Patents by Inventor Kim Cameron

Kim Cameron has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12519766
    Abstract: Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.
    Type: Grant
    Filed: April 18, 2024
    Date of Patent: January 6, 2026
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Raja Charu Vikram Kakumani, Brandon B. Murdoch, Ronald Bjones, Muhammad Omer Iqbal, Kim Cameron
  • Patent number: 12401509
    Abstract: Generating a verifiable pairwise claim. Receiving a request for issuing a verifiable claim that is associated with a subject entity and is verifiable by one or more verifying entities. The request includes at least an encrypted portion using a particular type of encryptography. Verifying that the subject entity is associated with a subject of the verifiable claim based on decrypting the encrypted portion using the particular type of cryptography. In response to verifying that the subject entity is associated with the subject of the verifiable claim, issuing the verifiable claim that is structured to be verifiable only by the one or more verifying entities.
    Type: Grant
    Filed: January 28, 2021
    Date of Patent: August 26, 2025
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Kim Cameron
  • Publication number: 20250061228
    Abstract: Generating and associating decentralized identifiers (DIDs) for a group of one or more related devices. First, a device group DID is generated. The device group DID is associated with a group of one or more related devices. For each of the group of one or more related devices, a device DID is generated, and associated with the corresponding device. A scope of permission is granted to the device group DID. In response to the granting the scope of permission to the device group DID, each device DID is granted a subset of the scope of permission.
    Type: Application
    Filed: November 5, 2024
    Publication date: February 20, 2025
    Inventor: Kim CAMERON
  • Patent number: 12174996
    Abstract: Generating and associating decentralized identifiers (DIDs) for a group of related devices. First, a device group DID is generated by generating a private key of the device group DID based on a seed and a first hardware identifier of at least one of the devices in the group. The device group DID is associated with the group of related devices. For each of the group of the related devices, a device DID is derived by generating a private key of the device DID based on a seed, a second hardware identifier of the corresponding device, and the device group DID. The device DID is then associated with the corresponding device. Further, a scope of permission is granted to the device group DID, and each device DID in the group is granted a subset of the scope of permission.
    Type: Grant
    Filed: January 28, 2021
    Date of Patent: December 24, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Kim Cameron
  • Publication number: 20240267366
    Abstract: Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.
    Type: Application
    Filed: April 18, 2024
    Publication date: August 8, 2024
    Inventors: Raja Charu Vikram Kakumani, Brandon B. Murdoch, Ronald Jke Bjones, Muhammad Omer Iqbal, Kim Cameron
  • Patent number: 11997077
    Abstract: Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.
    Type: Grant
    Filed: November 10, 2017
    Date of Patent: May 28, 2024
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Raja Charu Vikram Kakumani, Brandon B. Murdoch, Ronald Bjones, Muhammad Omer Iqbal, Kim Cameron
  • Publication number: 20230050460
    Abstract: Generating a verifiable pairwise claim. Receiving a request for issuing a verifiable claim that is associated with a subject entity and is verifiable by one or more verifying entities. The request includes at least an encrypted portion using a particular type of encryptography. Verifying that the subject entity is associated with a subject of the verifiable claim based on decrypting the encrypted portion using the particular type of cryptography. In response to verifying that the subject entity is associated with the subject of the verifiable claim, issuing the verifiable claim that is structured to be verifiable only by the one or more verifying entities.
    Type: Application
    Filed: January 28, 2021
    Publication date: February 16, 2023
    Inventor: Kim CAMERON
  • Publication number: 20230028555
    Abstract: Generating and associating decentralized identifiers (DIDs) for a group of related devices. First, a device group DID is generated by generating a private key of the device group DID based on a seed and a first hardware identifier of at least one of the devices in the group. The device group DID is associated with the group of related devices. For each of the group of the related devices, a device DID is derived by generating a private key of the device DID based on a seed, a second hardware identifier of the corresponding device, and the device group DID. The device DID is then associated with the corresponding device. Further, a scope of permission is granted to the device group DID, and each device DID in the group is granted a subset of the scope of permission.
    Type: Application
    Filed: January 28, 2021
    Publication date: January 26, 2023
    Inventor: Kim CAMERON
  • Patent number: 10609082
    Abstract: Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.
    Type: Grant
    Filed: November 10, 2017
    Date of Patent: March 31, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Raja Charu Vikram Kakumani, Brandon Murdoch, Ronald Bjones, Muhammad O. Iqbal, Kim Cameron
  • Publication number: 20190312865
    Abstract: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.
    Type: Application
    Filed: June 20, 2019
    Publication date: October 10, 2019
    Inventors: David J. STEEVES, Kim CAMERON, Todd L. CARPENTER, David FOSTER, Quentin S. MILLER
  • Patent number: 10389712
    Abstract: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.
