Patents by Inventor Yordan Rouskov
Yordan Rouskov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20110138179Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.Type: ApplicationFiled: February 14, 2011Publication date: June 9, 2011Applicant: Microsoft CorporationInventors: Wei Jiang, Ismail Cem Paya, John D. Whited, Wei-Quiang Michael Guo, Yordan Rouskov, Adam Back
-
Publication number: 20110078448Abstract: An integrated authentication service is described which may receive a bundled request from one or more clients. One or more of the described techniques may be utilized to provide, in response to a single bundled request, a token for proof of identity and a certificate for establishing secure communications.Type: ApplicationFiled: December 10, 2010Publication date: March 31, 2011Applicant: Microsoft CorporationInventors: Trevin Chow, Winfred Wong, Yordan Rouskov, Kok Wai Chan, Wei Jiang, Colin Chow, Sanjeev Nagvekar, Matt Sullivan, Kalyan Sayyaparaju, Dilip Pai, Avinash Belur
-
Patent number: 7890634Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.Type: GrantFiled: March 18, 2005Date of Patent: February 15, 2011Assignee: Microsoft CorporationInventors: Wei Jiang, Ismail Cem Paya, John D Whited, Wei-Quiang Michael Guo, Yordan Rouskov, Adam Back
-
Patent number: 7853995Abstract: An integrated authentication service is described which may receive a bundled request from one or more clients. One or more of the described techniques may be utilized to provide, in response to a single bundled request, a token for proof of identity and a certificate for establishing secure communications.Type: GrantFiled: November 18, 2005Date of Patent: December 14, 2010Assignee: Microsoft CorporationInventors: Trevin Chow, Winfred Wong, Yordan Rouskov, Kok Wai Chan, Wei Jiang, Colin Chow, Sanjeev Nagvekar, Matt Sullivan, Dilip Pai, Kalyan Sayyaparaju, Avinash Belur
-
Patent number: 7698735Abstract: A method and system for using an Internet client's local authentication mechanism in systems having updated browser code, so as to enable third party authentication according to an authentication scheme specified by a participating server on clients with updated browser code, while not breaking clients with legacy browser code. A redirect response from a server has authentication data added thereto such that updated browser code can detect the data's presence and enable the use of local security mechanisms for authentication purposes with the server-specified authentication scheme, including local credential entry for verification at a third party login server. At the same time, if such a redirect response is received by prior browser code, the added data is ignored while conventional redirection occurs, such that third party authentication may be performed via redirection to a third party's Internet page that provides a form for credential entry.Type: GrantFiled: April 24, 2006Date of Patent: April 13, 2010Assignee: Microsoft CorporationInventors: Rajeev Dujari, Biao Wang, John M. Hawkins, Yordan Rouskov, Samim Erdogan
-
Publication number: 20090320114Abstract: A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm.Type: ApplicationFiled: June 19, 2008Publication date: December 24, 2009Applicant: MICROSOFT CORPORATIONInventors: Wei-Qiang Guo, Lynn Ayres, Rui Chen, Sarah Faulkner, Yordan Rouskov
-
Publication number: 20090320116Abstract: A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm.Type: ApplicationFiled: June 19, 2008Publication date: December 24, 2009Applicant: Microsoft CorporationInventors: Wei-Qiang Guo, Lynn Ayres, Rui Chen, Sarah Faulkner, Yordan Rouskov
-
Publication number: 20090300168Abstract: A device identifier (ID) is used across enterprise boundaries. A user can use the device ID to publish a device for sharing with other remote users. The remote users can discover devices that are shared by other users based on device IDs, connect to a selected device, and then verify that they have connected to the correct device based on its device ID. An account authority service may be used to manage the publication and/or discovery of the shared devices and their device IDs.Type: ApplicationFiled: June 2, 2008Publication date: December 3, 2009Applicant: MICROSOFT CORPORATIONInventors: Wei-Qiang (Michael) Guo, Vaishali De, Rui Chen, Yordan Rouskov, Vikas Rajvanshy
-
Publication number: 20090254978Abstract: Embodiments of the claimed subject matter provide a method and an apparatus for enabling delegated authentication for web services. Delegated authentication is provided without divulging the information the user requires to complete an authorization procedure of another web service or otherwise subjecting the user to unnecessary risk. Furthermore, delegated authentication is granted for a limited duration and access is subject to further limitations to prevent unnecessary intrusion to the user, the user's data, and the host web service. One embodiment of the claimed subject matter is implemented as a method for enabling delegated authentication to allow a third party service access to protected data on a host service. A user attempting to utilize functionality of a third party website that requests access to the user's data stored on a separate host website is enabled as a delegate with authorization to access the data stored on the host website.Type: ApplicationFiled: April 2, 2008Publication date: October 8, 2009Applicant: MICROSOFT CORPORATIONInventors: Yordan Rouskov, Michael Guo, Rui Chen, Kyle Young
-
