Patents by Inventor Philip Hallin
Philip Hallin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9660817Abstract: In many information security scenarios, a certificate issued by a certificate authority may be presented to a client in order to assert a trust level of a certificated item, such as a message or a web page. However, due to a decentralized structure and incomplete coordination among certificate authorities, the presence and exploitation of security vulnerabilities to issue untrustworthy certificates may be difficult to determine, particularly for an individual client. Presented herein are techniques for advising clients of the reputations of respective certificate authorities by evaluating the certificates issued by such certificate authorities, such as the number and types of domains certified by the certificate; the number and pattern of certificates issued for the domain; and the certification techniques used to issue the certificates. Such evaluation enables a determination of a certificate authority trust level that may be distributed to the clients in a certificate authority trust set.Type: GrantFiled: August 1, 2014Date of Patent: May 23, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Anooshiravan Saboori, Muhammad Umar Janjua, Nelly Porter, Philip Hallin, Haitao Li, Xiaohong Su, Kelvin Yiu, Anthony Paul Penta, Vassil Dimitrov Bakalov, Bryston Mitsuo Nitta
-
Patent number: 9553730Abstract: In many information security scenarios, a certificate issued by a certificating authority may be presented to a client in order to assert a trust level of a certificated item, such as a message or a web page. However, due to a decentralized structure and incomplete coordination among certificating authorities, the presence and exploitation of security vulnerabilities to issue untrustworthy certificates may be difficult to determine, particularly for an individual client. Presented herein are techniques for providing a certificating authority trust service that collects and evaluates certificates submitted to clients by certificating authorities, and advises the clients of a certificating authority trust level for respective certificating authorities (e.g., determined as a consensus of the evaluated certificates issued by the certificating authority).Type: GrantFiled: September 6, 2013Date of Patent: January 24, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Anooshiravan Saboor, Muhammad Umar Janjua, Nelly Porter, Philip Hallin, Haitao Li, Xiaohong Su, Kelvin Yiu, Anthony Paul Penta
-
Patent number: 9553732Abstract: In many information security scenarios, a certificate issued by a certificate authority on behalf of a domain is presented to a client in order to verify the identity of the domain. However, due to a decentralized structure and incomplete coordination among certificate authorities, the presence and exploitation of security vulnerabilities to issue untrustworthy certificates may be difficult for an individual client to determine. Presented herein are techniques for advising clients of the trustworthiness of respective certificate authorities by evaluating the certificates issued by such certificate authorities for suspicious indicators, such as hashcode collisions with other certificates and public key re-use.Type: GrantFiled: August 1, 2014Date of Patent: January 24, 2017Assignee: Microsoft Technology Licensing LLCInventors: Anooshiravan Saboori, Muhammad Umar Janjua, Nelly Porter, Philip Hallin, Haitao Li, Xiaohong Su, Kelvin Yiu, Anthony Paul Penta
-
Publication number: 20160036593Abstract: In many information security scenarios, a certificate issued by a certificate authority may be presented to a client in order to assert a trust level of a certificated item, such as a message or a web page. However, due to a decentralized structure and incomplete coordination among certificate authorities, the presence and exploitation of security vulnerabilities to issue untrustworthy certificates may be difficult to determine, particularly for an individual client. Presented herein are techniques for advising clients of the reputations of respective certificate authorities by evaluating the certificates issued by such certificate authorities, such as the number and types of domains certified by the certificate; the number and pattern of certificates issued for the domain; and the certification techniques used to issue the certificates. Such evaluation enables a determination of a certificate authority trust level that may be distributed to the clients in a certificate authority trust set.Type: ApplicationFiled: August 1, 2014Publication date: February 4, 2016Inventors: Anooshiravan Saboori, Muhammad Umar Janjua, Nelly Porter, Philip Hallin, Haitao Li, Xiaohong Su, Kelvin Yiu, Anthony Paul Penta, Vassil Dimitrov Bakalov, Bryston Mitsuo Nitta
-
Publication number: 20140359281Abstract: In many information security scenarios, a certificate issued by a certificate authority on behalf of a domain is presented to a client in order to verify the identity of the domain. However, due to a decentralized structure and incomplete coordination among certificate authorities, the presence and exploitation of security vulnerabilities to issue untrustworthy certificates may be difficult for an individual client to determine. Presented herein are techniques for advising clients of the trustworthiness of respective certificate authorities by evaluating the certificates issued by such certificate authorities for suspicious indicators, such as hashcode collisions with other certificates and public key re-use.Type: ApplicationFiled: August 1, 2014Publication date: December 4, 2014Inventors: Anooshiravan Saboori, Muhammad Umar Janjua, Nelly Porter, Philip Hallin, Haitao Li, Xiaohong Su, Kelvin Yiu, Anthony Paul Penta
