Patents by Inventor Tanmoy Dutta
Tanmoy Dutta has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20110154505Abstract: Computer-executable instructions that are directed to the performance of consequential actions and automatically elevate to execute at a higher privilege level to do so can perform such consequential actions only after user notification. Doing so can enable monitoring processes to avoid presenting duplicative user notification upon detection of such auto-elevation. In addition, prior to presenting user notification, input from the execution environment can be ignored and access to DLLs for performing consequential actions can be avoided. A static analyzer can identify non-conforming computer-executable instructions. A wrapper can be utilized to provide compliance by otherwise unknown or non-conforming computer-executable instructions.Type: ApplicationFiled: December 22, 2009Publication date: June 23, 2011Applicant: MICROSOFT CORPORATIONInventors: Crispin Cowan, Matthew Z. Tamayo-Rios, Tanmoy Dutta, John Lambert, Paul J. Leach, Scott A. Field, Thomas C. Jones
-
Publication number: 20100242085Abstract: A computer based system and method of providing document isolation during routing of a document through a workflow is disclosed. The method comprises maintaining a separate “working” copy of the original base document while the document is routed through a workflow. Access controls, which define who may access the original document as well as any versions of the working copy document, are defined and stored in relation to the documents. The access controls further define the types of actions users may take with respect to the document. Users are selectively directed to the appropriate document, either the base document or working copy, and selectively granted permission to perform publishing operations on the working copy document, as determined by the access controls.Type: ApplicationFiled: March 25, 2010Publication date: September 23, 2010Applicant: Microsoft CorporationInventors: Tanmoy Dutta, Alexander Balikov, Himani Naresh
-
Publication number: 20100228982Abstract: Modern network communications often require a client application requesting data to authenticate itself to an application providing the data. Such authentication requests can be redundant, especially in the case of stateless network protocols. When a full authentication is performed, a conversation identifier and one or more encryption keys can be agreed upon. Subsequent authentication requests can be answered with a fast reconnect token comprising the conversation identifier and a cryptographically signed version of it using the one or more encryption keys. Should additional security be desirable, a sequence number can be established and incremented in a pre-determined or a random manner to enable detection of replayed fast reconnect tokens. If the recipient can verify the fast reconnect token, the provider can be considered to have been authenticated based on the prior authentication. If an aspect of the fast re-authentication should fail, recourse can be had to the original full authentication process.Type: ApplicationFiled: March 6, 2009Publication date: September 9, 2010Applicant: MICROSOFT CORPORATIONInventors: Liqiang Zhu, Paul J. Leach, Kevin Thomas Damour, David McPherson, Tanmoy Dutta
-
Patent number: 7793300Abstract: A system and method employ a client-server architecture that abstracts from the client the states of objects and transitions between the states. As a result, the server maintains objects, along with associated states, and state transitions that are provided to clients on demand. The client is only provided with a set of valid transitions between states that are based on the current state of the object and valid transitions out of that state. The states may be additionally filtered based on the permissions granted to the client. In this way, the client is relieved of prior knowledge of valid object states and state transitions. Hence, in a document management system, for example, new states and transitions for objects may be added at the server and propagated through to the clients.Type: GrantFiled: July 1, 2005Date of Patent: September 7, 2010Assignee: Microsoft CorporationInventors: Tanmoy Dutta, Jeremy Mazner
-
Publication number: 20100212008Abstract: Security elevation techniques are described. In an implementation, a request is received for additional security access beyond that which is currently specified for a program. An identity that describes the program is checked with a plurality of conditions. The security level is automatically elevated to grant the additional security access when the identity corresponds to one of the conditions that indicates that the security level is to be automatically elevated.Type: ApplicationFiled: February 19, 2009Publication date: August 19, 2010Applicant: Microsoft CorporationInventors: Karthik Jaganathan, Tanmoy Dutta, Eric C. Perlin, Steven L. Hiskey, Cezar Ungureanasu
-
Patent number: 7747597Abstract: A database management system that supports multiple databases in an instance with controlled sharing between the databases. The invention can also support execution of procedures and other modules in the context of any principal possibly different from that of the caller. Trusted certificates can be employed to permit access to procedures (or other modules). The security context of the invention can enable the building blocks of building a pure trusted sub-system model of authorization.Type: GrantFiled: June 29, 2005Date of Patent: June 29, 2010Assignee: Microsoft CorporationInventors: Tanmoy Dutta, Raul Garcia, Ziquan Li, Girish Chander
-
