Patents by Inventor Pui-Yin Winfred Wong

Pui-Yin Winfred Wong has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190089710
    Abstract: Methods, systems, and apparatuses in a computing device enable user access to a resource. The method includes receiving, from a user, a request for access to a resource; accessing an authentication flow for granting access to the resource; obtaining first claims for a user from a first claims provider in the authentication flow; determining a second claims provider in the authentication flow, the second claims provider having a trust relationship with the claims facilitator; directing the user to the second claims provider; receiving second claims for the user from the second claims provider; and enabling the user to access the resource in response to at least the received first and second claims.
    Type: Application
    Filed: January 9, 2018
    Publication date: March 21, 2019
    Inventors: Alexander T. Weinert, Caleb G. Baker, Pui-Yin Winfred Wong, Carlos Adrian Lopez Castro, Yordan I. Rouskov, Laurentiu B. Cristofor, Michael V. McLaughlin
  • Publication number: 20190007371
    Abstract: Knowledge associated with an address of a first IP type may be mapped to an address of a second IP type. In response to receiving, at a first IP endpoint type, a request from a client associated with a first and second IP address type, a first address of the first IP type associated with the client is recorded. A unique identification of the request is generated. The unique identifier and instructions to make a second request to a second IP endpoint type are sent to the client. The second request, that includes the unique identifier and corresponds to the second IP address type associated with the client, is received at the second endpoint. Both the first address and the second address are determined as corresponding to the client by determining that the unique identifier was used in both requests. The first address is mapped to the second address.
    Type: Application
    Filed: June 30, 2017
    Publication date: January 3, 2019
    Inventors: Lee Reed BURTON, Daniel E. CASTRO, William Jacob GOLDENBERG, Mark A. NIKIEL, Pui-Yin Winfred WONG, Hardy WIJAYA, Hongyu SUN, Jingjing ZHANG
  • Patent number: 9779236
    Abstract: One or more techniques and/or systems are provided for risk assessment. Historical authentication data and/or compromised user account data may be evaluated to identify a set of authentication context properties associated with user authentication sessions and/or a set of malicious account context properties associated with compromised user accounts (e.g., properties indicative of whether a user recently visited a malicious site, created a fake social network profile, logged in from unknown locations, etc.). The set of authentication context properties and/or the set of malicious account context properties may be annotated to create an annotated context property training set that may be used to train a risk assessment machine learning model to generate a risk assessment model. The risk assessment model may be used to evaluate user context properties of a user account event to generate a risk analysis metric indicative of a likelihood the user account event is malicious or safe.
    Type: Grant
    Filed: June 21, 2016
    Date of Patent: October 3, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Luke Abrams, David J. Steeves, Robert Alexander Sim, Pui-Yin Winfred Wong, Harry Simon Katz, Aaron Small, Dana Scott Kaufman, Adrian Kreuziger, Mark A. Nikiel, Laurentiu Bogdan Cristofor, Alexa Lynn Keizur, Collin Tibbetts, Charles Hayden
  • Publication number: 20160300059
    Abstract: One or more techniques and/or systems are provided for risk assessment. Historical authentication data and/or compromised user account data may be evaluated to identify a set of authentication context properties associated with user authentication sessions and/or a set of malicious account context properties associated with compromised user accounts (e.g., properties indicative of whether a user recently visited a malicious site, created a fake social network profile, logged in from unknown locations, etc.). The set of authentication context properties and/or the set of malicious account context properties may be annotated to create an annotated context property training set that may be used to train a risk assessment machine learning model to generate a risk assessment model. The risk assessment model may be used to evaluate user context properties of a user account event to generate a risk analysis metric indicative of a likelihood the user account event is malicious or safe.
    Type: Application
    Filed: June 21, 2016
    Publication date: October 13, 2016
    Inventors: Luke Abrams, David J. Steeves, Robert Alexander Sim, Pui-Yin Winfred Wong, Harry Simon Katz, Aaron Small, Dana Scott Kaufman, Adrian Kreuziger, Mark A. Nikiel, Laurentiu Bogdan Cristofor, Alexa Lynn Keizur, Collin Tibbetts, Charles Hayden
  • Patent number: 9396332
    Abstract: One or more techniques and/or systems are provided for risk assessment. Historical authentication data and/or compromised user account data may be evaluated to identify a set of authentication context properties associated with user authentication sessions and/or a set of malicious account context properties associated with compromised user accounts (e.g., properties indicative of whether a user recently visited a malicious site, created a fake social network profile, logged in from unknown locations, etc.). The set of authentication context properties and/or the set of malicious account context properties may be annotated to create an annotated context property training set that may be used to train a risk assessment machine learning model to generate a risk assessment model. The risk assessment model may be used to evaluate user context properties of a user account event to generate a risk analysis metric indicative of a likelihood the user account event is malicious or safe.
