Differentiated authentication for compartmentalized computing resources

US 10,146,926 B2
Filed: 07/18/2008
Issued: 12/04/2018
Est. Priority Date: 07/18/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for accessing groups of computing resources, comprising:

under control of one or more computing systems comprising memory and one or more processors;

organizing one or more computing resources accessible in a desktop environment into a group, the one or more computing resources including at least one of a data content, an application, a network portal, or a device, the organizing based at least in part on;

a usage pattern associated with user interaction with the one or more computing resources in the group;

a reliability of the one or more computing resources; and

performance demands of the one or more computing resources; and

providing an authentication policy to associate one or more authentication inputs with individual actions of a plurality of actions directed to individual computing resources of the one or more computing resources within the group, wherein the plurality of actions include one or more types of individual actions and individual authentication inputs of the one or more authentication inputs are based at least in part on the one or more types of individual actions;

determining that a user initiates a type of individual action of the one or more types of the individual actions directed to an individual computing resource of the individual computing resources within the group;

receiving an authentication input of the one or more authentication inputs based at least in part on determining that the user initiates the type of individual action directed to the individual computing resource;

determining that the authentication input is verified; and

allowing the type of individual action initiated by the user to be performed by the individual computing resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments for providing differentiated authentication for accessing groups of compartmentalized computing resources, and accessing each compartmentalized computing resources, as displayed on a desktop environment of an operating system. In one embodiment, a method includes organizing one or more computing resources accessible in a desktop environment into a group. The one or more computing resources include a data content, an application, a network portal, and a device. The method also includes providing an authentication policy for actions that can be performed on each computing resource. The authentication policy is configured to associate an authentication input to each action for a particular computing resource. The method further includes receiving an authentication input when the user intends one of the actions on the particular computing resource. The method additionally includes allowing the user to perform the intended action on the particular computing resource when the received authentication input enables the intended action.

54 Citations

20 Claims

1. A computer-implemented method for accessing groups of computing resources, comprising:
- under control of one or more computing systems comprising memory and one or more processors;
  
  organizing one or more computing resources accessible in a desktop environment into a group, the one or more computing resources including at least one of a data content, an application, a network portal, or a device, the organizing based at least in part on;
  
  a usage pattern associated with user interaction with the one or more computing resources in the group;
  
  a reliability of the one or more computing resources; and
  
  performance demands of the one or more computing resources; and
  
  providing an authentication policy to associate one or more authentication inputs with individual actions of a plurality of actions directed to individual computing resources of the one or more computing resources within the group, wherein the plurality of actions include one or more types of individual actions and individual authentication inputs of the one or more authentication inputs are based at least in part on the one or more types of individual actions;
  
  determining that a user initiates a type of individual action of the one or more types of the individual actions directed to an individual computing resource of the individual computing resources within the group;
  
  receiving an authentication input of the one or more authentication inputs based at least in part on determining that the user initiates the type of individual action directed to the individual computing resource;
  
  determining that the authentication input is verified; and
  
  allowing the type of individual action initiated by the user to be performed by the individual computing resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 19)
- - 2. The method of claim 1, further comprising adding an additional computing resource accessible to the user into the group that includes one or more of a data content, a network portal, an application, or a device, the additional computing resource meeting predetermined criteria, the predetermined criteria being determined in part on at least one of usage patterns, security requirements, or reliability of the additional computing resource.
  - 3. The method of claim 1, wherein the authentication input is provided via one of the device or the network portal.
  - 4. The method of claim 1, wherein receiving the authentication input includes prompting the user for the authentication input.
  - 5. The method of claim 1, wherein the authentication input includes at least one of an identity, a password, a hardware identity certificate, or a software identity certificate.
  - 6. The method of claim 1, wherein:
    - the individual authentication inputs include a type attribute and a strength attribute;
      
      the type attribute is configured to identify the authentication input as including at least one of an identity, a password, a hardware-based input, or a software-based input; and
      
      the strength attribute is configured to identify one of a permutational complexity of a password or a cryptographic complexity of an identity certificate.
  - 7. The method of claim 1, wherein:
    - the plurality of actions includes at least one of accessing the one or more computing resources, modifying the one or more computing resources, or removing the one or more computing resources; and
      
      the one or more types of individual actions include at least one of reader type actions that include at least accessing the one or more computing resources, contributor type actions that include at least modifying the one or more computing resources, and administrator type actions that include at least removing the one or more computing resources.
  - 8. The method of claim 1, wherein the one or more computing resources further include a local computing resource and a networked remote computing resource, and the group includes one of a local group and a networked remote group.
  - 19. The method of claim 1, wherein the authentication input is received from a first device, and the method further comprises:
    - synchronizing the first device with a second device such that the user is allowed to perform at last one of the plurality of actions using the second device without additional authentication input.

