Patents by Inventor Rushmi U. Malaviarachchi
Rushmi U. Malaviarachchi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9264232Abstract: Binding a security artifact to a service provider. A method includes generating a pseudonym for a security artifact. The pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers. Further, the pseudonym uniquely identifies the particular security artifact to the service provider even when a user has available a number of different security artifacts to authenticate to the same service provider to access a user account for the user. The method further includes providing the pseudonym for the security artifact to the service provider. The pseudonym for the security artifact is bound with a user account at the service provider for a user associated with the security artifact.Type: GrantFiled: August 26, 2014Date of Patent: February 16, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Craig Henry Wittenberg, Christian Paquin, Rushmi U. Malaviarachchi
-
Publication number: 20160006567Abstract: Binding a security artifact to a service provider. A method includes generating a pseudonym for a security artifact. The pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers. Further, the pseudonym uniquely identifies the particular security artifact to the service provider even when a user has available a number of different security artifacts to authenticate to the same service provider to access a user account for the user. The method further includes providing the pseudonym for the security artifact to the service provider. The pseudonym for the security artifact is bound with a user account at the service provider for a user associated with the security artifact.Type: ApplicationFiled: August 26, 2014Publication date: January 7, 2016Inventors: Craig Henry Wittenberg, Christian Paquin, Rushmi U. Malaviarachchi
-
Patent number: 8819437Abstract: Binding a security artifact to a service provider. A method includes generating a pseudonym for a security artifact. The pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers. Further, the pseudonym uniquely identifies the particular security artifact to the service provider even when a user has available a number of different security artifacts to authenticate to the same service provider to access a user account for the user. The method further includes providing the pseudonym for the security artifact to the service provider. The pseudonym for the security artifact is bound with a user account at the service provider for a user associated with the security artifact.Type: GrantFiled: September 30, 2010Date of Patent: August 26, 2014Assignee: Microsoft CorporationInventors: Craig Henry Wittenberg, Christian Paquin, Rushmi U. Malaviarachchi
-
Patent number: 8719171Abstract: A publishing user publishes digital content and issues to itself a corresponding digital publisher license to allow itself to render the published digital content. The publishing user is supplied with a publishing certificate from a digital rights management (DRM) server, where the publishing certificate allows the publishing user to so publish the digital content and to so issue the publisher license.Type: GrantFiled: July 8, 2010Date of Patent: May 6, 2014Assignee: Microsoft CorporationInventors: Steve Bourne, Blair Brewster Dillaway, Pierre Jacomet, Rushmi U. Malaviarachchi, Kumar B. Parambir, Yevgeniy Eugene Rozenfeld, Chandramouli Venkatesh, Charles F. Rose
-
Patent number: 8646027Abstract: The present invention extends to methods, systems, and computer program products for workflow based authorization for content access. A workflow can be triggered when a protection policy does not fully express an intended recipient's rights in protected content. A workflow processes relevant inputs to more fully express the intended recipient's rights in protected content. Workflows can provide policy item updates and authorizations decisions with respect to protected content. Through the use of workflows to make an authorization decision, access to information can become more flexible, allowing it to follow the desired flow of information throughout its lifecycle. This flexibility allows organizations to protect their information without worrying about the protection stopping the natural flow of business.Type: GrantFiled: June 27, 2008Date of Patent: February 4, 2014Assignee: Microsoft CorporationInventors: Rushmi U. Malaviarachchi, Kenneth D. Ray, Scott C. Cottrille, Frederic Delombaerde, Conrad G. Bayer
-
