Microsoft · Filed Dec 30, 2024 · Published Jul 2, 2026 · verified — real USPTO data

Microsoft Patents a Network That Opens Routes Only for Verified Devices

Most corporate networks let you in at the door and then trust you to roam freely. Microsoft's new patent describes a system that checks who you are before every single connection, and then tears that connection down the moment it's no longer needed.

Microsoft Patent: Zero-Trust Network Routing by Identity — figure from US 2026/0189408 A1
FIG. 1A — rendered from the official USPTO publication PDF.
Publication number US 2026/0189408 A1
Applicant Microsoft Technology Licensing, LLC
Filing date Dec 30, 2024
Publication date Jul 2, 2026
Inventors Joseph Alexander LLOYD, Gregory Allen LUMEN, Alistair James LOWE, Nancy Elizabeth JORGENSEN, Mayukh RAY
CPC classification 713/169
Grant likelihood Medium
Examiner ABEDIN, NORMIN (Art Unit 2449)
Status Non Final Action Mailed (Jul 1, 2026)
Document 20 claims

What Microsoft's identity-based routing actually does

Imagine a secure office building where, instead of giving you a key card that opens every door all day, a guard escorts you to exactly one room, unlocks it, waits for your meeting to finish, and then locks it again. That's the core idea here.

Microsoft's patent describes a network system that works the same way. Before your device can talk to another device or server, it has to prove its identity using a cryptographic credential (think of it as an unforgeable digital ID card). Only if that ID checks out, and only if your device is actually allowed to reach the destination, does the system open a path between them.

Once the conversation is over, the system actively destroys that path. Nothing is left open waiting to be exploited. This approach is called zero-trust networking, and it's designed to limit the damage if an attacker ever does get inside your network.

How the system builds and destroys per-session network paths

The patent describes a centrally managed system that controls network routing based on endpoint identity rather than static firewall rules.

Here's the sequence the patent lays out:

  • Identity validation: When a device ("first remote endpoint") wants to talk to another device or server ("second remote endpoint"), it presents a cryptographic credential. Think of this like a signed certificate that can't be faked without the private key.
  • Authorization check: The system then confirms whether that specific device is actually permitted to reach the destination. Knowing who you are isn't enough, you also have to be on the approved list for that particular connection.
  • Route establishment: Only after both checks pass does the system spin up a network packet route between the two endpoints. Traffic flows through this purpose-built path.
  • Route destruction: After the session ends, the system actively tears the route down rather than leaving it idle.

The destruction step is notable. Traditional networks leave connections open (or rely on timeouts), which creates windows of opportunity for attackers. Actively removing the route shrinks that window to near zero.

What this means for corporate network security

For companies running cloud infrastructure or hybrid work environments, this kind of per-session, identity-driven routing is a meaningful step beyond traditional VPNs. A VPN typically gives a device broad access to a network segment once it's authenticated. This approach gives access only to a single specific path, only for the duration it's needed.

For you as an end user, the practical effect would be invisible, your apps just work. But for IT and security teams, it means a compromised device or stolen credential can do far less damage. An attacker who hijacks a session can't use that foothold to wander elsewhere on the network, because no other routes exist for them to wander into.

Editorial take

This is solidly useful infrastructure work, not a flashy consumer feature. Zero-trust architecture has been a stated priority for Microsoft's Azure and enterprise security products for years, and this patent fits neatly into that roadmap. It's worth watching if you follow enterprise networking or Microsoft's security portfolio, but it won't make headlines outside that world.

Which company should we read for you?

We track 17 companies here. Pro is the same weekly breakdown for any company you choose, delivered privately. Type a name and we'll scope it and send you a quote.

Get one Big Tech patent every Sunday

Plain English, intelligent commentary, no hype. Free.

Source. Full patent text and figures from the official USPTO publication PDF.

Editorial commentary on a publicly published patent application. Not legal advice.