Patent number: 7743255Abstract: A database management system that supports multiple databases in an instance with controlled sharing between the databases. The invention can also support execution of procedures and other modules in the context of any principal possibly different from that of the caller. Trusted certificates can be employed to permit access to procedures (or other modules). The security context of the invention can enable the building blocks of building a pure trusted sub-system model of authorization.Type: GrantFiled: June 17, 2005Date of Patent: June 22, 2010Inventors: Tanmoy Dutta, Girish Chander, Raul Garcia, Ziquan Li
-
Patent number: 7711750Abstract: The present invention specifies database security at a row level and, optionally, at a column and table level. The systems and methods cluster one or more sets of rows with similar security characteristics and treat them as a named expression, wherein clustered data is accessed based on associated row-level security. The systems and methods specify a syntax that invokes row(s), column(s) and/or table(s) security via programming statements. Such statements include arbitrary Boolean expressions (predicates) defined over, but not restricted to table columns and/or other contextual data. These statements typically are associated with query initiators, incorporated into queries therefrom, and utilized while querying data. Rows of data that return “true” when evaluated against an aggregate of associated security expressions are said to “satisfy” the security expressions and enable access to the data stored therein.Type: GrantFiled: July 30, 2004Date of Patent: May 4, 2010Assignee: Microsoft CorporationInventors: Tanmoy Dutta, Girish Chander, James R. Hamilton, Alain C. Comeau
-
Patent number: 7698379Abstract: A computer based system and method of providing document isolation during routing of a document through a workflow is disclosed. The method comprises maintaining a separate “working” copy of the original base document while the document is routed through a workflow. Access controls, which define who may access the original document as well as any versions of the working copy document, are defined and stored in relation to the documents. The access controls further define the types of actions users may take with respect to the document. Users are selectively directed to the appropriate document, either the base document or working copy, and selectively granted permission to perform publishing operations on the working copy document, as determined by the access controls.Type: GrantFiled: February 15, 2006Date of Patent: April 13, 2010Assignee: Microsoft CorporationInventors: Tanmoy Dutta, Alexander G. Balikov, Himani Naresh
-
Patent number: 7689547Abstract: An indexing value may be determined, transparently with respect to a requester, based on a desired plaintext item of data and a cryptographic key. The indexing value may be used to access an entry in an indexing structure to obtain a corresponding database entry which includes a non-deterministically encrypted ciphertext item. In another embodiment, an indexing structure for a database may be accessed. Positions of items of the indexing structure may be based on corresponding plaintext items. References related to the corresponding plaintext items in the indexing structure may be encrypted and other information in the indexing structure may be unencrypted. A portion of the indexing structure may be loaded into a memory and at least one of the encrypted references related to one of the plaintext items may be decrypted. The decrypted reference may be used to access a corresponding non-deterministically encrypted data item from the database.Type: GrantFiled: September 6, 2006Date of Patent: March 30, 2010Assignee: Microsoft CorporationInventors: Elena Daniela Cristofor, Laurentiu Bogdan Cristofor, Tanmoy Dutta, Raul Garcia, Sung L. Hsueh
-
Patent number: 7661141Abstract: The systems and methods of the present invention facilitate database row-level security by utilizing SQL extensions to create and associate named security expressions with a query initiator(s). Such expressions include Boolean expressions, which must be satisfied by a row of data in order for that data to be made accessible to the query initiator. In general, a query is augmented with security expressions, which are aggregated and utilized during querying rows of data. The systems and methods variously place security expressions within a query in order to optimize query performance while mitigating information leaks. This is achieved by tagging security expressions as special and utilizing rules of predicate to pull or push non-security expressions above or below security expressions, depending on the likelihood of a non-security being safe, as determined via a static and/or dynamic analysis.Type: GrantFiled: July 7, 2004Date of Patent: February 9, 2010Assignee: Microsoft CorporationInventors: Tanmoy Dutta, Girish Chander, Laurentiu Bogdan Cristofor, Rodger N. Kline, James R. Hamilton
-
Publication number: 20090328140Abstract: This disclosure describes methods, systems and application programming interfaces for creating an advanced security negotiation package. This disclosure describes creating an advanced security negotiation protocol under a Simple and Protected Negotiation Mechanism (SPNEGO) protocol to negotiate an authentication scheme. The protocol describes defining a Windows Security Type (WST) Library message to protect negotiation data during the advanced security negotiation protocol. The protocol sends an initial message that carries multiple authentication messages to reduce redundant roundtrips and implements key exchanges by a mini Security Support Provider (SSP).Type: ApplicationFiled: June 26, 2008Publication date: December 31, 2009Applicant: Microsoft CorporationInventors: Dave M. McPherson, Tanmoy Dutta, Cristian Ilac, Liqiang Zhu
