John A Banes

7882251, Feb 1, 2011

Aug 13, 2003

10/639516

John A. Banes - Kirkland WA, US
Joseph M. Joy - Redmond WA, US
David R. Mowers - Issaquah WA, US
Cem Paya - Seattle WA, US
Feng Sun - Issaquah WA, US

Microsoft Corporation - Redmond WA

G06F 15/16
H04L 12/28
H04L 12/56

709229, 709227, 709245, 370392

An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.

8266294, Sep 11, 2012

Aug 13, 2003

10/639727

John A. Banes - Kirkland WA, US
Joseph M. Joy - Redmond WA, US
David R. Mowers - Issaquah WA, US
Cem Paya - Seattle WA, US
Feng Sun - Issaquah WA, US

Microsoft Corporation - Redmond WA

G06F 15/16

709227, 709228, 709229

A first exemplary media implementation includes processor-executable instructions that direct a device to perform actions including: creating a session identifier using a host identifier; and formulating a host session initiation message with the created session identifier. A first exemplary device implementation includes: at least one processor; and one or more media including processor-executable instructions that direct the device to perform actions including: formulating a host session message with a session identifier that is created responsive to a host identifier; and sending the formulated host session message that includes the session identifier from the device. A second exemplary media implementation includes a data structure that has a message including a session identifier field, at least part of the session identifier field including a host identifier. A second exemplary device implementation includes: a host identifier; and a session identifier creator that is adapted to create a session identifier using the host identifier.

8332650, Dec 11, 2012

Mar 22, 2002

10/105014

John Banes - Kirkland WA, US
George Masters - Redmond WA, US
Glenn D. Pittaway - Woodinville WA, US
Jonathan David Hubbard - Arnold MD, US
Peter J. Skelly - Seattle WA, US

Microsoft Corporation - Redmond WA

G06F 21/00

713182

A password reset disk is created using a private key/public key pair. The private key is stored on a removable computer-readable medium so that it can be removed and securely stored remote from the computer system on which it was created. The public key is stored on the computer system and used to maintain an encrypted copy of the current password to be stored on the computer system. If the user forgets a password, the user may insert the password reset disk into the computer system. The private key is retrieved from the password reset disk and the encrypted password is decrypted using the private key. If the decryption is successful, the user is allowed to set a new password. The password reset disk is effective even if the user password has been changed since the creation of the password reset disk.

8627440, Jan 7, 2014

Dec 24, 2009

12/647327

David R. Mowers - Issaquah WA, US
Daniel R. Simon - Kirkland WA, US
Paul J. Leach - Seattle WA, US
John A. Banes - Kirkland WA, US

Microsoft Corporation - Redmond WA

G06F 15/16

726 10, 726 3, 726 5, 713151, 713155, 713168, 380279

This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.

20040210756, Oct 21, 2004

Apr 15, 2003

10/413799

David Mowers - Issaquah WA, US
John Banes - Kirkland WA, US
Daniel Simon - Redmond WA, US
Paul Leach - Seattle WA, US

MICROSOFT CORPORATION - REDMOND WA

H04L009/00

713/168000

This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.

20110093613, Apr 21, 2011

Dec 22, 2010

12/976819

John A. Banes - Kirkland WA, US
Joseph M. Joy - Redmond WA, US
David R. Mowers - Issaquah WA, US
Cem Paya - Seattle WA, US
Feng Sun - Issaquah WA, US

Microsoft Corporation - Redmond WA

G06F 15/173

709238

An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.

20160182488, Jun 23, 2016

Mar 1, 2016

15/057859

- Redmond WA, US
John A. Banes - Kirkland WA, US
Daniel R. Simon - Kirkland WA, US
Paul J. Leach - Seattle WA, US

H04L 29/06

This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.

20140189823, Jul 3, 2014

Jan 6, 2014

14/147998

- Redmond WA, US
John A. Banes - Kirkland WA, US
Daniel R. Simon - Kirkland WA, US
Paul J. Leach - Seattle WA, US

Microsoft Corporation - Redmond WA

H04L 29/06

726 5

This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.