Patents by Inventor Wei-Quiang Michael Guo
Wei-Quiang Michael Guo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9692747Abstract: Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.Type: GrantFiled: May 14, 2015Date of Patent: June 27, 2017Assignee: Microsoft Technology Licensing, LLCInventors: David W. Bailey, Lynn C. Ayres, Yordan I Rouskov, Wei-Quiang Michael Guo, Lin Huang
-
Patent number: 9673984Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.Type: GrantFiled: October 31, 2013Date of Patent: June 6, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Wei Jiang, Adam Back, John D. Whited, Yordan I. Rouskov, Ismail Cem Paya, Wei-QUiang Michael Guo
-
Publication number: 20150249660Abstract: Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.Type: ApplicationFiled: May 14, 2015Publication date: September 3, 2015Inventors: David W. Bailey, Lynn C. Ayres, Yordan I. Rouskov, Wei-Quiang Michael Guo, Lin Huang
-
Patent number: 9065817Abstract: Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.Type: GrantFiled: November 8, 2012Date of Patent: June 23, 2015Assignee: Microsoft Technology Licensing, LLCInventors: David W. Bailey, Lin Huang, Lynn C. Ayres, Yordan I Rouskov, Wei-Quiang Michael Guo
-
Patent number: 8745729Abstract: Spammers, and other abusers of web services, may be deterred in their attempts to sign up for these services at large scale by making changes to the service registration procedure, where the changes are designed to break the spammer's infrastructure. In one example, a procedure to register for a web service involves presenting a Human Interaction Proof (HIP, or “captcha”) to the user, and gating access to the service upon receipt of a correct solution. If spammers use botnets and/or image capture techniques to initiate registration processes and to transport the HIPs to human or automated solvers, then the registration procedure can be changed in a way that is incompatible with capturing these images, or in a way that is incompatible with receiving HIP solutions from someplace other than the location at which registration was initiated.Type: GrantFiled: June 22, 2010Date of Patent: June 3, 2014Assignee: Microsoft CorporationInventors: Ravi Kiran R. Poluri, Weisheng Li, Usman A. Shami, Wei-Quiang Michael Guo
-
Patent number: 8726358Abstract: Systems, computer-implemented methods, and computer-readable media for establishing an online account with a resource provider are provided. An authentication token including identification of a user from an authentication server is received. The identification of the user from the authentication token is utilized to establish an online account for the user with the resource provider. Additional credentialing information from the user for the online account is received. The additional information received from the user is associated with the online account for the user with the resource provider.Type: GrantFiled: April 14, 2008Date of Patent: May 13, 2014Assignee: Microsoft CorporationInventors: Yordan I. Rouskov, Tore Sundelin, Mrigankka Fotedar, Sarah Faulkner, Pui-Yin Winfred Wong, Wei-Quiang Michael Guo, Lynn Ayres
-
Publication number: 20140101718Abstract: Providing services within a network of service providers sharing an authentication service and a set of business rules. A central server receives a first request from a first server to provide a first service to a user via a client without forcing the user to present credentials. In response to the received first request, the central server stores data identifying the first service on the client. The central server further receives a second request from a second server to provide a second service to the user via the client after the user presents the credentials to the second service. After receiving the second request and the presented credentials, the central server allows the user access to the second service. In response to allowing the user access to the second service, the central server further allows the user access to the first service as a result of the stored data.Type: ApplicationFiled: December 10, 2013Publication date: April 10, 2014Applicant: Microsoft CorporationInventors: Arnold N. Blinn, Wei-Quiang Michael Guo, Wei Jiang, Raja Pazhanivel Perumal, Iulian D. Calinov
-
Patent number: 8689311Abstract: Providing services within a network of service providers sharing an authentication service and a set of business rules. A central server receives a first request from a first server to provide a first service to a user via a client without forcing the user to present credentials. In response to the received first request, the central server stores data identifying the first service on the client. The central server further receives a second request from a second server to provide a second service to the user via the client after the user presents the credentials to the second service. After receiving the second request and the presented credentials, the central server allows the user access to the second service. In response to allowing the user access to the second service, the central server further allows the user access to the first service as a result of the stored data.Type: GrantFiled: March 30, 2011Date of Patent: April 1, 2014Assignee: Microsoft CorporationInventors: Arnold N. Blinn, Wei-Quiang Michael Guo, Wei Jiang, Raja Pazhanivel Perumal, Iulian D. Calinov