-
Patent number: 7613711Abstract: Provided are systems and methods that facilitate providing permission to entities of a database. A system includes a component that authorizes a principal of a containing entity to grant a permission to that entity, and a component that grants the permission to the containing entity, the grantee of the permission inherits a set of permissions to one or more entities contained by the containing entity. When a permission is granted to a parent in a hierarchy of a relational database, the permission is inherited by the child nodes. Also provided is a method for transferring ownership of entities in a relational database. The method includes a two-part handshake that can be audited to avoid repudiation issues.Type: GrantFiled: June 14, 2005Date of Patent: November 3, 2009Assignee: Microsoft CorporationInventors: Tanmoy Dutta, Girish Chander, Ziquan Li, Steven Richard Gott, Clifford T. Dibble
-
Patent number: 7599937Abstract: A system and method for facilitating secure access to database(s) is provided. The system relates to authorizing discriminatory access to relational database data. More particularly, the invention provides for an innovative technique of defining secured access to rows in relational database tables in a way that cannot be spoofed while preserving various optimization techniques. The invention affords a persistent scheme via providing for a security architecture whereby discriminatory access policies on persistent entities can be defined and enforced while preserving set based associative query capabilities. A particular aspect of the invention relates to the specification of such policies and the technique by which those policies are enforced. With respect to one particular implementation of the invention, creation, modification and deletion of access control lists called security descriptors is provided.Type: GrantFiled: April 3, 2007Date of Patent: October 6, 2009Assignee: Microsoft CorporationInventors: Tanmoy Dutta, Conor Cunningham, Stefano Stefani, Girish Chander, Eric N. Hanson
-
Publication number: 20090222888Abstract: A secure (e.g., HTTPS) connection is established between a client and a server. Communication over the connection may utilize an application (e.g., a Web browser) that is not part of the client's trusted computing base. A password is sent from the client to the server over the connection such that the clear text password is unavailable to the application. For example, the password can be encrypted and inserted directly into the HTTPS stream from the client's trusted computing base.Type: ApplicationFiled: February 28, 2008Publication date: September 3, 2009Applicant: MICROSOFT CORPORATIONInventors: Raghavendra Malpani, Cristian Ilac, Tanmoy Dutta, Klaus Schutz
-
Publication number: 20080320554Abstract: A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.Type: ApplicationFiled: March 23, 2007Publication date: December 25, 2008Applicant: Microsoft CorporationInventors: Arthur H. Baker, Brian J. Guarraci, Andrew Stewart Tucker, Gennady Medvinsky, Tanmoy Dutta
-
Publication number: 20080301784Abstract: Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.Type: ApplicationFiled: May 31, 2007Publication date: December 4, 2008Applicant: MICROSOFT CORPORATIONInventors: Liqiang Zhu, Gennady Medvinsky, Tanmoy Dutta, Cristian Ilac, Andreas Luther, John P. Shewchuk
-
Publication number: 20080263361Abstract: A security system that uses a cryptographic key derived from human interaction with media. The system employs a set of parameters that includes user responses to graphical media and/or audio data, among other parameters. The architecture adds a fourth dimension to the conventional authentication means in order to make at least an offline attack on the key much more difficult. In addition to a standard set of parameters such as password, salt (random bits inserted into the encryption process) and iteration count, the system further utilizes information in the form of “what the user does” by presenting and prompting the user to interact with media in some way. The media can include audio information, video information, and/or image information, for example.Type: ApplicationFiled: April 20, 2007Publication date: October 23, 2008Applicant: Microsoft CorporationInventors: Tanmoy Dutta, Sunil Kadam, Tolga Acar
-
Publication number: 20080263651Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.Type: ApplicationFiled: April 23, 2007Publication date: October 23, 2008Applicant: Microsoft CorporationInventors: Girish Chander, Tanmoy Dutta, Cristian Ilac, Bronislav Kavsan, Ziquian Li, Andreas K. Luther, Gennady Medvinsky, Liquiang Zhu
-
Publication number: 20080184329Abstract: One or more labels are associated with a data object. One or more policies are associated with each of the labels. Based on the labels associated with the data objects, the associated policies are dispatched to policy decision engines to take one or more actions to enforce the policy. The labels, and the policies associated with the labels, are chosen by a business administrator within an enterprise, and are implemented by an Information Technology (IT) administrator. The association between labels and polices allows the policy to be applied to an object to be decoupled from the characterization of the nature of the object, or its purpose and/or role within an enterprise, business purpose and/or context of the object. Examples of policies are: access, backup, retention, isolation, audit, etc.Type: ApplicationFiled: January 25, 2007Publication date: July 31, 2008Applicant: Microsoft CorporationInventors: David B. Cross, Satyajit Nath, George Z. Li, Tanmoy Dutta, Sunil P. Gottumukkala