Patent number: 8156538Abstract: One embodiment includes a method which may be practiced in a computing environment where resources are distributed. The method includes acts for obtaining policy information defining restrictions on resources distributed in the computing environment. The method includes sending a request to a server for metadata about one or more resource protection policies at the server. In response to the request, metadata about one or more resource protection polices at the server is received from the server. The metadata from the server is analyzed. Based on analyzing the metadata, one or more resource protection policies stored at the client are updated.Type: GrantFiled: December 18, 2007Date of Patent: April 10, 2012Assignee: Microsoft CorporationInventors: Abhijat A. Kanade, Rushmi U. Malaviarachchi, Peter D. Waxman, Yuhui Zhong, Gregory Kostal, Scott C. Cottrille, Syed A. Mehdi, Patricia Priest, Kumar B. Parambir, Li Ren
-
Publication number: 20120084565Abstract: Binding a security artifact to a service provider. A method includes generating a pseudonym for a security artifact. The pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers. Further, the pseudonym uniquely identifies the particular security artifact to the service provider even when a user has available a number of different security artifacts to authenticate to the same service provider to access a user account for the user. The method further includes providing the pseudonym for the security artifact to the service provider. The pseudonym for the security artifact is bound with a user account at the service provider for a user associated with the security artifact.Type: ApplicationFiled: September 30, 2010Publication date: April 5, 2012Applicant: Microsoft CorporationInventors: Craig Henry Wittenberg, Christian Paquin, Rushmi U. Malaviarachchi
-
Patent number: 8141129Abstract: The present invention extends to methods, systems, and computer program products for a centrally accessible policy repository. Protection policies for protecting resources within an organization are stored at a central policy repository. Thus, an administrator can centrally create, maintain, and manage resource protection polices for all of the organizational units within an organization. Accordingly, resources consumed when performing these protection policy related operations is significantly reduced. Additionally, since protection policies are centrally located, there is increased likelihood of being able to consistently apply an organization's protection policies within different organizational units, even when protection policies change.Type: GrantFiled: May 29, 2008Date of Patent: March 20, 2012Assignee: Microsoft CorporationInventors: Kenneth D. Ray, Keith S. Brintzenhofe, Rushmi U. Malaviarachchi, Scott C. Cottrille, Gregory Kostal, Vladimir Yarmolenko, Abhijat Kanade
-
Patent number: 8059820Abstract: Protecting content. A recipient receives content from a publisher. Some content is managed by an access server. The access server controls the recipient's use of managed content through interaction with a trusted agent at the recipient. The content is encrypted to a content key, and the content is associated with policy information. The policy information includes the content key for decrypting the content. The policy information is encrypted to an access server key allowing the policy information to be decrypted by the access server. The content key is received from the access server. The content key is encrypted to a trusted agent key. The content key is further encrypted to additional factor(s) defining additional content protection beyond that provided by trusted agent. The content key is decrypted using the trusted agent key and the at least one additional factor. The content is decrypted using the content key.Type: GrantFiled: October 11, 2007Date of Patent: November 15, 2011Assignee: Microsoft CorporationInventors: Rushmi U. Malaviarachchi, Mayur Kamat, David B. Cross
-
Patent number: 7882035Abstract: The present invention extends to methods, systems, and computer program products for pre-performing operations for accessing protected content. Cryptographic user key pairs can be pre-generated and distributed in response to a variety of different events prior to provisioning client machine for accessing protected content. Usage licenses can be pre-generated and allocated prior to requests for usage licenses. Usage licenses can be pre-obtained for client machines prior to client machines access protected content. Pre-performed operations can be performed in response to detected events, such as, for example, reduced resource consumption in a Digital Rights Management system.Type: GrantFiled: January 25, 2008Date of Patent: February 1, 2011Assignee: Microsoft CorporationInventors: Scott C. Cottrille, Gregory Kostal, Rushmi U. Malaviarachchi, Jeffrey M. Brown, Umesh R. Dhond, Amit Fulay, Jody A. Hendrix, Krassimir E. Karamfilov, Yevgeniy Rozenfeld, Vladimir Yarmolenko, Yuhui Zhong
-
