News Column

Patent Issued for Peer-To-Peer Identity Management Interfaces and Methods

July 1, 2014

By a News Reporter-Staff News Editor at Information Technology Newsweekly -- A patent by the inventors Manion, Todd R. (Seattle, WA); Donner, Robert D. (Bellevue, WA); Somin, Grigori M. (Mountain View, CA), filed on July 11, 2011, was published online on June 17, 2014, according to news reporting originating from Alexandria, Virginia, by VerticalNews correspondents.

Patent number 8756327 is assigned to Microsoft Corporation (Redmond, WA).

The following quote was obtained by the news editors from the background information supplied by the inventors: "Peer-to-peer communication, and in fact all types of communication, depend on the possibility of establishing valid connections between selected entities. These entities may be peers (e.g., users or machines) or groups formed within a peer-to-peer network. However, entities may have one or several addresses that may vary because the entities move in the network, because the topology changes, because an address lease cannot be renewed, because the group function or purpose has changed, etc. A classic architectural solution to this addressing problem is thus to assign to each entity a stable name, and to 'resolve' this name to a current address when a connection is needed. This name to address translation must be very robust, and it must also allow for easy and fast updates.

"To increase the likelihood that an entity's address may be found by those seeking to connect to it, many peer-to-peer protocols allow entities to publish their individual or group address(es) through various mechanisms. Some protocols also allow a client to acquire knowledge of other entities' addresses through the processing of requests from others in the network. Indeed, it is this acquisition of address knowledge that enables successful operation of these peer-to-peer networks. That is, the better the information about other peers and groups in the network, the greater the likelihood that a search for a particular resource will converge.

"However, without a simple and robust mechanism that allows a user to easily establish and manage this single or these various identities that are to be used in the P2P network, users will be unable to take advantage of the benefits of the such networks. That is, the creation of P2P identities requires that numerous individual pieces of information be created and associated together in a consistent and logical fashion. This creation and association includes the creation of a friendly name, the selection and generation of a public/private key pair, the creation of an identity certificate (IDC) in coordination with the key pair, the association the IDC into the P2P infrastructure, the association of that with the name resolution protocol identities, etc. Each of these tasks alone are complex, and it is unlikely that the casual user would be able to properly create and/or associate this information in a manner that would ensure fruitful participation in the P2P network.

"Even if a user were able to properly create and associate the required information to form a P2P identity that would allow for successful resolution and participation in the P2P network, such participation would be constrained to a single physical location. While this may not seem to be a problem, the nature of mobile computing today, and of the mobility of users, renders such constraints undesirable. This problem is particularly troublesome as a user desires to maintain his or her on-line persona regardless of where the user is physically located or onto which computing device the user is logged.

"Within the public P2P cloud there may also exist private groups of peers who have associated with one another for a given purpose. Membership in such groups is typically governed by some form of group certificate that is associated with a particular P2P identity. Communications within the group is typically limited to user identities who can present the proper credentials. Therefore, it is important for a user identity to be able to properly associate with the group certificate. However, since there is no limitation on how many groups a particular P2P identity may belong, it become critical to manage not only the various identities that a user may use in the P2P cloud, but also the group membership certificates associated with each of the appropriate identities. Currently, however, no such identity management exists."

In addition to the background information obtained for this patent, VerticalNews journalists also obtained the inventors' summary information for this patent: "The various embodiments disclosed in this application involve a new and improved system and method for identity management in a peer-to-peer (P2P) network. More specifically, various embodiments are directed to a new and improved P2P application programming interface (API) and method that allows a user to create, import, export, manage, enumerate, and delete P2P identities that may be resolved in a P2P network. Further, various embodiments are directed to a new and improved P2P application programming interface (API) and method that allows management of group and identity information.

"In one embodiment, an API and method are presented that abstracts away from the low level credential and cryptographic functions that are required to be performed to create and manage a P2P identity. A group of related APIs are provided to create, delete, manage, enumerate, import, and export P2P identities. The management of the P2P identities preferably includes the retrieval and setting of a chosen friendly name, the generation of a cryptographic public/private key pair, the retrieval of security information in the form of an XML fragment, and the creation of a new name based on an existing identity. Since the P2P environment also allows for the existence of multiple separate groups of peers within the P2P cloud, various embodiments also allow for the enumeration of all groups associated with a given identity, for each identity existing for the user.

"In one embodiment, application programming interfaces are provided that create peer identities, that retrieve friendly names of identities, that set friendly names of identities, that get cryptographic key information for an identity, that delete peer identities, that export peer identity information, that import peer identity information, that enumerates peer identities, that enumerates groups associated with peer identities, that retrieves XML fragments containing security information for an identity, and that creates peer names based on existing names of identities. Each of these interfaces utilize various parameters that are passed in from an application program that uses these interfaces to manage a peer identity. The interfaces return a value that indicates the success or failure of the function. For failures, the interfaces provide an indication as to the problem resulting in the failure."

URL and more information on this patent, see: Manion, Todd R.; Donner, Robert D.; Somin, Grigori M.. Peer-To-Peer Identity Management Interfaces and Methods. U.S. Patent Number 8756327, filed July 11, 2011, and published online on June 17, 2014. Patent URL:

Keywords for this news article include: Microsoft Corporation, Information Technology, Information and Cryptography.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: Information Technology Newsweekly

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters