logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 12375475 B1

PDFFull Text
Date of Patent:
Jul. 29, 2025

Filed:

Oct. 12, 2022

Confining lateral traversal within a computer network

Applicant:

Microsoft Technology Licensing, Llc, Redmond, WA (US);

Inventors:

Jeromy Scott Statia, Arlington, WA (US);

Jeffrey Ryan Bacon, Bellevue, WA (US);

Darrin Earl Curtis, Everett, WA (US);

Aaron Richard Davis, Bellevue, WA (US);

Douglas Anthony Rasler, Sammamish, WA (US);

Elizabeth Anne Phippen, Bothell, WA (US);

Satish Devan, Redmond, WA (US);

Bum Su Jung, Redmond, WA (US);

Daniel James Dawson, Peirson, FL (US);

George Kenneth Ringer, Mercer Island, WA (US);

Assignee:

Microsoft Technology Licensing, LLC, Redmond, WA (US);

Attorney:

Workman Nydegger

Primary Examiner:

Luu T Pham

Assistant Examiner:

James J Wilcox

Int. Cl.
CPC ...
H04L 9/40 (2022.01); G06F 21/33 (2013.01); G06F 21/55 (2013.01); H04L 9/32 (2006.01);
U.S. Cl.
CPC ...
H04L 63/083 (2013.01); G06F 21/335 (2013.01); G06F 21/55 (2013.01); H04L 9/3213 (2013.01); H04L 9/40 (2022.05); H04L 63/0807 (2013.01); H04L 63/10 (2013.01); H04L 63/104 (2013.01); H04L 63/145 (2013.01); G06F 2221/2125 (2013.01);
Abstract

Confining lateral traversal within a network. An authorization request identifies a credential, a protected first resource, and an identifier of a protected second resource for which authorization is requested. A lateral traversal policy associated with the second resource is identified, which constrains access to the second resource to only resources that belong to a subset of resources including the second resource. When it is determined that the credential is configured for access to the second resource, and when it is determined that the first resource belongs to the subset of resources including the second resource, an authorization token is issued, which authorizes the credential to access the second resource via the first resource. Alternatively, when it is determined that the credential is granted access to the second resource, and when it is determined that the first resource is outside of the particular subset of resources, the authorization request is denied.

Find Patent Forward Citations

Loading…