Patents by Inventor Vadim Eydelman

Vadim Eydelman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10375053
    Abstract: A Cross-Platform Single Sign On (CP-SSO) experience is provided herein to enable users to access multiple services via a single login when working across different platforms. A user may work across different platform when using multiple devices, when using multiple browsers on a single device, or when an integrated application requires a separate login for access within a host web application or portal service. A proxy token service manages login requests and authentication tokens after a given service has been logged into once by a user, so that the user does not need to provide login credentials on subsequent requests for the given service. By enabling a CP-SSO experience, network efficiency is improved, and the user experience is also improved as users do not need to supply authentication credentials as frequently and may freely choose to use multiple platforms instead of limiting usage to a single platform.
    Type: Grant
    Filed: September 15, 2016
    Date of Patent: August 6, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Ganesh Sridharan, Vadim Eydelman, Anand Krishnamurthy, Srividhya Chandrasekaran, Daniel C. Stevenson, Sameer D. Bedekar, Aravind Namasivayam, Xiaozhong Luo, Andrew Guy Bybee, Ekaterina Bassova, Marc Kuperstein
  • Patent number: 10356078
    Abstract: Described herein are various aspects pertaining to generating web tickets for use with authenticating computing devices to a computing system. Symmetric keys are used when generating the web tickets, wherein a symmetric key is valid for use when generating web tickets for a first period of time, and a web ticket generated based upon the symmetric key is valid for use when authenticating a computing device for a second period of time that is longer than the first period of time. Thus, the symmetric key is used for authenticating computing devices after it has ceased being used to generate web tickets.
    Type: Grant
    Filed: April 6, 2018
    Date of Patent: July 16, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Paul Tidwell, Yves Pitsch, Deepak Rao, Vadim Eydelman, Satya Kondepudi
  • Publication number: 20180227291
    Abstract: Described herein are various aspects pertaining to generating web tickets for use with authenticating computing devices to a computing system. Symmetric keys are used when generating the web tickets, wherein a symmetric key is valid for use when generating web tickets for a first period of time, and a web ticket generated based upon the symmetric key is valid for use when authenticating a computing device for a second period of time that is longer than the first period of time. Thus, the symmetric key is used for authenticating computing devices after it has ceased being used to generate web tickets.
    Type: Application
    Filed: April 6, 2018
    Publication date: August 9, 2018
    Inventors: Paul Tidwell, Yves Pitsch, Deepak Rao, Vadim Eydelman, Satya Kondepudi
  • Patent number: 9954843
    Abstract: Described herein are various aspects pertaining to a web ticket that is used in connection with authenticating a user. The web ticket is generated through use of a symmetric key, and is less than two hundred bytes in size. A ticket issuer executing on a first computing device generates the web ticket responsive to receiving authentication data from a client computing device, and transmits the web ticket to such client computing device. The client computing device includes the web ticket in requests for data transmitted to a second server computing device that is in communication with the ticket issuer. The second server computing device includes a validator that validates the web ticket using the symmetric key, which is shared between the first server and the second server.
    Type: Grant
    Filed: June 25, 2013
    Date of Patent: April 24, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Paul Tidwell, Yves Pitsch, Deepak Rao, Vadim Eydelman, Satya Kondepudi
  • Publication number: 20180077143
    Abstract: A Cross-Platform Single Sign On (CP-SSO) experience is provided herein to enable users to access multiple services via a single login when working across different platforms. A user may work across different platform when using multiple devices, when using multiple browsers on a single device, or when an integrated application requires a separate login for access within a host web application or portal service. A proxy token service manages login requests and authentication tokens after a given service has been logged into once by a user, so that the user does not need to provide login credentials on subsequent requests for the given service. By enabling a CP-SSO experience, network efficiency is improved, and the user experience is also improved as users do not need to supply authentication credentials as frequently and may freely choose to use multiple platforms instead of limiting usage to a single platform.
    Type: Application
    Filed: September 15, 2016
    Publication date: March 15, 2018
    Applicant: Microsoft Technology Licensing, LLC.
