Yuhui Zhong

US Patent:

7509489, Mar 24, 2009

Filed:

Mar 11, 2005

Appl. No.:

11/077920

Inventors:

Gregory Kostal - Kirkland WA, US
Muthukrishnan Paramasivam - Seattle WA, US
Ravindra Nath Pandya - Clyde Hill WA, US
Scott C. Cottrille - Sammamish WA, US
Vasantha K Ravula - Sammamish WA, US
Vladimir Yarmolenko - Duvall WA, US
Yuhui Zhong - Bellevue WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/00
G06F 7/04
G06F 17/30

US Classification:

713156, 726 5, 726 27

Abstract:

An improved certificate issuing system may comprise a certificate translation engine for translating incoming certificates and certificate requests from a first format into a second format. A certificate issuing engine may then operate on incoming requests in the common format. The issuing engine can issue certificates to clients according to its certificate issuing policy. The policy may be expressed as data in a policy expression language that can be consumed at runtime, which provides for flexible and efficient changing of issuing policy. Issued certificates can be translated back into a format that is consumed by the requesting client. Such translation can be performed by the translation engine prior to delivery of certificates to requesting clients.

US Patent:

7882035, Feb 1, 2011

Filed:

Jan 25, 2008

Appl. No.:

12/020058

Inventors:

Scott C. Cottrille - Sammamish WA, US
Gregory Kostal - Kirkland WA, US
Rushmi U. Malaviarachchi - Redmond WA, US
Jeffrey M. Brown - Bellevue WA, US
Umesh R. Dhond - Redmond WA, US
Amit Fulay - Kirkland WA, US
Jody A. Hendrix - Kirkland WA, US
Krassimir E. Karamfilov - Bellevue WA, US
Yevgeniy Rozenfeld - Redmond WA, US
Vladimir Yarmolenko - Duvall WA, US
Yuhui Zhong - Sammamish WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 21/00

US Classification:

705 59, 705902

Abstract:

The present invention extends to methods, systems, and computer program products for pre-performing operations for accessing protected content. Cryptographic user key pairs can be pre-generated and distributed in response to a variety of different events prior to provisioning client machine for accessing protected content. Usage licenses can be pre-generated and allocated prior to requests for usage licenses. Usage licenses can be pre-obtained for client machines prior to client machines access protected content. Pre-performed operations can be performed in response to detected events, such as, for example, reduced resource consumption in a Digital Rights Management system.

US Patent:

7987496, Jul 26, 2011

Filed:

Apr 11, 2008

Appl. No.:

12/101688

Inventors:

Duncan G. Bryce - Redmond WA, US
Scott C. Cottrille - Sammamish WA, US
Pankaj Mohan Kamat - Kirkland WA, US
Krassimir Karamfilov - Bellevue WA, US
Gregory Kostal - Kirkland WA, US
Kenneth D. Ray - Seattle WA, US
Vladimir Yarmolenko - Duvall WA, US
Yuhui Zhong - Sammamish WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/00

US Classification:

726 1, 726 26

Abstract:

The secure application of content protection policies to content. The secure application of content protection polices is accomplished by having an enforcement mechanism monitor policy application points to detect the transfer of content. The enforcement mechanism accesses the content and a determination is made to protect the content. A usage policy is then identified by the enforcement mechanism to apply to the content and the usage policy is then applied to the content, resulting in a usage policy for the content.

US Patent:

8156538, Apr 10, 2012

Filed:

Dec 18, 2007

Appl. No.:

11/959115

Inventors:

Abhijat A. Kanade - Bellevue WA, US
Rushmi U. Malaviarachchi - Redmond WA, US
Peter D. Waxman - Seattle WA, US
Yuhui Zhong - Sammamish WA, US
Gregory Kostal - Kirkland WA, US
Scott C. Cottrille - Sammamish WA, US
Syed A. Mehdi - Raleigh NC, US
Patricia Priest - Seattle WA, US
Kumar B. Parambir - Bellevue WA, US
Li Ren - Sammamish WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 17/00

US Classification:

726 1

Abstract:

One embodiment includes a method which may be practiced in a computing environment where resources are distributed. The method includes acts for obtaining policy information defining restrictions on resources distributed in the computing environment. The method includes sending a request to a server for metadata about one or more resource protection policies at the server. In response to the request, metadata about one or more resource protection polices at the server is received from the server. The metadata from the server is analyzed. Based on analyzing the metadata, one or more resource protection policies stored at the client are updated.

