Separating authorization identity from policy enforcement identity

Assignee

• Microsoft Corporation · US

Inventors

• Yuhui Zhong · Sammamish, US
• Gregory Kostal · Kirkland, US
• Tejas D. Patel · Seattle, US
• Scott C. Cottrille · Sammamish, US
• Vladimir Yarmolenko · Duvall, US
• Pankaj Mohan Kamat · Kirkland, US
• Sunitha Samuel · Kirkland, US
• Frank Byrum · Seattle, US
• Mayank Mehta · Keyano, CA
• Chandresh K. Jain · Sammamish, US
• Edward Thomas Banti · Seattle, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/101
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The present invention extends to methods, systems, and computer program products for separating authorization identity from policy enforcement identity. Embodiments of the invention extend the consumption phase for protected information. Two identities, an authorization identity and a policy enforcement identity, are used for acquiring, issuing and enforcing usage license instead of one identity certificate. The authorization identity is used to evaluate against usage policy. The authorization identity is similar to identification information in an identity certificate. The policy enforcement identity is used to ensure the confidentiality of granted permissions and content key. The policy enforcement identity enforces a usage license on an authorization principal's (e.g., recipient's) machine. The policy enforcement identity's enforcement of a usage license is similar use of a cryptographic key in an identity certificate.