Publication number: 20100281253Abstract: A publishing user publishes digital content and issues to itself a corresponding digital publisher license to allow itself to render the published digital content. The publishing user is supplied with a publishing certificate from a digital rights management (DRM) server, where the publishing certificate allows the publishing user to so publish the digital content and to so issue the publisher license.Type: ApplicationFiled: July 8, 2010Publication date: November 4, 2010Applicant: Microsoft CorporationInventors: Steve Bourne, Blair Brewster Dillaway, Pierre Jacomet, Rushmi U. Malaviarachchi, Kumar B. Parambir, Yevgeniy (Eugene) Rozenfeld, Chandramouli Venkatesh, Charles F. Rose, III
-
Publication number: 20090328156Abstract: The present invention extends to methods, systems, and computer program products for workflow based authorization for content access. A workflow can be triggered when a protection policy does not fully express an intended recipient's rights in protected content. A workflow processes relevant inputs to more fully express the intended recipient's rights in protected content. Workflows can provide policy item updates and authorizations decisions with respect to protected content. Through the use of workflows to make an authorization decision, access to information can become more flexible, allowing it to follow the desired flow of information throughout its lifecycle. This flexibility allows organizations to protect their information without worrying about the protection stopping the natural flow of business.Type: ApplicationFiled: June 27, 2008Publication date: December 31, 2009Applicant: Microsoft CorporationInventors: Rushmi U. Malaviarachchi, Kenneth D. Ray, Scott C. Cottrille, Frederic Delombaerde, Conrad G. Bayer
-
Publication number: 20090300706Abstract: The present invention extends to methods, systems, and computer program products for a centrally accessible policy repository. Protection policies for protecting resources within an organization are stored at a central policy repository. Thus, an administrator can centrally create, maintain, and manage resource protection polices for all of the organizational units within an organization. Accordingly, resources consumed when performing these protection policy related operations is significantly reduced. Additionally, since protection policies are centrally located, there is increased likelihood of being able to consistently apply an organization's protection policies within different organizational units, even when protection policies change.Type: ApplicationFiled: May 29, 2008Publication date: December 3, 2009Applicant: Microsoft CorporationInventors: Kenneth D. Ray, Keith S. Brintzenhofe, Rushmi U. Malaviarachchi, Scott C. Cottrille, Gregory Kostal, Vladimir Yarmolenko, Abhijat Kanade
-
Publication number: 20090222879Abstract: Providing access to information based on super policy. Information is associated with author policy expressing restrictions on use of the information The author policy is processed using super policy programmatic code to generate a composite policy. The composite policy includes a combination of the author policy and super policy applied by the super policy programmatic code, such that restrictions are added to or removed from the author policy to create the composite policy. A request for the information is evaluated. This includes evaluating information about the requester against the composite policy to determine if the requester is authorized to access the information. A determination is made that the requester is authorized to access the information based on the composite policy, where after the requester is authorized to access the information based on the composite policy, access is granted to the information to the requester.Type: ApplicationFiled: March 3, 2008Publication date: September 3, 2009Applicant: MICROSOFT CORPORATIONInventors: Gregory Kostal, Rushmi U. Malaviarachchi, Scott C. Cottrille
-
Patent number: 7577999Abstract: A licensor receives a request from a requestor including an identifier identifying the requestor and rights data associated with digital content, where the rights data lists at least one identifier and rights associated therewith. The licensor thereafter locates the identifier of the requestor in a directory, and locates in the directory based thereon an identifier of each group which the requestor is a member of. Each of the located requestor identifier and each located group identifier is compared to each identifier listed in the rights data to find a match, and a digital license to render the content is issued to the requestor with the rights associated with the matching identifier.Type: GrantFiled: February 11, 2003Date of Patent: August 18, 2009Assignee: Microsoft CorporationInventors: Attila Narin, Chandramouli Venkatesh, Frank D. Byrum, Marco A. DeMello, Peter David Waxman, Prashant Malik, Rushmi U. Malaviarachchi, Steve Bourne, Vinay Krishnaswamy, Yevgeniy (Eugene) Rozenfeld
-
