Method and apparatus for managing secure collaborative transactions

US 7,415,606 B2
Filed: 10/24/2005
Issued: 08/19/2008
Est. Priority Date: 05/12/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A computer system with an algorithm-independent architecture for providing a security service to an application, the computer system comprising:

a plurality of algorithm-independent abstract primitive services, at least some of which can be combined to implement the security service;

a plurality of static links between the security service and one or more of the abstract primitive services which implement the security service;

a plurality of algorithm-dependent concrete primitive services, at least some of which can be combined to implement the abstract primitive services; and

a plurality of dynamic links between the abstract primitive services and one or more of the concrete primitive services which links are established at runtime in order to implement the abstract services.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Different levels of security are provided in a security system so that users can decide the security level of their own communications. Users can choose a low level of security and maintain the security overhead as low as possible. Alternatively, they can choose higher levels of security with attendant increases in security overhead. The different levels of security are created by the use of one or more of two keys: an encryption key is used to encrypt plaintext data in a delta and a message authentication key is used to authenticate and insure integrity of the data. Two keys are used to avoid re-encrypting the encrypted data for each member of the telespace. In one embodiment, the security level is determined when a telespace is created and remains fixed through out the life of the telespace. For a telespace, the security level may range from no security at all to security between the members of the telespace and outsiders to security between pairs of members of the telespace. In another embodiment, subgroups called “tribes” can be formed within a telespace and each tribe adopts the security level of the telespace in which it resides.

21 Citations

View as Search Results

20 Claims

1. A computer system with an algorithm-independent architecture for providing a security service to an application, the computer system comprising:
- a plurality of algorithm-independent abstract primitive services, at least some of which can be combined to implement the security service;
  
  a plurality of static links between the security service and one or more of the abstract primitive services which implement the security service;
  
  a plurality of algorithm-dependent concrete primitive services, at least some of which can be combined to implement the abstract primitive services; and
  
  a plurality of dynamic links between the abstract primitive services and one or more of the concrete primitive services which links are established at runtime in order to implement the abstract services.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer system of claim 1 wherein each of the abstract primitive services comprises an abstract service object which exports an application programming interface which includes methods that can be invoked by the service.
  - 3. The computer system of claim 2 wherein all of the abstract service objects are contained in the same dynamic link library.
  - 4. The computer system of claim 3 wherein each abstract service object comprises nonstatic member variables.
  - 5. The computer system of claim 4 wherein each concrete primitive service comprises a concrete primitive service object having specific algorithms for providing a primitive service and static member variables which hold data generated by the specific algorithms.
  - 6. The computer system of claim 5 wherein each concrete primitive service object comprises a constructor method which uploads data in the static member variables into the non-static member variables in the abstract primitive service object.
  - 7. The computer system of claim 6 wherein each abstract primitive service object creates one or more concrete primitive service objects by calling a constructor method therein to implement a primitive service.

8. A process of operating a computer to execute an application that invokes a security service, the process comprising:
- creating a registry of concrete primitive services active on the computer;
  
  invoking from the application a method of an abstract security service, the method, when invoked;
  
  creating an instance of the abstract security service incorporating a concrete primitive service listed in the registry; and
  
  returning an identifier of the instance; and
  
  invoking the instance from the application based on the identifier.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The process of claim 8, wherein creating the instance of the abstract security service incorporating the concrete primitive service listed in the registry comprises querying concrete primitives in the registry to identify a concrete primitive service implementing a security algorithm usable in the abstract security service.
  - 10. The process of claim 8, further comprising:
    - statically linking the application with the abstract security service.
  - 11. The process of claim 10, wherein the concrete primitive services are contained within a plurality of dynamically linked libraries and creating the registry comprises loading the plurality of dynamically linked libraries.
  - 12. The process of claim 8, wherein invoking the instance of the application comprises invoking a first instance of the abstract security service at a first time and the method comprises, at a second time, invoking a second instance of the abstract security service, the second instance comprising a different concrete primitive service than the first instance.
  - 13. The process of claim 8, wherein the abstract security service comprises a first class of programming objects and the concrete primitive services comprises a second class of programming object and the method further comprises forming a compound class formed from the first class and the second class.

14. A tangible computer storage medium comprising computer executable modules for providing a security service to an application, the computer executable modules comprising:
- at least one security service module;
  
  a plurality of abstract primitive modules each for providing an algorithm-independent abstract primitive service, and each of the plurality of abstract primitive modules being linked to the security service module through a static link;
  
  a plurality of concrete primitive modules each for providing an algorithm-dependent concrete primitive service, each of the concrete primitive modules comprising an interface for dynamically linking the concrete primitive module to an abstract primitive module through a dynamic link established at runtime in order to implement the security service.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer storage medium of claim 14, wherein each of the plurality of abstract primitive modules comprises an abstract service object which exports an application programming interface which includes methods that can be invoked by the security service.
  - 16. The computer storage medium of claim 15, wherein all of the abstract service objects are contained in the same dynamic link library.
  - 17. The computer storage medium of claim 16 wherein each abstract service object comprises computer executable instructions for operating on nonstatic member variables.
  - 18. The computer storage medium of claim 17, wherein each of the plurality of concrete primitive modules comprises a concrete primitive service object comprising computer-executable instructions for, when executed, implementing:
    - a specific algorithm for providing a primitive service; and
      
      static member variables which hold data generated by the specific algorithms.
  - 19. The computer storage medium of claim 14, wherein the at least one security service module comprises a security service module for providing an identification service, a security service module for providing an authentication service, a security service module for providing an integrity service, a security service module for providing an confidentiality service, a security service module for providing a privacy service, a security service module for providing an authorization service, and a security service module for providing a delegation of authority service.
  - 20. The computer storage medium of claim 19, further comprising at least one computer-executable application module for implementing the application, the application module being statically linked to the at least one security service module, the at least one computer-executable application module for providing a client of a distributed collaboration system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Asthagiri, Nimisha, Tuvell, Walter
Primary Examiner(s)
SMITHERS, MATTHEW

Application Number

US11/257,479
Publication Number

US 20060050869A1
Time in Patent Office

1,030 Days
Field of Search

713/151
US Class Current

713/151
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 12/1822   Conducting the conference, ...

H04L 63/062   for key distribution, e.g. ...

H04L 63/065   for group communications cr...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0833   involving conference or gro...

H04L 9/0891   Revocation or update of sec...

Method and apparatus for managing secure collaborative transactions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for managing secure collaborative transactions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links