    Inventors: Ganesh Sridharan, Vadim Eydelman, Anand Krishnamurthy, Srividhya Chandrasekaran, Daniel C. Stevenson, Sameer D. Bedekar, Aravind Namasivayam, Xiaozhong Luo, Andrew Guy Bybee, Ekaterina Bassova, Marc Kuperstein
  • Patent number: 9350819
    Abstract: A centralized service communicatively links an application provider to a plurality of different message forwarding services. The centralized service receives a request and authenticates the application provider associated with the request. Further, the centralized service delivers a message embodied by the request to a first message forwarding service with a first protocol and/or to a second message forwarding service with a second protocol different than the first protocol.
    Type: Grant
    Filed: December 14, 2011
    Date of Patent: May 24, 2016
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Girija Bhagavatula, Aidan Downes, Vadim Eydelman, Neeraj Garg, Anand Lakshminarayanan, Bimal K. Mehta, Deepak Rao, Rahul Thatte
  • Publication number: 20160044096
    Abstract: Scaling up and scaling out of a server architecture for large scale real-time applications is provided. A group of users may be provisioned by assigning them to a server pool and allotting them to a group. Grouped users help to reduce inter-server communication when they are serviced by the same server in the pool. High availability may be provided by choosing a primary server and one or more secondary servers from the pool to ensure that grouped users are serviced by the same server. Operations taken on the primary server are synchronously replicated to secondary servers so that when a primary server fails, a secondary server may be chosen as the primary for the group. Servers for multiple user groups may be load balanced to account for changes in either the number of users or the number of servers in a pool. Multiple pools may be paired for disaster recovery.
    Type: Application
    Filed: October 19, 2015
    Publication date: February 11, 2016
    Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Sankaran Narayanan, Namendra Kumar, Krishnan Ananthanarayanan, Vijay Kishen Hampapur Parthasarathy, Dhigha Sekaran, Vadim Eydelman, Bimal K. Mehta
  • Patent number: 9065903
    Abstract: Architecture for a communications system enabling a user to provision a telephone at a new location without network administrative pre-configuring. An input component (e.g., keypad) receives a numeric extension and PIN. The extension is a telephone extension of the user and the PIN can be administratively assigned. A location component provides location information of an enterprise communications server to the telephone based on the extension. The telephone uses the location information to send messages to the enterprise communications server. A registration component registers the telephone with the enterprise communications server based on the numeric extension. A telephony address is returned to the telephone. An authentication component authenticates the telephone based on the PIN. Upon authentication, the extension is assigned to the telephone, and telephone communications can be sent and received from that location.
    Type: Grant
    Filed: January 29, 2013
    Date of Patent: June 23, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Anton W. Krantz, Amey Parandekar, Vadim Eydelman, Sankaran Narayanan, Namendra Kumar, Sachin Sheth
  • Patent number: 8931051
    Abstract: Scaling and highly available clustering for large scale real-time applications is provided. A ring may be formed which includes multiple nodes for providing a set of services in a system. When a network partition is detected which affects communications between each of the nodes in the ring, the formation of additional rings is prevented by shutting down nodes which include a minority of voting nodes in the ring while maintaining the availability of the nodes which include a majority of the voting nodes to continue providing the set of services in the system.
    Type: Grant
    Filed: November 14, 2012
    Date of Patent: January 6, 2015
    Assignee: Microsoft Corporation
    Inventors: Namendra Kumar, Krishnan Ananthanarayanan, Sankaran Narayanan, Dhigha Sekaran, Vadim Eydelman
  • Patent number: 8874668
    Abstract: A communication system has a plurality of collections. Each collection comprises a security boundary within which private data is accessible. Each collection is associated with a director. The directors receive messages that specify domains. When a director for a given collection receives a message, the director identifies one of the collections as being a home collection for the domain specified by the message. If the specified domain's home collection is the given collection or another collection within a given privacy boundary, the director forwards the message to a server pool associated with the specified domain's home collection. Otherwise, if the specified domain's home collection is not within the given privacy boundary, the director forwards the message to the director of the specified domain's home collection.