Publication number: 20090192942Abstract: The present invention extends to methods, systems, and computer program products for pre-performing operations for accessing protected content. Cryptographic user key pairs can be pre-generated and distributed in response to a variety of different events prior to provisioning client machine for accessing protected content. Usage licenses can be pre-generated and allocated prior to requests for usage licenses. Usage licenses can be pre-obtained for client machines prior to client machines access protected content. Pre-performed operations can be performed in response to detected events, such as, for example, reduced resource consumption in a Digital Rights Management system.Type: ApplicationFiled: January 25, 2008Publication date: July 30, 2009Applicant: MICROSOFT CORPORATIONInventors: Scott C. Cottrille, Gregory Kostal, Rushmi U. Malaviarachchi, Jeffrey M. Brown, Umesh R. Dhond, Amit Fulay, Jody A. Hendrix, Krassimir E. Karamfilov, Yevgeniy Rozenfeld, Vladimir Yarmolenko, Yuhui Zhong
-
Publication number: 20090158384Abstract: One embodiment includes a method which may be practiced in a computing environment where resources are distributed. The method includes acts for obtaining policy information defining restrictions on resources distributed in the computing environment. The method includes sending a request to a server for metadata about one or more resource protection policies at the server. In response to the request, metadata about one or more resource protection polices at the server is received from the server. The metadata from the server is analyzed. Based on analyzing the metadata, one or more resource protection policies stored at the client are updated.Type: ApplicationFiled: December 18, 2007Publication date: June 18, 2009Applicant: MICROSOFT CORPORATIONInventors: Abhijat A. Kanade, Rushmi U. Malaviarachchi, Peter D. Waxman, Yuhui Zhong, Gregory Kostal, Scott C. Cottrille, Syed A. Mehdi, Patricia Priest, Kumar B. Parambir, Li Ren
-
Patent number: 7543140Abstract: A digital certificate identifies an entity as having authority over the certificate to revoke same as delegated by the issuer. The certificate also has at least one revocation condition relating to possible revocation of the certificate. To authenticate the certificate, the identification of the delegated revocation authority, a location from which a revocation list is to be obtained, and any freshness requirement to be applied to the revocation list are determined from the certificate. It is then ensured that the revocation list from the location is present and that the present revocation list satisfies the freshness requirement, that the revocation list is promulgated by the delegated revocation authority identified in the certificate, and that the certificate is not identified in the revocation list as being revoked.Type: GrantFiled: February 26, 2003Date of Patent: June 2, 2009Assignee: Microsoft CorporationInventors: Blair Brewster Dillaway, Philip Lafornara, Brian A. LaMacchia, Rushmi U. Malaviarachchi, John L. Manferdelli, Charles F. Rose, III
-
Publication number: 20090097660Abstract: Protecting content. A recipient receives content from a publisher. Some content is managed by an access server. The access server controls the recipient's use of managed content through interaction with a trusted agent at the recipient. The content is encrypted to a content key, and the content is associated with policy information. The policy information includes the content key for decrypting the content. The policy information is encrypted to an access server key allowing the policy information to be decrypted by the access server. The content key is received from the access server. The content key is encrypted to a trusted agent key. The content key is further encrypted to additional factor(s) defining additional content protection beyond that provided by trusted agent. The content key is decrypted using the trusted agent key and the at least one additional factor. The content is decrypted using the content key.Type: ApplicationFiled: October 11, 2007Publication date: April 16, 2009Applicant: MICROSOFT CORPORATIONInventors: Rushmi U. Malaviarachchi, Mayur Kamat, David B. Cross
-
Publication number: 20080215896Abstract: A publishing user publishes digital content and issues to itself a corresponding digital publisher license to allow itself to render the published digital content. The publishing user is supplied with a publishing certificate from a digital rights management (DRM) server, where the publishing certificate allows the publishing user to so publish the digital content and to so issue the publisher license.Type: ApplicationFiled: March 21, 2008Publication date: September 4, 2008Inventors: Steve Bourne, Blair Brewster Dillaway, Pierre Jacomet, Rushmi U. Malaviarachchi, Kumar B. Parambir, Yevgeniy (Eugene) Rozenfeld, Chandramouli Venkatesh, Charles F. Rose