. In particular, a consistent hash function may be performed to generate a monitoring scheme comprising assignments of service endpoints to monitoring groups. In this way, multiple monitoring components may monitor a subset of endpoints to ascertain health status. Additionally, the monitoring components may communicate between one another so that a monitoring component may know heath statuses of service endpoints both assigned and not assigned to the monitoring component.Type: ApplicationFiled: June 17, 2010Publication date: December 22, 2011Applicant: Microsoft CorporationInventors: Saurabh Mahajan, Vladimir Shubin, Kevin Thomas Damour, Thekkthalackal Varugis Kurien, Lihua Yuan
-
Publication number: 20100228982Abstract: Modern network communications often require a client application requesting data to authenticate itself to an application providing the data. Such authentication requests can be redundant, especially in the case of stateless network protocols. When a full authentication is performed, a conversation identifier and one or more encryption keys can be agreed upon. Subsequent authentication requests can be answered with a fast reconnect token comprising the conversation identifier and a cryptographically signed version of it using the one or more encryption keys. Should additional security be desirable, a sequence number can be established and incremented in a pre-determined or a random manner to enable detection of replayed fast reconnect tokens. If the recipient can verify the fast reconnect token, the provider can be considered to have been authenticated based on the prior authentication. If an aspect of the fast re-authentication should fail, recourse can be had to the original full authentication process.Type: ApplicationFiled: March 6, 2009Publication date: September 9, 2010Applicant: MICROSOFT CORPORATIONInventors: Liqiang Zhu, Paul J. Leach, Kevin Thomas Damour, David McPherson, Tanmoy Dutta