Patents by Inventor Richard B. Ward

Richard B. Ward has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9003048
    Abstract: A computer assigns networks to network zones based on predefined properties for each zone and/or the properties of the networks. An application program installed on the computer provides the computer with preference information that indicates the network zone whose network policies or properties are best suited for the application program. Thereafter, when executing the application program, the computer limits network contact for the application program to the network(s) that is assigned to the network zone(s) identified as a preferred network zone(s) or identified by a preferred network property or properties by the preference information from the application program.
    Type: Grant
    Filed: April 1, 2003
    Date of Patent: April 7, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Art Shelest, Richard B. Ward
  • Patent number: 8788673
    Abstract: Systems and methods are described for providing security through sessions. In an implementation, a method includes initiating a session, by an operating system, in which operating system services are executable and initiating another session, by the operating system, in which a user-interactive application is executable.
    Type: Grant
    Filed: September 13, 2004
    Date of Patent: July 22, 2014
    Assignee: Microsoft Corporation
    Inventors: Ara Bernardi, Klaus U. Schutz, Richard B. Ward, Sriram Sampath
  • Patent number: 8646044
    Abstract: The contemplated embodiments of the invention provide a method for implementing a mandatory integrity control (MIC) system that provides access control for each and every object and subject that need access control, but in a way that allows legacy operating systems to continue with little modification. The invention provides a novel method that selects an integrity level designator for a subject, when the subject logs onto the computer system. The selected integrity level designator is then added to an existing data structure in the computer system. The existing data structure may be a part of a security descriptor stored in a system access control list of an object. The existing data structure may be a part of a list of security permissions that constitute an access token for a process executing as a subject.
    Type: Grant
    Filed: April 28, 2005
    Date of Patent: February 4, 2014
    Assignee: Microsoft Corporation
    Inventors: Richard B. Ward, Jeffrey Hamblin, Peter T. Brundrett
  • Publication number: 20130305239
    Abstract: Multiple software component identifiers are maintained in a catalog of an operating system running on a device. Each of these software component identifiers corresponds to one of multiple software components installed on the device. The catalog is accessed in response to a request regarding one of the multiple software components, and the request is responded to based at least in part on information included in the catalog. Additionally, two or more versions of a software component that are installed on the computing device can be identified. Which one of the two or more versions of the software component is an active version of the software component to be run is determined. In response to requests for information regarding the software component, information regarding the active version of the software component is returned.
    Type: Application
    Filed: July 22, 2013
    Publication date: November 14, 2013
    Inventors: Eric P. Traut, Darryl E. Havens, Jose Manuel Bernabeu-Auban, Mark R. Brown, Richard B. Ward, Suyash Sinha, Tahsin Erdogan, Adam D. Stritzel, Adriaan W. Canter
  • Patent number: 8495621
    Abstract: Multiple software component identifiers are maintained in a catalog of an operating system running on a device. Each of these software component identifiers corresponds to one of multiple software components installed on the device. The catalog is accessed in response to a request regarding one of the multiple software components, and the request is responded to based at least in part on information included in the catalog. Additionally, two or more versions of a software component that are installed on the computing device can be identified. Which one of the two or more versions of the software component is an active version of the software component to be run is determined. In response to requests for information regarding the software component, information regarding the active version of the software component is returned.
    Type: Grant
    Filed: June 15, 2009
    Date of Patent: July 23, 2013
    Assignee: Microsoft Corporation
    Inventors: Eric P. Traut, Darryl E. Havens, Jose Manuel Bernabeu-Auban, Mark R. Brown, Richard B. Ward, Suyash Sinha, Tahsin Erdogan, Adam D. Stritzel, Adriaan W. Canter
  • Patent number: 8074288
    Abstract: A mechanism is provided for isolating application-specific data in an environment where multiple applications share a same user account. This mechanism enables data specific to an application to be accessed only by the application. When an application requests application-specific data, the data is loaded and a handle to the data is returned to the application. Access to the data is allowed only though the handle. Therefore, only the application possessing the handle can access the data. A counter may be associated with the loaded data. The counter's value is incremented whenever a handle is created for the data and decremented whenever a handle for the data is terminated. When the value of the counter reaches zero, the data is automatically unloaded.
    Type: Grant
    Filed: November 15, 2005
    Date of Patent: December 6, 2011
    Assignee: Microsoft Corporation
    Inventors: Dragos Sambotin, Karthik Thirumalai, Richard B Ward
  • Patent number: 8005959
    Abstract: Systems and methods are described for providing security through sessions. In an implementation, a method includes initiating a session, by an operating system, in which operating system services are executable and initiating another session, by the operating system, in which a user-interactive application is executable.
