Patents by Inventor Kok Wai Chan
Kok Wai Chan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20120079585Abstract: Embodiments of proxy authentication and indirect certificate chaining are described herein. In an implementation, authentication for a client occurs via a proxy service. Proxy service communicates between client and server, and caches security tokens on behalf of the client. In an implementation, trustworthiness of certificate presented to a client to establish trust is determined utilizing a signed data package which incorporates a plurality of known certificates. The presented certificate is verified without utilizing root certificates installed on the client device.Type: ApplicationFiled: December 6, 2011Publication date: March 29, 2012Applicant: MICROSOFT CORPORATIONInventors: Kok Wai Chan, Colin Chow, Trevin M. Chow, Lin Huang, Ryan Hurst, Naresh Jain, Wei Jiang, Yordan I. Rouskov, Pui-Yin Winfred Wong, Ismail Cem Paya, Ryan Hurst
-
Patent number: 7971240Abstract: Exchanging information in a multi-site authentication system. A network server receives, from an authentication server, a request by a client computing device for a service provided by the network server along with an authentication ticket. The authentication ticket includes: a session key encrypted by a public key associated with the network server, message content encrypted by the session key, and a signature for the encrypted session key and the encrypted message content. The signature includes address information of the network server. The network server identifies its own address information in the signature to validate the signature included in the authentication ticket and verifies the authentication ticket content based on the signature included in the authentication ticket. The network server decrypts the encrypted session key via a private key associated with the second network server and decrypts the encrypted message content via the decrypted session key.Type: GrantFiled: April 20, 2009Date of Patent: June 28, 2011Assignee: Microsoft CorporationInventors: Wei-Quiang Michael Guo, John Hal Howard, Kok Wai Chan
-
Publication number: 20110078448Abstract: An integrated authentication service is described which may receive a bundled request from one or more clients. One or more of the described techniques may be utilized to provide, in response to a single bundled request, a token for proof of identity and a certificate for establishing secure communications.Type: ApplicationFiled: December 10, 2010Publication date: March 31, 2011Applicant: Microsoft CorporationInventors: Trevin Chow, Winfred Wong, Yordan Rouskov, Kok Wai Chan, Wei Jiang, Colin Chow, Sanjeev Nagvekar, Matt Sullivan, Kalyan Sayyaparaju, Dilip Pai, Avinash Belur
-
Patent number: 7853995Abstract: An integrated authentication service is described which may receive a bundled request from one or more clients. One or more of the described techniques may be utilized to provide, in response to a single bundled request, a token for proof of identity and a certificate for establishing secure communications.Type: GrantFiled: November 18, 2005Date of Patent: December 14, 2010Assignee: Microsoft CorporationInventors: Trevin Chow, Winfred Wong, Yordan Rouskov, Kok Wai Chan, Wei Jiang, Colin Chow, Sanjeev Nagvekar, Matt Sullivan, Dilip Pai, Kalyan Sayyaparaju, Avinash Belur
-
Patent number: 7590669Abstract: Method for providing an interface to a function that manages a plurality of entities. Computer-executable instructions receive a request to implement a change in configuration data. The configuration data is stored in a memory area and relates to an operation of one or more entities. In response to the received request, computer-executable instructions identify a plurality of the entities affected by the change and implement the change for the identified plurality of entities in accordance with the function.Type: GrantFiled: April 6, 2004Date of Patent: September 15, 2009Assignee: Microsoft CorporationInventors: Ying-Kin Tony Yip, Kok Wai Chan, Rui Chen, Rahul Shrikant Newaskar, Anthony Toivonen
-
Publication number: 20090204808Abstract: Exchanging information in a multi-site authentication system. A network server receives, from an authentication server, a request by a client computing device for a service provided by the network server along with an authentication ticket. The authentication ticket includes: a session key encrypted by a public key associated with the network server, message content encrypted by the session key, and a signature for the encrypted session key and the encrypted message content. The signature includes address information of the network server. The network server identifies its own address information in the signature to validate the signature included in the authentication ticket and verifies the authentication ticket content based on the signature included in the authentication ticket. The network server decrypts the encrypted session key via a private key associated with the second network server and decrypts the encrypted message content via the decrypted session key.Type: ApplicationFiled: April 20, 2009Publication date: August 13, 2009Applicant: MICROSOFT CORPORATIONInventors: Wei-Quiang Michael Guo, John Hal Howard, Kok Wai Chan
-
Patent number: 7523490Abstract: A security protocol for use in a multi-site authentication system. After authenticating a user, an authentication server generates a ticket including information associated with the user. The authentication server encrypts content of the ticket using a symmetric key shared with an affiliate server. The affiliate server has a public key that the authentication server uses to encrypt the shared key. The authentication server has private key for creating a signature on the ticket. The affiliate server decrypts the shared key with its private key and then decrypts the content of the ticket using the decrypted shared key. The affiliate server validates the signature with the authentication server's public key.Type: GrantFiled: May 15, 2002Date of Patent: April 21, 2009Assignee: Microsoft CorporationInventors: Wei-Quiang Michael Guo, John Hal Howard, Kok Wai Chan
-
