Communication channel access based on channel identifier and use policy

US 8,838,981 B2
Filed: 09/13/2012
Issued: 09/16/2014
Est. Priority Date: 02/17/2009
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a computing device, the method comprising:

obtaining an identifier of a communication channel, the communication channel comprising a removable storage device;

obtaining a use policy identifying an entity that originated protection of the communication channel as well as how an owner of the communication channel indicates the communication channel is used including techniques employed to protect data stored on the removable storage device, the techniques including how the data is to be encrypted;

generating, using a private key of a public/private key pair of the owner of the communication channel, a digital signature over the identifier of the communication channel and the use policy; and

associating the identifier of the communication channel, the use policy, and the digital signature with the communication channel.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.

Citations

20 Claims

1. A method implemented in a computing device, the method comprising:
- obtaining an identifier of a communication channel, the communication channel comprising a removable storage device;
  
  obtaining a use policy identifying an entity that originated protection of the communication channel as well as how an owner of the communication channel indicates the communication channel is used including techniques employed to protect data stored on the removable storage device, the techniques including how the data is to be encrypted;
  
  generating, using a private key of a public/private key pair of the owner of the communication channel, a digital signature over the identifier of the communication channel and the use policy; and
  
  associating the identifier of the communication channel, the use policy, and the digital signature with the communication channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as recited in claim 1, wherein the use policy further identifies how the owner indicates data stored on the removable storage device will be used and a type of data that is allowed to be stored.
  - 3. A method as recited in claim 1, the associating comprising storing the use policy and the digital signature on the removable storage device.
  - 4. A method as recited in claim 1, the obtaining comprising obtaining the identifier from the communication channel.
  - 5. A method as recited in claim 1, the associating comprising storing the identifier, the use policy, and the digital signature on the communication channel.
  - 6. A method as recited in claim 1, wherein the use policy further includes an indication of particular types of devices that the communication channel will be connected to.
  - 7. A method as recited in claim 1, further comprising verifying the digital signature over the identifier of the communication channel and the use policy has not been changed since the digital signature was generated.
  - 8. A method as recited in claim 7, the verifying being further based at least in part on a trust level that the computing device has for the owner.

9. A method implemented in a computing device, the method comprising:
- retrieving, from a communication channel authenticator of a communication channel, an identifier of the communication channel and a use policy identifying how an owner of the communication channel indicates the communication channel is used, the communication channel comprising a removable storage device;
  
  verifying the identifier of the communication channel and the use policy have not been altered;
  
  checking whether a current security policy of the computing device is satisfied by the use policy; and
  
  determining, based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified, an access that the computing device is allowed to have to the communication channel, the determining including allowing read-write access to the communication channel only if an entity that originated protection of the communication channel is a same entity as an entity that implements a security policy protecting the computing device, the entity that originated protection of the removable storage device being identified in the use policy.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. A method as recited in claim 9, wherein the access is read-only access if one or more of the current security policy is not satisfied, the identifier of the communication channel is not verified, or the use policy is not verified.
  - 11. A method as recited in claim 10, wherein the access is read-write access only if the current security policy is satisfied, the identifier of the communication channel is verified, and the use policy is verified.
  - 12. A method as recited in claim 9, the verifying comprising using a digital signature in the communication channel authenticator to verify that the identifier and the use policy have not been changed since the digital signature was generated.
  - 13. A method as recited in claim 12, the determining being further based at least in part on a trust level that the computing device has for the owner.
  - 14. A method as recited in claim 9, wherein the use policy identifies how the owner indicates data stored on the removable storage device will be used and a type of data that is allowed to be stored.
  - 15. A method as recited in claim 9, wherein the use policy includes an indication of particular types of devices that the communication channel will be connected to.

16. A computing device having stored computer-executable instructions that when executed perform operations comprising:
- obtaining, from an authenticator of a removable storage device, a first identifier of the removable storage device;
  
  obtaining, from the authenticator, a second identifier of an entity that originated protection of the removable storage device;
  
  verifying a digital signature over the first identifier and the second identifier to confirm that the first identifier and the second identifier have not been changed since the digital signature was generated;
  
  checking whether the entity that enabled protection of the removable storage device is a same entity as implements a security policy protecting the computing device, the entity that enabled protection of the removable storage device being identified in a use policy obtained from the removable storage device; and
  
  allowing the computing device read-write access to the removable storage device if the entity that enabled protection of the removable storage device is the same entity as implements the security policy protecting the computing device, otherwise allow the computing device read-only access to the removable storage device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. A computing device as recited in claim 16, the operations further comprising allowing the computing device to have read-only access to the removable storage device if the digital signature is not verified.
  - 18. A computing device as recited in claim 16, wherein the use policy identifies how the owner indicates data stored on the removable storage device will be used and a type of data that is allowed to be stored.
  - 19. A computing device as recited in claim 16, wherein the use policy identifies how the owner of the communication channel indicates the communication channel will be used, including an indication of particular types of devices that the communication channel will be connected to.
  - 20. A computing device as recited in claim 16, the verifying the digital signature over the first identifier and the second identifier to confirm that the first identifier and the second identifier have not been changed being further based at least in part on a trust level that the computing device has for an owner of the removable storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ureche, Octavian T., Semenko, Alex M., Vinayak, Sai, Ellison, Carl M.
Primary Examiner(s)
Hailu, Teshome

Application Number

US13/614,612
Publication Number

US 20130007463A1
Time in Patent Office

733 Days
Field of Search

713/176, 726/1
US Class Current

713/176
CPC Class Codes

H04L 63/102   Entity profiles

H04L 63/126   the source of the received ...

H04L 9/3247   involving digital signatures

Communication channel access based on channel identifier and use policy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Communication channel access based on channel identifier and use policy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links