Peer-to-peer authorization method

US 20050044411A1
Filed: 08/20/2003
Published: 02/24/2005
Est. Priority Date: 08/20/2003
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a peer-to-peer relationship enabling a remote peer on a peer-to-peer network to access a resource, comprising:

receiving a request from a remote peer to access a resource;

accessing one or more security identification values, the one or more security identification values representing respectively one or more access rights of the remote peer in an access control system;

generating an access token for the access control system, the access token comprising the one or more security identification values; and

accessing the resource on behalf of the remote peer, the access control system determining the level of access to the resource based on said one or more access security identification values in said token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are peer-to-peer computer program products, methods, and systems in which a remote peer on a peer-to-peer network is granted or denied access to a resource based on the credentials presented by the remote peer. In accordance with the disclosed subject matter, an access token that includes one or more security identification values which represent respectively one or more access rights in an access control system is generated. An execution thread that is associated with the access token thus generated attempts to access the resource on behalf of the remote peer. In some embodiments, the access control system includes a generic user account, and the access token that is generated for the remote peer includes the security identification value associated with the generic user account in the access control system.

98 Citations

View as Search Results

47 Claims

1. A method for establishing a peer-to-peer relationship enabling a remote peer on a peer-to-peer network to access a resource, comprising:
- receiving a request from a remote peer to access a resource;
  
  accessing one or more security identification values, the one or more security identification values representing respectively one or more access rights of the remote peer in an access control system;
  
  generating an access token for the access control system, the access token comprising the one or more security identification values; and
  
  accessing the resource on behalf of the remote peer, the access control system determining the level of access to the resource based on said one or more access security identification values in said token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A method according to claim 1, the access control system including a generic user security identification value, said generic user security identification value being associated with a generic user account, said access token including said generic user security identification value.
  - 3. A method according to claim 2, the access control system including a plurality of resource groups, each of said groups being associated with one or more resources and one or more security identification values, said generic user identification value not being associated with any of said resource groups.
  - 4. A method according to claim 2, comprising generating a second access token in response to a request from a second remote peer, the second access token comprising a data structure that includes the generic security identification value.
  - 5. A method according to claim 2, comprising reverting from the generic user account upon termination of the execution thread.
  - 6. A method according to claim 1, at least one of the one or more security identification values corresponding to a resource group.
  - 7. A method according to claim 1, at least one of the one or more security identification values corresponding to a role in a resource group.
  - 8. A method according to claim 1, comprising:
    - receiving credentials from the remote peer, and generating the one or more security identification values for the remote peer based on the credentials.
  - 9. A method according to claim 1, further comprising:
    - creating a generic user account within the access control system;
      
      creating a generic user security identification value associated with the generic user account.
  - 10. A method according to claim 9, the access control system including a plurality of resource groups, each of the resource groups being associated with one or more security identification values, the generic user security identification value not being associated with any of the resource groups.
  - 11. A method according to claim 1, wherein the resource is a folder.
  - 12. A method according to claim 1, wherein the resource is a file.
  - 13. A method according to claim 1, wherein the resource is a printer.
  - 14. A method according to claim 1, including;
    - passing the duplicated access token to a separate operation in which the peer is requesting access to a resource.
  - 15. A method according to claim 14, including:
    - creating a handle, the handle comprising an identification value for the separate operation.

16. A computer program product for use on a computer connected to at least one other computer in a peer-to-peer networking environment, the computer having an access control system for determining the level of access to a resource based on one or more security identification values in an access token associated with an execution thread attempting to access the resource, the computer program product comprising:
- code for receiving a request to access a resource from a remote peer;
  
  code for accessing one or more security identification values which represent respectively one or more access rights of the remote peer in the access control system;
  
  code for generating an access token for use in conjunction with the access control system, the access token comprising the one or more security identification values; and
  
