Patents by Inventor Gregory Kostal
Gregory Kostal has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9015493Abstract: Implementing a data protection service. One method includes receiving a request to provision a first tenant among a plurality of tenants managed by a single data protection service. A tenant is defined as an entity among a plurality of entities. A single data protection service provides data protection services to all tenants in the plurality of tenants. A first encryption key used to decrypt the first tenant's data at the data store is stored. The first encryption key is specific to the first tenant and thus cannot be used to decrypt other tenants' data at the data store from among the plurality of tenants. Rather each tenant in the plurality of tenants is associated with an encryption key, not usable by other tenants, used at the data store to decrypt data on a tenant and corresponding key basis.Type: GrantFiled: September 16, 2010Date of Patent: April 21, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Jason Xiaodong Hu, Daniel W. Hitchcock, Gregory Kostal
-
Patent number: 8505068Abstract: The present invention extends to methods, systems, and computer program products for deriving express rights in protected content. Embodiments of the invention provide mechanisms to convert implicit rights to express rights for entities, including applications, inside and outside of an organizational (e.g., enterprise) boundary. The conversion can occur dynamically, based on the information protection policies defined by a policy administrator, granting entities express access to perform tasks on protected content.Type: GrantFiled: September 29, 2010Date of Patent: August 6, 2013Assignee: Microsoft CorporationInventors: Tejas D. Patel, Gregory Kostal, Yuhui Zhong, Vladimir Yarmolenko, Pankaj Mohan Kamat, Krassimir E. Karamfilov
-
Patent number: 8448228Abstract: The present invention extends to methods, systems, and computer program products for separating authorization identity from policy enforcement identity. Embodiments of the invention extend the consumption phase for protected information. Two identities, an authorization identity and a policy enforcement identity, are used for acquiring, issuing and enforcing usage license instead of one identity certificate. The authorization identity is used to evaluate against usage policy. The authorization identity is similar to identification information in an identity certificate. The policy enforcement identity is used to ensure the confidentiality of granted permissions and content key. The policy enforcement identity enforces a usage license on an authorization principal's (e.g., recipient's) machine. The policy enforcement identity's enforcement of a usage license is similar use of a cryptographic key in an identity certificate.Type: GrantFiled: September 29, 2010Date of Patent: May 21, 2013Assignee: Microsoft CorporationInventors: Yuhui Zhong, Gregory Kostal, Tejas D. Patel, Scott C. Cottrille, Vladimir Yarmolenko, Pankaj Mohan Kamat, Sunitha Samuel, Frank D. Byrum, Mayank Mehta, Chandresh Kumar Jain, Edward Banti
-
Patent number: 8447976Abstract: Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.Type: GrantFiled: June 1, 2009Date of Patent: May 21, 2013Assignee: Microsoft CorporationInventors: Chandresh K. Jain, Mayank Mehta, Frank D. Byrum, Edward Banti, Ayse Yesim Koman, James R. Knibb, Michael A. Nelte, Christopher Barnes, Hao Zhang, Victor Boctor, Tejas D. Patel, Yuhui Zhong, Gregory Kostal, Vladimir Yarmolenko, Pankaj M. Kamat, Amit K. Fulay, Krassimir E. Karamfilov
-
Patent number: 8156538Abstract: One embodiment includes a method which may be practiced in a computing environment where resources are distributed. The method includes acts for obtaining policy information defining restrictions on resources distributed in the computing environment. The method includes sending a request to a server for metadata about one or more resource protection policies at the server. In response to the request, metadata about one or more resource protection polices at the server is received from the server. The metadata from the server is analyzed. Based on analyzing the metadata, one or more resource protection policies stored at the client are updated.Type: GrantFiled: December 18, 2007Date of Patent: April 10, 2012Assignee: Microsoft CorporationInventors: Abhijat A. Kanade, Rushmi U. Malaviarachchi, Peter D. Waxman, Yuhui Zhong, Gregory Kostal, Scott C. Cottrille, Syed A. Mehdi, Patricia Priest, Kumar B. Parambir, Li Ren
-
