Patents by Inventor Yordan Rouskov

Yordan Rouskov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20230379152
    Abstract: Generally discussed herein are devices, systems, and methods for binding with cryptographic key attestation. A method can include generating, by hardware of a device, a device public key and a device private key, based on the device private key, signing a first attestation resulting in a signed first attestation, the first attestation claiming the device private key originated from the hardware, based on the device public key and the signed first attestation, registering the device with a trusted authority, generating, by the hardware, a first application private key and a first application public key, and based on the device private key, signing a second attestation resulting in a signed second attestation, the second attestation claiming the first application private key originated from the hardware, and based on the first application public key and the signed second attestation, registering a first application of the device to a first server.
    Type: Application
    Filed: July 20, 2023
    Publication date: November 23, 2023
    Inventors: Prabagar Ramadasse, Yordan ROUSKOV, Mick HEALY, Gaurav DHAWAN, Venkata Raghuram PAMPANA, Aleksandr TOKAREV, Marc SHEPARD, Ramachandra Ravitej VENNAPUSA
  • Patent number: 11750384
    Abstract: Generally discussed herein are devices, systems, and methods for binding with cryptographic key attestation. A method can include generating, by hardware of a device, a device public key and a device private key, based on the device private key, signing a first attestation resulting in a signed first attestation, the first attestation claiming the device private key originated from the hardware, based on the device public key and the signed first attestation, registering the device with a trusted authority, generating, by the hardware, a first application private key and a first application public key, and based on the device private key, signing a second attestation resulting in a signed second attestation, the second attestation claiming the first application private key originated from the hardware, and based on the first application public key and the signed second attestation, registering a first application of the device to a first server.
    Type: Grant
    Filed: May 27, 2021
    Date of Patent: September 5, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Prabagar Ramadasse, Yordan Rouskov, Mick Healy, Gaurav Dhawan, Venkata Raghuram Pampana, Aleksandr Tokarev, Marc Shepard, Ramachandra Ravitej Vennapusa
  • Publication number: 20220385467
    Abstract: Generally discussed herein are devices, systems, and methods for binding with cryptographic key attestation. A method can include generating, by hardware of a device, a device public key and a device private key, based on the device private key, signing a first attestation resulting in a signed first attestation, the first attestation claiming the device private key originated from the hardware, based on the device public key and the signed first attestation, registering the device with a trusted authority, generating, by the hardware, a first application private key and a first application public key, and based on the device private key, signing a second attestation resulting in a signed second attestation, the second attestation claiming the first application private key originated from the hardware, and based on the first application public key and the signed second attestation, registering a first application of the device to a first server.
    Type: Application
    Filed: May 27, 2021
    Publication date: December 1, 2022
    Inventors: Prabagar Ramadasse, Yordan ROUSKOV, Mick HEALY, Guarav DHAWAN, Venkata Raghuram PAMPANA, Aleksandr TOKAREV, Marc SHEPARD, Ramachandra Ravitej VENNAPUSA
  • Patent number: 10965667
    Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: March 30, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
  • Publication number: 20200112556
    Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.
    Type: Application
    Filed: December 9, 2019
    Publication date: April 9, 2020
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
  • Patent number: 10574750
    Abstract: Network services may include data associated with one or more entities. An aggregator service may host respective application programming interfaces (APIs) of the services at a single endpoint of the network such that the entities, including associations and relationships between entities, may be federated. For example, the services may register the entities of which the data of each of the services is associated with through a declarative entity model to establish an API schema for each of the services, which may be published at the aggregator service. In response to receipt of a request for entity related data from a client, the aggregator service may employ the declarative entity model to determine which of the services are associated with the entity related data such that a query may be submitted to the services, and how to aggregate responses to the query received from the services for transmission to the client.
    Type: Grant
    Filed: September 1, 2015
    Date of Patent: February 25, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yina Arenas, Dmitry Pugachev, Robert Howard, Sriram Dhanasekaran, Marek Rycharski, Vijaya Manohararaj, Daniel Kershaw, James Kleewein, Anthony Bloesch, Titus Miron, Vikrant Arora, Murli Satagopan, Jon Rosenberg, Yordan Rouskov
  • Patent number: 10505926
    Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.
    Type: Grant
    Filed: July 20, 2018
    Date of Patent: December 10, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
  • Patent number: 10333711
    Abstract: A device operated by a user may store an object to which access is to be regulated, which may be achieved by encrypting the object with an encryption key and sending the key to a server having a key store. When a user of the device requests access to the object, the server may authenticate the user (e.g., according to a credential submitted by the user) and verify a trust identifier of the device (e.g., authorization to access the object through the device, and/or the integrity of the device), before sending to the device a ticket granting access to the key. The device may send the ticket to the server, receive the key from the server, decrypt the stored encrypted object, and provide the object to the user. This mechanism promotes rapid access upon request and efficient use of the server, and enables remote revocation of access.
