Patents by Inventor Yordan Rouskov
Yordan Rouskov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9699180Abstract: Providing access to a cloud service includes a system receiving an application request to access a cloud service. In response, the system sends an identity provider (IP) a token request, comprising an application identifier (ID), an operating system (OS) cloud credential associated with login credentials of a user of an OS hosting the application, and a cloud service ID of the cloud service. Based on sending the token request, and on the IP authenticating the user and verifying the application ID is valid, the system receives a token from the IP. The token, which is signed with an IP signature, comprises the cloud service ID, the application ID, and a user assigned ID associated with the cloud service. The system provides the token to the application for submission to a cloud service provider for access, and obtains cloud service access based on the cloud service provider validating the IP signature.Type: GrantFiled: July 26, 2016Date of Patent: July 4, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Allan Edwin Wetter, Adrian Frei, Peter M. Tsang, Yordan Rouskov
-
Publication number: 20170085553Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.Type: ApplicationFiled: November 30, 2016Publication date: March 23, 2017Inventors: Ariel Gordon, Samuel Devasahayam, Lu Zhao, Yordan Rouskov, Parmeshwar Miguel Sequeira Arewar, Venkatesh Gopalakrishnan, Sarat Chandra Subramaniam, Titus Constantin Miron
-
Publication number: 20170054712Abstract: One or more techniques and/or systems are provided for obtaining access to a cloud service. In particular, a user may log into a client device using an operating system (OS) cloud login ID. The user may access cloud services (e.g., a music streaming service, a data storage service, etc.) through applications executing on the client device using merely the OS cloud login ID without providing additional login credentials specific to the cloud services. A client side application may request a token to access a cloud service. The token may be generated by an identity provider based upon the identity provider verifying an application ID identifying the application, a cloud service ID identifying the cloud service and/or OS cloud credentials. In this way, the application may present the token to a cloud service provider for verification to gain access to the cloud service hosted by the cloud service provider.Type: ApplicationFiled: July 26, 2016Publication date: February 23, 2017Inventors: Allan Edwin Wetter, Adrian Frei, Peter M. Tsang, Yordan Rouskov
-
Patent number: 9537851Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.Type: GrantFiled: August 6, 2014Date of Patent: January 3, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Ariel Gordon, Samuel Devasahayam, Lu Zhao, Yordan Rouskov, Parmeshwar Arewar, Venkatesh Gopalakrishnan, Sarat Chandra Subramaniam, Titus Constantin Miron
-
Publication number: 20160316016Abstract: Network services may include data associated with one or more entities. An aggregator service may host respective application programming interfaces (APIs) of the services at a single endpoint of the network such that the entities, including associations and relationships between entities, may be federated. For example, the services may register the entities of which the data of each of the services is associated with through a declarative entity model to establish an API schema for each of the services, which may be published at the aggregator service. In response to receipt of a request for entity related data from a client, the aggregator service may employ the declarative entity model to determine which of the services are associated with the entity related data such that a query may be submitted to the services, and how to aggregate responses to the query received from the services for transmission to the client.Type: ApplicationFiled: September 1, 2015Publication date: October 27, 2016Inventors: Yina Arenas, Dmitry Pugachev, Robert Howard, Sriram Dhanasekaran, Marek Rycharski, Vijaya Manohararaj, Daniel Kershaw, James Kleewein, Anthony Bloesch, Titus Miron, Vikrant Arora, Murli Satagopan, Jon Rosenberg, Yordan Rouskov
-
Patent number: 9418216Abstract: One or more techniques and/or systems are provided for obtaining access to a cloud service. In particular, a user may log into a client device using an operating system (OS) cloud login ID. The user may access cloud services (e.g., a music streaming service, a data storage service, etc.) through applications executing on the client device using merely the OS cloud login ID without providing additional login credentials specific to the cloud services. A client side application may request a token to access a cloud service. The token may be generated by an identity provider based upon the identity provider verifying an application ID identifying the application, a cloud service ID identifying the cloud service and/or OS cloud credentials. In this way, the application may present the token to a cloud service provider for verification to gain access to the cloud service hosted by the cloud service provider.Type: GrantFiled: July 21, 2011Date of Patent: August 16, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Allan Edwin Wetter, Adrian Frei, Peter M. Tsang, Yordan Rouskov
-
Publication number: 20160044011Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.Type: ApplicationFiled: August 6, 2014Publication date: February 11, 2016Inventors: Ariel Gordon, Samuel Devasahayam, Lu Zhao, Yordan Rouskov, Parmeshwar Arewar, Venkatesh Gopalakrishnan, Sarat Chandra Subramaniam, Titus Constantin Miron
-
Publication number: 20160021095Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.Type: ApplicationFiled: September 30, 2015Publication date: January 21, 2016Applicant: Microsoft Technology Licensing, LLCInventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
-
Patent number: 9177125Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.Type: GrantFiled: July 6, 2011Date of Patent: November 3, 2015Assignee: Microsoft Technology Licensing, LLCInventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
-
Patent number: 8800003Abstract: An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service.Type: GrantFiled: June 17, 2011Date of Patent: August 5, 2014Assignee: Microsoft CorporationInventors: Wei-Qiang (Michael) Guo, Yordan Rouskov, Rui Chen, Pui-Yin Winfred Wong
-