-
Publication number: 20140359280Abstract: In many information security scenarios, a certificate issued by a certificating authority may be presented to a client in order to assert a trust level of a certificated item, such as a message or a web page. However, due to a decentralized structure and incomplete coordination among certificating authorities, the presence and exploitation of security vulnerabilities to issue untrustworthy certificates may be difficult to determine, particularly for an individual client. Presented herein are techniques for providing a certificating authority trust service that collects and evaluates certificates submitted to clients by certificating authorities, and advises the clients of a certificating authority trust level for respective certificating authorities (e.g., determined as a consensus of the evaluated certificates issued by the certificating authority).Type: ApplicationFiled: September 6, 2013Publication date: December 4, 2014Inventors: Anooshiravan Saboor, Muhammad Umar Janjua, Nelly Porter, Philip Hallin, Haitao Li, Xiaohong Su, Kelvin Yiu, Anthony Paul Penta
-
Publication number: 20070055887Abstract: One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.Type: ApplicationFiled: October 25, 2006Publication date: March 8, 2007Applicant: Microsoft CorporationInventors: David Cross, Philip Hallin, Matthew Thomlinson, Thomas Jones
-
Publication number: 20060294576Abstract: An efficient protocol for retrieving cryptographic evidence may be selected by evaluating a local policy and a number of relevant factors. Furthermore, updated cryptographic evidence may be prefetched during a time period in which there is a low volume of requests for cryptographic evidence. This low volume time period may be defined, approximately, as an overlapping window in which both a first cryptographic evidence publication and a second cryptographic evidence publication are valid.Type: ApplicationFiled: June 24, 2005Publication date: December 28, 2006Applicant: Microsoft CorporationInventors: David Cross, Kelvin Yiu, Philip Hallin, Ryan Hurst, Vishal Agarwal
-
Publication number: 20060161761Abstract: Systems and methods for validating integrity of an executable file are described. In one aspect, multiple partial image hashes are generated, the combination of which represent a digest of an entire executable file. Subsequent to loading the executable file on a computing device, a request to page a portion of the executable file into memory for execution is intercepted. Responsive to intercepting the request, and prior to paging the portion into memory for execution, a validation hash of the portion is computed. The validation hash is compared to a partial hash of the multiple partial image hashes to determine code integrity of the portion. The partial hash represents a same code segment as the portion.Type: ApplicationFiled: January 18, 2005Publication date: July 20, 2006Applicant: Microsoft CorporationInventors: Jonathan Schwartz, Yu Sie, Philip Hallin
-
Publication number: 20050257072Abstract: Implementations are described and claimed herein to enable credential roaming among a plurality of different computing devices. An exemplary system may include an event handler to receive event notifications such as, e.g., a client logon. The event handler may invoke a management service in response to receiving an event notification. The management service may include a synchronizing module to synchronize a user's credentials with a remote directory service, such as, e.g., Active Directory, so that the user's credentials are available from any of a number of different computing devices.Type: ApplicationFiled: April 9, 2004Publication date: November 17, 2005Inventors: David Cross, Xiaohong Su, Hao Zhuang, Philip Hallin
-
Publication number: 20050160041Abstract: Methods and apparatuses are provided for use with smartcards or other like shared computing resources. One or more root certificates are stored on a smartcard. The root certificates can be selectively copied to a certificate store or other like mechanism of an operatively coupled computing or like device and available to support certificate and other trust related processes of the device. When the smartcard is no longer operatively available to the device, the root certificates are no longer available to support such certificate and other trust related processes of the device.Type: ApplicationFiled: January 20, 2004Publication date: July 21, 2005Inventors: Daniel Griffin, Philip Hallin, Eric Perlin, Klaus Schutz
-
Publication number: 20050080899Abstract: An update process is used to update root certificates in a root certificate store of a client computer, maintaining the integrity of the existing root certificates as well as any new root certificates. In accordance with certain aspects, the integrity of a certificate trust list identifying one or more root certificates is verified. The root certificate store of the client computer is modified in accordance with the certificate trust list if the integrity of the certificate trust list is verified.Type: ApplicationFiled: October 18, 2004Publication date: April 14, 2005Applicant: Microsoft CorporationInventors: Keith Vogel, Charlie Chase, Kelvin Yiu, Philip Hallin, Louis Thomas