DISTRIBUTED SCALABLE CRYPTOGRAPHIC ACCESS CONTROL

US 20090141891A1
Filed: 02/09/2009
Published: 06/04/2009
Est. Priority Date: 03/27/2001
Status: Active Grant

First Claim

Patent Images

1-54. -54. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Published resources are made available in an encrypted form, using corresponding resource keys, published through resource key files, with the publications effectively restricted to authorized peer systems only by encrypting the resource keys in a manner only the authorized peer systems are able to recover them. In one embodiment, the resource keys are encrypted using encryption public keys of the authorized peer systems or the groups to which the authorized peer system are members. In one embodiment, the encryption public keys of individual or groups of authorized peer systems are published for resource publishing peer systems through client and group key files respectively. Group encryption private keys are made available to the group members through published group key files. Further, advanced features including but not limited to resource key file inheritance, password protected publication, obfuscated publication, content signing, secured access via gateways, and secured resource search are supported.

Citations

129 Claims

1-54. -54. (canceled)

55. :
- A computer implemented method comprising generating an encryption private key for a group in a deterministic manner from a random seed;
  
  generating a corresponding encryption public key for the group;
  
  publishing the corresponding encryption public key in a client key file for use by resource publishers to effectively grant access to resources published by the resource publishers to members of the group; and
  
  publishing the deterministically generated encryption private key of the group for members of the group to access authorized published resources.
- View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63)
- - 56. :
    - The method of claim 55, wherein said generating of an encryption private key for a group in a deterministic manner comprises generating and saving a random seed value;
      
      initializing one or more operational constants to one or more integer values; and
      
      applying one or more one way hash functions to the seed value for one or more series of times in view of the one or more operational constants to generate or contribute to the generation of the encryption private key for the group.
  - 57. :
    - The method of claim 56, wherein said initializing comprises initializing a first operational constant to an integer value N; and
      
      said applying comprises applying a first one way hash function to the seed value for a first series of times denoted by the first operational constant.
  - 58. :
    - The method of claim 56, wherein said initializing comprises initializing at least a first and a second operational constant to a first and a second integer values N1 and N2, that functionally map to a third integer value N; and
      
      said applying comprises applying a first one way hash function to the seed value for a first series of times in view of the first operational constant, and applying said first and a second one way hash function to said seed value for a second and a third series of times in view of said first and second operational constants.
  - 59. :
    - The method of claim 55, wherein said method further comprises re-generating the encryption public and private keys of the group when a member is removed from the group; and
      
      re-publishing the re-generated encryption public and private keys of the group for use by resource publishers and members of the group respectively.
  - 60. :
    - The method of claim 59, wherein said initial generating of an encryption private key for a group in a deterministic manner comprises randomly generating and saving a seed value and an associated operational variable N, initialized to a constant, and applying a one way hash function to the seed value for a number of times as specified by the current value of the operational variable to generate the encryption private key of the group; and
      
      said re-generating of the encryption private key for the group comprises decrementing the operational variable in a pre-determine manner, and applying the one way hash function to the seed value for a number of times as specified by the current value of the operational constant to re-generate the encryption private key of the group.
  - 61. :
    - The method of claim 59, wherein said publishing of the deterministically generated encryption private key of the group for members of the group to access authorized published resources comprises retrieving a first encryption public key of a first member, generating a first encrypted entry of the group'"'"'s encryption private key using the retrieved first encryption public key of the first member, and placing the generated first encrypted entry into a group key file.
  - 62. :
    - The method of claim 61, wherein said publishing of the deterministically generated encryption private key of the group for members of the group to access authorized published resources further comprises repeating said retrieving, generating, and placing for each member.
  - 63. :
    - The method of claim 61, wherein said publishing of the deterministically generated encryption private key of the group for members of the group to access authorized published resources further comprises publishing the group key file.

