Peer-to-peer identity management interfaces and methods

US 8,756,327 B2
Filed: 07/11/2011
Issued: 06/17/2014
Est. Priority Date: 12/04/2002
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing an application program interface for use by an application program of a resolution protocol to manage peer-to-peer identities, the application program of the resolution protocol and a server process being on a same node of a peer-to-peer network;

receiving, at the server process on the same node, a peer identity create call having a plurality of call parameters comprising a classifier, a peer-to-peer friendly name, a handle to a container in which a key pair exists, and a pointer to a location to which an identity name should be returned;

parsing, at the server process, the peer identity create call to retrieve the plurality of call parameters;

returning to the application program a value indicative of a success or failure of the peer identity create call;

the server process being configured to receive a peer identity delete call configured to delete one or more of certificates, private keys, or group information associated with a deleted identity; and

the server process further being configured to receive a peer identity enumerate call configured to;

enumerate peer identities including a parameter comprising a pointer to a location where a handle to an enumeration object is returned; and

enumerate groups associated with the peer identity including parameters comprising a name of an identity for which groups will be enumerated, and a pointer to the location where a handle to an enumeration object is returned.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Peer-to-peer (P2P) application programming interfaces (APIs) that allow an application to create, import, export, manage, enumerate, and delete P2P identities are presented. Further, the management of group identity information is provided. APIs abstract away from low level credential and cryptographic functions required to create and manage P2P identities. This management includes retrieval and setting of a friendly name, generation of a cryptographic public/private key pair, retrieval of security information in the form of an XML fragment, and creation of a new name based on an existing identity.

Citations

20 Claims

1. A method comprising:
- providing an application program interface for use by an application program of a resolution protocol to manage peer-to-peer identities, the application program of the resolution protocol and a server process being on a same node of a peer-to-peer network;
  
  receiving, at the server process on the same node, a peer identity create call having a plurality of call parameters comprising a classifier, a peer-to-peer friendly name, a handle to a container in which a key pair exists, and a pointer to a location to which an identity name should be returned;
  
  parsing, at the server process, the peer identity create call to retrieve the plurality of call parameters;
  
  returning to the application program a value indicative of a success or failure of the peer identity create call;
  
  the server process being configured to receive a peer identity delete call configured to delete one or more of certificates, private keys, or group information associated with a deleted identity; and
  
  the server process further being configured to receive a peer identity enumerate call configured to;
  
  enumerate peer identities including a parameter comprising a pointer to a location where a handle to an enumeration object is returned; and
  
  enumerate groups associated with the peer identity including parameters comprising a name of an identity for which groups will be enumerated, and a pointer to the location where a handle to an enumeration object is returned.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein said returning comprises returning an error indicative that at least one of the one or more corresponding call parameters of the peer identity management call is invalid.
  - 3. The method of claim 1, wherein said returning comprises returning an error indicative that there is not enough memory to perform the peer identity management call.
  - 4. The method of claim 1, wherein a particular corresponding call parameter of the peer identity management call corresponds to the identity name, and wherein said returning comprises returning an error indicative that there is no identity that matches the identity name call parameter.
  - 5. The method of claim 1, wherein:
    - said receiving comprises receiving a get friendly name call having the one or more corresponding call parameters comprising the identity name and a pointer to a location to which a corresponding friendly name should be returned; and
      
      said returning comprises returning to the application program a value indicative of the success/failure of the get friendly name call.
  - 6. The method of claim 1, wherein:
    - said receiving comprises receiving a set friendly name call having the one or more corresponding call parameters comprising the identity name and a string containing a new friendly name for the identity; and
      
      said returning comprises returning to the application program a value indicative of the success/failure of the set friendly name call.
  - 7. The method of claim 1, whereinsaid receiving comprises receiving a peer identity delete call having the one or more corresponding call parameters comprising the identity name;
    - andsaid returning comprises returning to the application program a value indicative of the success/failure of the peer identity delete call.
  - 8. The method of claim 1, wherein said returning comprises returning an error indicative that a peer identity corresponding to the identity name is in use by another process and cannot be deleted at this time.
  - 9. The method of claim 1, wherein:
    - said receiving comprises receiving a get cryptographic key call having the one or more corresponding call parameters comprising the identity name and a pointer to a location to which a handle to a cryptographic key container should be returned; and
      
      said returning comprises returning to the application program a value indicative of the success/failure of the get cryptographic key call.
  - 10. The method of claim 1, wherein:
    - said receiving comprises receiving a peer identity export call having the one or more corresponding call parameters comprising the identity name, a password to be used to encrypt identity information, at least one export option flag, and a pointer to a location to which a pointer to exported identity information will be placed; and
      
      said returning comprises returning to the application program a value indicative of the success/failure of the peer identity export call.