    Type: Grant
    Filed: June 17, 2011
    Date of Patent: June 25, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Eric Fleischman, Tarek Kamel, Yordan Rouskov
  • Patent number: 10142107
    Abstract: Binding a security token to a client token binder, such as a trusted platform module, is provided. A bound security token can only be used on the client on which it was obtained. A secret binding key (kbind) is established between the client and an STS. The client derives a key (kmac) from kbind, signs a security token request with kmac, and instructs the STS to bind the requested security token to kbind. The STS validates the request by deriving kmac using a client-provided nonce and kbind to MAC the message and compare the MAC values. If the request is validated, the STS generates a response comprising the requested security token, derives two keys from kbind: one to sign the response and one to encrypt the response, and sends the response to the client. Only a device comprising kbind is enabled to use the bound security token, providing increased security.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: November 27, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Adrian Frei, Tarek B. Kamel, Guruprasad B. Aphale, Sankara Narayanan Venkataraman, Xiaohong Su, Yordan Rouskov, Vijay G. Bharadwaj
  • Publication number: 20180332026
    Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.
    Type: Application
    Filed: July 20, 2018
    Publication date: November 15, 2018
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
  • Patent number: 10104071
    Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.
    Type: Grant
    Filed: November 29, 2017
    Date of Patent: October 16, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ariel Gordon, Samuel Devasahayam, Lu Zhao, Yordan Rouskov, Parmeshwar Miguel Sequeira Arewar, Venkatesh Gopalakrishnan, Sarat Chandra Subramaniam, Titus Constantin Miron
  • Patent number: 10033731
    Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.
    Type: Grant
    Filed: July 31, 2017
    Date of Patent: July 24, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
  • Publication number: 20180139200
    Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.
    Type: Application
    Filed: November 29, 2017
    Publication date: May 17, 2018
    Inventors: Ariel Gordon, Samuel Devasahayam, Lu Zhao, Yordan Rouskov, Parmeshwar Miguel Sequeira Arewar, Venkatesh Gopalakrishnan, Sarat Chandra Subramaniam, Titus Constantin Miron
  • Patent number: 9935936
    Abstract: A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm.
    Type: Grant
    Filed: June 27, 2017
    Date of Patent: April 3, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Wei-Qiang Guo, Lynn Ayres, Rui Chen, Sarah Faulkner, Yordan Rouskov
  • Patent number: 9843577
    Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.
    Type: Grant
    Filed: November 30, 2016
    Date of Patent: December 12, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ariel Gordon, Samuel Devasahayam, Lu Zhao, Yordan Rouskov, Parmeshwar Miguel Sequeira Arewar, Venkatesh Gopalakrishnan, Sarat Chandra Subramaniam, Titus Constantin Miron
  • Publication number: 20170331811
    Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.
    Type: Application
    Filed: July 31, 2017
    Publication date: November 16, 2017
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
  • Publication number: 20170295166
    Abstract: A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm.
    Type: Application
    Filed: June 27, 2017
    Publication date: October 12, 2017
    Inventors: Wei-Qiang Guo, Lynn Ayres, Rui Chen, Sarah Faulkner, Yordan Rouskov
  • Patent number: 9749313
    Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: August 29, 2017
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
  • Patent number: 9735964
    Abstract: A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm.
    Type: Grant
    Filed: June 19, 2008
    Date of Patent: August 15, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Wei-Qiang Guo, Lynn Ayres, Rui Chen, Sarah Faulkner, Yordan Rouskov
  • Publication number: 20170195121
    Abstract: Binding a security token to a client token binder, such as a trusted platform module, is provided. A bound security token can only be used on the client on which it was obtained. A secret binding key (kbind) is established between the client and an STS. The client derives a key (kmac) from kbind, signs a security token request with kmac, and instructs the STS to bind the requested security token to kbind. The STS validates the request by deriving kmac using a client-provided nonce and kbind to MAC the message and compare the MAC values. If the request is validated, the STS generates a response comprising the requested security token, derives two keys from kbind: one to sign the response and one to encrypt the response, and sends the response to the client. Only a device comprising kbind is enabled to use the bound security token, providing increased security.
    Type: Application
    Filed: December 31, 2015
    Publication date: July 6, 2017
    Applicant: Microsoft Technology Licensing, LLC.
    Inventors: Adrian Frei, Tarek B. Kamel, Guruprasad B. Aphale, Sankara Narayanan Venkataraman, Xiaohong Su, Yordan Rouskov, Vijay G. Bharadwaj