公开(公告)号：US12126628B2

公开(公告)日：2024-10-22

申请号：US17668367

申请日：2022-02-09

申请人： Microsoft Technology Licensing, LLC

发明人： Abhijeet Kumar Sinha ,  Caleb Geoffrey Baker ,  Stuart Kwan ,  Zhifeng Wang ,  Adam Edwards ,  William Bruce Barr, III ,  Arturo Huato Lucatero ,  Christopher Adam Brooks ,  Carlos Adrian Lopez Castro

IPC分类号： H04L9/40

CPC分类号： H04L63/107 ,  H04L63/0272 ,  H04L63/20

摘要： Generally discussed herein are devices, systems, and methods for adaptive authorization using a local route as a named location. A method can include defining a local route and a corresponding local route endpoint, associating a compute resource as a destination of the local route endpoint, defining an adaptive authorization policy that limits access to the compute resource to be through the local route endpoint, and enforcing access to the compute resource based on the defined adaptive authorization policy.

公开(公告)号：US11627138B2

公开(公告)日：2023-04-11

申请号：US16670878

申请日：2019-10-31

申请人： MICROSOFT TECHNOLOGY LICENSING, LLC

发明人： Violet Anna Barhudarian ,  Jiangfeng Lu ,  Caleb Geoffrey Baker ,  Oren Jordan Melzer ,  Anirban Basu ,  Yordan Ivanov Rouskov ,  William Bruce Barr, III ,  Radhika Kashyap

IPC分类号： H04L29/06 ,  H04L9/40 ,  G06Q10/063 ,  H04L9/32

摘要： A computing system configured to support entities having the ability to indicate capability information for capabilities of the entities is illustrated. Embodiments may include an identity provider computer system comprising at least one processor. The identity provider computer system is configured to receive requests for access tokens from entities. The requests include capability information for the entities. The identity provider computer system is further configured to provide access tokens to the entities which include the capability information. The computing system further includes a resource provider computer system comprising at least one processor configured to receive resource requests and access tokens from entities. The access tokens include the capability information. The resource providers are further configured to provide responses to the entities according to the capability information.

公开(公告)号：US11349844B2

公开(公告)日：2022-05-31

申请号：US16670563

申请日：2019-10-31

申请人： MICROSOFT TECHNOLOGY LICENSING, LLC

发明人： Violet Anna Barhudarian ,  Jiangfeng Lu ,  Caleb Geoffrey Baker ,  Oren Jordan Melzer ,  Anirban Basu ,  Chandra Sekhar Surapaneni ,  Nitika Gupta ,  Murli Dharan Satagopan

IPC分类号： H04L9/40

摘要： Managing an authenticated user session. A method includes a resource provider computer system subscribing to a conditional access termination service for an entity configured to obtain resources from the resource provider computer system through a user session. The resource provider computer system receives an event, related to resource requests, for the entity from the conditional access termination service. The resource provider computer system receives a request for resources from the entity. The resource provider computer system evaluates the request with respect to the event. The resource provider computer system responds to the request based on evaluating the request with respect to the event.

公开(公告)号：US11902327B2

公开(公告)日：2024-02-13

申请号：US16735670

申请日：2020-01-06

申请人： Microsoft Technology Licensing, LLC

发明人： Daniel Edward Lee Wood ,  Caleb Geoffrey Baker ,  Sarat Subramaniam ,  Etan Micah Basseri ,  Carlos Adrian Lopez Castro ,  Sandra Jiang ,  Dilesh Dhokia ,  Jessica Tian-Hueih Lin ,  Pui Yin Winfred Wong ,  Robyn Nicole Hicock

IPC分类号： H04L9/40 ,  G06F21/57 ,  G06F21/60 ,  G06F21/62 ,  G06F9/54

CPC分类号： H04L63/20 ,  G06F21/57 ,  G06F21/604 ,  G06F21/6218 ,  H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L63/1408 ,  G06F9/54

摘要： Techniques are described herein that are capable of evaluating a result of enforcement of access control policies instead of enforcing the access control policies. For instance, a result of enforcement of an access control policy with regard to sign-in processes is evaluated instead of enforcing the access control policy with regard to the sign-in processes. The evaluation includes monitoring access requests that are received during the sign-in processes. Each access request requests access to a resource. The evaluation further includes comparing attributes of each access request against the access control policy that specifies criteria that are to be satisfied as a prerequisite to granting access to the resource to which access is requested by the respective access request. Metadata associated with the sign-in processes is generated instead of enforcing the access control policy with regard to the sign-in processes.

公开(公告)号：US11296881B2

公开(公告)日：2022-04-05

申请号：US16668373

申请日：2019-10-30

申请人： MICROSOFT TECHNOLOGY LICENSING, LLC

发明人： Violet Anna Barhudarian ,  Jiangfeng Lu ,  Caleb Geoffrey Baker ,  Oren Jordan Melzer ,  Anirban Basu ,  Praveen Erode Murugesan

IPC分类号： H04L9/32 ,  H04L9/08

摘要： An embodiment disclosed herein is related to computing systems and method for a computing system to generate an access token that includes an IP address from a request. In the embodiment, a request is received for access to one secured data items. The request may include user credentials that specify that a user making the request is permitted to access the secured data items. The user credentials are validated and an Internet Protocol (IP) address that the request was sent from is determined. An access token is generated that includes the IP address that the request was sent from.

公开(公告)号：US20210211470A1

公开(公告)日：2021-07-08

申请号：US16735670

申请日：2020-01-06

申请人： Microsoft Technology Licensing, LLC

发明人： Daniel Edward Lee Wood ,  Caleb Geoffrey Baker ,  Sarat Subramaniam ,  Etan Micah Basseri ,  Carlos Adrian Lopez Castro ,  Sandra Jiang ,  Dilesh Dhokia ,  Jessica Tian-Hueih Lin ,  Pui Yin Winfred Wong ,  Robyn Nicole Hicock

IPC分类号： H04L29/06

摘要： Techniques are described herein that are capable of evaluating a result of enforcement of access control policies instead of enforcing the access control policies. For instance, a result of enforcement of an access control policy with regard to sign-in processes is evaluated instead of enforcing the access control policy with regard to the sign-in processes. The evaluation includes monitoring access requests that are received during the sign-in processes. Each access request requests access to a resource. The evaluation further includes comparing attributes of each access request against the access control policy that specifies criteria that are to be satisfied as a prerequisite to granting access to the resource to which access is requested by the respective access request. Metadata associated with the sign-in processes is generated instead of enforcing the access control policy with regard to the sign-in processes.

公开(公告)号：US20210135869A1

公开(公告)日：2021-05-06

申请号：US16668373

申请日：2019-10-30

申请人： MICROSOFT TECHNOLOGY LICENSING, LLC

发明人： Violet Anna Barhudarian ,  Jiangfeng Lu ,  Caleb Geoffrey Baker ,  Oren Jordan Melzer ,  Anirban Basu ,  Praveen Erode Murugesan

IPC分类号： H04L9/32 ,  H04L9/08

摘要： An embodiment disclosed herein is related to computing systems and method for a computing system to generate an access token that includes an IP address from a request. In the embodiment, a request is received for access to one secured data items. The request may include user credentials that specify that a user making the request is permitted to access the secured data items. The user credentials are validated and an Internet Protocol (IP) address that the request was sent from is determined. An access token is generated that includes the IP address that the request was sent from.