Patents by Inventor Niels Thomas Ferguson
Niels Thomas Ferguson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8331568Abstract: In Transport Layer Security (TLS) or other communication protocols, the load on the server may be lowered by reducing the number of expensive decryption operations that the server has to perform. When a client contacts a server, the client sends the server the client's public key. The server chooses a secret value, encrypts the value with the client's public key, and sends the encrypted value to the client. When the client decrypts the secret, the server and client share a secret value, which may be used to derive an encryption key for further messages. In many key agreement schemes, the client chooses and encrypts the secret value, and the server recovers the value with an expensive decryption operation. By instead having the server choose the value and send it to the client, an expensive decryption operation is redistributed from the server to the client, thereby freeing server resources.Type: GrantFiled: May 28, 2009Date of Patent: December 11, 2012Assignee: Microsoft CorporationInventor: Niels Thomas Ferguson
-
Patent number: 8325924Abstract: In an example, one or more cryptographic keys may be associated with a group. Any member of the group may use the key to encrypt and decrypt information, thereby allowing members of the group to share encrypted information. Domain controllers (DCs) maintain copies of the group's keys. The DCs may synchronize with each other, so that each DC may have a copy of the group's keys. Keys may have expiration dates, and any client connected to a DC may generate a new key when a key is nearing expiration. The various clients may create new keys at differing amounts of time before expiration on various DCs. DCs that store keys early thus may have time to propagate the newly-created keys through synchronization before other DCs are requested to store keys created by other clients. In this way, the creation of an excessive number of new keys may be avoided.Type: GrantFiled: February 19, 2009Date of Patent: December 4, 2012Assignee: Microsoft CorporationInventors: Tolga Acar, Josh Benaloh, Niels Thomas Ferguson, Carl M. Ellison, Mira Belenkiy, Duy Lan Nguyen
-
Patent number: 8085933Abstract: Encryption is provided with additional diffusion components to construct a block cipher with a large and variable block size. The cipher incorporates an encryption system or algorithm such that the cipher is at least as secure as the encryption system or algorithm. Additional components of the cipher provide improved diffusion. This combination ensures that the cipher is at least as strong as the encryption algorithm, and at the same time it provides additional security properties due to its improved diffusion.Type: GrantFiled: September 3, 2009Date of Patent: December 27, 2011Assignee: Microsoft CorporationInventor: Niels Thomas Ferguson
-
Patent number: 7992198Abstract: An authentication mechanism is provided for a web method platform that allows homogeneous access for different types of clients according to a bootstrapping procedure utilized to establish the session. Different clients can be assigned different levels of trust based in part on the bootstrapping procedure and/or information provided during the procedure. The bootstrapping procedure can produce a token that is used by the clients in subsequent requests to provide previous authentication or state information to the platform. The token can comprise a shared secret used to ensure integrity of communications in some cases, and the token can be opaque to the client. Tokens can expire and require a client to re-bootstrap to provide higher levels of authentication protection, and tokens can be shared among a plurality of application servers to facilitate effective handling of requests in a farmed environment.Type: GrantFiled: September 14, 2007Date of Patent: August 2, 2011Assignee: Microsoft CorporationInventors: Brian J. Guarraci, Christopher C. White, Niels Thomas Ferguson, Jeffrey Dick Jones, Sean Patrick Nolan, Johnson T. Apacible, Vijay Varadan
-
Publication number: 20100306525Abstract: In Transport Layer Security (TLS) or other communication protocols, the load on the server may be lowered by reducing the number of expensive decryption operations that the server has to perform. When a client contacts a server, the client sends the server the client's public key. The server chooses a secret value, encrypts the value with the client's public key, and sends the encrypted value to the client. When the client decrypts the secret, the server and client share a secret value, which may be used to derive an encryption key for further messages. In many key agreement schemes, the client chooses and encrypts the secret value, and the server recovers the value with an expensive decryption operation. By instead having the server choose the value and send it to the client, an expensive decryption operation is redistributed from the server to the client, thereby freeing server resources.Type: ApplicationFiled: May 28, 2009Publication date: December 2, 2010Applicant: Microsoft CorporationInventor: Niels Thomas Ferguson
-
