Method and system for managing identities in a peer-to-peer networking environment

US 20050177715A1
Filed: 02/09/2004
Published: 08/11/2005
Est. Priority Date: 02/09/2004
Status: Abandoned Application

First Claim

Patent Images

1. A computer-readable medium containing an identity certificate data structure, the identity certificate data structure comprising:

a first data field containing data representing an identity peer name;

a second data field containing data representing an identity public key, the identity public key and an identity private key forming a public/private key pair;

a third data field containing data representing a certificate type, the certificate type indicating an identity certificate; and

a fourth data field containing data representing a signature of the identity certificate, the signature derived, at least in part, from the identity private key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a system for organizing and storing information about multiple peer identities. New certificates are introduced that enable a user to efficiently create, modify, and delete identities and groups. New storage structures enable the user to list and search through existing identities, groups, and their related certificates. An identity certificate contains information about a peer identity. A group root certificate is created by a user when he decides to create a new group. When the group creator user wishes to invite another entity to join the group, it creates another type of certificate called a group membership certificate. The group membership certificate is logically “chained” to the group root certificate. The invitee checks the validity of these certificates by checking that the chaining has been properly done. The invitee may then be allowed to invite other entities to join the group by sending out its own group membership certificates.

Citations

35 Claims

1. A computer-readable medium containing an identity certificate data structure, the identity certificate data structure comprising:
- a first data field containing data representing an identity peer name;
  
  a second data field containing data representing an identity public key, the identity public key and an identity private key forming a public/private key pair;
  
  a third data field containing data representing a certificate type, the certificate type indicating an identity certificate; and
  
  a fourth data field containing data representing a signature of the identity certificate, the signature derived, at least in part, from the identity private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The identity certificate data structure of claim 1 wherein the identity certificate data structure is an X.509 certificate.
  - 3. The identity certificate data structure of claim 2 wherein the first data field is a subject alternative name field of the X.509 certificate.
  - 4. The identity certificate data structure of claim 2 wherein the third data field is an extension property field of the X.509 certificate.
  - 5. The identity certificate data structure of claim 1 wherein the identity peer name in the first data field is globally unique.
  - 6. The identity certificate data structure of claim 1 wherein the identity peer name in the first data field is derived, at least in part, from the identity public key in the second data field.
  - 7. The identity certificate data structure of claim 6 wherein the identity peer name in the first data field is derived, at least in part, from a hash of the identity public key in the second data field.
  - 8. The identity certificate data structure of claim 1 wherein the identity private key is stored in a Cryptographic Service Provider container.
  - 9. The identity certificate data structure of claim 1 further comprising:
    - a fifth data field containing data representing an issuer of the identity certificate; and
      
      a sixth data field containing data representing a subject of the identity certificate, wherein the issuer and the subject of the identity certificate are the same.
  - 10. The identity certificate data structure of claim 1 further comprising:
    - a fifth data field containing data representing a period of validity of the identity certificate.
  - 11. The identity certificate data structure of claim 1 further comprising:
    - a fifth data field containing data representing a version of the identity certificate.

12. A computer-readable medium containing a group root certificate data structure, the group root certificate data structure comprising:
- a first data field containing data representing a group peer name;
  
  a second data field containing data representing a group root public key;
  
  a third data field containing data representing a certificate type, the certificate type indicating a group root certificate; and
  
  a fourth data field containing data representing a signature of the group root certificate, the signature derived, at least in part, from a group root private key, the group root private key and the group root public key in the second data field forming a public/private key pair.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The group root certificate data structure of claim 12 wherein the group root certificate data structure is an X.509 certificate.
  - 14. The group root certificate data structure of claim 13 wherein the first data field is a subject alternative name field of the X.509 certificate.
  - 15. The group root certificate data structure of claim 13 wherein the third data field is an extension property field of the X.509 certificate.
  - 16. The group root certificate data structure of claim 12 wherein the group peer name in the first data field is globally unique.
  - 17. The group root certificate data structure of claim 12 wherein the group peer name in the first data field is derived, at least in part, from the group root public key in the second data field.
  - 18. The group root data structure of claim 17 wherein the group peer name in the first data field is derived, at least in part, from a hash of the group root public key in the second data field.
  - 19. The group root certificate data structure of claim 12 further comprising:
    - a fifth data field containing data representing an issuer of the group root certificate; and
      
      a sixth data field containing data representing a subject of the group root certificate, wherein the issuer and the subject of the group root certificate are the same.
  - 20. The group root certificate data structure of claim 12 further comprising:
    - a fifth data field containing data representing a period of validity of the group root certificate.
  - 21. The group root certificate data structure of claim 12 further comprising:
    - a fifth data field containing data representing a version of the group root certificate.