11. One or more computer-readable storage media comprising a collection of application program interfaces (APIs) configured for use with a peer identity system, the APIs comprising:
- a peer identity create function configured to create a new peer identity and return its name;
  
  a function configured to retrieve and set a friendly name for use by a user in establishment or management of a peer identity;
  
  a get cryptographic key function configured to return a handle to a private/public key air which is associated with an identity;
  
  a function configured to delete peer identities;
  
  an export function configured to export an identity to a data structure and encrypt the data structure with a supplied password;
  
  an import function configured to import identity information in the form of an encrypted data structure;
  
  an enumerate function configured to enumerate peer identities;
  
  an enumerate function configured to enumerate groups associated with peer identities;
  
  a function configured to enable retrieval of security information for an identity in the form of an XML fragment; and
  
  a function configured to create a new peer name based on an existing name of an identity and supplied classifier.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The one or more computer-readable storage media of claim 11, wherein parameters for the peer identity create function comprise:
    - a classifier, a friendly name, a cryptographic key provider, and a location to which the identity should be returned.
  - 13. The one or more computer-readable storage media of claim 11, wherein parameters for the function configured to retrieve and set a friendly name comprise by way of input, an identity name for which the friendly name is desired and, by way of output, a pointer to a location where the friendly name of the identity should be returned.
  - 14. The one or more computer-readable storage media of claim 11, wherein parameters for the get cryptographic key function comprise an identity name for a peer identity for which a key pair is desired, and a pointer to a location where a handle to a key container should be returned.
  - 15. The one or more computer-readable storage media of claim 11, wherein the function configured to delete peer identities is configured to delete certificates, private keys, and group information associated with a deleted identity.
  - 16. The one or more computer-readable storage media of claim 11, wherein the export function includes flags configured to enable specification of different export options comprising one or more of:
    - exporting all groups, exporting only groups owned by an identity, exporting only groups not owned by an identity, exporting specified groups, exporting only identity information without associated group information, or exporting all keys along with appropriate certificates to which they are attached.
  - 17. The one or more computer-readable storage media of claim 11, wherein the import function includes flags configured to enable specification of different import options comprising one or more of:
    - importation of all groups associated with an identity, importation of only groups owned by an identity, importation of only groups not owned by an identity, importation of only specified groups, importation of only identity information without associated group information, importation of private keys associated with an identity, that information should be overwritten only by newer information during importation, that information should always be overwritten, or that information should never be overridden.
  - 18. The one or more computer-readable storage media of claim 11, wherein the enumerate function configured to an enumerate peer identities include a parameter comprising a pointer to a location where a handle to an enumeration object is returned;
    - andwherein the enumerate function configured to enumerate groups includes parameters comprising a name of an identity for which groups will be enumerated, and a pointer to the location where a handle to an enumeration object is returned.
  - 19. The one or more computer-readable storage media of claim 11, wherein the function configured to enable retrieval of security information for an identity in the form of an XML fragment includes parameters comprising a peer name of an identity for which information is retrieved, and a pointer to a location where a string containing the XML fragment with the information about the identity is returned.
  - 20. The one or more computer-readable storage media of claim 11, wherein the function configured to create a new peer name based on the existing name of the identity and a supplied classifier includes parameters comprising the name of the identity that should be taken as a basis for the new peer name, a string containing a new classifier that is to be appended to the existing name of the identity, and a pointer to a location where the new peer name will be returned.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Manion, Todd R., Donner, Robert D., Somin, Grigori M.
Primary Examiner(s)
WASEL, MOHAMED A

Application Number

US13/180,406
Publication Number

US 20110271094A1
Time in Patent Office

1,072 Days
Field of Search

709227-229
US Class Current

709/227
CPC Class Codes

G06F 9/541   via adapters, e.g. between ...

H04L 2101/365   Application layer names, e....

H04L 61/00   Network arrangements, proto...

H04L 61/30   Managing network names, e.g...

H04L 63/0823   using certificates cryptogr...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1057   involving pre-assessment of...

H04L 69/329   in the application layer [O...

Peer-to-peer identity management interfaces and methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Peer-to-peer identity management interfaces and methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links