OFFLINE CONSUMPTION OF PROTECTED INFORMATION

US 20090208015A1
Filed: 02/15/2008
Published: 08/20/2009
Est. Priority Date: 02/15/2008
Status: Abandoned Application

First Claim

Patent Images

1. In a computing environment comprising a consuming user, publishing user, and a policy server, a method for the consuming user to access protected information originated by the publishing user, the method comprising:

maintaining a private key store of at least one private key corresponding to the consuming user;

receiving protected information originated by the publishing user, wherein the protected information is encrypted using a symmetric key;

the consuming user accessing a usage policy for the protected information, the usage policy containing an encrypted version of the symmetric key, the encrypted version of the symmetric key encrypted using a public key corresponding to a specific private key maintained in the private key store;

the consuming user locally checking the usage policy to determine that the encrypted version of the symmetric key is encrypted with the public key corresponding to the specific private key maintained in the private key store corresponding to the consuming user, without communication to the policy server; and

in response to a determination that the symmetric key has been encrypted with the public key, the consuming user;

using the specific private key to decrypt the symmetric key contained in the usage policy; and

subsequently using the symmetric key to decrypt the protected information such that the protected information is accessed without communication to the policy server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The offline consumption and publication of protected information in a networked environment. The offline consumption of protected information is accomplished by having the consuming user maintain a store of asymmetric encryption keys. The protected information is encrypted by the publishing user using a symmetric key and the symmetric key is then encrypted using a public asymmetric key associated with the consuming user. The consuming user received the protected information and a usage policy containing the encrypted symmetric key. The consuming user verifies that it can decrypt the symmetric key using a private asymmetric key maintained by the consumer. The user then decrypts the symmetric key and accesses the content of the protected information.

Citations

20 Claims

1. In a computing environment comprising a consuming user, publishing user, and a policy server, a method for the consuming user to access protected information originated by the publishing user, the method comprising:
- maintaining a private key store of at least one private key corresponding to the consuming user;
  
  receiving protected information originated by the publishing user, wherein the protected information is encrypted using a symmetric key;
  
  the consuming user accessing a usage policy for the protected information, the usage policy containing an encrypted version of the symmetric key, the encrypted version of the symmetric key encrypted using a public key corresponding to a specific private key maintained in the private key store;
  
  the consuming user locally checking the usage policy to determine that the encrypted version of the symmetric key is encrypted with the public key corresponding to the specific private key maintained in the private key store corresponding to the consuming user, without communication to the policy server; and
  
  in response to a determination that the symmetric key has been encrypted with the public key, the consuming user;
  
  using the specific private key to decrypt the symmetric key contained in the usage policy; and
  
  subsequently using the symmetric key to decrypt the protected information such that the protected information is accessed without communication to the policy server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein maintaining a private key store comprises storing only keys corresponding to groups that the consuming user is a member of, the keys being stored in an encrypted store with the encrypted store being encrypted to a key known only to the consuming user.
  - 3. The method of claim 1 further comprising:
    - in response to a determination that the symmetric key has been encrypted using a key not associated with the private asymmetric keys maintained in the store of encryption keys, connecting to a policy server to retrieve a usage license.
  - 4. The method of claim 1, wherein the protected information is published to a group of users, wherein the public asymmetric key associated with the private asymmetric key is associated with the group of users.
  - 5. The method of claim 1, wherein the store of content keys is maintained locally at the consuming user.
  - 6. The method of claim 1, wherein the usage policy is recieved with the protected content associated with the usage policy.
  - 7. The method of claim 1, wherein the usage policy is received separately from the protected content.
  - 8. The method of claim 1, wherein the user is provisioned at a key server prior to the first instance of consuming any protected content.