-
Publication number: 20140059354Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.Type: ApplicationFiled: October 31, 2013Publication date: February 27, 2014Applicant: Microsoft CorporationInventors: Wei Jiang, Adam Back, John D. Whited, Yordan I. Rouskov, Ismail Cem Paya, Wei-Quiang Michael Guo
-
Patent number: 8626929Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.Type: GrantFiled: February 14, 2011Date of Patent: January 7, 2014Assignee: Microsoft CorporationInventors: Wei Jiang, Ismail Cem Paya, John D. Whited, Wei-Quiang Michael Guo, Yordan Rouskov, Adam Back
-
Patent number: 8484700Abstract: A reputation server associates feedback from previous network transactions with an account of a user in a network. A reputation score for the user is calculated based on the feedback to indicate the probability the user will abuse the network. When an online service receives a request to perform a transaction from the user, the online service performs the transaction based on the user's reputation score. Additionally, a server generates a reputation packet including the reputation score for a user for use by an online service when the user requests the online service to perform a transaction. The online service may authenticate the reputation packet with the server and, if the reputation packet is authenticated, the online service performs the transaction based on the user's reputation score.Type: GrantFiled: July 1, 2011Date of Patent: July 9, 2013Assignee: Microsoft CorporationInventors: Geoffrey John Hulten, Kristofer Noel Iverson, Wei-Quiang Michael Guo
-
Publication number: 20110314540Abstract: Spammers, and other abusers of web services, may be deterred in their attempts to sign up for these services at large scale by making changes to the service registration procedure, where the changes are designed to break the spammer's infrastructure. In one example, a procedure to register for a web service involves presenting a Human Interaction Proof (HIP, or “captcha”) to the user, and gating access to the service upon receipt of a correct solution. If spammers use botnets and/or image capture techniques to initiate registration processes and to transport the HIPs to human or automated solvers, then the registration procedure can be changed in a way that is incompatible with capturing these images, or in a way that is incompatible with receiving HIP solutions from someplace other than the location at which registration was initiated.Type: ApplicationFiled: June 22, 2010Publication date: December 22, 2011Applicant: MICROSOFT CORPORATIONInventors: Ravi Kiran R. Poluri, Weisheng Li, Usman A. Shami, Wei-Quiang Michael Guo
-
Publication number: 20110271329Abstract: A reputation server associates feedback from previous network transactions with an account of a user in a network. A reputation score for the user is calculated based on the feedback to indicate the probability the user will abuse the network. When an online service receives a request to perform a transaction from the user, the online service performs the transaction based on the user's reputation score. Additionally, a server generates a reputation packet including the reputation score for a user for use by an online service when the user requests the online service to perform a transaction. The online service may authenticate the reputation packet with the server and, if the reputation packet is authenticated, the online service performs the transaction based on the user's reputation score.Type: ApplicationFiled: July 1, 2011Publication date: November 3, 2011Applicant: MICROSOFT CORPORATIONInventors: Geoffrey John Hulten, Kristofer Noel Iverson, Wei-Quiang Michael Guo
-
Patent number: 8001582Abstract: A reputation server associates feedback from previous network transactions with an account of a user in a network. A reputation score for the user is calculated based on the feedback to indicate the probability the user will abuse the network. When an online service receives a request to perform a transaction from the user, the online service performs the transaction based on the user's reputation score. Additionally, a server generates a reputation packet including the reputation score for a user for use by an online service when the user requests the online service to perform a transaction. The online service may authenticate the reputation packet with the server and, if the reputation packet is authenticated, the online service performs the transaction based on the user's reputation score.Type: GrantFiled: January 18, 2008Date of Patent: August 16, 2011Assignee: Microsoft CorporationInventors: Geoffrey John Hulten, Kristofer Noel Iverson, Wei-Quiang Michael Guo
-
