Security architecture for peer-to-peer storage system

US 8,196,186 B2
Filed: 05/20/2008
Issued: 06/05/2012
Est. Priority Date: 05/20/2008
Status: Active Grant

First Claim

Patent Images

1. A method, implemented by a computing device, comprising:

receiving a request to register a peer in a peer-to-peer system, the peer-to-peer system enabling a first peer of the peer-to-peer system to provide a first storage area to another peer of the peer-to-peer system and enabling the first peer of the peer-to-peer system to store data in a second storage area on a second peer of the peer-to-peer system after providing the first storage area;

generating or selecting a transaction key for the peer;

storing the transaction key in association with registration information for the peer;

receiving a password from the peer to enable a secure transmission of the transaction key to the peer;

transmitting the transaction key from the server to the peer, the transaction key accessible to the peer using the password;

in response to receiving a transaction request from the peer to perform a peer-to-peer transaction with another peer of the peer-to-peer system, generating a token including file information for a file associated with the peer-to-peer transaction and including a signature, the token generated based at least in part on the transaction key;

sending the token from the server to the peer to enable the peer to perform the peer-to-peer transaction; and

in response to a failure of the second peer to authenticate a second token associated with a second peer-to-peer transaction, receiving information associated with the failure from the second peer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary method includes receiving a request to register a peer in a peer-to-peer system; generating or selecting a transaction key for the peer; storing the transaction key in association with registration information for the peer; transmitting the transaction key to the peer and, in response to a request to perform a desired peer-to-peer transaction by another peer, generating a token, based at least in part on the transaction key. Such a token allows for secure transactions in a peer-to-peer system including remote storage of data and retrieval of remotely stored data. Other exemplary techniques are also disclosed including exemplary modules for a peer-to-peer server and peers in a peer-to-peer system.

50 Citations

View as Search Results

22 Claims

1. A method, implemented by a computing device, comprising:
- receiving a request to register a peer in a peer-to-peer system, the peer-to-peer system enabling a first peer of the peer-to-peer system to provide a first storage area to another peer of the peer-to-peer system and enabling the first peer of the peer-to-peer system to store data in a second storage area on a second peer of the peer-to-peer system after providing the first storage area;
  
  generating or selecting a transaction key for the peer;
  
  storing the transaction key in association with registration information for the peer;
  
  receiving a password from the peer to enable a secure transmission of the transaction key to the peer;
  
  transmitting the transaction key from the server to the peer, the transaction key accessible to the peer using the password;
  
  in response to receiving a transaction request from the peer to perform a peer-to-peer transaction with another peer of the peer-to-peer system, generating a token including file information for a file associated with the peer-to-peer transaction and including a signature, the token generated based at least in part on the transaction key;
  
  sending the token from the server to the peer to enable the peer to perform the peer-to-peer transaction; and
  
  in response to a failure of the second peer to authenticate a second token associated with a second peer-to-peer transaction, receiving information associated with the failure from the second peer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the transaction key is independent of the password.
  - 3. The method of claim 1 wherein the transaction key comprises a cryptographic key.
  - 4. The method of claim 1 wherein the token comprises a format that specifies a type of transaction.
  - 5. The method of claim 1 wherein the token comprises a format that specifies an expiration time for the token.
  - 6. The method of claim 1 wherein the token comprises a transaction identifier selected from a group consisting of a timestamp and a number generated by a message counter.
  - 7. The method of claim 1 further comprising randomly generating or selecting an encryption key for the peer.
  - 8. The method of claim 7 further comprising storing the encryption key in association with registration information for the peer and transmitting the encryption key to the peer.