  code for accessing the resource on behalf of the remote peer.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. A computer program product according to claim 16, the code for generating an access token comprising code for generating an access token for a generic user account in the access control system, the generic user account having a generic user security identification value, the access token including the generic user security identification value.
  - 18. A computer program product according to claim 17, the computer program product including code for reverting from the generic user account upon termination of the execution thread.
  - 19. A computer program product according to claim 16, the computer program product including code for receiving credentials from a remote peer, and code for generating one or more security identification values for the remote peer based on the credentials.
  - 20. A computer program product according to claim 16, the computer program product including code for creating a generic user account within the access control system, and code for creating a generic user security identification value associated with the generic user account.
  - 21. A computer program product according to claim 16, the computer program product including code for passing the access token to a separate operation in which the peer is requesting the access to a resource.
  - 22. A computer program product according to claim 21, the computer program product including code for creating a handle, the handle comprising an identification value for the separate operation.

23. A computer program product comprising a computer readable medium having a computer executable program code disposed thereon, the code comprising;
- access control system code for determining the level of access to a resource based upon one or more security identification values in an access token;
  
  code for receiving a request to access a resource from a remote peer on a peer-to-peer network;
  
  code for accessing one or more security identification values, the one or more security identification values representing respectively one or more access rights of the remote peer for use in conjunction with the access control system;
  
  code for generating an access token, the access token including the one or more security identification values for use in conjunction with the access control system; and
  
  code for accessing the resource on behalf of the remote peer.

24. A computer program product for use on a computer connected to at least one other computer in a peer-to-peer networking environment, the computer having an access control system for determining the level of access to a resource based on one or more security identification value in an access token associated with an execution thread attempting to access the resource, the computer program product comprising:
- installation code for placing computer-readable program code onto a medium readable by the computer, the computer readable program code comprising;
  
  code for receiving a request to access a resource from a remote peer;
  
  code for accessing one or more security identification values which represent respectively one or more access rights of the remote peer in the access control system;
  
  code for generating an access token for use in conjunction with the access control system, the access token comprising the one or more security identification value; and
  
  code for accessing the resource on behalf of the remote peer.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. A computer program product according to claim 24, the code for generating an access token comprising code for generating an access token for a generic user account in the access control system, the generic user account having a generic user security identification value, the access token including the generic user security identification value.
  - 26. A computer program product according to claim 25, the computer readable program code including code for reverting from the generic user account upon termination of the execution thread.
  - 27. A computer program product according to claim 24, the computer readable program code including code for receiving credentials from a remote peer, and code for generating one or more security identification values for the remote peer based on the credentials.
  - 28. A computer program product according to claim 24, the computer readable program code including code for creating a generic user account within the access control system, and code for creating a generic user security identification value associated with the generic user account.
  - 29. A computer program product according to claim 24, the computer readable program code including code for passing the access token to a separate operation in which the peer is requesting access to a resource.
  - 30. A computer program product according to claim 29, the computer readable program code including code for creating a handle, the handle comprising an identification value for the separate operation.

31. A computer program product comprising a computer-readable medium having computer executable program code disposed thereon, the code comprising:
- installation code for placing computer-readable program code onto a medium readable by the computer, the computer readable program code comprising;
  
  access control system code for determining the level of access to a resource based upon one or more security identification value in an access token;
  
  code for receiving a request to access a resource from a remote peer on a peer-to-peer network;
  
  code for accessing one or more security identification values, the one or more security identification values representing respectively one or more access rights of the remote peer for use in conjunction with the access control system;
  
  code for generating an access token comprising the one or more security identification values for use in conjunction with the access control system; and
  
  code for accessing the resource on behalf of the remote peer.