Publication number: 20120079557Abstract: The present invention extends to methods, systems, and computer program products for deriving express rights in protected content. Embodiments of the invention provide mechanisms to convert implicit rights to express rights for entities, including applications, inside and outside of an organizational (e.g., enterprise) boundary. The conversion can occur dynamically, based on the information protection policies defined by a policy administrator, granting entities express access to perform tasks on protected content.Type: ApplicationFiled: September 29, 2010Publication date: March 29, 2012Applicant: Microsoft CorporationInventors: Tejas D. Patel, Gregory Kostal, Yuhui Zhong, Vladimir Yarmolenko, Pankaj Mohan Kamat, Krassimir E. Karamfilov
-
Publication number: 20120079268Abstract: The present invention extends to methods, systems, and computer program products for separating authorization identity from policy enforcement identity. Embodiments of the invention extend the consumption phase for protected information. Two identities, an authorization identity and a policy enforcement identity, are used for acquiring, issuing and enforcing usage license instead of one identity certificate. The authorization identity is used to evaluate against usage policy. The authorization identity is similar to identification information in an identity certificate. The policy enforcement identity is used to ensure the confidentiality of granted permissions and content key. The policy enforcement identity enforces a usage license on an authorization principal's (e.g., recipient's) machine. The policy enforcement identity's enforcement of a usage license is similar use of a cryptographic key in an identity certificate.Type: ApplicationFiled: September 29, 2010Publication date: March 29, 2012Applicant: Microsoft CorporationInventors: Yuhui Zhong, Gregory Kostal, Tejas D. Patel, Scott C. Cottrille, Vladimir Yarmolenko, Pankaj Mohan Kamat, Sunitha Samuel, Frank D. Byrum, Mayank Mehta, Chandresh Kumar Jain, Edward Banti
-
Publication number: 20120072716Abstract: Implementing a data protection service. One method includes receiving a request to provision a first tenant among a plurality of tenants managed by a single data protection service. A tenant is defined as an entity among a plurality of entities. A single data protection service provides data protection services to all tenants in the plurality of tenants. A first encryption key used to decrypt the first tenant's data at the data store is stored. The first encryption key is specific to the first tenant and thus cannot be used to decrypt other tenants' data at the data store from among the plurality of tenants. Rather each tenant in the plurality of tenants is associated with an encryption key, not usable by other tenants, used at the data store to decrypt data on a tenant and corresponding key basis.Type: ApplicationFiled: September 16, 2010Publication date: March 22, 2012Applicant: Microsoft CorporationInventors: Jason Xiaodong Hu, Daniel W. Hitchcock, Gregory Kostal
-
Patent number: 8141129Abstract: The present invention extends to methods, systems, and computer program products for a centrally accessible policy repository. Protection policies for protecting resources within an organization are stored at a central policy repository. Thus, an administrator can centrally create, maintain, and manage resource protection polices for all of the organizational units within an organization. Accordingly, resources consumed when performing these protection policy related operations is significantly reduced. Additionally, since protection policies are centrally located, there is increased likelihood of being able to consistently apply an organization's protection policies within different organizational units, even when protection policies change.Type: GrantFiled: May 29, 2008Date of Patent: March 20, 2012Assignee: Microsoft CorporationInventors: Kenneth D. Ray, Keith S. Brintzenhofe, Rushmi U. Malaviarachchi, Scott C. Cottrille, Gregory Kostal, Vladimir Yarmolenko, Abhijat Kanade
-
Patent number: 7987496Abstract: The secure application of content protection policies to content. The secure application of content protection polices is accomplished by having an enforcement mechanism monitor policy application points to detect the transfer of content. The enforcement mechanism accesses the content and a determination is made to protect the content. A usage policy is then identified by the enforcement mechanism to apply to the content and the usage policy is then applied to the content, resulting in a usage policy for the content.Type: GrantFiled: April 11, 2008Date of Patent: July 26, 2011Assignee: Microsoft CorporationInventors: Duncan G. Bryce, Scott C. Cottrille, Pankaj Mohan Kamat, Krassimir Karamfilov, Gregory Kostal, Kenneth D. Ray, Vladimir Yarmolenko, Yuhui Zhong