64-119. -119. (canceled)

120. :
- A peer system comprising;
  
  storage medium having stored therein a plurality of programming instructions designed to enable the peer system to generate an encryption private key for a group in a deterministic manner from a random seed, generate a corresponding encryption public key for the group, publish the corresponding encryption public key in a client key file for use by resource publishers to effectively grant access to resources published by the resource publishers to members of the group, and publish the deterministically generated encryption private key of the group for members of the group to access authorized published resources;
  
  at least one processor coupled to the storage medium to execute the programming instructions.
- View Dependent Claims (121, 122, 123, 124, 125, 126, 127, 128)
- - 121. :
    - The peer system of claim 120, wherein said programming instructions are further designed to enable the peer system to perform said generating of an encryption private key for a group in a deterministic manner by generating and saving a random seed value;
      
      initializing one or more operational constants to one or more integer values; and
      
      applying one or more one way hash functions to the seed value for one or more series of times in view of the one or more operational constants to generate or contribute to the generation of the encryption private key for the group.
  - 122. :
    - The peer system of claim 121, wherein said programming instructions are further designed to enable the peer system to perform said initializing by initializing a first operational constant to an integer value N; and
      
      said applying by applying a first one way hash function to the seed value for a first series of times denoted by the first operational constant.
  - 123. :
    - The peer system of claim 121, wherein said programming instructions are further designed to enable the peer system to perform said initializing by initializing at least a first and a second operational constant to a first and a second integer values N1 and N2, that functionally map to a third integer value N; and
      
      said applying by applying a first one way hash function to the seed value for a first series of times in view of the first operational constant, and applying said first and a second one way hash function to said seed value for a second and a third series of times in view of said first and second operational constants.
  - 124. :
    - The peer system of claim 120, wherein said programming instructions are further designed to enable the peer system to re-generate the encryption public and private keys of the group when a member is removed from the group; and
      
      re-publish the re-generated encryption public and private keys of the group for use by resource publishers and members of the group respectively.
  - 125. :
    - The peer system of claim 124, wherein said programming instructions are further designed to enable the peer system to perform said initial generating of an encryption private key for a group in a deterministic manner by randomly generating and saving a seed value and an associated operational variable N, initialized to a constant, and applying a one way hash function to the seed value for a number of times as specified by the current value of the operational variable to generate the encryption private key of the group; and
      
      said re-generating of the encryption private key for the group by decrementing the operational variable in a pre-determine manner, and applying the one way hash function to the seed value for a number of times as specified by the current value of the operational constant to re-generate the encryption private key of the group.
  - 126. :
    - The peer system of claim 124, wherein said programming instructions are further designed to enable the peer system to perform said publishing of the deterministically generated encryption private key of the group for members of the group to access authorized published resources by retrieving a first encryption public key of a first member, generating a first encrypted entry of the group'"'"'s encryption private key using the retrieved first encryption public key of the first member, and placing the generated first encrypted entry into a group key file.
  - 127. :
    - The peer system of claim 126, wherein said programming instructions are further designed to enable the peer system to perform said publishing of the deterministically generated encryption private key of the group for members of the group to access authorized published resources by further repeating said retrieving, generating, and placing for each member.
  - 128. :
    - The peer system of claim 126, wherein said programming instructions are further designed to enable the peer system to perform said publishing of the deterministically generated encryption private key of the group for members of the group to access authorized published resources further by publishing the group key file.

129-130. -130. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Qian, Zhenyu, Teodosiu, Dan, Boyen, Xavier

Granted Patent

US 8,331,560 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2117   User registration

G06F 2221/2141   Access rights, e.g. capabil...

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 2463/101   applying security measures ...

H04L 63/0442   wherein the sending and rec...

H04L 63/045   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/10   for controlling access to d...

H04L 63/104   Grouping of entities

H04L 63/123   received data contents, e.g...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0833   involving conference or gro...

H04L 9/0863   involving passwords or one-...

H04L 9/0869   involving random numbers or...

H04L 9/3263   involving certificates, e.g...

DISTRIBUTED SCALABLE CRYPTOGRAPHIC ACCESS CONTROL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

129 Claims

Specification

Solutions

Use Cases

Quick Links

DISTRIBUTED SCALABLE CRYPTOGRAPHIC ACCESS CONTROL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

129 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links