32. A computer having a computer program executing thereon, the computer program comprising executing computer-readable program code, the computer-readable code comprising:
- code for receiving a request to access a resource from a remote peer;
  
  code for accessing one or more security identification values which represent respectively one or more access rights of the remote peer in the access control system;
  
  code for generating an access token for use in conjunction with the access control system, the access token comprising the one or more security identification values; and
  
  code for initiating an execution thread for accessing the resource on behalf of the peer, the execution thread being associated with the access token.
- View Dependent Claims (33, 34, 35, 36, 37, 38)
- - 33. A computer according to claim 32, the code for generating an access token comprising code for generating an access token for a generic user account in the access control system, the generic user account having a generic user security identification value, the access token including the generic user security identification value.
  - 34. A computer according to claim 33, the computer-readable program code including code for reverting from the generic user account upon termination of the execution thread.
  - 35. A computer according to claim 32, the computer-readable program code including code for receiving credentials from a remote peer, and code for generating one or more security identification values for the remote peer based on the credentials.
  - 36. A computer according to claim 32, the computer-readable program code including code for creating a generic user account within the access control system and code for creating a generic user security identification value associated with the generic user account.
  - 37. A computer according to claim 32, the computer-readable program code including code for passing the token to a separate operation in which the peer is requesting access to a resource.
  - 38. A computer according to claim 37, the computer-readable program code including code for creating a handle, the handle an identification value for the separate operation.

39. A computer having a computer program executing thereon, the computer program comprising executing computer-readable program code, the computer-readable code comprising:
- access control system code for determining the level of access to a resource based upon one or more security identification values in an access token;
  
  code for receiving a request to access a resource from a remote peer on a peer-to-peer network;
  
  code for accessing one or more security identification values, the one or more security identification values representing respectively one or more access rights of the remote peer for use in conjunction with the access control system;
  
  code for generating an access token comprising the one or more security identification values for use in conjunction with the access control system; and
  
  code for accessing the resource on behalf of the remote peer.

40. A computer system comprising a peer-to-peer network, the peer-to-peer network comprising a plurality of computers, each of the computers being connected to at least one other computer on the peer-to-peer network, at least one of the computers having program code disposed on a medium readable by the computer, the program code comprising:
- code for receiving a request to access a resource from a remote peer;
  
  code for accessing one or more security identification values which represent respectively one or more access rights of the remote peer in the access control system;
  
  code for generating an access token for use in conjunction with the access control system, the access token comprising the one or more security identification values; and
  
  code for accessing the resource on behalf of the remote peer.
- View Dependent Claims (41, 42, 43, 44, 45, 46)
- - 41. A computer system according to claim 40, the code for generating an access token comprising code for generating an access token for a generic user account in the access control system, the generic user account having a generic user security identification value, the access token including the generic user security identification value.
  - 42. A computer system according to claim 41, the code including code for reverting from the generic user account upon termination of the execution thread.
  - 43. A computer system according to claim 40, the code including code for receiving credentials from a remote peer, and code for generating one or more security identification values for the remote peer based on the credentials.
  - 44. A computer system according to claim 40, the code including code for creating a generic user account within the access control system, and code for creating a generic user security identification value associated with the generic user account.
  - 45. A computer system according to claim 40, the code including code for passing the token to a separate operation in which the peer is requesting access to a resource.
  - 46. A computer system according to claim 45, the code including code for creating a handle, the handle comprising an identification value for the separate operation.

47. A computer system comprising a peer-to-peer network, the peer-to-peer network comprising a plurality of computers, each of the computers being connected to at least one other computer on the peer-to-peer network, at least one of the computers having program code disposed on a medium readable by the computer, the program code comprising:
- access control system code for determining the level of access to a resource based upon one or more security identification values in an access token;
  
  code for receiving a request to access a resource from a remote peer on a peer-to-peer network;
  
  code for accessing one or more security identification values, the one or more security identification values representing respectively one or more access rights of the remote peer for use in conjunction with the access control system;
  
  code for generating an access token comprising the one or more security identification values for use in conjunction with the access control system; and
  
  code for accessing the resource on behalf of the remote peer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Gavrilescu, Alexandru, Somin, Grigori M., Mowers, David

Granted Patent

US 7,188,254 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/102 Entity profiles

H04L 67/104 Peer-to-peer [P2P] networks

Peer-to-peer authorization method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

98 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Peer-to-peer authorization method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links