Patents by Inventor Kim Cameron
Kim Cameron has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20150281200Abstract: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.Type: ApplicationFiled: September 25, 2014Publication date: October 1, 2015Inventors: David J. Steeves, Kim Cameron, Todd L. Carpenter, David Foster, Quentin S. Miller
-
Publication number: 20150269537Abstract: Technology is described for protecting transactions. The technology may include a switching component that a user can employ to switch an associated mobile device into a secure mode so that a user can confirm the transaction. After initiating a transaction request, the user can confirm the transaction request by activating the switching component, which can cause the mobile device to switch into a secure mode. In the secure mode, the mobile device may prevent the mobile device from conducting various normal activities, such as executing applications, receiving input, providing output, and so forth. The switching component may disable other processing temporarily. Upon receiving the confirmation from the user, the switching component may send a confirmation communication to complete the transaction.Type: ApplicationFiled: June 3, 2015Publication date: September 24, 2015Inventors: David J. Steeves, Kim Cameron, Todd L. Carpenter, David Foster, Quentin S. Miller, Gregory D. Hartrell
-
Patent number: 9065812Abstract: Technology is described for protecting transactions. The technology may include a switching component that a user can employ to switch an associated mobile device into a secure mode so that a user can confirm the transaction. After initiating a transaction request, the user can confirm the transaction request by activating the switching component, which can cause the mobile device to switch into a secure mode. In the secure mode, the mobile device may prevent the mobile device from conducting various normal activities, such as executing applications, receiving input, providing output, and so forth. The switching component may disable other processing temporarily. Upon receiving the confirmation from the user, the switching component may send a confirmation communication to complete the transaction.Type: GrantFiled: January 23, 2009Date of Patent: June 23, 2015Assignee: Microsoft Technology Licensing, LLCInventors: David J. Steeves, Kim Cameron, Todd L. Carpenter, David Foster, Quentin S. Miller, Gregory D. Hartrell
-
Patent number: 8973123Abstract: Aspects of the subject matter described herein relate to identity technology. In aspects, a user device requests access to a service provided by a relying party. In response, the relying party indicates required claims and may also indicate claims providers from which the required claims may be obtained. The user device may obtain the required claims from different claims providers, and send the claims obtained from the different claims providers in one or more messages to the relying party. The relying party may verify the claims or employ a validating service to verify that the claims are valid prior to providing access to the requested service.Type: GrantFiled: October 18, 2012Date of Patent: March 3, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron, Anthony Joseph Nadalin
-
Patent number: 8898758Abstract: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.Type: GrantFiled: November 22, 2013Date of Patent: November 25, 2014Assignee: Microsoft CorporationInventors: David J. Steeves, Kim Cameron, Todd L. Carpenter, David Foster, Quentin S. Miller
-
Patent number: 8806652Abstract: Aspects of the subject matter described herein relate to identity technology. In aspects, even though a cloud operator may control one or all of the entities with which a user device interacts, the employees and computers controlled by the cloud operator may still have insufficient data to determine a natural identity of the user based on interactions of the user device with the cloud operator's computers. Privacy boundaries on the user device control transmission of natural identity information to other entities such that, without user consent, computers outside of the user device have insufficient data singly or combined to determine a natural identity of the user.Type: GrantFiled: December 5, 2012Date of Patent: August 12, 2014Assignee: Microsoft CorporationInventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron, Anthony Joseph Nadalin
-
Publication number: 20140223522Abstract: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.Type: ApplicationFiled: November 22, 2013Publication date: August 7, 2014Applicant: MICROSOFT CORPORATIONInventors: David J. Steeves, Kim Cameron, Bradley Carpenter, David Foster, Quentin S. Miller
-
Publication number: 20140215577Abstract: A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal's identity and supervisory control over a principal's activities are enhanced.Type: ApplicationFiled: February 10, 2014Publication date: July 31, 2014Applicant: Microsoft CorporationInventors: John Shewchuk, Kim Cameron, Arun Nanda, Xiao Xie
-
Patent number: 8752158Abstract: Aspects of the subject matter described herein relate to identity technology. In aspects, a user device sends a request for access to a service. In response, the service directs the user device to a user agent that may be downloaded or that may already exist on the user device. The user agent includes code that executes on the user device to create a security boundary. The security boundary controls transmission of identity information that may be used to identify a user of the device.Type: GrantFiled: November 21, 2012Date of Patent: June 10, 2014Assignee: Microsoft CorporationInventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron
-
Patent number: 8689296Abstract: A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal's identity and supervisory control over a principal's activities are enhanced.Type: GrantFiled: December 7, 2007Date of Patent: April 1, 2014Assignee: Microsoft CorporationInventors: John Shewchuk, Kim Cameron, Arun Nanda, Xiao Xie
-
Publication number: 20140090088Abstract: Aspects of the subject matter described herein relate to facilitating claim use in an identity framework. In aspects, a definition of a trust framework may be received and stored. A graphical interface may display a plurality of trust frameworks and allow an administrator to select which trust framework to instantiate. The graphical interface may also allow the administrator to define which rules of the trust framework to use in the instance of the trust framework. After receiving this information, the instance of the trust framework may be instantiated and configuration data provided to the administrator to allow the administrator to configure a Web service to invoke the instance of the trust framework to grant or deny access to the Web service.Type: ApplicationFiled: September 27, 2012Publication date: March 27, 2014Applicant: MICROSOFT CORPORATIONInventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron, Anthony Joseph Nadalin
-
Patent number: 8590021Abstract: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.Type: GrantFiled: January 23, 2009Date of Patent: November 19, 2013Assignee: Microsoft CorporationInventors: David J. Steeves, Kim Cameron, Todd L. Carpenter, David Foster, Quentin S. Miller
