Patents by Inventor Yuhui Zhong
Yuhui Zhong has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8505068Abstract: The present invention extends to methods, systems, and computer program products for deriving express rights in protected content. Embodiments of the invention provide mechanisms to convert implicit rights to express rights for entities, including applications, inside and outside of an organizational (e.g., enterprise) boundary. The conversion can occur dynamically, based on the information protection policies defined by a policy administrator, granting entities express access to perform tasks on protected content.Type: GrantFiled: September 29, 2010Date of Patent: August 6, 2013Assignee: Microsoft CorporationInventors: Tejas D. Patel, Gregory Kostal, Yuhui Zhong, Vladimir Yarmolenko, Pankaj Mohan Kamat, Krassimir E. Karamfilov
-
Patent number: 8448228Abstract: The present invention extends to methods, systems, and computer program products for separating authorization identity from policy enforcement identity. Embodiments of the invention extend the consumption phase for protected information. Two identities, an authorization identity and a policy enforcement identity, are used for acquiring, issuing and enforcing usage license instead of one identity certificate. The authorization identity is used to evaluate against usage policy. The authorization identity is similar to identification information in an identity certificate. The policy enforcement identity is used to ensure the confidentiality of granted permissions and content key. The policy enforcement identity enforces a usage license on an authorization principal's (e.g., recipient's) machine. The policy enforcement identity's enforcement of a usage license is similar use of a cryptographic key in an identity certificate.Type: GrantFiled: September 29, 2010Date of Patent: May 21, 2013Assignee: Microsoft CorporationInventors: Yuhui Zhong, Gregory Kostal, Tejas D. Patel, Scott C. Cottrille, Vladimir Yarmolenko, Pankaj Mohan Kamat, Sunitha Samuel, Frank D. Byrum, Mayank Mehta, Chandresh Kumar Jain, Edward Banti
-
Patent number: 8447976Abstract: Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.Type: GrantFiled: June 1, 2009Date of Patent: May 21, 2013Assignee: Microsoft CorporationInventors: Chandresh K. Jain, Mayank Mehta, Frank D. Byrum, Edward Banti, Ayse Yesim Koman, James R. Knibb, Michael A. Nelte, Christopher Barnes, Hao Zhang, Victor Boctor, Tejas D. Patel, Yuhui Zhong, Gregory Kostal, Vladimir Yarmolenko, Pankaj M. Kamat, Amit K. Fulay, Krassimir E. Karamfilov
-
Patent number: 8156538Abstract: One embodiment includes a method which may be practiced in a computing environment where resources are distributed. The method includes acts for obtaining policy information defining restrictions on resources distributed in the computing environment. The method includes sending a request to a server for metadata about one or more resource protection policies at the server. In response to the request, metadata about one or more resource protection polices at the server is received from the server. The metadata from the server is analyzed. Based on analyzing the metadata, one or more resource protection policies stored at the client are updated.Type: GrantFiled: December 18, 2007Date of Patent: April 10, 2012Assignee: Microsoft CorporationInventors: Abhijat A. Kanade, Rushmi U. Malaviarachchi, Peter D. Waxman, Yuhui Zhong, Gregory Kostal, Scott C. Cottrille, Syed A. Mehdi, Patricia Priest, Kumar B. Parambir, Li Ren
-
Publication number: 20120079557Abstract: The present invention extends to methods, systems, and computer program products for deriving express rights in protected content. Embodiments of the invention provide mechanisms to convert implicit rights to express rights for entities, including applications, inside and outside of an organizational (e.g., enterprise) boundary. The conversion can occur dynamically, based on the information protection policies defined by a policy administrator, granting entities express access to perform tasks on protected content.Type: ApplicationFiled: September 29, 2010Publication date: March 29, 2012Applicant: Microsoft CorporationInventors: Tejas D. Patel, Gregory Kostal, Yuhui Zhong, Vladimir Yarmolenko, Pankaj Mohan Kamat, Krassimir E. Karamfilov
-
Publication number: 20120079268Abstract: The present invention extends to methods, systems, and computer program products for separating authorization identity from policy enforcement identity. Embodiments of the invention extend the consumption phase for protected information. Two identities, an authorization identity and a policy enforcement identity, are used for acquiring, issuing and enforcing usage license instead of one identity certificate. The authorization identity is used to evaluate against usage policy. The authorization identity is similar to identification information in an identity certificate. The policy enforcement identity is used to ensure the confidentiality of granted permissions and content key. The policy enforcement identity enforces a usage license on an authorization principal's (e.g., recipient's) machine. The policy enforcement identity's enforcement of a usage license is similar use of a cryptographic key in an identity certificate.Type: ApplicationFiled: September 29, 2010Publication date: March 29, 2012Applicant: Microsoft CorporationInventors: Yuhui Zhong, Gregory Kostal, Tejas D. Patel, Scott C. Cottrille, Vladimir Yarmolenko, Pankaj Mohan Kamat, Sunitha Samuel, Frank D. Byrum, Mayank Mehta, Chandresh Kumar Jain, Edward Banti
