Daniel W Hitchcock

US Patent:

8074264, Dec 6, 2011

Filed:

Apr 16, 2008

Appl. No.:

12/104425

Inventors:

Daniel W. Hitchcock - Bothell WA, US
Siddharth Bhai - Redmond WA, US
Nathan D. Muggli - Kirkland WA, US
Brian W. Puhl - Redmond WA, US
Lee F. Walker - Christiansburg VA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/32
H04L 9/00
G06F 17/30

US Classification:

726 7, 726 3, 726 4, 726 5, 726 6, 713155, 713156, 713157, 713158

Abstract:

A server may bridge between a wide area network, such as the Internet, and a local area network and may process authentication requests from clients on the wide area network. The server may filter the requests to enable specific types of requests to pass, and may forward the requests to a credential server within the local area network and pass any responses back to the client. The server may be configured with some or all of a set of domain services objects, but such objects may be stored in a read only format. The server may further contain a minimum of or no sensitive data such that, if compromised, an attacker may gain little advantage. The client may request evidence of authentication available to devices within the local area network and may use the evidence of authentication to access services made available to the wide area network.

US Patent:

8621209, Dec 31, 2013

Filed:

Oct 19, 2011

Appl. No.:

13/277026

Inventors:

Jesper M. Johansson - Redmond WA, US
Darren E. Canavor - Redmond WA, US
Daniel W. Hitchcock - Bothell WA, US

Assignee:

Amazon Technologies, Inc. - Reno NV

International Classification:

H04L 29/06
H04L 9/32
G06F 7/04

US Classification:

713166, 713155, 713165, 713170, 726 2, 726 27

Abstract:

Disclosed are various embodiments that perform confidence-based authentication of a user. An identification of a user account is obtained from a user, and a minimum confidence threshold is determined. Multiple authentication questions are presented to the user, where the authentication questions are determined based at least in part on stored transaction information associated with the user account. Answers are obtained from the user to a subset of the questions, with each answer having a corresponding authentication point value. A confidence score is generated for the user, where the confidence score is increased by the respective authentication point values of the correct answers. Access by the user to a resource associated with the user account is authorized in response to determining that the confidence score meets the minimum confidence threshold.

US Patent:

20050240996, Oct 27, 2005

Filed:

Apr 23, 2004

Appl. No.:

10/830741

Inventors:

Daniel Hitchcock - Bothell WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L009/00
H04L009/32
G06F011/30
G06F012/14

US Classification:

726017000

Abstract:

A method and system for managing security information for a domain of computer systems is provided. The security system displays security information for a selected security object, such as a user or a computer system. The security system initially retrieves security information that includes security specifications that each has the identification of an entity, a resource, and an access right for the selected security object. The security system then displays an identification of the entity and the resource along with the access right for each security specification. When the security information is stored in a security store (i.e., the main security store) by resource and, for each resource, the entities that have access rights to that resource, the security system may use an auxiliary security store to facilitate the retrieval of the security information.

US Patent:

20120072716, Mar 22, 2012

Filed:

Sep 16, 2010

Appl. No.:

12/883414

Inventors:

Jason Xiaodong Hu - Renton WA, US
Daniel W. Hitchcock - Bothell WA, US
Gregory Kostal - Kirkland WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/00
G06F 12/14

US Classification:

713156, 713189

Abstract:

Implementing a data protection service. One method includes receiving a request to provision a first tenant among a plurality of tenants managed by a single data protection service. A tenant is defined as an entity among a plurality of entities. A single data protection service provides data protection services to all tenants in the plurality of tenants. A first encryption key used to decrypt the first tenant's data at the data store is stored. The first encryption key is specific to the first tenant and thus cannot be used to decrypt other tenants' data at the data store from among the plurality of tenants. Rather each tenant in the plurality of tenants is associated with an encryption key, not usable by other tenants, used at the data store to decrypt data on a tenant and corresponding key basis.

US Patent:

20130151419, Jun 13, 2013

Filed:

Feb 14, 2012

Appl. No.:

13/372822

Inventors:

Daniel W. Hitchcock - Bothell WA, US
Darren E. Canavor - Redmond WA, US
Harsha Ramalingam - Kirkland WA, US
Robert Hanson - Seattle WA, US
Brad Lee Campbell - Seattle WA, US

International Classification:

G06Q 30/06
H04L 9/32

US Classification:

705 75, 705 2641

Abstract:

Validation data, such as an image selected by a merchant, is rendered on a mobile device of a customer to provide the merchant confirmation that payment for an item submitted through the mobile device of the customer was in fact received by the merchant. The merchant may establish an account on a network-accessible computing device (e.g., in the “cloud”) that includes the validation data. The customer authorizes payment to the merchant from the mobile device using the network connectivity of the mobile device. When the payment is received by the merchant, the network-accessible computing device sends the validation data to the customer's mobile device. The merchant may be confident that he or she has in fact received an electronic payment from the customer when the validation data is presented on the mobile device. Techniques to prevent reuse and copying of the validation data are also discussed.

US Patent:

20130198818, Aug 1, 2013

Filed:

Feb 1, 2012

Appl. No.:

13/363685

Inventors:

Daniel W. Hitchcock - Bothell WA, US
Brad Lee Campbell - Seattle WA, US

Assignee:

Amazon Technologies, Inc. - Reno NV

International Classification:

G06F 21/00

US Classification:

726 5

Abstract:

Disclosed are various embodiments for logging out from multiple network sites using an authentication client that manages sessions for the network sites. Account data is maintained for multiple accounts of a user for multiple network sites. The account data includes a respective security credential for each of the accounts. An authentication client automatically authenticates with multiple authentication services corresponding to multiple network sites using multiple accounts in response to the user accessing each network site. A respective session is established for each network site. A logout is performed by ending each one of the sessions.

US Patent:

20130198821, Aug 1, 2013

Filed:

Feb 1, 2012

Appl. No.:

13/363654

Inventors:

Daniel W. Hitchcock - Bothell WA, US
Brad Lee Campbell - Seattle WA, US

Assignee:

AMAZON TECHNOLOGIES, INC. - Reno NV

International Classification:

G06F 21/20
G06F 7/04
G06F 15/16

US Classification:

726 6, 726 3, 726 5

Abstract:

Disclosed are various embodiments for account management for multiple network sites. Multiple accounts of a user are maintained for multiple network sites in a computing device. A secured resource of a network site is to be accessed by the computing device. A new account is created, or an existing account is upgraded, in response to determining that the accounts are not capable of accessing the secured resource. A set of information about the user is provided to the network site to create, or upgrade, the account.

US Patent:

20130198822, Aug 1, 2013

Filed:

Feb 1, 2012

Appl. No.:

13/363664

Inventors:

Daniel W. Hitchcock - Bothell WA, US
Brad Lee Campbell - Seattle WA, US

Assignee:

AMAZON TECHNOLOGIES, INC. - Reno NV

International Classification:

G06F 21/20
G06F 15/16

US Classification:

726 6, 726 5

Abstract:

Disclosed are various embodiments for authentication management services, where authentication services of network sites may support authentication management clients associated with different authentication management services. An authentication request is obtained by way of an authentication protocol from an authentication management client executed in a client computing device. The authentication request specifies a security credential associated with a user account. The user account at the client computing device is authenticated for access to at least one secured resource of a network site in response to the authentication request and in response to the authentication management client being supported.