    Type: Grant
    Filed: June 10, 2011
    Date of Patent: October 28, 2014
    Assignee: Microsoft Corporation
    Inventors: Vadim Eydelman, Sankaran Narayanan, Namendra Kumar, Bimal K. Mehta
  • Patent number: 8874717
    Abstract: Techniques to recursively discover services in a distributed environment may include receiving a request, including a unique client identifier, from a client device to access a home resource at a services site. The services site may identify which services site is mapped to the client domain of the unique client identifier in the request. If the services site that received the request is not the services site identified by the client domain, the services site that received the request may provide a redirect token that includes a link to the identified services site to the client device. Otherwise, the services site that received the request may provide one or more links to resources in a cluster within the services site. The links to resources may include a link to the requested home resource. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 29, 2012
    Date of Patent: October 28, 2014
    Assignee: Microsoft Corporation
    Inventors: Yves Pitsch, Rastan Boroujerdi, Amit Sehgal, Santhosh Kopparapu, Yong Lim, Deepak Rao, Vadim Eydelman
  • Publication number: 20140245420
    Abstract: Described herein are various aspects pertaining to a web ticket that is used in connection with authenticating a user. The web ticket is generated through use of a symmetric key, and is less than two hundred bytes in size. A ticket issuer executing on a first computing device generates the web ticket responsive to receiving authentication data from a client computing device, and transmits the web ticket to such client computing device. The client computing device includes the web ticket in requests for data transmitted to a second server computing device that is in communication with the ticket issuer. The second server computing device includes a validator that validates the web ticket using the symmetric key, which is shared between the first server and the second server.
    Type: Application
    Filed: June 25, 2013
    Publication date: August 28, 2014
    Inventors: Paul Tidwell, Yves Pitsch, Deepak Rao, Vadim Eydelman, Satya Kondepudi
  • Patent number: 8819794
    Abstract: Online and on-premise applications identify trusted authentication providers. The applications are configured with a list of trusted issuers of authentication credentials. When an application receives a request requiring authentication, the application returns a 401 response that includes the trusted issuer list. The requesting application compares the trusted issuer list from the 401 response to its own list of authentication providers. If there is a match between the two lists, then the requesting application creates a self-issued token for the authentication provider. The authentication provider uses the self-issued token to generate an authentication token for the requesting application. The requesting application may also directly create a token for a target partner application, without an authentication provider, if there is a direct trust between the two applications.
    Type: Grant
    Filed: January 19, 2012
    Date of Patent: August 26, 2014
    Assignee: Microsoft Corporation
    Inventors: Vadim Eydelman, Brian Kress, Matthias Leibmann, Moustafa Noureddine, Lei Yu, Haibo Luo
  • Patent number: 8817668
    Abstract: Architecture for a scalable, pluggable multi-party, and distributed multimedia conferencing. A centralized policy and control conferencing component allows the seamless plug-in of different distributed media components (e.g., data, audio/video, messaging) to accommodate client participation in a conference session. The centralized conference control component includes the following: a conference notification service for accepting subscriptions to the conference state and notifying subscribers about changes to that state; a conference policy and roster control service for storing and manipulating conference policy and rosters; a security service for user authorization/authentication based on user identity information; a scheduling service for conference scheduling; an allocation service for allocating the most available media component(s) for a conference session; and, an MCU management service for conference policy and roster management of the distributed media components.
    Type: Grant
    Filed: September 15, 2006
    Date of Patent: August 26, 2014
    Assignee: Microsoft Corporation
    Inventors: Dhigha D. Sekaran, Shaun D. Pierce, Shaun D. Cox, Srikanth Shoroff, Pavel Curtis, David Nichols, Bimal K. Mehta, Vadim Eydelman, Vijay Kishen Hampapur Parthasarathy, Orit Levin, Gur Kimchi
  • Patent number: 8762505
    Abstract: A platform for manipulating data associated with defining, deploying, and administering distributed server systems utilizes a structured data model with a flexible replication mechanism, a set of schemas, and an object model to manipulate system topology, configuration (settings), and policies. A scoping mechanism for characteristics of the settings, policies, and resolution is provided in addition to the data model along with an authorization mechanism for single and multi-tenant environments.