    Type: Grant
    Filed: October 12, 2004
    Date of Patent: August 23, 2011
    Assignee: Microsoft Corporation
    Inventors: Ara Bernardi, Klaus U. Schutz, Richard B. Ward, Sriram Sampath
  • Patent number: 7971230
    Abstract: The present invention relates to a system and methodology to facilitate security for data items residing within (or associated with) a hierarchical database or storage structure. A database security system is provided having a hierarchical data structure associated with one or more data items. The system includes a security component that applies a security policy to the data items from a global location or region associated with a database. Various components and processes are employed to enable explicit and/or inherited security properties to be received by and propagated to the data items depending on the type of data structure encountered or processed.
    Type: Grant
    Filed: July 30, 2007
    Date of Patent: June 28, 2011
    Assignee: Microsoft Corporation
    Inventors: Sameet H. Agarwal, Balan Sethu Raman, Sanjay Anand, Paul J. Leach, Richard B. Ward
  • Patent number: 7900257
    Abstract: Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.
    Type: Grant
    Filed: June 1, 2009
    Date of Patent: March 1, 2011
    Assignee: Microsoft Corporation
    Inventors: Bhalchandra S. Pandit, Praerit Garg, Richard B. Ward, Paul J. Leach, Scott A. Field, Robert P. Reichel, John E. Brezak
  • Publication number: 20100318968
    Abstract: Multiple software component identifiers are maintained in a catalog of an operating system running on a device. Each of these software component identifiers corresponds to one of multiple software components installed on the device. The catalog is accessed in response to a request regarding one of the multiple software components, and the request is responded to based at least in part on information included in the catalog. Additionally, two or more versions of a software component that are installed on the computing device can be identified. Which one of the two or more versions of the software component is an active version of the software component to be run is determined. In response to requests for information regarding the software component, information regarding the active version of the software component is returned.
    Type: Application
    Filed: June 15, 2009
    Publication date: December 16, 2010
    Applicant: Microsoft Corporation
    Inventors: Eric P. Traut, Darryl E. Havens, Jose Manuel Bernabeu-Auban, Mark R. Brown, Richard B. Ward, Suyash Sinha, Tahsin Erdogan, Adam D. Stritzel, Adriaan W. Canter
  • Patent number: 7716722
    Abstract: A method of controlling access to network services enables an authorized proxy client to access a service on behalf of a user. To permit the client to function as a proxy, the user registers proxy authorization information with a trusted security server. The proxy authorization information identifies the proxy client and specifies the extent of proxy authority granted to the proxy client. When the proxy client wants to access a target service on behalf of the user, it sends a proxy request to the trusted security server. The trusted security server checks the proxy authorization information of the user to verify whether the request is within the proxy authority granted to the proxy client. If so, the trusted security server returns to the proxy client a data structure containing information recognizable by the target service to authenticate the proxy client for accessing the target service on behalf of the user.
    Type: Grant
    Filed: June 15, 2006
    Date of Patent: May 11, 2010
    Assignee: Microsoft Corporation
    Inventors: Michael M. Swift, Neta Amit, Richard B. Ward
  • Patent number: 7698381
    Abstract: Methods and systems are provided for controlling the scope of delegation of authentication credentials within a network environment. A server is configured to provide a trusted third-party with a ticket authenticating the server, information about a target service that a server seeks to access on behalf of the client, and a service ticket associated with the client. This service ticket may be provided by the client or may be a previously granted service ticket granted to the server for itself in the name of the client. The trusted third-party grants a new service ticket to access the target service to the server, in the client's name, if such delegation is permitted according to delegation constraints associated with the client.
    Type: Grant
    Filed: June 20, 2001
    Date of Patent: April 13, 2010
    Assignee: Microsoft Corporation
    Inventors: John E. Brezak, Richard B. Ward, Donald E. Schmidt
  • Patent number: 7664724
    Abstract: A schema-based service for Internet access to per-user services data, wherein access to data is based on each user's identity. The service includes a schema that defines rules and a structure for each user's data, and also includes methods that provide access to the data in a defined way. The services schema thus corresponds to a logical document containing the data for each user. The user manipulates (e.g., reads or writes) data in the logical document by data access requests through defined methods. In one implementation, the services schemas are arranged as XML documents, and the services provide methods that control access to the data based on the requesting user's identification, defined role and scope for that role. In this way, data can be accessed by its owner, and shared to an extent determined by the owner.
    Type: Grant
    Filed: March 9, 2006
    Date of Patent: February 16, 2010
    Assignee: Microsoft Corporation
    Inventors: Mark H. Lucovsky, Shaun Douglas Pierce, Ramu Movva, Jagadeesh Kalki, David Benjamin Auerbach, Peter Sewall Ford, Yun-Qi Yuan, Yi-Wen Guu, Samuel John George, William Raymond Hoffman, Jay Christopher Jacobs, Paul Andrew Steckler, Walter C. Hsueh, Kendall D. Keil, Burra Gopal, Steven D. White, Paul J. Leach, Richard B. Ward, Philip Michael Smoot, Lijiang Fang, Michael B. Taylor, Suresh Kannan, Winnie C. Wu
  • Patent number: 7665143
    Abstract: A secure process may be created which does not allow code to be injected into it, does not allow modification of its memory or inspection of its memory. The resources protected in a secure process include all the internal state and threads running in the secure process. Once a secure process is created, the secure process is protected from access by non-secure processes. Process creation occurs atomically in kernel mode. Creating the infrastructure of a process in kernel mode enables security features to be applied that are difficult or impossible to apply in user mode. By moving setup actions previously occurring in user mode such as creating the initial thread, allocating the stack, initialization of the parameter block, environment block and context record into kernel mode, the need of the caller for full access fights to the created process is removed.