-
Patent number: 7882035Abstract: The present invention extends to methods, systems, and computer program products for pre-performing operations for accessing protected content. Cryptographic user key pairs can be pre-generated and distributed in response to a variety of different events prior to provisioning client machine for accessing protected content. Usage licenses can be pre-generated and allocated prior to requests for usage licenses. Usage licenses can be pre-obtained for client machines prior to client machines access protected content. Pre-performed operations can be performed in response to detected events, such as, for example, reduced resource consumption in a Digital Rights Management system.Type: GrantFiled: January 25, 2008Date of Patent: February 1, 2011Assignee: Microsoft CorporationInventors: Scott C. Cottrille, Gregory Kostal, Rushmi U. Malaviarachchi, Jeffrey M. Brown, Umesh R. Dhond, Amit Fulay, Jody A. Hendrix, Krassimir E. Karamfilov, Yevgeniy Rozenfeld, Vladimir Yarmolenko, Yuhui Zhong
-
Publication number: 20100313276Abstract: A web-based client for creating and accessing protected content may be provided. Consistent with embodiments of the invention, a webmail client may be provided allowing a user to apply a restriction template to a document. The webmail client may be further operative to decrypt and display the document and enforce the restriction against a recipient.Type: ApplicationFiled: June 5, 2009Publication date: December 9, 2010Applicant: Microsoft CorporationInventors: Edward T. Banti, Steven O. Hubbell, Mayerber L. Carvalho Neto, Chandresh K. Jain, Mayank Mehta, Durlabh Malik, Christopher Barnes, Michael A. Nelte, Frank D. Byrum, Tejas D. Patel, Yuhui Zhong, Amit K. Fulay, Gregory Kostal, Pankaj M. Kamat, Vladimir Yarmolenko
-
Publication number: 20100313016Abstract: Transport pipeline decryption may be provided. Consistent with embodiments of the invention, a protected message may be received and decrypted. The decrypted message may be provided to pipeline agents, such as anti-virus, anti-spam, journaling, and/or policy enforcement agents. The message may then be re-encrypted and delivered.Type: ApplicationFiled: June 4, 2009Publication date: December 9, 2010Applicant: Microsoft CorporationInventors: Hao Zhang, Danny Tin-Van Chow, Ayse Yesim Koman, Frank D. Byrum, Mayank Mehta, Chandresh K. Jain, Victor Boctor, Charlie R. Chung, Tejas D. Patel, Yuhui Zhong, Amit K. Fulay, Gregory Kostal, Pankaj M. Kamat, Vladimir Yarmolenko, Krassimir E. Karamfilov
-
Publication number: 20100306535Abstract: Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.Type: ApplicationFiled: June 1, 2009Publication date: December 2, 2010Applicant: Microsoft CorporationInventors: Chandresh K. Jain, Mayank Mehta, Frank D. Byrum, Edward Banti, Ayse Yesim Koman, James R. Knibb, Michael A. Nelte, Christopher Barnes, Hao Zhang, Victor Boctor, Tejas D. Patel, Yuhui Zhong, Gregory Kostal, Vladimir Yarmolenko, Pankaj M. Kamat, Amit K. Fulay, Krassimir E. Karamfilov
-
Patent number: 7631318Abstract: Systems and methods for providing digital rights management services are disclosed. Such a system includes a service program that provides a processing framework for performing a digital rights management service, such as publishing or licensing rights managed digital content. A plurality of plug-in components are provided, each of which performs a respective task associated with the digital rights management service. The plug-in components are integrated into the processing framework according to predefined sets of interface rules.Type: GrantFiled: June 28, 2002Date of Patent: December 8, 2009Assignee: Microsoft CorporationInventors: Scott C. Cottrille, Peter David Waxman, Vinay Krishnaswamy, Chandramouli Venkatesh, Attilla Narin, Gregory Kostal, Prashant Malik, Vladimir Yarmolenko, Frank Byrum, Thomas K. Lindeman
-
