18045335. ACCESS CONTROL USING MEDIATED LOCATION, ATTRIBUTE, POLICY, AND PURPOSE VERIFICATION simplified abstract (Microsoft Technology Licensing, LLC)
Contents
- 1 ACCESS CONTROL USING MEDIATED LOCATION, ATTRIBUTE, POLICY, AND PURPOSE VERIFICATION
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 ACCESS CONTROL USING MEDIATED LOCATION, ATTRIBUTE, POLICY, AND PURPOSE VERIFICATION - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Potential Applications
- 1.6 Problems Solved
- 1.7 Benefits
- 1.8 Potential Commercial Applications
- 1.9 Possible Prior Art
- 1.10 Original Abstract Submitted
ACCESS CONTROL USING MEDIATED LOCATION, ATTRIBUTE, POLICY, AND PURPOSE VERIFICATION
Organization Name
Microsoft Technology Licensing, LLC
Inventor(s)
Ramarathnam Venkatesan of Redmond WA (US)
Nishanth Chandran of Seattle WA (US)
Ganesh Ananthanarayanan of Sammamish WA (US)
Panagiotis Antonopoulos of Redmond WA (US)
Srinath T.V. Setty of Redmond WA (US)
Daniel John Carroll, Jr. of Columbia MD (US)
Kiran Muthabatulla of Sammamish WA (US)
Yuanchao Shu of Kirkland WA (US)
Sanjeev Mehrotra of Kirkland WA (US)
ACCESS CONTROL USING MEDIATED LOCATION, ATTRIBUTE, POLICY, AND PURPOSE VERIFICATION - A simplified explanation of the abstract
This abstract first appeared for US patent application 18045335 titled 'ACCESS CONTROL USING MEDIATED LOCATION, ATTRIBUTE, POLICY, AND PURPOSE VERIFICATION
Simplified Explanation
The abstract describes an access control system that uses a Location Attribute Policy (LAP) server to control access to encrypted resources based on specific requirements and attributes of the requestor. The LAP server validates cryptographic proofs provided by the requestor and generates decryption keys for the encrypted resource.
- The system uses a Location Attribute Policy (LAP) server to control access to encrypted resources.
- The LAP server accesses a resource policy to identify requirements for granting access, such as specific attributes of the requestor and dynamic attribute requirements.
- The LAP server validates cryptographic proofs from the requestor to ensure they possess the necessary attributes.
- Once validated, the LAP server provides a shared secret associated with dynamic attribute requirements to a decryption algorithm.
- The decryption algorithm generates a decryption key using the dynamic attribute shared secret and other attribute shared secrets from the requestor.
Potential Applications
This technology could be applied in secure data access control systems, secure communication protocols, and secure authentication processes.
Problems Solved
This technology solves the problem of unauthorized access to encrypted resources, ensures that only authorized users with the necessary attributes can access the resources, and enhances the security of data storage and communication.
Benefits
The benefits of this technology include improved data security, enhanced access control mechanisms, and increased protection against unauthorized access to sensitive information.
Potential Commercial Applications
Potential commercial applications of this technology include secure cloud storage services, secure messaging platforms, and secure access control systems for sensitive data.
Possible Prior Art
One possible prior art for this technology could be existing access control systems that use cryptographic proofs and attribute-based access control mechanisms.
What are the potential limitations of this technology in real-world applications?
One potential limitation of this technology in real-world applications could be the complexity of managing and updating attribute policies and cryptographic proofs for a large number of users or resources.
How does this technology compare to existing access control systems in terms of security and efficiency?
This technology offers a more secure and efficient access control mechanism compared to traditional systems by using dynamic attribute requirements and cryptographic proofs to validate access requests.
Original Abstract Submitted
An access control system is disclosed for controlling access to a resource. A request is received by a location attribute policy (LAP) server to access an encrypted resource. The LAP server accesses a resource policy that identifies requirements for granting access to the encrypted resource, such as a list of attributes of the requestor that are required and a dynamic attribute requirement of the requestor. The LAP server receives a cryptographic proof from the computing device that the requestor possesses the attributes and validates the proof based at least on information obtained from a trusted ledger. Once the proof is validated, the LAP server provides a shared secret associated with the dynamic attribute requirement to a decryption algorithm. The decryption algorithm uses the dynamic attribute shared secret in combination with one or more attribute shared secrets from the requestor to generate a decryption key for the encrypted resource.
- Microsoft Technology Licensing, LLC
- Ramarathnam Venkatesan of Redmond WA (US)
- Nishanth Chandran of Seattle WA (US)
- Ganesh Ananthanarayanan of Sammamish WA (US)
- Panagiotis Antonopoulos of Redmond WA (US)
- Srinath T.V. Setty of Redmond WA (US)
- Daniel John Carroll, Jr. of Columbia MD (US)
- Kiran Muthabatulla of Sammamish WA (US)
- Yuanchao Shu of Kirkland WA (US)
- Sanjeev Mehrotra of Kirkland WA (US)
- H04L9/08
