DR. DANIEL R SIMON, MD
Urology at Talbot Rd, Seattle, WA

7822200, Oct 26, 2010

Mar 7, 2005

11/074885

Kim Cameron - Bellevue WA, US
Arun K. Nanda - Sammamish WA, US
Josh D. Benaloh - Redmond WA, US
John P. Shewchuk - Redmond WA, US
Daniel R. Simon - Seattle WA, US
Andrew Bortz - Stanford CA, US

Microsoft Corporation - Redmond WA

H04L 9/00

380 44, 726 5, 380278, 380 30, 713168

Exemplary embodiments disclosed herein may include a method and system for creating pair-wise security keys, comprising receiving an identity key from a website, generating a master key, creating a pair-wise symmetric key or asymmetric key pair by utilizing an encryption function of the identity key and the master key, and storing the pair-wise public or symmetric key at the client and the website.

8332643, Dec 11, 2012

Oct 19, 2010

12/907775

Harry S. Pyle - Bellevue WA, US
Bruce Louis Lieberman - Bellevue WA, US
Daniel R. Simon - Seattle WA, US
Guillaume Simonnet - Bellevue WA, US
William Dollar - Renton WA, US

Microsoft Corporation - Redmond WA

H04L 29/06

713169, 713155, 713156, 713168, 380278

A process for establishing secure mutual trust includes generating a one-time-password. The one-time-password is transferred between the devices in a communication occurring off of the network. Each device generates a set of authenticators by hashing a plurality of sub-strings of the password and the device's authentication certificate with a respective set of nonces. The devices exchange the respective sets of authenticators. Each device then alternates revealing its respective set of nonces and its authentication certificate in a multi-stage process. The devices re-calculate the authenticators based upon the respective set of nonces and authentication certificate revealed by the other device along with the one-time-password sub-strings that it posses. If each device determines that the authenticators re-calculated by the given device matches the authenticators previously received from the other device, secure mutual trust is established.

7694022, Apr 6, 2010

Sep 30, 2004

10/955963

Jason Garms - Woodinville WA, US
Chuanxiong Guo - Nanjing, CN
Daniel R. Simon - Seattle WA, US
Jiahe Helen Wang - Issaquah WA, US
Alf Peter Zugenmaier - Cambs, GB

Microsoft Corporation - Redmond WA

G06F 15/173, G06F 15/16, G06F 11/00

709249, 709224, 709230, 714 4, 714 39

A method and system for protecting an application that implements a communication protocol against exploitation of a communication-based vulnerability is provided. A protection system provides a protection policy that specifies how to recognize messages that expose a specific vulnerability and specifies actions to take when the vulnerability is exposed. A protection policy specifies the sequence of messages and their payload characteristics that expose a vulnerability. The protection system may specify the sequences of messages using a message protocol state machine. A message protocol state machine of an application represents the states that the application transitions through as it receives various messages. The message protocol state machine of the protection policy may be a portion of the message protocol state machine of the application relating to the vulnerability. The protection system uses the message protocol state machine to track the states that lead up to the exposing of the vulnerability.

7890643, Feb 15, 2011

Jun 27, 2008

12/163881

Dean Jason Justus - Monroe WA, US
Josh D. Benaloh - Redmond WA, US
Nathan James Fink - Seattle WA, US
Michael Howard - Redmond WA, US
Daniel R. Simon - Seattle WA, US
Matthew W. Thomlinson - Seattle WA, US

Microsoft Corporation - Redmond WA

G06F 15/173

709229, 709225, 709223, 709201

A system for providing a client's credentials to a computer program comprises a database remote from the client and a single signon server module. The single signon server module can receive a request for the client's credentials from the computer program, determine whether the client's credentials are stored in the database, and send the client's credentials from the database to the computer program in response to a determination that the client's credentials are stored in the database. The single signon server module can store the client's credentials in the database in response to a determination that the client's credentials are not stored in the database. The single signon server module can encrypt the client's credentials prior to storing the client's credentials in the database and can decrypt the client's credentials prior to sending the client's credentials to the computer program.