Publication number: 20090300706Abstract: The present invention extends to methods, systems, and computer program products for a centrally accessible policy repository. Protection policies for protecting resources within an organization are stored at a central policy repository. Thus, an administrator can centrally create, maintain, and manage resource protection polices for all of the organizational units within an organization. Accordingly, resources consumed when performing these protection policy related operations is significantly reduced. Additionally, since protection policies are centrally located, there is increased likelihood of being able to consistently apply an organization's protection policies within different organizational units, even when protection policies change.Type: ApplicationFiled: May 29, 2008Publication date: December 3, 2009Applicant: Microsoft CorporationInventors: Kenneth D. Ray, Keith S. Brintzenhofe, Rushmi U. Malaviarachchi, Scott C. Cottrille, Gregory Kostal, Vladimir Yarmolenko, Abhijat Kanade
-
Publication number: 20090260054Abstract: The secure application of content protection policies to content. The secure application of content protection polices is accomplished by having an enforcement mechanism monitor policy application points to detect the transfer of content. The enforcement mechanism accesses the content and a determination is made to protect the content. A usage policy is then identified by the enforcement mechanism to apply to the content and the usage policy is then applied to the content, resulting in a usage policy for the content.Type: ApplicationFiled: April 11, 2008Publication date: October 15, 2009Applicant: MICROSOFT CORPORATIONInventors: Duncan G. Bryce, Scott C. Cottrille, Pankaj Mohan Kamat, Krassimir Karamfilov, Gregory Kostal, Kenneth D. Ray, Vladimir Yarmolenko, Yuhui Zhong
-
Publication number: 20090222879Abstract: Providing access to information based on super policy. Information is associated with author policy expressing restrictions on use of the information The author policy is processed using super policy programmatic code to generate a composite policy. The composite policy includes a combination of the author policy and super policy applied by the super policy programmatic code, such that restrictions are added to or removed from the author policy to create the composite policy. A request for the information is evaluated. This includes evaluating information about the requester against the composite policy to determine if the requester is authorized to access the information. A determination is made that the requester is authorized to access the information based on the composite policy, where after the requester is authorized to access the information based on the composite policy, access is granted to the information to the requester.Type: ApplicationFiled: March 3, 2008Publication date: September 3, 2009Applicant: MICROSOFT CORPORATIONInventors: Gregory Kostal, Rushmi U. Malaviarachchi, Scott C. Cottrille
-
Publication number: 20090208015Abstract: The offline consumption and publication of protected information in a networked environment. The offline consumption of protected information is accomplished by having the consuming user maintain a store of asymmetric encryption keys. The protected information is encrypted by the publishing user using a symmetric key and the symmetric key is then encrypted using a public asymmetric key associated with the consuming user. The consuming user received the protected information and a usage policy containing the encrypted symmetric key. The consuming user verifies that it can decrypt the symmetric key using a private asymmetric key maintained by the consumer. The user then decrypts the symmetric key and accesses the content of the protected information.Type: ApplicationFiled: February 15, 2008Publication date: August 20, 2009Applicant: MICROSOFT CORPORATIONInventors: Pankaj Mohan Kamat, Duncan G. Bryce, Scott C. Cottrille, Gregory Kostal
-
Publication number: 20090192942Abstract: The present invention extends to methods, systems, and computer program products for pre-performing operations for accessing protected content. Cryptographic user key pairs can be pre-generated and distributed in response to a variety of different events prior to provisioning client machine for accessing protected content. Usage licenses can be pre-generated and allocated prior to requests for usage licenses. Usage licenses can be pre-obtained for client machines prior to client machines access protected content. Pre-performed operations can be performed in response to detected events, such as, for example, reduced resource consumption in a Digital Rights Management system.Type: ApplicationFiled: January 25, 2008Publication date: July 30, 2009Applicant: MICROSOFT CORPORATIONInventors: Scott C. Cottrille, Gregory Kostal, Rushmi U. Malaviarachchi, Jeffrey M. Brown, Umesh R. Dhond, Amit Fulay, Jody A. Hendrix, Krassimir E. Karamfilov, Yevgeniy Rozenfeld, Vladimir Yarmolenko, Yuhui Zhong