US Patent:

8447976, May 21, 2013

Filed:

Jun 1, 2009

Appl. No.:

12/476049

Inventors:

Chandresh K. Jain - Sammamish WA, US
Mayank Mehta - Redmond WA, US
Frank D. Byrum - Seattle WA, US
Edward Banti - Seattle WA, US
Ayse Yesim Koman - Seattle WA, US
James R. Knibb - Kirland WA, US
Michael A. Nelte - Redmond WA, US
Christopher Barnes - Redmond WA, US
Hao Zhang - Sammamish WA, US
Victor Boctor - Redmond WA, US
Tejas D. Patel - Seattle WA, US
Yuhui Zhong - Sammamish WA, US
Gregory Kostal - Kirkland WA, US
Vladimir Yarmolenko - Duvall WA, US
Pankaj M. Kamat - Kirkland WA, US
Amit K. Fulay - Kirkland WA, US
Krassimir E. Karamfilov - Bellevue WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/32

US Classification:

713168, 726 9

Abstract:

Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.

US Patent:

8448228, May 21, 2013

Filed:

Sep 29, 2010

Appl. No.:

12/893763

Inventors:

Yuhui Zhong - Sammamish WA, US
Gregory Kostal - Kirkland WA, US
Tejas D. Patel - Seattle WA, US
Scott C. Cottrille - Sammamish WA, US
Vladimir Yarmolenko - Duvall WA, US
Pankaj Mohan Kamat - Kirkland WA, US
Sunitha Samuel - Kirkland WA, US
Frank D. Byrum - Seattle WA, US
Mayank Mehta - Redmond WA, US
Chandresh Kumar Jain - Sammamish WA, US
Edward Banti - Seattle WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 29/06

US Classification:

726 5, 713156, 713165, 713167, 713182, 713185

Abstract:

The present invention extends to methods, systems, and computer program products for separating authorization identity from policy enforcement identity. Embodiments of the invention extend the consumption phase for protected information. Two identities, an authorization identity and a policy enforcement identity, are used for acquiring, issuing and enforcing usage license instead of one identity certificate. The authorization identity is used to evaluate against usage policy. The authorization identity is similar to identification information in an identity certificate. The policy enforcement identity is used to ensure the confidentiality of granted permissions and content key. The policy enforcement identity enforces a usage license on an authorization principal's (e. g. , recipient's) machine. The policy enforcement identity's enforcement of a usage license is similar use of a cryptographic key in an identity certificate.

US Patent:

8505068, Aug 6, 2013

Filed:

Sep 29, 2010

Appl. No.:

12/893786

Inventors:

Tejas D. Patel - Seattle WA, US
Gregory Kostal - Kirkland WA, US
Yuhui Zhong - Sammamish WA, US
Vladimir Yarmolenko - Duvall WA, US
Pankaj Mohan Kamat - Kirkland WA, US
Krassimir E. Karamfilov - Bellevue WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 29/06

US Classification:

726 1

Abstract:

The present invention extends to methods, systems, and computer program products for deriving express rights in protected content. Embodiments of the invention provide mechanisms to convert implicit rights to express rights for entities, including applications, inside and outside of an organizational (e. g. , enterprise) boundary. The conversion can occur dynamically, based on the information protection policies defined by a policy administrator, granting entities express access to perform tasks on protected content.

US Patent:

20060195690, Aug 31, 2006

Filed:

Feb 28, 2005

Appl. No.:

11/069803

Inventors:

Gregory Kostal - Kirkland WA, US
Muthukrishnan Paramasivam - Seattle WA, US
Ravindra Pandya - Clyde Hill WA, US
Scott Cottrille - Sammamish WA, US
Vasantha Ravula - Sammamish WA, US
Vladimir Yarmolenko - Duvall WA, US
Charles Rose - Redmond WA, US
Yuhui Zhong - Bellevue WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/00

US Classification:

713156000

Abstract:

An improved certificate issuing system may comprise a novel arrangement for expressing certificate issuing policy. The policy may be expressed in a human-readable policy expression language and stored for example in a file that is consumed by a certificate issuing system at runtime. The policy may thus be easily changed by altering the digital file. Certain techniques are also provided for extending the capabilities of the certificate issuing system so it may apply and enforce new policies.