Patents by Inventor Yuhui Zhong

Yuhui Zhong has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8505068
    Abstract: The present invention extends to methods, systems, and computer program products for deriving express rights in protected content. Embodiments of the invention provide mechanisms to convert implicit rights to express rights for entities, including applications, inside and outside of an organizational (e.g., enterprise) boundary. The conversion can occur dynamically, based on the information protection policies defined by a policy administrator, granting entities express access to perform tasks on protected content.
    Type: Grant
    Filed: September 29, 2010
    Date of Patent: August 6, 2013
    Assignee: Microsoft Corporation
    Inventors: Tejas D. Patel, Gregory Kostal, Yuhui Zhong, Vladimir Yarmolenko, Pankaj Mohan Kamat, Krassimir E. Karamfilov
  • Patent number: 8448228
    Abstract: The present invention extends to methods, systems, and computer program products for separating authorization identity from policy enforcement identity. Embodiments of the invention extend the consumption phase for protected information. Two identities, an authorization identity and a policy enforcement identity, are used for acquiring, issuing and enforcing usage license instead of one identity certificate. The authorization identity is used to evaluate against usage policy. The authorization identity is similar to identification information in an identity certificate. The policy enforcement identity is used to ensure the confidentiality of granted permissions and content key. The policy enforcement identity enforces a usage license on an authorization principal's (e.g., recipient's) machine. The policy enforcement identity's enforcement of a usage license is similar use of a cryptographic key in an identity certificate.
    Type: Grant
    Filed: September 29, 2010
    Date of Patent: May 21, 2013
    Assignee: Microsoft Corporation
    Inventors: Yuhui Zhong, Gregory Kostal, Tejas D. Patel, Scott C. Cottrille, Vladimir Yarmolenko, Pankaj Mohan Kamat, Sunitha Samuel, Frank D. Byrum, Mayank Mehta, Chandresh Kumar Jain, Edward Banti
  • Patent number: 8447976
    Abstract: Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.
    Type: Grant
    Filed: June 1, 2009
    Date of Patent: May 21, 2013
    Assignee: Microsoft Corporation
    Inventors: Chandresh K. Jain, Mayank Mehta, Frank D. Byrum, Edward Banti, Ayse Yesim Koman, James R. Knibb, Michael A. Nelte, Christopher Barnes, Hao Zhang, Victor Boctor, Tejas D. Patel, Yuhui Zhong, Gregory Kostal, Vladimir Yarmolenko, Pankaj M. Kamat, Amit K. Fulay, Krassimir E. Karamfilov
  • Patent number: 8156538
    Abstract: One embodiment includes a method which may be practiced in a computing environment where resources are distributed. The method includes acts for obtaining policy information defining restrictions on resources distributed in the computing environment. The method includes sending a request to a server for metadata about one or more resource protection policies at the server. In response to the request, metadata about one or more resource protection polices at the server is received from the server. The metadata from the server is analyzed. Based on analyzing the metadata, one or more resource protection policies stored at the client are updated.
    Type: Grant
    Filed: December 18, 2007
    Date of Patent: April 10, 2012
    Assignee: Microsoft Corporation
    Inventors: Abhijat A. Kanade, Rushmi U. Malaviarachchi, Peter D. Waxman, Yuhui Zhong, Gregory Kostal, Scott C. Cottrille, Syed A. Mehdi, Patricia Priest, Kumar B. Parambir, Li Ren
  • Publication number: 20120079557
    Abstract: The present invention extends to methods, systems, and computer program products for deriving express rights in protected content. Embodiments of the invention provide mechanisms to convert implicit rights to express rights for entities, including applications, inside and outside of an organizational (e.g., enterprise) boundary. The conversion can occur dynamically, based on the information protection policies defined by a policy administrator, granting entities express access to perform tasks on protected content.
    Type: Application
    Filed: September 29, 2010
    Publication date: March 29, 2012
    Applicant: Microsoft Corporation
    Inventors: Tejas D. Patel, Gregory Kostal, Yuhui Zhong, Vladimir Yarmolenko, Pankaj Mohan Kamat, Krassimir E. Karamfilov
  • Publication number: 20120079268
    Abstract: The present invention extends to methods, systems, and computer program products for separating authorization identity from policy enforcement identity. Embodiments of the invention extend the consumption phase for protected information. Two identities, an authorization identity and a policy enforcement identity, are used for acquiring, issuing and enforcing usage license instead of one identity certificate. The authorization identity is used to evaluate against usage policy. The authorization identity is similar to identification information in an identity certificate. The policy enforcement identity is used to ensure the confidentiality of granted permissions and content key. The policy enforcement identity enforces a usage license on an authorization principal's (e.g., recipient's) machine. The policy enforcement identity's enforcement of a usage license is similar use of a cryptographic key in an identity certificate.
