Patents by Inventor Murli Dharan Satagopan
Murli Dharan Satagopan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230336547Abstract: Methods, systems, apparatuses, and computer-readable storage mediums are described for authorizing publishing of a message and/or a subscription from an Internet of Things (IoT) device. In an example system, a message broker receives a list of attributes from a claims provider. The message broker determines whether publishing of the message is authorized based at least on the list of attributes, and publishes the message if it is determined that the publishing is authorized. The message broker may also receive a subscription specifying a topic filter. The message broker determines whether the subscription is authorized for the IoT device based at least on the list of attributes, and transmits a subscription message to the IoT device if it is determined that the subscription is authorized.Type: ApplicationFiled: May 31, 2022Publication date: October 19, 2023Inventors: Kevin Thomas DAMOUR, David Michael SAUNTRY, Peter Gregg MILLER, Jeroen VANTURENNOUT, Murli Dharan SATAGOPAN, William Alexander STEVENSON, Michael Richard YAGLEY
-
Patent number: 11349844Abstract: Managing an authenticated user session. A method includes a resource provider computer system subscribing to a conditional access termination service for an entity configured to obtain resources from the resource provider computer system through a user session. The resource provider computer system receives an event, related to resource requests, for the entity from the conditional access termination service. The resource provider computer system receives a request for resources from the entity. The resource provider computer system evaluates the request with respect to the event. The resource provider computer system responds to the request based on evaluating the request with respect to the event.Type: GrantFiled: October 31, 2019Date of Patent: May 31, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Violet Anna Barhudarian, Jiangfeng Lu, Caleb Geoffrey Baker, Oren Jordan Melzer, Anirban Basu, Chandra Sekhar Surapaneni, Nitika Gupta, Murli Dharan Satagopan
-
Publication number: 20210136076Abstract: Managing an authenticated user session. A method includes a resource provider computer system subscribing to a conditional access termination service for an entity configured to obtain resources from the resource provider computer system through a user session. The resource provider computer system receives an event, related to resource requests, for the entity from the conditional access termination service. The resource provider computer system receives a request for resources from the entity. The resource provider computer system evaluates the request with respect to the event. The resource provider computer system responds to the request based on evaluating the request with respect to the event.Type: ApplicationFiled: October 31, 2019Publication date: May 6, 2021Inventors: Violet Anna BARHUDARIAN, Jiangfeng LU, Caleb Geoffrey BAKER, Oren Jordan MELZER, Anirban BASU, Chandra Sekhar SURAPANENI, Nitika GUPTA, Murli Dharan SATAGOPAN
-
Patent number: 10511593Abstract: A computer-implemented method for a security endpoint of a non-isolated computing environment includes receiving a login request related to an application within that environment. The login request corresponds to a user of the application. The method includes sending a lookup query, including information related to an identity of the user, to a directory service. The method includes receiving a lookup response from the directory service. The method includes, in response to the lookup response indicating that the user belongs to the non-isolated computing environment, requesting an authentication credential from a client device of the user, validating the authentication credential, and in response to successful validation of the authentication credential, providing an identity token to the client device.Type: GrantFiled: June 13, 2017Date of Patent: December 17, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Madan Mohan R. Appiah, Murli Dharan Satagopan, Maksym Kryatov
-
Publication number: 20180359238Abstract: A computer-implemented method for a security endpoint of a non-isolated computing environment includes receiving a login request related to an application within that environment. The login request corresponds to a user of the application. The method includes sending a lookup query, including information related to an identity of the user, to a directory service. The method includes receiving a lookup response from the directory service. The method includes, in response to the lookup response indicating that the user belongs to the non-isolated computing environment, requesting an authentication credential from a client device of the user, validating the authentication credential, and in response to successful validation of the authentication credential, providing an identity token to the client device.Type: ApplicationFiled: June 13, 2017Publication date: December 13, 2018Inventors: Madan Mohan R. APPIAH, Murli Dharan SATAGOPAN, Maksym KRYATOV
-
