Hongmei Ge

US Patent:

7533264, May 12, 2009

Filed:

Aug 20, 2003

Appl. No.:

10/645375

Inventors:

Keith Ballinger - North Bend WA, US
HongMei Ge - Issaquah WA, US
Hervey Oliver Wilson - Bellevue WA, US
Vick Bhaskar Mukherjee - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 21/00

US Classification:

713172, 726 9

Abstract:

A sending computer system generates a message and creates one or more security tokens to encrypt portions of the message. The computer system includes in the message a markup language identifier for the one or more security tokens used for encryption, and includes identification of the value type used to create the tokens. The computer system then serializes at least the portion of the message that identifies the one or more security tokens, without serializing other portions of the message that aid relaying of the message to a receiving computer system. A receiving computer system deserializes at least the portion of the message that identifies the one or more security tokens, and then uses deserialized token data to decrypt encrypted portions of the message. Each created security token can be made with customized data and fields, and can be made with a customized value type.

US Patent:

7533265, May 12, 2009

Filed:

Jul 14, 2004

Appl. No.:

10/892046

Inventors:

Keith W. Ballinger - North Bend WA, US
HongMei Ge - Issaquah WA, US
Hervey O. Wilson - Bellevue WA, US
Vick B. Mukherjee - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 21/00

US Classification:

713172, 726 1

Abstract:

The present invention provides for maintaining security context during a communication session between applications, without having to have executable code in either application for obtaining or generating a security context token (SCT) used to secure the communication. On a service side, a configuration file is provided that can be configured to indicate that automatic issuance of a SCT is enabled, thereby allowing a Web service engine to generate the SCT upon request. On the client side, when a message is sent from the client application to the service application, a policy engine accesses a policy that includes assertions indicating that a SCT is required for messages destined for the Web service application. As such, the policy engine requests and receives the SCT, which it uses to secure the message.

US Patent:

7657932, Feb 2, 2010

Filed:

Jul 14, 2004

Appl. No.:

10/891926

Inventors:

Keith W. Ballinger - North Bend WA, US
HongMei Ge - Issaquah WA, US
Hervey O. Wilson - Bellevue WA, US
Vick B. Mukherjee - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/32
G06F 21/00

US Classification:

726 9, 726 10, 713172, 713185

Abstract:

A message handling computing system that provides security across even transport-independent communication mechanisms, and which allows for convenient extension of security to different security token types, and may provide end-to-end security across different transport protocols. The message handling computing system includes a message handling component configured to send and receive network messages having security tokens. The message handling component interfaces with an expandable and contractible set of security token managers through a standardized application program interface. Each security manager is capable of providing security services for messages that correspond to security tokens of a particular type. A security token plug-in component registers new security token managers with the message handling component.

US Patent:

20040205216, Oct 14, 2004

Filed:

Mar 19, 2003

Appl. No.:

10/391838

Inventors:

Keith Ballinger - North Bend WA, US
Chadwin Mumford - Woodinville WA, US
Hervey Wilson - Bellevue WA, US
HongMei Ge - Issaquah WA, US
Yann Christensen - Seattle WA, US

International Classification:

G06F015/16

US Classification:

709/231000, 709/206000

Abstract:

A messaging transport writer is provided that efficiently packages a massage and multiple message attachment streams into a single transport stream, based on a specified encapsulation format. For example, a packaging writer is provided that takes the message and multiple attachments and streams them directly into the single transport stream, without first coping them into a buffer prior to encapsulation. The encapsulation information is streamed into the transport stream on the fly, i.e., as the message and attachment streams are also being written to the transport stream.

US Patent:

20050053050, Mar 10, 2005

Filed:

Aug 20, 2003

Appl. No.:

10/645279

Inventors:

Keith Ballinger - North Bend WA, US
HongMei Ge - Issaquah WA, US
Hervey Wilson - Bellevue WA, US
Vick Mukherjee - Redmond WA, US

International Classification:

G06F015/173

US Classification:

370351000

Abstract:

A sending computer system relays a message or a processing request through one or more configurable routers prior to the message or request reaching an ultimate destination. A client at the sending computer system can indicate a routing preference for the message or request, and a module can supplement or override the routing preference by adding or deleting a router from a router list contained within the message or request. This change can be done based on router data, as well as based on content within the message. One or more intermediate routers along the routing path can perform a similar function as the module. The ultimate destination, or receiving computer system, verifies that it is the appropriate recipient of the message or request, and then accepts the data associated with the message or request. This has application to many types of messaging systems, including simple object access protocols.

US Patent:

20060015933, Jan 19, 2006

Filed:

Jul 14, 2004

Appl. No.:

10/891884

Inventors:

Keith Ballinger - North Bend WA, US
HongMei Ge - Issaquah WA, US
Hervey Wilson - Bellevue WA, US
Vick Mukherjee - Redmond WA, US

International Classification:

H04L 9/32

US Classification:

726010000

Abstract:

A mechanism for performing role-based authorization of the one or more services using security tokens associated with received service request messages. This role-based authentication is performed regardless of the type of security token associated with the received service request messages. Upon receiving a service request message over the network for a particular service offered by the service providing computing system, the service providing computing system accesses a security token associated with the received service request message. Then, the computing system identifies one or more roles that include the identity associated with the security token, and correlates the roles with the security token. These correlated roles are then used to authorize the requested service. This mechanism is performed regardless of the type of the security token.

US Patent:

20100169862, Jul 1, 2010

Filed:

Dec 29, 2008

Appl. No.:

12/345288

Inventors:

Kenneth D. Wolf - Seattle WA, US
Edmund Samuel Victor Pinto - Duvall WA, US
Robert Brian Schmidt - Woodinville WA, US
Donald F. Box - Bellevue WA, US
Geoffrey M. Kizer - Seattle WA, US
Nathan C. Talbert - Seattle WA, US
Kavita Kamani - Issaquah WA, US
Alberto Arias Maestro - Seattle WA, US
David Robert Cliffe - Bellevue WA, US
Tirunelveli R. Vishwanath - Redmond WA, US
HongMei Ge - Issaquah WA, US
Stephen Jared Maine - Seattle WA, US
Alexander Martin DeJarnatt - Charlottesville VA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 9/44

US Classification:

717117

Abstract:

Namespace for continuation-based runtime. Some embodiments described herein are directed to a framework using continuation based runtime namespaces that pertain to an infrastructure for enabling the creation of a wide variety of continuation-based programs that perform a wide-array of tasks. The infrastructure provides a foundation for building continuation-based, declarative applications of various scale and complexity. In some embodiments, the associated application programming interfaces (APIs) are factored into a hierarchy of namespaces in a manner that balances utility, usability, extensibility, and versionability.

US Patent:

20130080505, Mar 28, 2013

Filed:

Sep 28, 2011

Appl. No.:

13/247700

Inventors:

Henrik Frystyk Nielsen - Hunts Point WA, US
Glenn Block - Seattle WA, US
Randall Tombaugh - Bellevue WA, US
Ronald A. Cain - Redmond WA, US
HongMei Ge - Bellevue WA, US
Alexander Corradini - Redmond WA, US

Assignee:

MICROSOFT CORPORATION - Redmond WA

International Classification:

G06F 15/16
G06F 9/54

US Classification:

709203, 719313

Abstract:

Embodiments allow developers to use HTTP message abstractions inline within their Web API methods to directly access and manipulate HTTP request and response messages. A hosting layer is provided for in-process, in-memory and network-based services. Message handlers and operational handlers may be combined to create a message channel for asynchronous manipulations of the HTTP requests and response. A formatter may be used on the server or client for consuming HTTP and providing desired media types.