TRUSTED INTERNET IDENTITY

US 20090178123A1
Filed: 01/09/2008
Published: 07/09/2009
Est. Priority Date: 01/09/2008
Status: Active Grant

First Claim

Patent Images

1. A method of securing data using an Internet identity, the method comprising:

assigning file access rights to a file for the Internet identity;

receiving a request to access the file, the request including the Internet identity;

confirming the Internet identity;

determining if the Internet identity has access rights to the file; and

allowing access to the file when the Internet identity is confirmed and has access rights to the file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A token or other storage device uses Internet identities to set file access attribute rights. Subsequently, requests to access a file can be controlled by confirming the Internet identity of the requester by either validating the request with a known public key or retrieving the public key from an Internet identity provider. Files may be stored encrypted and may be re-encrypted with the public key associated with Internet identity making the request.

Citations

20 Claims

1. A method of securing data using an Internet identity, the method comprising:
- assigning file access rights to a file for the Internet identity;
  
  receiving a request to access the file, the request including the Internet identity;
  
  confirming the Internet identity;
  
  determining if the Internet identity has access rights to the file; and
  
  allowing access to the file when the Internet identity is confirmed and has access rights to the file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein assigning file access rights comprises establishing a privilege to assign file access rights using a second Internet identity.
  - 3. The method of claim 1, wherein confirming the Internet identity comprises decrypting a portion of the request using a public key associated with the Internet identity.
  - 4. The method of claim 3, further comprising:
    - accessing an Internet identity provider over a network connection; and
      
      retrieving the public key associated with the Internet identity.
  - 5. The method of claim 1, further comprising installing a management utility on a host computer, the management utility supporting assignment of file access rights to the file.
  - 6. The method of claim 1, further comprising executing a management utility residing on a file system that also contains the file.
  - 7. The method of claim 1, wherein the Internet identity is an identity independent of an operating system identity associated with a host computer.
  - 8. The method of claim 1, wherein the request includes a cookie including the Internet identity, a public key, and a cookie expiration date.
  - 9. The method of claim 1, further comprising encrypting the file with a public key associated with the Internet identity when allowing access to the file when the Internet identity is confirmed and has access rights to the file.
  - 10. The method of claim 9, wherein encrypting the file comprises encrypting the file when the file access rights specify encryption when allowing access to the file.
  - 11. The method of claim 1, further comprising:
    - encrypting the file when storing the file; and
      
      decrypting the file when allowing access to the file when the Internet identity is confirmed and has access rights to the file.

12. A removable storage token supporting file access control, comprising:
- a processor;
  
  a secure memory storing private keys and executable code for use by the processor;
  
  a general-use memory;
  
  a first bus coupling the processor, secure memory, and the general-use memory;
  
  a second bus for removably coupling the removable storage token to a computing device;
  
  a storage management module executable by the processor for assigning access control rights to data stored in the general-use memory;
  
  a communication module for execution by the processor for parsing a request for access to the general-use memory into a file identifier and a credential;
  
  a request module executable by the processor for determining when the credential includes a valid Internet identifier corresponding to an assigned access control right.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The removable storage token of claim 12, further comprising a user interface module for presenting a user interface on a host device for setting access control rights.
  - 14. The removable storage token of claim 12, wherein the communication module further supports accessing a web service corresponding to the valid Internet identifier.
  - 15. The removable storage token of claim 12, wherein an Internet identity validation is stored in the secure memory and is released when an authorized entity is validated at the removable storage token.
  - 16. The removable storage token of claim 12, further comprising a cryptographic engine for performing cryptographic operations.

17. A method of performing file access control comprising:
- acquiring an Internet identity at a third-party provider;
  
  accessing the Internet identity;
  
  setting an access right to the file using the Internet identity;
  
  requesting access to the file by supplying a request and a credential verifying the Internet identity;
  
  determining if the credential matches the Internet identity; and
  
  providing access to the file when the credential matches the Internet identity.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - encrypting the file with a key associated with the Internet identity when storing the file.
  - 19. The method of claim 17, further comprising:
    - encrypting the file with a key associated with the Internet identity when providing the file to a requestor.
  - 20. The method of claim 17, wherein setting the access right comprises setting the access right to the file stored on a removable storage token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Carpenter, Todd L., Abzarian, David, Steeves, David

Granted Patent

US 8,353,015 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2129   Authenticate client device ...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/0442   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/101   Access control lists [ACL]

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

TRUSTED INTERNET IDENTITY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TRUSTED INTERNET IDENTITY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links