    Type: Grant
    Filed: June 14, 2010
    Date of Patent: June 24, 2014
    Assignee: Microsoft Corporation
    Inventors: Serkan Kutan, Shaun Cox, Erdinc Basci, Vadim Eydelman, Bimal Mehta, Nirav A. Kamdar
  • Publication number: 20140136878
    Abstract: Scaling up and scaling out of a server architecture for large scale real-time applications is provided. A group of users may be provisioned by assigning them to a server pool and allotting them to a group. Grouped users help to reduce inter-server communication when they are serviced by the same server in the pool. High availability may be provided by choosing a primary server and one or more secondary servers from the pool to ensure that grouped users are serviced by the same server. Operations taken on the primary server are synchronously replicated to secondary servers so that when a primary server fails, a secondary server may be chosen as the primary for the group. Servers for multiple user groups may be load balanced to account for changes in either the number of users or the number of servers in a pool. Multiple pools may be paired for disaster recovery.
    Type: Application
    Filed: November 14, 2012
    Publication date: May 15, 2014
    Applicant: MICROSOFT CORPORATION
    Inventors: Sankaran Narayanan, Namendra Kumar, Krishnan Ananthanarayanan, Vijay Kishen Hampapur Parthasarathy, Dhigha Sekaran, Vadim Eydelman, Bimal K. Mehta
  • Publication number: 20140137187
    Abstract: Scaling and highly available clustering for large scale real-time applications is provided. A ring may be formed which includes multiple nodes for providing a set of services in a system. When a network partition is detected which affects communications between each of the nodes in the ring, the formation of additional rings is prevented by shutting down nodes which include a minority of voting nodes in the ring while maintaining the availability of the nodes which include a majority of the voting nodes to continue providing the set of services in the system.
    Type: Application
    Filed: November 14, 2012
    Publication date: May 15, 2014
    Applicant: MICROSOFT CORPORATION
    Inventors: Namendra Kumar, Krishnan Ananthanarayanan, Sankaran Narayanan, Dhigha Sekaran, Vadim Eydelman
  • Publication number: 20140006579
    Abstract: Techniques to recursively discover services in a distributed environment may include receiving a request, including a unique client identifier, from a client device to access a home resource at a services site. The services site may identify which services site is mapped to the client domain of the unique client identifier in the request. If the services site that received the request is not the services site identified by the client domain, the services site that received the request may provide a redirect token that includes a link to the identified services site to the client device. Otherwise, the services site that received the request may provide one or more links to resources in a cluster within the services site. The links to resources may include a link to the requested home resource. Other embodiments are described and claimed.
    Type: Application
    Filed: June 29, 2012
    Publication date: January 2, 2014
    Applicant: MICROSOFT CORPORATION
    Inventors: Yves Pitsch, Rastan Boroujerdi, Amit Sehgal, Santhosh Kopparapu, Yong Lim, Deepak Rao, Vadim Eydelman
  • Publication number: 20130191894
    Abstract: Online and on-premise applications identify trusted authentication providers. The applications are configured with a list of trusted issuers of authentication credentials. When an application receives a request requiring authentication, the application returns a 401 response that includes the trusted issuer list. The requesting application compares the trusted issuer list from the 401 response to its own list of authentication providers. If there is a match between the two lists, then the requesting application creates a self-issued token for the authentication provider. The authentication provider uses the self-issued token to generate an authentication token for the requesting application. The requesting application may also directly create a token for a target partner application, without an authentication provider, if there is a direct trust between the two applications.
    Type: Application
    Filed: January 19, 2012
    Publication date: July 25, 2013
    Applicant: MICROSOFT CORPORATION
    Inventors: Vadim Eydelman, Brian Kress, Matthias Leibmann, Moustafa Noureddine, Lei Yu, Haibo Luo
  • Publication number: 20130152196
    Abstract: Techniques for throttling of rogue entities to push notification servers are described. An apparatus may comprise a processor and a memory communicatively coupled to the processor. The memory may store an application, the application maintaining a monitored domain table, the application maintaining an offending domain table, the application operative to receive an incoming request from a client in a domain, to detect harmful activity based on the request, and to respond to the harmful activity based on one or both of the monitored domain table and the offending domain table. Other embodiments are described and claimed.
    Type: Application
    Filed: June 21, 2012
    Publication date: June 13, 2013
    Applicant: MICROSOFT CORPORATION
    Inventors: Neeraj Garg, Suvarna Singh, Rahul Thatte, Amrut Kale, Ashish Srivastava, Devi J V, Poornima Siddabattuni, Rajesh Peddibhotla, Sukumar Rayan, Aidan Downes, Deepak Rao, Vadim Eydelman, Bimal Mehta