Patent number: 7437551Abstract: A system and method for retrieving certificate of trust information for a certificate validation process. Fetching servers periodically retrieve certificate revocation lists (CRLs) from servers maintained by various certificate issuers. The revoked certificate data included in the retrieved CRLs are stored in a central database. An authentication server receives a request from a client for access to a secure service and initiates a validation process. The authentication server retrieves revoked certificate data from the central database and compares the retrieved revoked certificate data to certificate of trust information received from the client along with the request. The authentication server denies access to the secure information if the certificate of trust information matches revoked certificate data from the central database, allows access if the certificate of trust information does not match revoked certificate data from the central database.Type: GrantFiled: April 2, 2004Date of Patent: October 14, 2008Assignee: Microsoft CorporationInventors: Kok Wai Chan, Wei Jiang, Wei-Quiang Michael Guo
-
Patent number: 7379551Abstract: Securely roaming private data from one client computer to another in a network. A home client application generates a first key in response to a password, and encrypts designated private data as a function of the first key. A server receives and stores the encrypted private data. A roaming client application generates the first key in response to the password, and decrypts encrypted private data transferred from the server to obtain the private data. The invention further provides users the ability to retrieve encrypted private from the server even when the user cannot remember the password associated with the first key. Also, the server has no knowledge of the private data or the keys.Type: GrantFiled: April 2, 2004Date of Patent: May 27, 2008Assignee: Microsoft CorporationInventors: Kok Wai Chan, Dafina Ivanova Toncheva, Baskaran Dharmarajan, Rahul Shrikant Newaskar, Adam Back
-
Publication number: 20080046983Abstract: Embodiments of multi-user web service sign-in client side components are presented herein. In an implementation, the currently authenticated user account of a first application of a client is transferred to another application of a client. In another implementation, a common credential store is used to share data for a plurality of user accounts associated with a client between a plurality of applications of the client, and for the applications to output multi-user interfaces having portions corresponding to the plurality of accounts.Type: ApplicationFiled: August 11, 2006Publication date: February 21, 2008Applicant: Microsoft CorporationInventors: Erren Dusan Lester, Lynn C. Ayres, Trevin M. Chow, Kok Wai Chan, Rui Chen, Naresh Jain
-
Patent number: 7016909Abstract: A system and method for expanding recurring calendar events such that the retrieval of recurring calendar appointments is expedited. A recurring appointment is saved as a data structure including a recurrence pattern. When a recurring appointment is saved by a client that has sufficient processing and memory resources to perform the computations necessary to expand recurring appointments (i.e., a thick client), a background thread is notified. The background thread increases its priority to normal when idle processing capacity is available and calls a routine requesting calendar information for a defined time period. The routine causes the expansion of the data structure into the individual instances of the recurring appointment for a defined time period, and the individual instances are saved for later retrieval. A later query from a client without sufficient processing and memory resources to perform the calculations necessary to expand recurring appointments (i.e.Type: GrantFiled: June 4, 2002Date of Patent: March 21, 2006Assignee: Microsoft CorporationInventors: Kok Wai Chan, Dennis A. Kiilerich
-
Publication number: 20030225732Abstract: A system and method for expanding recurring calendar events such that the retrieval of recurring calendar appointments is expedited. A recurring appointment is saved as a data structure including a recurrence pattern. When a recurring appointment is saved by a client that has sufficient processing and memory resources to perform the computations necessary to expand recurring appointments (i.e., a thick client), a background thread is notified. The background thread increases its priority to normal when idle processing capacity is available and calls a routine requesting calendar information for a defined time period. The routine causes the expansion of the data structure into the individual instances of the recurring appointment for a defined time period, and the individual instances are saved for later retrieval. A later query from a client without sufficient processing and memory resources to perform the calculations necessary to expand recurring appointments (i.e.Type: ApplicationFiled: June 4, 2002Publication date: December 4, 2003Applicant: Microsoft CorporationInventors: Kok Wai Chan, Dennis A. Kiilerich
-
Publication number: 20030217288Abstract: A security protocol for use in a multi-site authentication system. After authenticating a user, an authentication server generates a ticket including information associated with the user. The authentication server encrypts content of the ticket using a symmetric key shared with an affiliate server. The affiliate server has a public key that the authentication server uses to encrypt the shared key. The authentication server has private key for creating a signature on the ticket. The affiliate server decrypts the shared key with its private key and then decrypts the content of the ticket using the decrypted shared key. The affiliate server validates the signature with the authentication server's public key.Type: ApplicationFiled: May 15, 2002Publication date: November 20, 2003Applicant: Microsoft CorporationInventors: Wei-Quiang Michael Guo, John Hal Howard, Kok Wai Chan
-
Patent number: 6360217Abstract: A method for calculating all event occurrences defined by an event expression in a specified time window. An event expression comprises add rules, delete rules and modify rules, each of which define a set of rule occurrences. The rules are separated into three groups and the occurrences generated by the grouped rules are sorted in any desired manner such that the earliest occurrence of each group is available for processing. A heap sort algorithm represents one suitable sorting technique. The earliest add rule occurrence is retrieved from the sorted add group occurrences and is compared with the earliest modify and delete rule occurrences taken from the sorted modify and delete group occurrences, respectively. Based on priority rules applied to the add, modify, and delete rule occurrences during the comparison process, it may be determined that the add rule occurrence represents a valid event occurrence that satisfies the event expression.Type: GrantFiled: April 21, 1999Date of Patent: March 19, 2002Assignee: Microsoft CorporationInventors: Burra Gopal, Kok Wai Chan