Patent number: 10069630Abstract: A system includes a target directory service, a domain mesh with a plurality of domains, and a synchronization host coupled to the domain mesh. The synchronization host is configured to synchronize password changes received in the domain mesh with the target directory service. Synchronizing the password changes includes receiving at the synchronization host a hash value representative of a plaintext password from the domain mesh, performing at the synchronization host an additional hash on the hash value to generate protected password data, and exporting the protected password data from the synchronization host to the target directory service.Type: GrantFiled: June 28, 2017Date of Patent: September 4, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Jonathan M. Luk, Ariel N. Gordon, Raman N. Chikkamagalur, Ziad Elmalki, Sergii Gubenko, Girish Chander, Anandhi Somasekaran, Murli Dharan Satagopan
-
Publication number: 20170302448Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.Type: ApplicationFiled: June 28, 2017Publication date: October 19, 2017Inventors: Jonathan M. LUK, Ariel N. GORDON, Raman N. CHIKKAMAGALUR, Ziad ELMALKI, Sergii GUBENKO, Girish CHANDER, Anandhi SOMASEKARAN, Murli Dharan SATAGOPAN
-
Patent number: 9130926Abstract: A computer-implemented method for authorizing access by a client application to a resource of a user maintained on a first server computing system, the client application being implemented on a second server computing system, includes receiving a delegation message from the first server computer system to initiate authorization of the access by the client application, issuing an authorization message to the first server computer system, the authorization message comprising an authorization data package for redemption by the client application, the authorization data package comprising first through fourth integral delegation data indicative of the user, the client application, the resource, and a timestamp, respectively, receiving a redemption message from the second server computing system comprising the authorization data package, conducting an analysis of the authorization data package, and sending an access token to the second server computing system based on the analysis.Type: GrantFiled: December 27, 2012Date of Patent: September 8, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Vijayavani Nori, Hervey O. Wilson, Caleb G. Baker, Gregory C. Johnson, Murli Dharan Satagopan, Igor Sakhnov, Samantha Kwok
-
Publication number: 20140189797Abstract: A computer-implemented method for authorizing access by a client application to a resource of a user maintained on a first server computing system, the client application being implemented on a second server computing system, includes receiving a delegation message from the first server computer system to initiate authorization of the access by the client application, issuing an authorization message to the first server computer system, the authorization message comprising an authorization data package for redemption by the client application, the authorization data package comprising first through fourth integral delegation data indicative of the user, the client application, the resource, and a timestamp, respectively, receiving a redemption message from the second server computing system comprising the authorization data package, conducting an analysis of the authorization data package, and sending an access token to the second server computing system based on the analysis.Type: ApplicationFiled: December 27, 2012Publication date: July 3, 2014Applicant: MICROSOFT CORPORATIONInventors: Vijayavani Nori, Hervey O. Wilson, Caleb G. Baker, Gregory C. Johnson, Murli Dharan Satagopan, Igor Sakhnov, Samantha Kwok
-
Publication number: 20100077467Abstract: In one embodiment, a client computer system receives user credentials from a computer user. The client computer sends the received user credentials to an authentication service running on a server computer in a datacenter, where the authentication service is configured to authenticate the user credentials so that the user is authorized to access datacenter-provided information corresponding to various client-side applications. The client computer receives an authorization indication from the authentication service indicating that the user is authorized to access the datacenter-provided information and stores the received authorization indication in a credential store on the client computer.Type: ApplicationFiled: September 19, 2008Publication date: March 25, 2010Applicant: Microsoft CorporationInventors: Murli Dharan Satagopan, Ferhan Elvanoglu, Anandhi Somasekaran, Damien B. R. Gallot, Gaurav V. Navlakha
-
Publication number: 20100077208Abstract: In one embodiment, a client computer system receives user credentials from a computer user. The client computer system formulates a system identifier that uniquely identifies the system, and sends the received user credentials with the system identifier to an authentication service running on a datacenter server. The authentication service is configured to authenticate the user credentials and generate an authentication certificate based on the user credentials and the system identifier. The client computer system receives the generated authentication certificate from the authentication service and stores the received authentication certificate.Type: ApplicationFiled: September 19, 2008Publication date: March 25, 2010Applicant: Microsoft CorporationInventors: Madan R. Appiah, Murli Dharan Satagopan