Publication number: 20100208898Abstract: In an example, one or more cryptographic keys may be associated with a group. Any member of the group may use the key to encrypt and decrypt information, thereby allowing members of the group to share encrypted information. Domain controllers (DCs) maintain copies of the group's keys. The DCs may synchronize with each other, so that each DC may have a copy of the group's keys. Keys may have expiration dates, and any client connected to a DC may generate a new key when a key is nearing expiration. The various clients may create new keys at differing amounts of time before expiration on various DCs. DCs that store keys early thus may have time to propagate the newly-created keys through synchronization before other DCs are requested to store keys created by other clients. In this way, the creation of an excessive number of new keys may be avoided.Type: ApplicationFiled: February 19, 2009Publication date: August 19, 2010Applicant: MICROSOFT CORPORATIONInventors: Tolga Acar, Josh Benaloh, Niels Thomas Ferguson, Carl M. Ellison, Mira Belenkiy, Duy Lan Nguyen
-
Patent number: 7690045Abstract: An access control system applies contents-based policies to data that is being transferred. This transfer can be between different computers, different operating systems on a single computer, different applications within on the same operating system, or different parts of the same operating system, for example. Data is scanned at a scan engine associated with a security reference monitor (SRM) as the data is being transmitted, on-the-fly. The data is forwarded directly to the recipient, so the data is not stored at the SRM. The data is encrypted at the SRM as it comes by, and the key is revealed to the recipient if it is subsequently determined that the transfer is allowed.Type: GrantFiled: September 15, 2005Date of Patent: March 30, 2010Assignee: Microsoft CorporationInventor: Niels Thomas Ferguson
-
Publication number: 20100002873Abstract: Encryption is provided with additional diffusion components to construct a block cipher with a large and variable block size. The cipher incorporates an encryption system or algorithm such that the cipher is at least as secure as the encryption system or algorithm. Additional components of the cipher provide improved diffusion. This combination ensures that the cipher is at least as strong as the encryption algorithm, and at the same time it provides additional security properties due to its improved diffusion.Type: ApplicationFiled: September 3, 2009Publication date: January 7, 2010Applicant: Microsoft CorporationInventor: Niels Thomas Ferguson
-
Patent number: 7602906Abstract: Encryption is provided with additional diffusion components to construct a block cipher with a large and variable block size. The cipher incorporates an encryption system or algorithm such that the cipher is at least as secure as the encryption system or algorithm. Additional components of the cipher provide improved diffusion. This combination ensures that the cipher is at least as strong as the encryption algorithm, and at the same time it provides additional security properties due to its improved diffusion.Type: GrantFiled: August 25, 2005Date of Patent: October 13, 2009Assignee: Microsoft CorporationInventor: Niels Thomas Ferguson
-
Publication number: 20080256616Abstract: An authentication mechanism is provided for a web method platform that allows homogeneous access for different types of clients according to a bootstrapping procedure utilized to establish the session. Different clients can be assigned different levels of trust based in part on the bootstrapping procedure and/or information provided during the procedure. The bootstrapping procedure can produce a token that is used by the clients in subsequent requests to provide previous authentication or state information to the platform. The token can comprise a shared secret used to ensure integrity of communications in some cases, and the token can be opaque to the client. Tokens can expire and require a client to re-bootstrap to provide higher levels of authentication protection, and tokens can be shared among a plurality of application servers to facilitate effective handling of requests in a farmed environment.Type: ApplicationFiled: September 14, 2007Publication date: October 16, 2008Applicant: MICROSOFT CORPORATIONInventors: Brian J. Guarraci, Christopher C. White, Niels Thomas Ferguson, Jeffrey Dick Jones, Sean Patrick Nolan, Johnson T. Apacible, Vijay Varadan
-
Patent number: 7343011Abstract: A security mechanism suitable for wireless local area networks is disclosed that exhibits a reasonable trade-off between computation speed and resistance to attack. The illustrative embodiment can be implemented with operations that are quickly performed on most processors, and, therefore be in many cases reasonably implemented in software. The illustrative embodiment comprises modulo 2 additions, modulo 2B additions, bit rotations, and byte transpositions.Type: GrantFiled: April 29, 2003Date of Patent: March 11, 2008Assignee: Conexant, Inc.Inventor: Niels Thomas Ferguson
-
Publication number: 20040008840Abstract: A security mechanism suitable for wireless local area networks is disclosed that exhibits a reasonable trade-off between computation speed and resistance to attack. The illustrative embodiment can be implemented with operations that are quickly performed on most processors, and, therefore be in many cases reasonably implemented in software. The illustrative embodiment comprises modulo 2 additions, modulo 2B additions, bit rotations, and byte transpositions.Type: ApplicationFiled: April 29, 2003Publication date: January 15, 2004Inventor: Niels Thomas Ferguson