22. A computer-readable medium containing a group membership certificate data structure, the group membership certificate data structure comprising:
- a first data field containing data representing a group peer name;
  
  a second data field containing data representing an issuer peer name;
  
  a third data field containing data representing a subject peer name;
  
  a fourth data field containing data representing a certificate type, the certificate type indicating a group membership certificate; and
  
  a fifth data field containing data representing a signature of the group membership certificate.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 23. The group membership certificate data structure of claim 22 wherein the group membership certificate data structure is an X.509 certificate.
  - 24. The group membership certificate data structure of claim 23 wherein the first data field is an extension property field of the X.509 certificate.
  - 25. The group membership data structure of claim 23 wherein the second data field is an issuer alternative name field of the X.509 certificate.
  - 26. The group membership data structure of claim 23 wherein the third data field is a subject alternative name field of the X.509 certificate.
  - 27. The group membership data structure of claim 22 wherein the group peer name in the first data field is globally unique.
  - 28. The group membership data structure of claim 22 wherein the issuer peer name in the second data field is a reference to a certificate selected from the group consisting of:
    - a group root certificate and a group membership certificate.
  - 29. The group membership certificate data structure of claim 22 further comprising:
    - a sixth data field containing data representing a period of validity of the group membership certificate.
  - 30. The group membership certificate data structure of claim 22 further comprising:
    - a sixth data field containing data representing a version of the group membership certificate.
  - 31. The group membership certificate data structure of claim 22 further comprising:
    - a sixth data field containing data representing a public key, the public key and a private key forming a public/private key pair.

32. A computer-readable medium containing a group certificate chain data structure, the group certificate chain data structure comprising:
- a first data field containing data representing a group root certificate, the group root certificate comprising;
  
  a second data field containing data representing a group peer name;
  
  a third data field containing data representing a group root public key;
  
  a fourth data field containing data representing a certificate type, the certificate type indicating a group root certificate; and
  
  a fifth data field containing data representing a signature of the group root certificate, the signature derived, at least in part, from a group root private key, the group root private key and the group root public key in the third data field forming a public/private key pair; and
  
  a sixth data field containing data representing a group membership certificate, the group membership certificate comprising;
  
  a. seventh data field containing data representing a group peer name, the group peer name in the seventh data field being the same as the group peer name in the second data field in the group root certificate;
  
  an eighth data field containing data representing an issuer peer name, the issuer peer name in the eighth data field being a reference to the group root certificate in the first data field;
  
  a ninth data field containing data representing a subject peer name;
  
  a tenth data field containing data representing a certificate type, the certificate type indicating a group membership certificate; and
  
  an eleventh data field containing data representing a signature of the group membership certificate.
- View Dependent Claims (33, 34, 35)
- - 33. The group certificate chain data structure of claim 32 wherein the group root certificate and the group membership certificate are X.509 certificates.
  - 34. The group certificate chain data structure of claim 32 wherein the group membership certificate in the sixth data field further comprises:
    - a twelfth data field containing data representing a public key, the key and a private key forming a public/private key pair.
  - 35. The group certificate chain data structure of claim 34 further comprising:
    - a thirteenth data field containing data representing a second group membership certificate, the second group membership certificate comprising;
      
      a fourteenth data field containing data representing a group peer name, the group peer name in the fourteenth data field being the same as the group peer name in the second data field in the group root certificate;
      
      a fifteenth data field containing data representing an issuer peer name, the issuer peer name in the fifteenth data field being a reference to the group membership certificate in the sixth data field;
      
      a sixteenth data field containing data representing a subject peer name;
      
      a seventeenth data field containing data representing a certificate type, the certificate type indicating a group membership certificate; and
      
      an eighteenth data field containing data representing a signature of the second group membership certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Somin, Grigori M., Gupta, Rohit

Application Number

US10/775,916
Publication Number

US 20050177715A1
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1044   Group management mechanisms...

H04L 67/1046   Joining mechanisms

H04L 9/3265   using certificate chains, t...

Method and system for managing identities in a peer-to-peer networking environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for managing identities in a peer-to-peer networking environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links