Patents by Inventor Michael A. Bishop

Michael A. Bishop has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11838276
    Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. If the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.
    Type: Grant
    Filed: May 19, 2021
    Date of Patent: December 5, 2023
    Assignee: Akamai Technologies, Inc.
    Inventors: Stephen L. Ludin, Michael A. Bishop
  • Publication number: 20220078165
    Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. if the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.
    Type: Application
    Filed: May 19, 2021
    Publication date: March 10, 2022
    Applicant: Akamai Technologies, Inc.
    Inventors: Stephen L. Ludin, Michael A. Bishop
  • Patent number: 11019034
    Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. If the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.
    Type: Grant
    Filed: November 16, 2018
    Date of Patent: May 25, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Stephen L. Ludin, Michael A. Bishop
  • Patent number: 10819526
    Abstract: A system includes a processor and a computer-readable medium storing instructions for execution. The instructions include generating a cryptographic pair of user public and private keys for a user. The instructions include registering an identity of the user with an identity provider, transmitting the user public key, and receiving a user certificate from the identity provider. The instructions include signing a trust certificate for a web server, including an address and a public key of the web server, with the user private key. The instructions include, in response to an access request from the user specifying a second web server: obtaining a second trust certificate from the second web server; and establishing a connection with the second web server in response to successful verification of a signature of the second trust certificate using a public key corresponding to a trusted contact of the user.
    Type: Grant
    Filed: February 19, 2018
    Date of Patent: October 27, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Hirsch Patrick Singhal, Duncan Allan Horn, Michael A. Bishop
  • Patent number: 10810279
    Abstract: Among other things, this document describes systems, devices, and methods for improving the delivery of resources embedded on a web page. In one embodiment, a content delivery network analyzes markup language documents that clients have requested to embedded resources, such as linked references to images, scripts, fonts, cascading style sheets, or other types of content. This analysis may be conducted on the content server and/or asynchronously, in a dedicated analytical environment, to produce delivery instructions. Where embedded resources have hostnames for which the content delivery network is authoritative, and where certain conditions are met, servers can be instructed to push additional certificates for such hostnames over the primary connection. When embedded resources have hostnames for which the platform is not authoritative, and where certain conditions are met, servers can be instructed to pre-fetch and push such resources with a signature from the authoritative origin.
    Type: Grant
    Filed: February 7, 2018
    Date of Patent: October 20, 2020
    Assignee: Akamai Technologies, Inc.
    Inventors: Utkarsh Goel, Moritz Steiner, Michael A. Bishop, Martin T. Flack, Stephen L. Ludin
  • Publication number: 20200162432
    Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. If the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.
    Type: Application
    Filed: November 16, 2018
    Publication date: May 21, 2020
    Applicant: Akamai Technologies, Inc.
    Inventors: Stephen L. Ludin, Michael A. Bishop
  • Publication number: 20190260594
    Abstract: A system includes a processor and a computer-readable medium storing instructions for execution. The instructions include generating a cryptographic pair of user public and private keys for a user. The instructions include registering an identity of the user with an identity provider, transmitting the user public key, and receiving a user certificate from the identity provider. The instructions include signing a trust certificate for a web server, including an address and a public key of the web server, with the user private key. The instructions include, in response to an access request from the user specifying a second web server: obtaining a second trust certificate from the second web server; and establishing a connection with the second web server in response to successful verification of a signature of the second trust certificate using a public key corresponding to a trusted contact of the user.
    Type: Application
    Filed: February 19, 2018
    Publication date: August 22, 2019
    Inventors: Hirsch Patrick SINGHAL, Duncan Allan HORN, Michael A. BISHOP
  • Publication number: 20190243924
    Abstract: Among other things, this document describes systems, devices, and methods for improving the delivery of resources embedded on a web page. In one embodiment, a content delivery network analyzes markup language documents that clients have requested to embedded resources, such as linked references to images, scripts, fonts, cascading style sheets, or other types of content. This analysis may be conducted on the content server and/or asynchronously, in a dedicated analytical environment, to produce delivery instructions. Where embedded resources have hostnames for which the content delivery network is authoritative, and where certain conditions are met, servers can be instructed to push additional certificates for such hostnames over the primary connection. When embedded resources have hostnames for which the platform is not authoritative, and where certain conditions are met, servers can be instructed to pre-fetch and push such resources with a signature from the authoritative origin.
    Type: Application
    Filed: February 7, 2018
    Publication date: August 8, 2019
    Applicant: Akamai Technologies, Inc.
    Inventors: Utkarsh Goel, Moritz Steiner, Michael A. Bishop, Martin T. Flack, Stephen L. Ludin
  • Patent number: 5976556
    Abstract: Novel compositions comprising one or more of an acid protease and an acidic buffer, the acidic buffer comprising an acid and a pharmaceutically or cosmetically acceptable carrier, vehicle or excipient, useful for treating or preventing abnormal biological conditions, diseases or disorders, and/or for improving the texture or appearance of the skin, and/or for enhancing epidermal exfoliation and/or for enhancing epidermal cell renewal and to methods for the use of the compositions. The acid protease comprises one or more proteolytic enzymes which exhibit proteolytic activity at pH values below that of the surface of the skin, i.e., approximately pH 5.5. The acidic buffer comprises inorganic and/or organic acids or mixtures thereof with a pharmaceutically or cosmetically acceptable carrier, vehicle or excipient. The buffer is capable of reducing the pH of the surface of the skin to less than pH 5.5 and is susceptible to neutralization by normal epidermal processes.
    Type: Grant
    Filed: June 13, 1996
    Date of Patent: November 2, 1999
    Assignee: Active Organics, Inc.
    Inventors: Scott J. Norton, Michael A. Bishop, Glen S. Gillis