9. A computer storage device storing computer-executable instructions that, when executed, cause one or more processors to perform acts comprising:
- organizing one or more first computing resources accessible in a desktop environment into a first group, the one or more first computing resources including at least one of a data content, an application, a network portal, or a device, wherein the organizing is based at least in part on;
  
  a usage pattern associated with user interaction with the one or more first computing resources in the first group;
  
  a reliability of the one or more first computing resources; and
  
  performance demands of the one or more first computing resources;
  
  providing an authentication policy that associates one or more authentication inputs with individual actions of a plurality of actions directed to the first group, the authentication policy associating;
  
  a first authentication input of the one or more authentication inputs with a first individual action of the individual actions; and
  
  a second authentication input of the one or more authentication inputs with a second individual action of the individual actions, wherein the first individual action is a different type of action than the second individual action and the first authentication input is different from the second authentication input based at least in part on the first individual action being the different type of action than the second individual action;
  
  receiving an authentication input of the one or more authentication inputs when a user directs one of the first individual action or the second individual action to the first group, the authentication input received on a first device; and
  
  allowing the user to perform the first individual action in response to determining that the authentication input is the first authentication input and allowing the user to perform the second individual action in response to determining that the authentication input is the second authentication input.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 20)
- - 10. The computer storage device of claim 9, further comprising creating the first group prior to organizing the one or more first computing resources accessible in the desktop environment into the first group.
  - 11. The computer storage device of claim 9, wherein the computer-executable instructions cause the one or more processors to perform further acts comprising creating a second group that includes one or more second computing resources, the one or more second computing resources including a data content, an application, a network portal, or a device.
  - 12. The computer storage device of claim 9, wherein:
    - the authentication policy further associates a third authentication input of the one or more authentication inputs with a third individual action of the individual actions on one computing resource, wherein the third individual action is a different type of action than the first individual action and the second individual action and the third authentication input is different from the first authentication input and the second authentication input based at least in part on the third individual action being the different type of action than the first individual action and the second individual action, andthe computer-executable instructions cause the one or more processors to perform further acts comprising;
      
      receiving a different authentication input of the one or more authentication inputs when the user directs the third individual action to the computing resource; and
      
      allowing the user to perform the third individual action directed by the user to the computing resource when the authentication input is the third authentication input.
  - 13. The computer storage device of claim 9, wherein the first individual action and the second individual action include at least one of accessing the first group, modifying the first group, and deleting the first group, and wherein the user directs at least one of the first individual action or the second individual action by selecting the first individual action or the second individual action from a display that presents one or more action options for the first group.
  - 14. The computer storage device of claim 9, wherein the receiving at least one of the first authentication input or the second authentication input includes prompting the user for the authentication input.
  - 15. The computer storage device of claim 9, wherein the authentication input includes at least one of an identity, a password, a hardware identity certificate, or a software identity certificate.
  - 16. The computer storage device of claim 9, wherein:
    - the one or more authentication inputs include type attributes and strength attributes;
      
      the type attributes are configured to identify the one or more authentication inputs as including at least one of an identity, a password, a hardware-based input, or a software-based input; and
      
      the strength attributes are configured to identify one of a permutational complexity of a password or a cryptographic complexity of an identity certificate.
  - 20. The computer storage device of claim 9, the acts further comprising:
    - synchronizing the first device with a second device such that the user is allowed to perform the first individual action and the second individual action using the second device without additional authentication input.

17. A system for accessing groups of computing resources, comprising:
- memory;
  
  one or more processors; and
  
  programming instructions stored on the memory that, based on execution by the one or more processors, configure the one or more processors to;
  
  organize one or more computing resources accessible in a desktop environment into a group, the one or more computing resources include at least one of a data content, an application, a network portal, or a device, the organizing based at least in part on;
  
  a usage pattern associated with user interaction with the one or more computing resources in the group;
  
  a reliability of the one or more computing resources; and
  
  performance demands of the one or more computing resources;
  
  provide an authentication policy that respectively associates one or more authentication inputs with a plurality of actions for the group, individual authentication inputs of the one or more authentication inputs being different from other authentication inputs of the one or more authentication inputs based at least in part on a type of individual action of the plurality of actions associated with the individual authentication inputs;
  
  determine that a user directs an action of the plurality of actions to the group;
  
  based at least in part on determining that the user directs the action, receive an authentication input of the one or more authentication inputs corresponding to the action;
  
  verify the authentication input; and
  
  allow the action directed by the user to be performed by the group.
- View Dependent Claims (18)
- - 18. The system of claim 17, wherein the one or more modules are further executed by the one or more processors to add an additional computing resource accessible to the user into the group, the additional computing resource including one of a data content, an application, or a device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Jones, Thomas C.
Primary Examiner(s)
Pham, Luu T
Assistant Examiner(s)
Le, Canh

Application Number

US12/176,009
Publication Number

US 20100017845A1
Time in Patent Office

3,791 Days
Field of Search

726 1
US Class Current
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

Differentiated authentication for compartmentalized computing resources

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Differentiated authentication for compartmentalized computing resources

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links