    Type: Grant
    Filed: May 21, 2014
    Date of Patent: July 19, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Luke Abrams, David J. Steeves, Robert Alexander Sim, Pui-Yin Winfred Wong, Harry Simon Katz, Aaron Small, Dana Scott Kaufman, Adrian Kreuziger, Mark A. Nikiel, Laurentiu Bogdan Cristofor, Alexa Lynn Keizur, Collin Tibbetts, Charles Hayden
  • Publication number: 20150339477
    Abstract: One or more techniques and/or systems are provided for risk assessment. Historical authentication data and/or compromised user account data may be evaluated to identify a set of authentication context properties associated with user authentication sessions and/or a set of malicious account context properties associated with compromised user accounts (e.g., properties indicative of whether a user recently visited a malicious site, created a fake social network profile, logged in from unknown locations, etc.). The set of authentication context properties and/or the set of malicious account context properties may be annotated to create an annotated context property training set that may be used to train a risk assessment machine learning model to generate a risk assessment model. The risk assessment model may be used to evaluate user context properties of a user account event to generate a risk analysis metric indicative of a likelihood the user account event is malicious or safe.
    Type: Application
    Filed: May 21, 2014
    Publication date: November 26, 2015
    Inventors: Luke Abrams, David J. Steeves, Robert Alexander Sim, Pui-Yin Winfred Wong, Harry Simon Katz, Aaron Small, Dana Scott Kaufman, Adrian Kreuziger, Mark A. Nikiel, Laurentiu Bogdan Cristofor, Alexa Lynn Keizur, Collin Tibbetts, Charles Hayden
  • Patent number: 8800003
    Abstract: An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service.
    Type: Grant
    Filed: June 17, 2011
    Date of Patent: August 5, 2014
    Assignee: Microsoft Corporation
    Inventors: Wei-Qiang (Michael) Guo, Yordan Rouskov, Rui Chen, Pui-Yin Winfred Wong
  • Patent number: 8726358
    Abstract: Systems, computer-implemented methods, and computer-readable media for establishing an online account with a resource provider are provided. An authentication token including identification of a user from an authentication server is received. The identification of the user from the authentication token is utilized to establish an online account for the user with the resource provider. Additional credentialing information from the user for the online account is received. The additional information received from the user is associated with the online account for the user with the resource provider.
    Type: Grant
    Filed: April 14, 2008
    Date of Patent: May 13, 2014
    Assignee: Microsoft Corporation
    Inventors: Yordan I. Rouskov, Tore Sundelin, Mrigankka Fotedar, Sarah Faulkner, Pui-Yin Winfred Wong, Wei-Quiang Michael Guo, Lynn Ayres
  • Patent number: 8490201
    Abstract: One or more strong proofs are maintained as associated with an account of a user. In response to a request to change a security setting of the account, an attempt is made to confirm the request by using one of the one or more strong proofs to notify the user. The change is permitted if the request is confirmed via one or more of the strong proofs, and otherwise the change to the security setting of the account is kept unchanged.
    Type: Grant
    Filed: March 26, 2010
    Date of Patent: July 16, 2013
    Assignee: Microsoft Corporation
    Inventors: Tarek Bahaa El-Din Mahmoud Kamel, Yordan I. Rouskov, David J. Steeves, Rammohan Nagasubramani, Pui-Yin Winfred Wong, WeiQiang Michael Guo, Vikas Rajvanshy, Orville C. McDonald, Sean Christian Wohlgemuth, Vikrant Minhas
  • Patent number: 8341718
    Abstract: An integrated authentication service is described which may receive a bundled request from one or more clients. One or more of the described techniques may be utilized to provide, in response to a single bundled request, a token for proof of identity and a certificate for establishing secure communications.