    Type: Application
    Filed: September 29, 2010
    Publication date: March 29, 2012
    Applicant: Microsoft Corporation
    Inventors: Yuhui Zhong, Gregory Kostal, Tejas D. Patel, Scott C. Cottrille, Vladimir Yarmolenko, Pankaj Mohan Kamat, Sunitha Samuel, Frank D. Byrum, Mayank Mehta, Chandresh Kumar Jain, Edward Banti
  • Patent number: 7987496
    Abstract: The secure application of content protection policies to content. The secure application of content protection polices is accomplished by having an enforcement mechanism monitor policy application points to detect the transfer of content. The enforcement mechanism accesses the content and a determination is made to protect the content. A usage policy is then identified by the enforcement mechanism to apply to the content and the usage policy is then applied to the content, resulting in a usage policy for the content.
    Type: Grant
    Filed: April 11, 2008
    Date of Patent: July 26, 2011
    Assignee: Microsoft Corporation
    Inventors: Duncan G. Bryce, Scott C. Cottrille, Pankaj Mohan Kamat, Krassimir Karamfilov, Gregory Kostal, Kenneth D. Ray, Vladimir Yarmolenko, Yuhui Zhong
  • Patent number: 7882035
    Abstract: The present invention extends to methods, systems, and computer program products for pre-performing operations for accessing protected content. Cryptographic user key pairs can be pre-generated and distributed in response to a variety of different events prior to provisioning client machine for accessing protected content. Usage licenses can be pre-generated and allocated prior to requests for usage licenses. Usage licenses can be pre-obtained for client machines prior to client machines access protected content. Pre-performed operations can be performed in response to detected events, such as, for example, reduced resource consumption in a Digital Rights Management system.
    Type: Grant
    Filed: January 25, 2008
    Date of Patent: February 1, 2011
    Assignee: Microsoft Corporation
    Inventors: Scott C. Cottrille, Gregory Kostal, Rushmi U. Malaviarachchi, Jeffrey M. Brown, Umesh R. Dhond, Amit Fulay, Jody A. Hendrix, Krassimir E. Karamfilov, Yevgeniy Rozenfeld, Vladimir Yarmolenko, Yuhui Zhong
  • Publication number: 20100313276
    Abstract: A web-based client for creating and accessing protected content may be provided. Consistent with embodiments of the invention, a webmail client may be provided allowing a user to apply a restriction template to a document. The webmail client may be further operative to decrypt and display the document and enforce the restriction against a recipient.
    Type: Application
    Filed: June 5, 2009
    Publication date: December 9, 2010
    Applicant: Microsoft Corporation
    Inventors: Edward T. Banti, Steven O. Hubbell, Mayerber L. Carvalho Neto, Chandresh K. Jain, Mayank Mehta, Durlabh Malik, Christopher Barnes, Michael A. Nelte, Frank D. Byrum, Tejas D. Patel, Yuhui Zhong, Amit K. Fulay, Gregory Kostal, Pankaj M. Kamat, Vladimir Yarmolenko
  • Publication number: 20100313016
    Abstract: Transport pipeline decryption may be provided. Consistent with embodiments of the invention, a protected message may be received and decrypted. The decrypted message may be provided to pipeline agents, such as anti-virus, anti-spam, journaling, and/or policy enforcement agents. The message may then be re-encrypted and delivered.
    Type: Application
    Filed: June 4, 2009
    Publication date: December 9, 2010
    Applicant: Microsoft Corporation
    Inventors: Hao Zhang, Danny Tin-Van Chow, Ayse Yesim Koman, Frank D. Byrum, Mayank Mehta, Chandresh K. Jain, Victor Boctor, Charlie R. Chung, Tejas D. Patel, Yuhui Zhong, Amit K. Fulay, Gregory Kostal, Pankaj M. Kamat, Vladimir Yarmolenko, Krassimir E. Karamfilov
  • Publication number: 20100306535
    Abstract: Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.
    Type: Application
    Filed: June 1, 2009
    Publication date: December 2, 2010
    Applicant: Microsoft Corporation
    Inventors: Chandresh K. Jain, Mayank Mehta, Frank D. Byrum, Edward Banti, Ayse Yesim Koman, James R. Knibb, Michael A. Nelte, Christopher Barnes, Hao Zhang, Victor Boctor, Tejas D. Patel, Yuhui Zhong, Gregory Kostal, Vladimir Yarmolenko, Pankaj M. Kamat, Amit K. Fulay, Krassimir E. Karamfilov
  • Publication number: 20090260054
    Abstract: The secure application of content protection policies to content. The secure application of content protection polices is accomplished by having an enforcement mechanism monitor policy application points to detect the transfer of content. The enforcement mechanism accesses the content and a determination is made to protect the content. A usage policy is then identified by the enforcement mechanism to apply to the content and the usage policy is then applied to the content, resulting in a usage policy for the content.
    Type: Application
    Filed: April 11, 2008
    Publication date: October 15, 2009
    Applicant: MICROSOFT CORPORATION
    Inventors: Duncan G. Bryce, Scott C. Cottrille, Pankaj Mohan Kamat, Krassimir Karamfilov, Gregory Kostal, Kenneth D. Ray, Vladimir Yarmolenko, Yuhui Zhong
  • Publication number: 20090192942
    Abstract: The present invention extends to methods, systems, and computer program products for pre-performing operations for accessing protected content. Cryptographic user key pairs can be pre-generated and distributed in response to a variety of different events prior to provisioning client machine for accessing protected content. Usage licenses can be pre-generated and allocated prior to requests for usage licenses. Usage licenses can be pre-obtained for client machines prior to client machines access protected content. Pre-performed operations can be performed in response to detected events, such as, for example, reduced resource consumption in a Digital Rights Management system.