-
Publication number: 20130276131Abstract: Aspects of the subject matter described herein relate to identity technology. In aspects, even though a cloud operator may control one or all of the entities with which a user device interacts, the employees and computers controlled by the cloud operator may still have insufficient data to determine a natural identity of the user based on interactions of the user device with the cloud operator's computers. Privacy boundaries on the user device control transmission of natural identity information to other entities such that, without user consent, computers outside of the user device have insufficient data singly or combined to determine a natural identity of the user.Type: ApplicationFiled: December 5, 2012Publication date: October 17, 2013Applicant: MICROSOFT CORPORATIONInventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron, Anthony Joseph Nadalin
-
Publication number: 20130276087Abstract: Aspects of the subject matter described herein relate to identity technology. In aspects, a user device requests access to a service provided by a relying party. In response, the relying party indicates required claims and may also indicate claims providers from which the required claims may be obtained. The user device may obtain the required claims from different claims providers, and send the claims obtained from the different claims providers in one or more messages to the relying party. The relying party may verify the claims or employ a validating service to verify that the claims are valid prior to providing access to the requested service.Type: ApplicationFiled: October 18, 2012Publication date: October 17, 2013Applicant: MICROSOFT CORPORATIONInventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron, Anthony Joseph Nadalin
-
Publication number: 20130275282Abstract: Aspects of the subject matter described herein relate to billing for transactions involving a claims provider. In aspects, in conjunction with presenting a claim to a relying party, billing information is provided to a billing service. The billing information may include information to identify a claims provider that provided the claim and information that identifies the relying party. The information does not include data that can be used to determine the natural identity of a user that presented the claim. In response, a count is updated that can be used for billing. The count is not usable to determine the natural identities of users that presented claims to the relying party.Type: ApplicationFiled: October 16, 2012Publication date: October 17, 2013Applicant: Microsoft CorporationInventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron
-
Publication number: 20130276088Abstract: Aspects of the subject matter described herein relate to identity technology. In aspects, a user device sends a request for access to a service. In response, the service directs the user device to a user agent that may be downloaded or that may already exist on the user device. The user agent includes code that executes on the user device to create a security boundary. The security boundary controls transmission of identity information that may be used to identify a user of the device.Type: ApplicationFiled: November 21, 2012Publication date: October 17, 2013Applicant: MICROSOFT CORPORATIONInventors: Ronald John Kamiel Euphrasia Bjones, Kim Cameron
-
Patent number: 8479006Abstract: Creating a token for use by an entity when digitally signing documents. In a computing environment, a digital identity representation for an entity is accessed. The digital identity representation includes information identifying identity attributes about the entity and capabilities of an identity provider that provides tokens for use by the entity. Context information is accessed. The context information includes information about one or more of which, how or where the attributes for the entity identified in the digital identity representation will be used. A security token is created from the information in the digital identity representation and the context information. The security token makes assertions by the identity provider. The assertions are based on the information in the digital identity representation. The token further includes information related to at least a portion of the context information.Type: GrantFiled: June 20, 2008Date of Patent: July 2, 2013Assignee: Microsoft CorporationInventors: Tariq Sharif, Arun K. Nanda, Craig H. Wittenberg, Lucas R. Melton, Richard Randall, Kim Cameron, Hervey O. Wilson
-
Patent number: 8473634Abstract: In accordance with various aspects, the present invention relates to accessing and publishing documents between two computer systems or nodes that are connected together in a network environment. The system and method for name resolution stores an identity information document containing a user-friendly handle signifying identity, such as an email address, and a machine location, such as an IP address, for the publishing computer system where the documents are stored. Next, the system and method intercepts an initial request for access to documents when the initial request includes a user-friendly handle and replaces the user-friendly handle with the machine location, so that network users may easily access these documents through knowledge only of the user-friendly handle.Type: GrantFiled: October 23, 2003Date of Patent: June 25, 2013Assignee: Microsoft CorporationInventors: Murli Satagopan, Kim Cameron
-
Patent number: 8171057Abstract: The present invention extends to methods, systems, and computer program products for modeling party identities in computer storage systems. A federated identity fabric models identity data and relationships between portions of indentify data in computer storage systems in accordance with a uniform schema. The federated identity fabric can federate distributed identity and identity relationship data from computer storage systems within the variety of different computing environments. Code and metadata at computing environments associated with the federated identity fabric can interoperate to facilitate uniformly storing, accessing, modifying, deleting, and securing identity and identity relationship data within the federated identify fabric. Embodiments of the invention include utilizing an identity key table entry to locate party identity information and performing key transformations between different types of identity keys.Type: GrantFiled: March 25, 2009Date of Patent: May 1, 2012Assignee: Microsoft CorporationInventors: Keith W. Short, Kim Cameron
-
Patent number: 8117459Abstract: A digital identity system includes a principal including an identity selector programmed to receive a security policy from a relying party, review a plurality of digital identities associated with the principal, and request one or more claims related to an identity of the principal from an identity provider. The principal is further programmed to receive one or more security tokens including the claims from the identity provider, and to forward the security tokens to the relying party.Type: GrantFiled: July 28, 2006Date of Patent: February 14, 2012Assignee: Microsoft CorporationInventors: Kim Cameron, Arun K. Nanda