    Type: Grant
    Filed: December 10, 2010
    Date of Patent: December 25, 2012
    Assignee: Microsoft Corporation
    Inventors: Trevin M Chow, Pui-Yin Winfred Wong, Yordan I Rouskov, Kok Wai Chan, Wei Jiang, Colin Chow, Sanjeev M Nagvekar, Matt Sullivan, Kalyan Sayyaparaju, Dilip K. Pai, Avinash Belur
  • Patent number: 8225385
    Abstract: Embodiments of multiple security token transactions are described herein. One or more of the described techniques may be utilized to provide, in a single request and response, an authentication token and a plurality security tokens for proof of identity at respective service providers.
    Type: Grant
    Filed: March 23, 2006
    Date of Patent: July 17, 2012
    Assignee: Microsoft Corporation
    Inventors: Trevin M Chow, Colin Chow, Pui-Yin Winfred Wong, Dilip K. Pai, Sanjeev M Nagvekar, Wei Jiang, Yordan I Rouskov
  • Publication number: 20120079585
    Abstract: Embodiments of proxy authentication and indirect certificate chaining are described herein. In an implementation, authentication for a client occurs via a proxy service. Proxy service communicates between client and server, and caches security tokens on behalf of the client. In an implementation, trustworthiness of certificate presented to a client to establish trust is determined utilizing a signed data package which incorporates a plurality of known certificates. The presented certificate is verified without utilizing root certificates installed on the client device.
    Type: Application
    Filed: December 6, 2011
    Publication date: March 29, 2012
    Applicant: MICROSOFT CORPORATION
    Inventors: Kok Wai Chan, Colin Chow, Trevin M. Chow, Lin Huang, Ryan Hurst, Naresh Jain, Wei Jiang, Yordan I. Rouskov, Pui-Yin Winfred Wong, Ismail Cem Paya, Ryan Hurst
  • Publication number: 20110247055
    Abstract: An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service.
    Type: Application
    Filed: June 17, 2011
    Publication date: October 6, 2011
    Applicant: Microsoft Corporation
    Inventors: Wei-Qiang Michael Guo, Yordan Rouskov, Rui Chen, Pui-Yin Winfred Wong
  • Publication number: 20110214173
    Abstract: One or more strong proofs are maintained as associated with an account of a user. In response to a request to change a security setting of the account, an attempt is made to confirm the request by using one of the one or more strong proofs to notify the user. The change is permitted if the request is confirmed via one or more of the strong proofs, and otherwise the change to the security setting of the account is kept unchanged.
    Type: Application
    Filed: March 26, 2010
    Publication date: September 1, 2011
    Applicant: Microsoft Corporation
    Inventors: Tarek Bahaa El-Din Mahmoud Kamel, Yordan I. Rouskov, David J. Steeves, Rammohan Nagasubramani, Pui-Yin Winfred Wong, WeiQiang Michael Guo, Vikas Rajvanshy, Orville C. McDonald, Sean Christian Wohlgemuth
  • Patent number: 7979899
    Abstract: An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service.
    Type: Grant
    Filed: June 2, 2008
    Date of Patent: July 12, 2011
    Assignee: Microsoft Corporation
    Inventors: Wei-Qiang (Michael) Guo, Yordan Rouskov, Rui Chen, Pui-Yin Winfred Wong
  • Publication number: 20090300744
    Abstract: An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service.
    Type: Application
    Filed: June 2, 2008
    Publication date: December 3, 2009
    Applicant: MICROSOFT CORPORATION
    Inventors: Wei-Qiang (Michael) Guo, Yordan Rouskon, Rui Chen, Pui-Yin Winfred Wong
  • Publication number: 20090260072
    Abstract: Systems, computer-implemented methods, and computer-readable media for establishing an online account with a resource provider are provided. An authentication token including identification of a user from an authentication server is received. The identification of the user from the authentication token is utilized to establish an online account for the user with the resource provider. Additional credentialing information from the user for the online account is received. The additional information received from the user is associated with the online account for the user with the resource provider.
    Type: Application
    Filed: April 14, 2008
    Publication date: October 15, 2009
    Applicant: MICROSOFT CORPORATION
    Inventors: YORDAN I. ROUSKOV, TORE SUNDELIN, MRIGANKKA FOTEDAR, SARAH FAULKNER, PUI-YIN WINFRED WONG, WEI-QUIANG MICHAEL GUO, LYNN AYRES