9. In a computing environment comprising a consuming user and a publishing user, a method for the publishing user to publish protected information for consumption by the consuming user, the method comprising:
- maintaining a store of public asymmetric keys associated with potential consuming users and groups of users;
  
  encrypting the protected information using a symmetric content key;
  
  prior to publishing the protected information, determining that the store of public asymmetric keys contains a particular public asymmetric key associated with the consuming user; and
  
  in response to a positive determination that the store of public asymmetric keys contains the particular public asymmetric key associated with the consuming user,encrypting the symmetric content key utilizing the public asymmetric key associated with the consuming user; and
  
  adding the encrypted symmetric content key to a usage policy for the protected information.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein the store of cryptographic keys further maintains public and private asymmetric keys corresponding to the user and any groups to which the user is a member.
  - 11. The method of claim 9, wherein maintaining a store of public asymmetric keys comprises:
    - storing public keys corresponding to all users and groups known to the key server; and
      
      periodically updating at least a portion of the public asymmetric keys using an out of band update mechanism.
  - 12. The method of claim 9, wherein the store of public asymmetric keys does not contain a public asymmetric key associated with the consuming user, the method further comprising:
    - querying a server to locate a public asymmetric key associated with the consuming user or group of consuming users; and
      
      in response to locating the public asymmetric key, storing the public asymmetric key in the store of public asymmetric keys and encrypting the symmetric content key using the stored public asymmetric key.
  - 13. The method of claim 9 further comprising:
    - encrypting the symmetric content key using a public asymmetric key associated with a server; and
      
      adding the encrypted symmetric content key encrypted to the public asymmetric key associated with the server to the usage policy.

14. In a computing environment comprising a consuming user and a publishing user, a system for the consuming user to access protected information originated by the publishing user, the system comprising:
- a processor executing computer-executable instructions; and
  
  a computer-readable storage media storing the computer-executable instructions, wherein the computer-executable instructions cause the system to perform a method when executed, the method comprising;
  
  maintaining a private key store of at least one private key corresponding to the consuming user;
  
  receiving protected information originated by the publishing user, wherein the protected information is encrypted using a symmetric key;
  
  the consuming user accessing a usage policy for the protected information, the usage policy containing an encrypted version of the symmetric key, the encrypted version of the symmetric key encrypted using a public key corresponding to a specific private key maintained in the private key store;
  
  the consuming user locally checking the usage policy to determine that the encrypted version of the symmetric key is encrypted with the public key corresponding to the specific private key maintained in the private key store corresponding to the consuming user, without communication to the policy server; and
  
  in response to a determination that the symmetric key has been encrypted with the public key, the consuming user;
  
  using the specific private key to decrypt the symmetric key contained in the usage policy; and
  
  subsequently using the symmetric key to decrypt the protected information such that the protected information is accessed without communication to the policy server.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, wherein maintaining a private key store comprises storing only keys corresponding to groups that the consuming user is a member of, the keys being stored in an encrypted store with the encrypted store being encrypted to a key known only to the consuming user.
  - 16. The system of claim 14, wherein the method the computer executable instructions cause the system to perform further comprises:
    - in response to a determination that the symmetric content key has been encrypted using a public asymmetric key not associated with the private asymmetric keys maintained in the store of encryption keys, connecting to a policy server to retrieve a usage license.
  - 17. The system of claim 14, wherein the protected information is published to a group of users, wherein the public asymmetric key associated with the private asymmetric key is associated with the group of users.
  - 18. The system of claim 14, wherein the store of content keys is maintained locally at the consuming user.
  - 19. The system of claim 14, wherein the usage policy is received with the protected content associated with the usage policy.
  - 20. The system of claim 14, wherein the usage policy is received separately from the usage policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bryce, Duncan G., Cottrille, Scott C., Kostal, Gregory, Kamat, Pankaj Mohan

Application Number

US12/032,279
Publication Number

US 20090208015A1
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 2209/60   Digital content management,...

H04L 9/0833   involving conference or gro...

H04L 9/0894   Escrow, recovery or storing...

OFFLINE CONSUMPTION OF PROTECTED INFORMATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

OFFLINE CONSUMPTION OF PROTECTED INFORMATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links