Patents by Inventor Michael A. Bishop
Michael A. Bishop has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11838276Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. If the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.Type: GrantFiled: May 19, 2021Date of Patent: December 5, 2023Assignee: Akamai Technologies, Inc.Inventors: Stephen L. Ludin, Michael A. Bishop
-
Publication number: 20220078165Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. if the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.Type: ApplicationFiled: May 19, 2021Publication date: March 10, 2022Applicant: Akamai Technologies, Inc.Inventors: Stephen L. Ludin, Michael A. Bishop
-
Patent number: 11019034Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. If the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.Type: GrantFiled: November 16, 2018Date of Patent: May 25, 2021Assignee: Akamai Technologies, Inc.Inventors: Stephen L. Ludin, Michael A. Bishop
-
Patent number: 10819526Abstract: A system includes a processor and a computer-readable medium storing instructions for execution. The instructions include generating a cryptographic pair of user public and private keys for a user. The instructions include registering an identity of the user with an identity provider, transmitting the user public key, and receiving a user certificate from the identity provider. The instructions include signing a trust certificate for a web server, including an address and a public key of the web server, with the user private key. The instructions include, in response to an access request from the user specifying a second web server: obtaining a second trust certificate from the second web server; and establishing a connection with the second web server in response to successful verification of a signature of the second trust certificate using a public key corresponding to a trusted contact of the user.Type: GrantFiled: February 19, 2018Date of Patent: October 27, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Hirsch Patrick Singhal, Duncan Allan Horn, Michael A. Bishop
-
Patent number: 10810279Abstract: Among other things, this document describes systems, devices, and methods for improving the delivery of resources embedded on a web page. In one embodiment, a content delivery network analyzes markup language documents that clients have requested to embedded resources, such as linked references to images, scripts, fonts, cascading style sheets, or other types of content. This analysis may be conducted on the content server and/or asynchronously, in a dedicated analytical environment, to produce delivery instructions. Where embedded resources have hostnames for which the content delivery network is authoritative, and where certain conditions are met, servers can be instructed to push additional certificates for such hostnames over the primary connection. When embedded resources have hostnames for which the platform is not authoritative, and where certain conditions are met, servers can be instructed to pre-fetch and push such resources with a signature from the authoritative origin.Type: GrantFiled: February 7, 2018Date of Patent: October 20, 2020Assignee: Akamai Technologies, Inc.Inventors: Utkarsh Goel, Moritz Steiner, Michael A. Bishop, Martin T. Flack, Stephen L. Ludin
-
Publication number: 20200162432Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. If the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.Type: ApplicationFiled: November 16, 2018Publication date: May 21, 2020Applicant: Akamai Technologies, Inc.Inventors: Stephen L. Ludin, Michael A. Bishop
-
Publication number: 20190260594Abstract: A system includes a processor and a computer-readable medium storing instructions for execution. The instructions include generating a cryptographic pair of user public and private keys for a user. The instructions include registering an identity of the user with an identity provider, transmitting the user public key, and receiving a user certificate from the identity provider. The instructions include signing a trust certificate for a web server, including an address and a public key of the web server, with the user private key. The instructions include, in response to an access request from the user specifying a second web server: obtaining a second trust certificate from the second web server; and establishing a connection with the second web server in response to successful verification of a signature of the second trust certificate using a public key corresponding to a trusted contact of the user.Type: ApplicationFiled: February 19, 2018Publication date: August 22, 2019Inventors: Hirsch Patrick SINGHAL, Duncan Allan HORN, Michael A. BISHOP
-
Publication number: 20190243924Abstract: Among other things, this document describes systems, devices, and methods for improving the delivery of resources embedded on a web page. In one embodiment, a content delivery network analyzes markup language documents that clients have requested to embedded resources, such as linked references to images, scripts, fonts, cascading style sheets, or other types of content. This analysis may be conducted on the content server and/or asynchronously, in a dedicated analytical environment, to produce delivery instructions. Where embedded resources have hostnames for which the content delivery network is authoritative, and where certain conditions are met, servers can be instructed to push additional certificates for such hostnames over the primary connection. When embedded resources have hostnames for which the platform is not authoritative, and where certain conditions are met, servers can be instructed to pre-fetch and push such resources with a signature from the authoritative origin.Type: ApplicationFiled: February 7, 2018Publication date: August 8, 2019Applicant: Akamai Technologies, Inc.Inventors: Utkarsh Goel, Moritz Steiner, Michael A. Bishop, Martin T. Flack, Stephen L. Ludin
-
Patent number: 5976556Abstract: Novel compositions comprising one or more of an acid protease and an acidic buffer, the acidic buffer comprising an acid and a pharmaceutically or cosmetically acceptable carrier, vehicle or excipient, useful for treating or preventing abnormal biological conditions, diseases or disorders, and/or for improving the texture or appearance of the skin, and/or for enhancing epidermal exfoliation and/or for enhancing epidermal cell renewal and to methods for the use of the compositions. The acid protease comprises one or more proteolytic enzymes which exhibit proteolytic activity at pH values below that of the surface of the skin, i.e., approximately pH 5.5. The acidic buffer comprises inorganic and/or organic acids or mixtures thereof with a pharmaceutically or cosmetically acceptable carrier, vehicle or excipient. The buffer is capable of reducing the pH of the surface of the skin to less than pH 5.5 and is susceptible to neutralization by normal epidermal processes.Type: GrantFiled: June 13, 1996Date of Patent: November 2, 1999Assignee: Active Organics, Inc.Inventors: Scott J. Norton, Michael A. Bishop, Glen S. Gillis