    Type: Application
    Filed: January 25, 2008
    Publication date: July 30, 2009
    Applicant: MICROSOFT CORPORATION
    Inventors: Scott C. Cottrille, Gregory Kostal, Rushmi U. Malaviarachchi, Jeffrey M. Brown, Umesh R. Dhond, Amit Fulay, Jody A. Hendrix, Krassimir E. Karamfilov, Yevgeniy Rozenfeld, Vladimir Yarmolenko, Yuhui Zhong
  • Publication number: 20090158384
    Abstract: One embodiment includes a method which may be practiced in a computing environment where resources are distributed. The method includes acts for obtaining policy information defining restrictions on resources distributed in the computing environment. The method includes sending a request to a server for metadata about one or more resource protection policies at the server. In response to the request, metadata about one or more resource protection polices at the server is received from the server. The metadata from the server is analyzed. Based on analyzing the metadata, one or more resource protection policies stored at the client are updated.
    Type: Application
    Filed: December 18, 2007
    Publication date: June 18, 2009
    Applicant: MICROSOFT CORPORATION
    Inventors: Abhijat A. Kanade, Rushmi U. Malaviarachchi, Peter D. Waxman, Yuhui Zhong, Gregory Kostal, Scott C. Cottrille, Syed A. Mehdi, Patricia Priest, Kumar B. Parambir, Li Ren
  • Patent number: 7509489
    Abstract: An improved certificate issuing system may comprise a certificate translation engine for translating incoming certificates and certificate requests from a first format into a second format. A certificate issuing engine may then operate on incoming requests in the common format. The issuing engine can issue certificates to clients according to its certificate issuing policy. The policy may be expressed as data in a policy expression language that can be consumed at runtime, which provides for flexible and efficient changing of issuing policy. Issued certificates can be translated back into a format that is consumed by the requesting client. Such translation can be performed by the translation engine prior to delivery of certificates to requesting clients.
    Type: Grant
    Filed: March 11, 2005
    Date of Patent: March 24, 2009
    Assignee: Microsoft Corporation
    Inventors: Gregory Kostal, Muthukrishnan Paramasivam, Ravindra Nath Pandya, Scott C. Cottrille, Vasantha K Ravula, Vladimir Yarmolenko, Charles F. Rose, III, Yuhui Zhong
  • Patent number: 7500097
    Abstract: An improved certificate issuing system may comprise a novel arrangement for expressing certificate issuing policy. The policy may be expressed in a human-readable policy expression language and stored for example in a file that is consumed by a certificate issuing system at runtime. The policy may thus be easily changed by altering the digital file. Certain techniques are also provided for extending the capabilities of the certificate issuing system so it may apply and enforce new policies.
    Type: Grant
    Filed: February 28, 2005
    Date of Patent: March 3, 2009
    Assignee: Microsoft Corporation
    Inventors: Gregory Kostal, Muthukrishnan Paramasivam, Ravindra Nath Pandya, Scott C. Cottrille, Vasantha K Ravula, Vladimir Yarmolenko, Charles F. Rose, III, Yuhui Zhong
  • Publication number: 20060206707
    Abstract: An improved certificate issuing system may comprise a certificate translation engine for translating incoming certificates and certificate requests from a first format into a second format. A certificate issuing engine may then operate on incoming requests in the common format. The issuing engine can issue certificates to clients according to its certificate issuing policy. The policy may be expressed as data in a policy expression language that can be consumed at runtime, which provides for flexible and efficient changing of issuing policy. Issued certificates can be translated back into a format that is consumed by the requesting client. Such translation can be performed by the translation engine prior to delivery of certificates to requesting clients.
    Type: Application
    Filed: March 11, 2005
    Publication date: September 14, 2006
    Applicant: Microsoft Corporation
    Inventors: Gregory Kostal, Muthukrishnan Paramasivam, Ravindra Pandya, Scott Cottrille, Vasantha Ravula, Vladimir Yarmolenko, Charles Rose, Yuhui Zhong
  • Publication number: 20060195690
    Abstract: An improved certificate issuing system may comprise a novel arrangement for expressing certificate issuing policy. The policy may be expressed in a human-readable policy expression language and stored for example in a file that is consumed by a certificate issuing system at runtime. The policy may thus be easily changed by altering the digital file. Certain techniques are also provided for extending the capabilities of the certificate issuing system so it may apply and enforce new policies.
    Type: Application
    Filed: February 28, 2005
    Publication date: August 31, 2006
    Applicant: Microsoft Corporation
    Inventors: Gregory Kostal, Muthukrishnan Paramasivam, Ravindra Pandya, Scott Cottrille, Vasantha Ravula, Vladimir Yarmolenko, Charles Rose, Yuhui Zhong