Publication number: 20110179469Abstract: Providing services within a network of service providers sharing an authentication service and a set of business rules. A central server receives a first request from a first server to provide a first service to a user via a client without forcing the user to present credentials. In response to the received first request, the central server stores data identifying the first service on the client. The central server further receives a second request from a second server to provide a second service to the user via the client after the user presents the credentials to the second service. After receiving the second request and the presented credentials, the central server allows the user access to the second service. In response to allowing the user access to the second service, the central server further allows the user access to the first service as a result of the stored data.Type: ApplicationFiled: March 30, 2011Publication date: July 21, 2011Applicant: MICROSOFT CORPORATIONInventors: Arnold Blinn, Wei-Quiang Michael Guo, Wei Jiang, Raja Pazhanivel Perumal, Iulian D. Calinov
-
Patent number: 7971240Abstract: Exchanging information in a multi-site authentication system. A network server receives, from an authentication server, a request by a client computing device for a service provided by the network server along with an authentication ticket. The authentication ticket includes: a session key encrypted by a public key associated with the network server, message content encrypted by the session key, and a signature for the encrypted session key and the encrypted message content. The signature includes address information of the network server. The network server identifies its own address information in the signature to validate the signature included in the authentication ticket and verifies the authentication ticket content based on the signature included in the authentication ticket. The network server decrypts the encrypted session key via a private key associated with the second network server and decrypts the encrypted message content via the decrypted session key.Type: GrantFiled: April 20, 2009Date of Patent: June 28, 2011Assignee: Microsoft CorporationInventors: Wei-Quiang Michael Guo, John Hal Howard, Kok Wai Chan
-
Publication number: 20110138179Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.Type: ApplicationFiled: February 14, 2011Publication date: June 9, 2011Applicant: Microsoft CorporationInventors: Wei Jiang, Ismail Cem Paya, John D. Whited, Wei-Quiang Michael Guo, Yordan Rouskov, Adam Back
-
Patent number: 7950055Abstract: Providing services within a network of service providers sharing an authentication service and a set of business rules. A central server receives a first request from a first server to provide a first service to a user via a client without forcing the user to present credentials. In response to the received first request, the central server stores data identifying the first service on the client. The central server further receives a second request from a second server to provide a second service to the user via the client after the user presents the credentials to the second service. After receiving the second request and the presented credentials, the central server allows the user access to the second service. In response to allowing the user access to the second service, the central server further allows the user access to the first service as a result of the stored data.Type: GrantFiled: October 19, 2009Date of Patent: May 24, 2011Assignee: Microsoft CorporationInventors: Arnold N. Blinn, Wei-Quiang Michael Guo, Wei Jiang, Raja Pazhanivel Perumal, Iulian D. Calinov
-
Patent number: 7890634Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.Type: GrantFiled: March 18, 2005Date of Patent: February 15, 2011Assignee: Microsoft CorporationInventors: Wei Jiang, Ismail Cem Paya, John D Whited, Wei-Quiang Michael Guo, Yordan Rouskov, Adam Back
-
Patent number: 7810136Abstract: A computerized method and system for routing between network servers. A central database coupled to a central server on a data communication network stores information for identifying locations of a plurality of network servers on the network. Each network server provides at least one service via the network. The central server receives a request from the user for a selected service including a carry through keyword for controlling routing of the user to the selected service. The central server retrieves location information from the central database to identify the location of the network server providing the selected service and attaches the carry through keyword to the retrieved location information. The central server then routes the user with the carry through keyword to the network server, which directs the user to the selected service based on the carry through keyword.Type: GrantFiled: January 10, 2005Date of Patent: October 5, 2010Assignee: Microsoft CorporationInventors: Wei-Quiang Michael Guo, Baskaran Dharmarajan, Ryan W. Battle