-
Patent number: 7987496Abstract: The secure application of content protection policies to content. The secure application of content protection polices is accomplished by having an enforcement mechanism monitor policy application points to detect the transfer of content. The enforcement mechanism accesses the content and a determination is made to protect the content. A usage policy is then identified by the enforcement mechanism to apply to the content and the usage policy is then applied to the content, resulting in a usage policy for the content.Type: GrantFiled: April 11, 2008Date of Patent: July 26, 2011Assignee: Microsoft CorporationInventors: Duncan G. Bryce, Scott C. Cottrille, Pankaj Mohan Kamat, Krassimir Karamfilov, Gregory Kostal, Kenneth D. Ray, Vladimir Yarmolenko, Yuhui Zhong
-
Patent number: 7882035Abstract: The present invention extends to methods, systems, and computer program products for pre-performing operations for accessing protected content. Cryptographic user key pairs can be pre-generated and distributed in response to a variety of different events prior to provisioning client machine for accessing protected content. Usage licenses can be pre-generated and allocated prior to requests for usage licenses. Usage licenses can be pre-obtained for client machines prior to client machines access protected content. Pre-performed operations can be performed in response to detected events, such as, for example, reduced resource consumption in a Digital Rights Management system.Type: GrantFiled: January 25, 2008Date of Patent: February 1, 2011Assignee: Microsoft CorporationInventors: Scott C. Cottrille, Gregory Kostal, Rushmi U. Malaviarachchi, Jeffrey M. Brown, Umesh R. Dhond, Amit Fulay, Jody A. Hendrix, Krassimir E. Karamfilov, Yevgeniy Rozenfeld, Vladimir Yarmolenko, Yuhui Zhong
-
Publication number: 20100313276Abstract: A web-based client for creating and accessing protected content may be provided. Consistent with embodiments of the invention, a webmail client may be provided allowing a user to apply a restriction template to a document. The webmail client may be further operative to decrypt and display the document and enforce the restriction against a recipient.Type: ApplicationFiled: June 5, 2009Publication date: December 9, 2010Applicant: Microsoft CorporationInventors: Edward T. Banti, Steven O. Hubbell, Mayerber L. Carvalho Neto, Chandresh K. Jain, Mayank Mehta, Durlabh Malik, Christopher Barnes, Michael A. Nelte, Frank D. Byrum, Tejas D. Patel, Yuhui Zhong, Amit K. Fulay, Gregory Kostal, Pankaj M. Kamat, Vladimir Yarmolenko
-
Publication number: 20100313016Abstract: Transport pipeline decryption may be provided. Consistent with embodiments of the invention, a protected message may be received and decrypted. The decrypted message may be provided to pipeline agents, such as anti-virus, anti-spam, journaling, and/or policy enforcement agents. The message may then be re-encrypted and delivered.Type: ApplicationFiled: June 4, 2009Publication date: December 9, 2010Applicant: Microsoft CorporationInventors: Hao Zhang, Danny Tin-Van Chow, Ayse Yesim Koman, Frank D. Byrum, Mayank Mehta, Chandresh K. Jain, Victor Boctor, Charlie R. Chung, Tejas D. Patel, Yuhui Zhong, Amit K. Fulay, Gregory Kostal, Pankaj M. Kamat, Vladimir Yarmolenko, Krassimir E. Karamfilov
-
Publication number: 20100306535Abstract: Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.Type: ApplicationFiled: June 1, 2009Publication date: December 2, 2010Applicant: Microsoft CorporationInventors: Chandresh K. Jain, Mayank Mehta, Frank D. Byrum, Edward Banti, Ayse Yesim Koman, James R. Knibb, Michael A. Nelte, Christopher Barnes, Hao Zhang, Victor Boctor, Tejas D. Patel, Yuhui Zhong, Gregory Kostal, Vladimir Yarmolenko, Pankaj M. Kamat, Amit K. Fulay, Krassimir E. Karamfilov
-
Publication number: 20090260054Abstract: The secure application of content protection policies to content. The secure application of content protection polices is accomplished by having an enforcement mechanism monitor policy application points to detect the transfer of content. The enforcement mechanism accesses the content and a determination is made to protect the content. A usage policy is then identified by the enforcement mechanism to apply to the content and the usage policy is then applied to the content, resulting in a usage policy for the content.Type: ApplicationFiled: April 11, 2008Publication date: October 15, 2009Applicant: MICROSOFT CORPORATIONInventors: Duncan G. Bryce, Scott C. Cottrille, Pankaj Mohan Kamat, Krassimir Karamfilov, Gregory Kostal, Kenneth D. Ray, Vladimir Yarmolenko, Yuhui Zhong
-
