ANONYMOUS PRINCIPALS FOR POLICY LANGUAGES

US 20120159577A1
Filed: 12/16/2010
Published: 06/21/2012
Est. Priority Date: 12/16/2010
Status: Active Grant

First Claim

Patent Images

1. A method of evaluating a statement in a security policy language, the method comprising:

in response to a principal requesting access to a resource, receiving a policy containing the statement, the statement specifying a condition for access to the resource and comprising a placeholder symbol that represents an anonymous credential; and

verifying an attribute of the anonymous credential using a key corresponding to the anonymous credential, and based thereon determining whether to grant the principal access to the resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques to allow a security policy language to accommodate anonymous credentials are described. A policy statement in a security policy language can reference an anonymous credential. When the policy statement is evaluated to decide whether to grant access to a resource mediated by the policy statement, the anonymous credential is used. The policy language can be implemented to allow one anonymous credential to delegate access-granting rights to another anonymous credential. Furthermore, an anonymous credential can be re-randomized to avoid linkage between uses of the anonymous credential, which can compromise anonymity.

114 Citations

20 Claims

1. A method of evaluating a statement in a security policy language, the method comprising:
- in response to a principal requesting access to a resource, receiving a policy containing the statement, the statement specifying a condition for access to the resource and comprising a placeholder symbol that represents an anonymous credential; and
  
  verifying an attribute of the anonymous credential using a key corresponding to the anonymous credential, and based thereon determining whether to grant the principal access to the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, the anonymous credential having been verified with the key by a non-anonymous authority, the key comprising a public key of the non-anonymous authority.
  - 3. A method according to claim 2, the non-anonymous authority having added the attribute to the anonymous credential.
  - 4. A method according to claim 1, further comprising re-randomizing the anonymous credential by the principal.
  - 5. A method according to claim 4, wherein a first re-randomization of the anonymous credential cannot be linked with a second re-randomization of the anonymous credential.
  - 6. A method according to claim 4, wherein the security policy language comprises a formal computer language and the statement conforms to the grammar and syntax of the formal computer language.
  - 7. A method according to claim 1, wherein the anonymous credential contains no information by which the principal can be personally identified.

8. One or more computer readable storage media storing information to enable one or more computers to perform a process, the process comprising:
- receiving a request for access to a service from a user represented by a corresponding anonymous credential, the anonymous credential comprising an attribute and a cryptographic signature that verifies the attribute, wherein the signature does not identify the user;
  
  accessing a security policy comprising a statement in a security policy language that comprises a symbol configured to represent any arbitrary anonymous principal that requests access to the resource, where the statement also comprises a condition that must be met for access to the resource; and
  
  granting access to the user by determining that the attribute of the anonymous credential satisfies the condition of the statement.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. One or more computer readable storage media according to claim 8, wherein the security policy language comprises a computer language, and statements in the security policy language comprise facts, principals, and nestable logical expressions comprised of logical operators and principals or facts as operands.
  - 10. One or more computer readable storage media according to claim 9, wherein the security policy language comprises a principal type that is defined to be anonymous.
  - 11. One or more computer readable storage media according to claim 8, wherein the security policy language defines a type of principal comprising an anonymous principal type.
  - 12. One or more computer readable storage media according to claim 11, wherein the security policy language allows a first instance of an anonymous principal type to delegate right-granting authority to a second instance of an anonymous principal type.
  - 13. One or more compute readable storage media according to claim 8, wherein the anonymous credential comprises a plurality of levels including a top level and a lower level, the top level comprising a signature from a non-anonymous public key and a top level attribute signed by the non-anonymous public key.
  - 14. One or more computer readable storage media according to claim 13, wherein a key at one level of the anonymous credential signs an attribute at a next lower level of the anonymous credential.

15. A method performed by one or more computers to control access to resources provided by a network service, the method comprising:
- receiving via a network a request for one of the resources, the request including information identifying the resource and having originated from a computer operated by a user represented by an anonymous credential;
  
  obtaining a security policy corresponding to the resource based on the information identifying the resource, the security policy conforming to a policy language and having a symbol, also conforming to the policy language, that functions as a placeholder for any anonymous credential; and
  
  processing the security policy with a module that implements the policy language, the processing comprising using the anonymous credential of the user in place of the symbol.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A method according to claim 15, wherein the anonymous credential was generated by a security token service that received a public key from the computer operated by the user and in response generated the anonymous credential by signing an attribute generated by a known authority.
  - 17. A method according to claim 15, wherein the anonymous credential comprises a first signature and a second signature signed by the first signature, and the processing by the module further comprises mapping the first signature and the second signature to a first anonymous credential symbol and a second anonymous credential symbol, respectively, in the security policy.
  - 18. A method according to claim 15, further comprising using an ephemeral security token to bootstrap access to a service providing the resource.
  - 19. A method according to claim 15, wherein the policy language has one or more functions that either operate on or return anonymous credentials.
  - 20. A method according to claim 19, wherein one or more of the functions determine whether or not a principal is an anonymous principal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Acar, Tolga, LaMacchia, Brian, Roeder, Thomas, Belinkiy, Mira, Mackay, Jason

Granted Patent

US 8,955,035 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 2209/42   Anonymization, e.g. involvi...

H04L 9/3265   using certificate chains, t...

ANONYMOUS PRINCIPALS FOR POLICY LANGUAGES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

114 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ANONYMOUS PRINCIPALS FOR POLICY LANGUAGES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

114 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links