    Type: Grant
    Filed: May 16, 2005
    Date of Patent: February 16, 2010
    Assignee: Microsoft Corporation
    Inventors: Darryl E. Havens, Arun U. Kishan, Richard B. Ward
  • Patent number: 7640324
    Abstract: Computers on a local computer network, such as a home network or a small business network, are formed into a secured network group that provides common user access control and enables resource sharing among the computers in the group. A computer on the local network discovers whether there are secured network groups existing on the local network. If one secured network group is found, the computer indicates to a second computer in the group its desire to join the group, and establishes trust with that computer, such as by entering a proper user name and password, or a secret identification number. Once the trust is established, the first computer joins the group. Within the secured network group, user accounts and user profiles are replicated to each of the computers in the group. The establishment of trust and the replication of user accounts and profiles among the computers in the group enable the implementation of security policies and user access control in a group-wide manner.
    Type: Grant
    Filed: April 15, 2003
    Date of Patent: December 29, 2009
    Assignee: Microsoft Corporation
    Inventors: Andrew P. Sinclair, John E. Brezak, Jr., Eric Flo, Chris Guzak, Sean O. Lyndersay, Sterling Reasor, Richard B. Ward
  • Patent number: 7636851
    Abstract: An operating system for a computing device has a first session for a user that includes a first base process that has a first privileges token attached thereto. The first privileges token includes substantially a full set of privileges of the user on the operating system. The operating system also has a second session for the user that includes a second base process that has a second privileges token attached thereto. The second privileges token is derived from the first privileges token and includes only a minimum set of privileges of the user on the operating system. Thus, the second, limited token does not have all privileges associated with the first, full token but instead has a limited set of privileges and not extra privileges that could be employed to take actions that would be harmful, deceptive, or malicious.
    Type: Grant
    Filed: June 30, 2005
    Date of Patent: December 22, 2009
    Assignee: Microsoft Corporation
    Inventors: Jeffrey B. Hamblin, Jonathan Schwartz, Kedarnath A. Dubhashi, Klaus U. Schutz, Peter T. Brundrett, Richard B. Ward, Thomas C. Jones
  • Publication number: 20090265180
    Abstract: A method of representing a first end-user license agreement (EULA) offered to a user and automatically responding to a subsequent EULA offered to the user is disclosed. The representation may be in a logical language having parameters corresponding to legal terms of the EULA, logical operators, and the capability to form and nest logical expressions. A logical library may store parameters corresponding to legal terms. A logical expression may be created that corresponds to a user's term preferences, and may be evaluated using the terms of a subsequent EULA to automatically determine the user's acceptance or rejection of the subsequent EULA. A user's application preferences of the logical expressions and terms may be received and used by the method. EULA responses may be signified in a log and/or by sending a record or message to the offering party. A similar method is disclosed for other types of electronic agreements.
    Type: Application
    Filed: April 21, 2008
    Publication date: October 22, 2009
    Applicant: MICROSOFT CORPORATION
    Inventors: Carl M. Ellison, Valerie R. See, John M. Parchem, Charles Thomas Lenzmeier, Darryl E. Havens, Richard B. Ward
  • Patent number: 7600264
    Abstract: In aspects, interactions between processes of a desktop are allowed or denied based on security data. The security data may comprise a first bitmap that indicates whether a requesting process is allowed to cause an action to occur, a second bitmap that indicates whether a process is protected from having an action occur, and a third bitmap that indicates whether the requesting process may override protection, if any, in causing the action to occur.
    Type: Grant
    Filed: July 30, 2005
    Date of Patent: October 6, 2009
    Assignee: Microsoft Corporation
    Inventors: Hirofumi Yamamoto, Mohamed E. Fathalla, Yashabh Sethi, Richard B. Ward
  • Publication number: 20090241193
    Abstract: Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.
    Type: Application
    Filed: June 1, 2009
    Publication date: September 24, 2009
    Applicant: Microsoft Corporation
    Inventors: Bhalchandra S. Pandit, Praerit Garg, Richard B. Ward, Paul J. Leach, Scott A. Field, Robert P. Reichel, John E. Brezak
  • Patent number: 7543333
    Abstract: Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.
    Type: Grant
    Filed: April 8, 2002
    Date of Patent: June 2, 2009
    Assignee: Microsoft Corporation
    Inventors: Bhalchandra S. Pandit, Praerit Garg, Richard B. Ward, Paul J. Leach, Scott A. Field, Robert P. Reichel, John E. Brezak