    Type: Grant
    Filed: March 29, 2017
    Date of Patent: August 20, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: David J. Steeves, Kim Cameron, Todd L. Carpenter, David Foster, Quentin S. Miller
  • Publication number: 20190149579
    Abstract: Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.
    Type: Application
    Filed: November 10, 2017
    Publication date: May 16, 2019
    Inventors: Raja Charu Vikram Kakumani, Brandon Murdoch, Ronald Bjones, Muhammad O. Iqbal, Kim Cameron
  • Publication number: 20190149531
    Abstract: Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.
    Type: Application
    Filed: November 10, 2017
    Publication date: May 16, 2019
    Inventors: Raja Charu Vikram Kakumani, Brandon Murdoch, Ronald Bjones, Muhammad O. Iqbal, Kim Cameron
  • Patent number: 9904912
    Abstract: Technology is described for protecting transactions. The technology may include a switching component that a user can employ to switch an associated mobile device into a secure mode so that a user can confirm the transaction. After initiating a transaction request, the user can confirm the transaction request by activating the switching component, which can cause the mobile device to switch into a secure mode. In the secure mode, the mobile device may prevent the mobile device from conducting various normal activities, such as executing applications, receiving input, providing output, and so forth. The switching component may disable other processing temporarily. Upon receiving the confirmation from the user, the switching component may send a confirmation communication to complete the transaction.
    Type: Grant
    Filed: June 3, 2015
    Date of Patent: February 27, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: David J. Steeves, Kim Cameron, Todd L. Carpenter, David Foster, Quentin S. Miller, Gregory D. Hartrell
  • Publication number: 20170330250
    Abstract: Machines, Processes, compositions of matter, and articles that include at least one input acceptance machine and at least one track data presentation device. In addition to the foregoing, other aspects are described in the claims, drawings, and text.
    Type: Application
    Filed: October 24, 2016
    Publication date: November 16, 2017
    Applicant: Elwha, LLC
    Inventors: Ali Arjomand, Kim Cameron, William Gates, Roderick A. Hyde, Muriel Y. Ishikawa, Jordin T. Kare, Max R. Levchin, Nathan P. Myhrvold, Tony S. Pan, Aaron Sparks, Russ Stein, Clarence T. Tegreene, Maurizio Vecchione, Lowell L. Wood, JR., Victoria Y.H. Wood
  • Publication number: 20170208061
    Abstract: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.
    Type: Application
    Filed: March 29, 2017
    Publication date: July 20, 2017
    Inventors: David J. Steeves, Kim Cameron, Todd L. Carpenter, David Foster, Quentin S. Miller
  • Patent number: 9641502
    Abstract: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.
    Type: Grant
    Filed: September 25, 2014
    Date of Patent: May 2, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: David J. Steeves, Kim Cameron, Todd L. Carpenter, David Foster, Quentin S. Miller
  • Publication number: 20170046670
    Abstract: Machines, Processes, compositions of matter, and articles that include at least one input acceptance machine and at least one track data presentation device. In addition to the foregoing, other aspects are described in the claims, drawings, and text.
    Type: Application
    Filed: October 24, 2016
    Publication date: February 16, 2017
    Applicant: Elwha LLC
    Inventors: Ali Arjomand, Kim Cameron, William Gates, Roderick A. Hyde, Muriel Y. Ishikawa, Jordin T. Kare, Max R. Levchin, Nathan P. Myhrvold, Tony S. Pan, Aaron Sparks, Russ Stein, Clarence T. Tegreene, Maurizio Vecchione, Lowell L. Wood, JR., Victoria Y. H. Wood
  • Publication number: 20160379312
    Abstract: Machines, Processes, compositions of matter, and articles that include at least one input acceptance machine and at least one track data presentation device. In addition to the foregoing, other aspects are described in the claims, drawings, and text.
    Type: Application
    Filed: June 22, 2016
    Publication date: December 29, 2016
    Applicant: Elwha, LLC
    Inventors: Ali Arjomand, Kim Cameron, William Gates, Roderick A. Hyde, Muriel Y. Ishikawa, Jordin T. Kare, Max R. Levchin, Nathan P. Myhrvold, Tony S. Pan, Aaron Sparks, Russ Stein, Clarence T. Tegreene, Maurizio Vecchione, Lowell L. Wood, JR., Victoria Y. H. Wood
  • Patent number: 9521131
    Abstract: A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal's identity and supervisory control over a principal's activities are enhanced.
    Type: Grant
    Filed: February 10, 2014
    Date of Patent: December 13, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: John Shewchuk, Kim Cameron, Arun Nanda, Xiao Xie