9. A computing device comprising:
- a processor and a computer-readable storage device;
  
  a module maintained on the computer-readable storage device, the module including instructions that are executable by the processor to;
  
  receive a request to register a peer in a peer-to-peer system in which, in response to a first peer of the peer-to-peer system providing a first storage area to another peer of the peer-to-peer system, a second storage area on a second peer of the peer-to-peer system is provided to the first peer to store data;
  
  generate or select a transaction key for the peer;
  
  store the transaction key for the peer in association with registration information for the peer;
  
  securely transmit the transaction key to the peer by password protecting the transaction key using a password provided by the peer;
  
  in response to receiving a transaction request from the peer to perform a peer-to-peer transaction, generate a token including file information for a file associated with the peer-to-peer transaction and including a signature, the token generated based at least in part on the transaction key;
  
  send the token from the server to the peer to enable the peer to perform the peer-to-peer transaction; and
  
  in response to a failure of the peer to authenticate a second token associated with a second peer-to-peer transaction, receiving information associated with the failure from the peer.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The module of claim 9 wherein the transaction key comprises a cryptographic key.
  - 11. The module of claim 9 wherein the token comprises a transaction type.
  - 12. The module of claim 9 further comprising computer-executable instructions that are executable by the computer to determine if a peer-to-peer transaction occurred successfully based at least in part on information received from the other peer.
  - 13. The module of claim 9 further comprising computer-executable instructions that are executable by the computer to generate or select an encryption key for each peer in the peer-to-peer system.
  - 14. The module of claim 9 further comprising computer-executable instructions that are executable by the computer to store an encryption key for each peer in the peer-to-peer system.
  - 15. The module of claim 9 further comprising computer-executable instructions that are executable by the computer to provide an application programming interface to receive information from a peer in the peer-to-peer system and to return a token in response.

16. A computer-readable storage device including instructions executable by a processor to perform operations comprising:
- in response to receiving a registration request from a peer, registering the peer in a peer-to-peer system in which, in response to a first peer of the peer-to-peer system providing a first storage area to another peer of the peer-to-peer system, a second storage area on a second peer of the peer-to-peer system is provided to the first peer to store data;
  
  generating or selecting a transaction key for the peer;
  
  associating the transaction key with registration information for the peer;
  
  transmitting the transaction key from the server to the peer, the transaction key protected by a password provided by the peer;
  
  in response to receiving a transaction request from the peer to perform a particular transaction in the peer-to-peer system, generating a token including file information for a file associated with the particular transaction and including a digital signature, the token generated based at least in part on the transaction key;
  
  sending the token from the server to the peer to enable the peer to perform the particular transaction; and
  
  in response to the second peer of the peer-to-peer system failing to authenticate a second token associated with a second peer-to-peer transaction, receiving information associated with the authentication failure from the second peer.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The computer-readable storage device of claim 16, wherein the token includes an identifier associated with the peer.
  - 18. The computer-readable storage device of claim 16, wherein the token includes an expiration time after which the token is invalid.
  - 19. The computer-readable storage device of claim 16, further comprising receiving failure data from the peer indicating that the peer failed to verify an invalid token based on an expiration date included in the invalid token.
  - 20. The computer-readable storage device of claim 16, wherein the token includes a transaction type.
  - 21. The computer-readable storage device of claim 20, wherein the transaction type comprises one of a store data transaction type to store data provided by the peer, a retrieve data transaction type to retrieve data from a specified location, a stream data transaction type to stream data to the peer, and a universal transaction type.
  - 22. The computer-readable storage device of claim 16, wherein in response to receiving the registration request that includes the password, the peer is logged in using at least one of a secure socket layer (SSL) protocol or a transport layer security (TLS) protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Mityagin, Anton, Charles, Denis X, Lauter, Kristin E.
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
PLECHA, THADDEUS J

Application Number

US12/123,979
Publication Number

US 20090290715A1
Time in Patent Office

1,477 Days
Field of Search

726/9, 726/10
US Class Current

726/4
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 2221/2151   Time stamp

H04L 63/062   for key distribution, e.g. ...

Security architecture for peer-to-peer storage system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Security architecture for peer-to-peer storage system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links