Supporting statements for credential based access control

US 20060242688A1
Filed: 04/22/2005
Published: 10/26/2006
Est. Priority Date: 04/22/2005
Status: Active Grant

First Claim

Patent Images

1. A system employing an access control language that use logic forms including variables and/or prerequisite clauses, comprising:

a server component linked with at least one resource and an associated use policy for accessing the resource;

a client component that requests to access the resource; and

one or more assertions instructing how to construct a proof demonstrating that the requested access should be granted.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Supporting statements are provided to help safely and efficiently construct and verify proofs necessary for deciding whether to grant a request from one entity for accessing a resource owned or administered by another entity.

78 Citations

View as Search Results

18 Claims

1. A system employing an access control language that use logic forms including variables and/or prerequisite clauses, comprising:
- a server component linked with at least one resource and an associated use policy for accessing the resource;
  
  a client component that requests to access the resource; and
  
  one or more assertions instructing how to construct a proof demonstrating that the requested access should be granted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1, wherein the client component is not a trusted entity for the server component.
  - 3. The system of claim 1, further comprising at least one auxiliary client, wherein the auxiliary client is any entity that supplies information for the client component.
  - 4. The system of claim 3, wherein the proof is constructed only after all necessary information is received.
  - 5. The system of claim 1, wherein the one or more assertions instruct substituting a variable with a value.
  - 6. The system of claim 1, wherein the one or more assertions instruct proving of at least one prerequisite clause.
  - 7. The system of claim 1, wherein the one or more assertions instruct recursive proofing of prerequisite clauses.
  - 8. The system of claim 1, wherein the one or more assertions instruct how to construct only part of the proof demonstrating that the requested access should be granted.
  - 9. The system of claim 1, wherein the one or more assertions are used by the client component to construct the proof demonstrating that the requested access should be granted.
  - 10. The system of claim 1, wherein the one or more assertions are used by the server component to construct the proof demonstrating that the requested access should be granted.
  - 11. The system of claim 1, wherein the server component further includes an audit component that records why the requested access is granted or denied.
  - 12. The system of claim 11, wherein the audit component records the proof.
  - 13. The system of claim 1, wherein the server component receives at least one credential statement concerning the client component from a supplier selected from a group consisting of the client component and at least one auxiliary client.
  - 14. The system of claim 1, wherein the credential statement is stored at a location other than the supplier, and the supplier references the credential statement while supplying the credential statement to the server component.

15. A computer-implemented method for communicating between an entity (“
- server”
  
  ) associated with a resource, wherein the resource is associated with a use policy, and an entity (“
  
  client”
  
  ) requesting to access the resource, comprising;
  
  upon the server receiving from the client a request to access the resource, the server sends the client a proposition, wherein the proposition includes additional assertions that help the client to construct a proof demonstrating that the client should be granted the access request;
  
  upon receiving the proof, the server examines the proof;
  
  the server grants the access request if the proof is correct; and
  
  the server denies the access request if the proof is incorrect.
- View Dependent Claims (16)
- - 16. The computer-implemented method of claim 15, further comprising:
    - upon receiving the proposition from the server, the client uses the additional assertions included in the proposition to construct the proof.

17. A computer-implemented method for communicating between an entity (“
- server”
  
  ) associated with a resource, wherein the resource is associated with a use policy, and an entity (“
  
  client”
  
  ) requesting to access the resource, comprising the client sends an access request to the server, along with credential statements and one or more additional assertions, wherein one or more additional assertions instruct the server how to construct a proof demonstrating that the requested access should be granted.
- View Dependent Claims (18)
- - 18. The computer-implemented method of claim 17, wherein an entity other than the client or the server supplies any of the credential statements and the one or more additional assertions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Rose, Charles F. III, Paramasivam, Muthukrishnan, Payette, Nicolas

Granted Patent

US 7,657,746 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/335 for accessing specific reso...

H04L 63/102 Entity profiles

Supporting statements for credential based access control

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Supporting statements for credential based access control

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links