Patent number: 8626929Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.Type: GrantFiled: February 14, 2011Date of Patent: January 7, 2014Assignee: Microsoft CorporationInventors: Wei Jiang, Ismail Cem Paya, John D. Whited, Wei-Quiang Michael Guo, Yordan Rouskov, Adam Back
-
Patent number: 8544074Abstract: A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm.Type: GrantFiled: June 19, 2008Date of Patent: September 24, 2013Assignee: Microsoft CorporationInventors: Wei-Qiang Guo, Lynn Ayres, Rui Chen, Sarah Faulkner, Yordan Rouskov
-
Patent number: 8402508Abstract: Embodiments of the claimed subject matter provide a method and an apparatus for enabling delegated authentication for web services. Delegated authentication is provided without divulging the information the user requires to complete an authorization procedure of another web service or otherwise subjecting the user to unnecessary risk. Furthermore, delegated authentication is granted for a limited duration and access is subject to further limitations to prevent unnecessary intrusion to the user, the user's data, and the host web service. One embodiment of the claimed subject matter is implemented as a method for enabling delegated authentication to allow a third party service access to protected data on a host service. A user attempting to utilize functionality of a third party website that requests access to the user's data stored on a separate host website is enabled as a delegate with authorization to access the data stored on the host website.Type: GrantFiled: April 2, 2008Date of Patent: March 19, 2013Assignee: Microsoft CorporationInventors: Yordan Rouskov, Michael Guo, Rui Chen, Kyle Young
-
Publication number: 20130024919Abstract: One or more techniques and/or systems are provided for obtaining access to a cloud service. In particular, a user may log into a client device using an operating system (OS) cloud login ID. The user may access cloud services (e.g., a music streaming service, a data storage service, etc.) through applications executing on the client device using merely the OS cloud login ID without providing additional login credentials specific to the cloud services. A client side application may request a token to access a cloud service. The token may be generated by an identity provider based upon the identity provider verifying an application ID identifying the application, a cloud service ID identifying the cloud service and/or OS cloud credentials. In this way, the application may present the token to a cloud service provider for verification to gain access to the cloud service hosted by the cloud service provider.Type: ApplicationFiled: July 21, 2011Publication date: January 24, 2013Applicant: Microsoft CorporationInventors: Allan Edwin Wetter, Adrian Frei, Peter M. Tsang, Yordan Rouskov
-
Publication number: 20120321087Abstract: A device operated by a user may store an object to which access is to be regulated, which may be achieved by encrypting the object with an encryption key and sending the key to a server having a key store. When a user of the device requests access to the object, the server may authenticate the user (e.g., according to a credential submitted by the user) and verify a trust identifier of the device (e.g., authorization to access the object through the device, and/or the integrity of the device), before sending to the device a ticket granting access to the key. The device may send the ticket to the server, receive the key from the server, decrypt the stored encrypted object, and provide the object to the user. This mechanism promotes rapid access upon request and efficient use of the server, and enables remote revocation of access.Type: ApplicationFiled: June 17, 2011Publication date: December 20, 2012Applicant: Microsoft CorporationInventors: Eric Fleischman, Tarek Kamel, Yordan Rouskov
-
Publication number: 20120304260Abstract: In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 180 may receive a user login attempt by a user and a current location of the user login attempt. A data storage 150 may store a user location profile of the user. A processor 120 may execute a comparison of the current location to the user location profile. The communication interface 180 may present the user with an enhanced identity challenge before allowing user access based on the comparison.Type: ApplicationFiled: July 6, 2011Publication date: November 29, 2012Applicant: Microsoft CorporationInventors: David Steeves, Luke Abrams, Hersh Dangayach, Eric Fleischman, Prabu Raju, Krishna Vitaldevara, Niyantha Shekar, Payoj Baral, Meenakshi Ramaswamy, Winfred Wong, Yordan Rouskov, Ramesh Manne
-
Patent number: 8209394Abstract: A device identifier (ID) is used across enterprise boundaries. A user can use the device ID to publish a device for sharing with other remote users. The remote users can discover devices that are shared by other users based on device IDs, connect to a selected device, and then verify that they have connected to the correct device based on its device ID. An account authority service may be used to manage the publication and/or discovery of the shared devices and their device IDs.Type: GrantFiled: June 2, 2008Date of Patent: June 26, 2012Assignee: Microsoft CorporationInventors: Wei-Qiang Guo, Vaishali De, Rui Chen, Yordan Rouskov, Vikas Rajvanshy
-
Patent number: 8108920Abstract: A system provides single sign-on capabilities for accessing a Web application through a passive client across multiple realms within a federation. A federation refers to different organizations or realms that have employed agreements, standards, and/or cooperative technologies to make user identity and entitlements portable between the organizations. Communications are redirected through a client in one realm to obtain a security token that can allow the resource server in the other realm to authenticate the user for access to the Web application.Type: GrantFiled: May 12, 2003Date of Patent: January 31, 2012Assignee: Microsoft CorporationInventors: Jeffrey F. Spelman, Yordan Rouskov, Brendan W. Dixon, Matthew Hur, Josh Thomas Gray, Michael S. Dusche, Ryan D. Johnson, John Kahren Tevosyan
-
Publication number: 20110247055Abstract: An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service.Type: ApplicationFiled: June 17, 2011Publication date: October 6, 2011Applicant: Microsoft CorporationInventors: Wei-Qiang Michael Guo, Yordan Rouskov, Rui Chen, Pui-Yin Winfred Wong
-
Patent number: 7979899Abstract: An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service.Type: GrantFiled: June 2, 2008Date of Patent: July 12, 2011Assignee: Microsoft CorporationInventors: Wei-Qiang (Michael) Guo, Yordan Rouskov, Rui Chen, Pui-Yin Winfred Wong