Authorization of device access to network services

US 10,225,256 B2
Filed: 05/15/2017
Issued: 03/05/2019
Est. Priority Date: 08/10/2005
Status: Active Grant

First Claim

Patent Images

1. A computing system comprising:

a processor; and

a memory having stored therein instructions that, when executed by the processor, cause the computing system to perform operations comprising;

detecting an authorization request from a first computing device;

displaying said authorization request on a user interface;

in response to an approval provided via said user interface, generating a key for said first computing device, said key usable to allow said first computing device to access at least one network service;

authorizing replication of a security service on said first computing device, said authorizing in response to said approval and a determination that said first computing device is capable of providing security in accordance with said security service, wherein said security service enables the first computing device to replicate the security service on other computing devices;

when a security service on the computing system and the security service on the first computing device have been synchronized, communicating between the computing system and the first computing device an identifier of a device that has been added to a network or removed from the network; and

when one of the computing system or the first computing device has been offline, receiving by the computing system or the first computing device the identifier of the device that has been added to the network.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides for authorization of devices entering a network. A new device entering a network sends an authorization request. Another device in the network may receive the request and display a User Interface (UI) which prompts the user to approve the device. The user can use a device identifier provided by the new device in approving the new device. Assuming the identifier provided by the new device matches an identifier accessible by the authorizing device, the user authorizes the new device. A key is then generated for the new device, which allows access to an appropriate range of network services. Authorization decisions can be synchronized among the various devices in a network, so even if an authorizing device leaves the network, the new device key can be validated. A security service can be replicated in a new device once the device is authorized to access the network.

18 Citations

View as Search Results

20 Claims

1. A computing system comprising:
- a processor; and
  
  a memory having stored therein instructions that, when executed by the processor, cause the computing system to perform operations comprising;
  
  detecting an authorization request from a first computing device;
  
  displaying said authorization request on a user interface;
  
  in response to an approval provided via said user interface, generating a key for said first computing device, said key usable to allow said first computing device to access at least one network service;
  
  authorizing replication of a security service on said first computing device, said authorizing in response to said approval and a determination that said first computing device is capable of providing security in accordance with said security service, wherein said security service enables the first computing device to replicate the security service on other computing devices;
  
  when a security service on the computing system and the security service on the first computing device have been synchronized, communicating between the computing system and the first computing device an identifier of a device that has been added to a network or removed from the network; and
  
  when one of the computing system or the first computing device has been offline, receiving by the computing system or the first computing device the identifier of the device that has been added to the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the network service comprises a software application executing on one or more of a plurality of networked computing devices.
  - 3. The system of claim 1, wherein detecting said authorization request comprises utilizing Web Services Security (WS-Security) protocol.
  - 4. The system of claim 1, wherein detecting said authorization request comprises utilizing Universal Plug and Play (UPnP) discovery protocol.
  - 5. The system of claim 1, wherein the user interface is configured to prompt a user to compare a first device ID in said UI with a second device ID provided by said first computing device to determine if the first and second device IDs are identical.
  - 6. The system of claim 1, further comprising instructions that, upon execution by the processor, cause the computing system to perform operations comprising restricting access by said first computing device to a subset of network services corresponding to a device class associated with said first computing device.
  - 7. The system of claim 1, further comprising instructions that, upon execution by the processor, cause the computing system to perform operations comprising restricting access by said first computing device to a subset of network services allowed to a user of said first computing device.
  - 8. The system of claim 1, further comprising instructions that, upon execution by the processor, cause the computing system to perform operations comprising synchronizing security information with at least one second computing device, such that if the first computing device delivers the key to the second computing device, then the second computing device allows access to the network service.

9. A first computing device comprising a computer-readable storage medium having stored thereon computer-readable instructions that, when executed by the first computing device, cause the first computing device to perform operations comprising:
- detecting that said first computing device is operably connected to a network;
  
  determining if said first computing device can access a network service available on said network;
  
  sending a first authorization request in response to determining that said first computing device cannot access said network service;
  
  accessing a device ID;
  
  receiving a first key from a second computing device associated with said network;
  
  using said first key to access the network service;
  
  replicating a security service on the first computing device, wherein the security service is operable to allow the first computing device to replicate the security service on a third computing device;
  
  when a security service on the second computing device and the security service on the first computing device are synchronized, communicating between the second computing device and the first computing device an identifier of a device that has been added to the network or removed from the network; and
  
  when one of the second computing device or the first computing device has been offline, receiving in the one of the second computing device or the first computing device the identifier of the device that has been added to the network.
- View Dependent Claims (10, 11, 12)
- - 10. The first computing device of claim 9, wherein sending said first authorization request comprises utilizing Web Services Security (WS-Security) protocol.
  - 11. The first computing device of claim 9, wherein sending said first authorization request comprises utilizing Universal Plug and Play (UPnP) discovery protocol.
  - 12. The first computing device of claim 9, further comprising computer-readable instructions that, when executed by the first computing device, cause the first computing device to perform operations comprising:
    - detecting a second authorization request broadcast from said second computing device, wherein said second authorization request originated from a third computing device;
      
      displaying said second authorization request via a user interface;
      
      receiving an approval of said third computing device; and
      
      generating, in response to said approval, a second key for said third computing device, wherein said second key is usable to allow said third computing device to access at least one network service.

13. A method for securing a network comprising a plurality of devices, comprising:
- receiving, from a first device, an authorization request to access at least one network service and a device identifier (ID);
  
  receiving, via an interface, an approval of the first device that is based on the device ID;
  
  in response to determining that the first device is not a disallowed device, generating, based on the device ID, a key for the first device, wherein said at least one network service may be accessed using said key;
  
  replicating a security service to the first device based on a determination that the first device can provide the security service and serve as an authorizing device for subsequent device approvals and validations; and
  
  synchronizing, to the first device and to other devices of the plurality of devices, security information indicative of access to said at least one network service.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, further comprising sending, by a second device to a third device, an indication that the first device is authorized to access said at least one network service.
  - 15. The method of claim 13, wherein said authorization request comprises the device ID.
  - 16. The method of claim 15, wherein said approval is performed based on a comparison of the device ID with the device ID provided by said first device.
  - 17. The method of claim 13, wherein said approval is performed by entering the device ID provided by said first device.
  - 18. The method of claim 13, further comprising rendering a representation of the authorization request in an interface.
  - 19. The method of claim 13, further comprising broadcasting the authorization request.
  - 20. The method of claim 13, wherein the key is generated based on the device ID by the first device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Gilbert, Mark, Mevissen, Ron J.
Primary Examiner(s)
Ho, Dao Q

Application Number

US15/595,830
Publication Number

US 20170250987A1
Time in Patent Office

659 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2129   Authenticate client device ...

G06F 2221/2149   Restricted operating enviro...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

Authorization of device access to network services

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization of device access to network services

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links