Publication number: 20090192942Abstract: The present invention extends to methods, systems, and computer program products for pre-performing operations for accessing protected content. Cryptographic user key pairs can be pre-generated and distributed in response to a variety of different events prior to provisioning client machine for accessing protected content. Usage licenses can be pre-generated and allocated prior to requests for usage licenses. Usage licenses can be pre-obtained for client machines prior to client machines access protected content. Pre-performed operations can be performed in response to detected events, such as, for example, reduced resource consumption in a Digital Rights Management system.Type: ApplicationFiled: January 25, 2008Publication date: July 30, 2009Applicant: MICROSOFT CORPORATIONInventors: Scott C. Cottrille, Gregory Kostal, Rushmi U. Malaviarachchi, Jeffrey M. Brown, Umesh R. Dhond, Amit Fulay, Jody A. Hendrix, Krassimir E. Karamfilov, Yevgeniy Rozenfeld, Vladimir Yarmolenko, Yuhui Zhong
-
Publication number: 20090158384Abstract: One embodiment includes a method which may be practiced in a computing environment where resources are distributed. The method includes acts for obtaining policy information defining restrictions on resources distributed in the computing environment. The method includes sending a request to a server for metadata about one or more resource protection policies at the server. In response to the request, metadata about one or more resource protection polices at the server is received from the server. The metadata from the server is analyzed. Based on analyzing the metadata, one or more resource protection policies stored at the client are updated.Type: ApplicationFiled: December 18, 2007Publication date: June 18, 2009Applicant: MICROSOFT CORPORATIONInventors: Abhijat A. Kanade, Rushmi U. Malaviarachchi, Peter D. Waxman, Yuhui Zhong, Gregory Kostal, Scott C. Cottrille, Syed A. Mehdi, Patricia Priest, Kumar B. Parambir, Li Ren
-
Patent number: 7509489Abstract: An improved certificate issuing system may comprise a certificate translation engine for translating incoming certificates and certificate requests from a first format into a second format. A certificate issuing engine may then operate on incoming requests in the common format. The issuing engine can issue certificates to clients according to its certificate issuing policy. The policy may be expressed as data in a policy expression language that can be consumed at runtime, which provides for flexible and efficient changing of issuing policy. Issued certificates can be translated back into a format that is consumed by the requesting client. Such translation can be performed by the translation engine prior to delivery of certificates to requesting clients.Type: GrantFiled: March 11, 2005Date of Patent: March 24, 2009Assignee: Microsoft CorporationInventors: Gregory Kostal, Muthukrishnan Paramasivam, Ravindra Nath Pandya, Scott C. Cottrille, Vasantha K Ravula, Vladimir Yarmolenko, Charles F. Rose, III, Yuhui Zhong
-
Patent number: 7500097Abstract: An improved certificate issuing system may comprise a novel arrangement for expressing certificate issuing policy. The policy may be expressed in a human-readable policy expression language and stored for example in a file that is consumed by a certificate issuing system at runtime. The policy may thus be easily changed by altering the digital file. Certain techniques are also provided for extending the capabilities of the certificate issuing system so it may apply and enforce new policies.Type: GrantFiled: February 28, 2005Date of Patent: March 3, 2009Assignee: Microsoft CorporationInventors: Gregory Kostal, Muthukrishnan Paramasivam, Ravindra Nath Pandya, Scott C. Cottrille, Vasantha K Ravula, Vladimir Yarmolenko, Charles F. Rose, III, Yuhui Zhong
-
Publication number: 20060206707Abstract: An improved certificate issuing system may comprise a certificate translation engine for translating incoming certificates and certificate requests from a first format into a second format. A certificate issuing engine may then operate on incoming requests in the common format. The issuing engine can issue certificates to clients according to its certificate issuing policy. The policy may be expressed as data in a policy expression language that can be consumed at runtime, which provides for flexible and efficient changing of issuing policy. Issued certificates can be translated back into a format that is consumed by the requesting client. Such translation can be performed by the translation engine prior to delivery of certificates to requesting clients.Type: ApplicationFiled: March 11, 2005Publication date: September 14, 2006Applicant: Microsoft CorporationInventors: Gregory Kostal, Muthukrishnan Paramasivam, Ravindra Pandya, Scott Cottrille, Vasantha Ravula, Vladimir Yarmolenko, Charles Rose, Yuhui Zhong
-
Publication number: 20060195690Abstract: An improved certificate issuing system may comprise a novel arrangement for expressing certificate issuing policy. The policy may be expressed in a human-readable policy expression language and stored for example in a file that is consumed by a certificate issuing system at runtime. The policy may thus be easily changed by altering the digital file. Certain techniques are also provided for extending the capabilities of the certificate issuing system so it may apply and enforce new policies.Type: ApplicationFiled: February 28, 2005Publication date: August 31, 2006Applicant: Microsoft CorporationInventors: Gregory Kostal, Muthukrishnan Paramasivam, Ravindra Pandya, Scott Cottrille, Vasantha Ravula, Vladimir Yarmolenko, Charles Rose, Yuhui Zhong