Publication number: 20070245414Abstract: Embodiments of proxy authentication and indirect certificate chaining are described herein. In an implementation, authentication for a client occurs via a proxy service. Proxy service communicates between client and server, and caches security tokens on behalf of the client. In an implementation, trustworthiness of certificate presented to a client to establish trust is determined utilizing a signed data package which incorporates a plurality of known certificates. The presented certificate is verified without utilizing root certificates installed on the client device.Type: ApplicationFiled: April 14, 2006Publication date: October 18, 2007Applicant: Microsoft CorporationInventors: Kok Chan, Colin Chow, Trevin Chow, Lin Huang, Naresh Jain, Wei Jiang, Yordan Rouskov, Pui-Yin Wong, Ismail Paya, Ryan Hurst
-
Publication number: 20070226785Abstract: Embodiments of multiple security token transactions are described herein. One or more of the described techniques may be utilized to provide, in a single request and response, an authentication token and a plurality security tokens for proof of identity at respective service providers.Type: ApplicationFiled: March 23, 2006Publication date: September 27, 2007Applicant: Microsoft CorporationInventors: Trevin Chow, Colin Chow, Pui-Yin Wong, Dilip Pai, Sanjeev Nagvekar, Wei Jiang, Yordan Rouskov
-
Publication number: 20070118875Abstract: An integrated authentication service is described which may receive a bundled request from one or more clients. One or more of the described techniques may be utilized to provide, in response to a single bundled request, a token for proof of identity and a certificate for establishing secure communications.Type: ApplicationFiled: November 18, 2005Publication date: May 24, 2007Applicant: Microsoft CorporationInventors: Trevin Chow, Winfred Wong, Yordan Rouskov, Kok Chan, Wei Jiang, Colin Chow, Sanjeev Nagvekar, Matt Sullivan, Kalyan Sayyaparaju, Dilip Pai, Avinash Belur
-
Publication number: 20070118530Abstract: Software updates are described. In an implementation, a method includes forming an authentication request to be communicated to an authentication service over a network that includes a version identifier of at least one application module of a client. A response is received to the authentication request which includes an indication of whether an update is available for the at least one application module and a token that verifies the authentication.Type: ApplicationFiled: November 18, 2005Publication date: May 24, 2007Applicant: Microsoft CorporationInventors: Trevin Chow, Asim Memon, Dilip Pai, Naresh Jain, Wei Jiang, Yordan Rouskov
-
Patent number: 7191467Abstract: A method and system for using an Internet client's local authentication mechanism in systems having updated browser code, so as to enable third party authentication according to an authentication scheme specified by a participating server on clients with updated browser code, while not breaking clients with legacy browser code. A redirect response from a server has authentication data added thereto such that updated browser code can detect the data's presence and enable the use of local security mechanisms for authentication purposes with the server-specified authentication scheme, including local credential entry for verification at a third party login server. At the same time, if such a redirect response is received by prior browser code, the added data is ignored while conventional redirection occurs, such that third party authentication may be performed via redirection to a third party's Internet page that provides a form for credential entry.Type: GrantFiled: March 15, 2002Date of Patent: March 13, 2007Assignee: Microsoft CorporationInventors: Rajeev Dujari, Biao Wang, John M. Hawkins, Yordan Rouskov, Samim Erdogan
-
Publication number: 20060212706Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.Type: ApplicationFiled: March 18, 2005Publication date: September 21, 2006Applicant: Microsoft CorporationInventors: Wei Jiang, Ismail Paya, John Whited, Wei-Quiang Guo, Yordan Rouskov, Adam Back
-
Publication number: 20060185021Abstract: A method and system for using an Internet client's local authentication mechanism in systems having updated browser code, so as to enable third party authentication according to an authentication scheme specified by a participating server on clients with updated browser code, while not breaking clients with legacy browser code. A redirect response from a server has authentication data added thereto such that updated browser code can detect the data's presence and enable the use of local security mechanisms for authentication purposes with the server-specified authentication scheme, including local credential entry for verification at a third party login server. At the same time, if such a redirect response is received by prior browser code, the added data is ignored while conventional redirection occurs, such that third party authentication may be performed via redirection to a third party's Internet page that provides a form for credential entry.Type: ApplicationFiled: April 24, 2006Publication date: August 17, 2006Applicant: Microsoft CorporationInventors: Rajeev Dujari, Biao Wang, John Hawkins, Yordan Rouskov, Samim Erdogan
-
Publication number: 20040230831Abstract: A system provides single sign-on capabilities for accessing a Web application through a passive client across multiple realms within a federation. A federation refers to different organizations or realms that have employed agreements, standards, and/or cooperative technologies to make user identity and entitlements portable between the organizations. Communications are redirected through a client in one realm to obtain a security token that can allow the resource server in the other realm to authenticate the user for access to the Web application.Type: ApplicationFiled: May 12, 2003Publication date: November 18, 2004Applicant: MICROSOFT CORPORATIONInventors: Jeffrey F. Spelman, Yordan Rouskov, Brendan W. Dixon, Matthew Hur, Josh Thomas Gray, Michael S. Dusche, Ryan D. Johnson, John Kahren Tevosyan