Remote locking a multi-user device to a set of users

US 10,652,249 B2
Filed: 10/31/2017
Issued: 05/12/2020
Est. Priority Date: 10/31/2017
Status: Active Grant

First Claim

Patent Images

1. A computer device, comprising:

memory configured to store data and instructions;

at least one processor configured to communicate with the memory; and

an operating system configured to communicate with the memory and the at least one processor, wherein the operating system is configured to;

receive a lost device message including a device identifier identifying the computer device and an authorized user list including at least one user identification that identifies a user authorized to access the computer device in a lost state;

receive a customized lock screen message to present on the computer device;

log out existing users on the computer device and invalidate credentials of the existing users on the computer device based at least on receiving the lost device message;

activate a lock screen including presenting the customized lock screen message on the computer device and set the computer device to the lost state;

initiate a log on manager that is configured to recognize the lost state and to restrict access to the computer device to users included in the authorized user list;

receive, at the log on manager, at least one log on attempt from a user utilizing a user identification and a password;

perform, at the computer device, a first comparison of the received user identification with the at least one user identification included in the authorized user list to generate a first authentication of the received user identification when a match occurs between the received user identification and the at least one user identification included in the authorized user list;

transmit the received user identification and the password when the first authentication occurs to perform a second comparison of the received user identification and the password with stored credentials on a network based server for a second authentication of the received user identification and the password; and

grant access to the computer device based at least on the first authentication and the second authentication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and devices for restricting access to a computer device may include receiving a lost device message including a device identifier identifying the computer device and an authorized user list including at least one user identification that identifies a user authorized to access the computer device in a lost state. The methods and devices may include logging out existing users on the computer device and invalidate the existing users'"'"' credentials on the computer device based at least one receiving the lost device message. The methods and devices may include activating a lock screen on the computer device and setting the computer device to the lost state. The methods and devices may include initiating a log on manager that is configured to recognize the lost state and to restrict access to the computer device to users included in the authorized user list.

22 Citations

19 Claims

1. A computer device, comprising:
- memory configured to store data and instructions;
  
  at least one processor configured to communicate with the memory; and
  
  an operating system configured to communicate with the memory and the at least one processor, wherein the operating system is configured to;
  
  receive a lost device message including a device identifier identifying the computer device and an authorized user list including at least one user identification that identifies a user authorized to access the computer device in a lost state;
  
  receive a customized lock screen message to present on the computer device;
  
  log out existing users on the computer device and invalidate credentials of the existing users on the computer device based at least on receiving the lost device message;
  
  activate a lock screen including presenting the customized lock screen message on the computer device and set the computer device to the lost state;
  
  initiate a log on manager that is configured to recognize the lost state and to restrict access to the computer device to users included in the authorized user list;
  
  receive, at the log on manager, at least one log on attempt from a user utilizing a user identification and a password;
  
  perform, at the computer device, a first comparison of the received user identification with the at least one user identification included in the authorized user list to generate a first authentication of the received user identification when a match occurs between the received user identification and the at least one user identification included in the authorized user list;
  
  transmit the received user identification and the password when the first authentication occurs to perform a second comparison of the received user identification and the password with stored credentials on a network based server for a second authentication of the received user identification and the password; and
  
  grant access to the computer device based at least on the first authentication and the second authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer device of claim 1, wherein the operating system is further configured to:
    - receive a validation message based on the second authentication that indicates whether the user is authorized to access the computer device.
  - 3. The computer device of claim 2, wherein the validation message indicates the user is authorized to access the computer device when a match occurs between the received user identification, the password, and the stored credentials, and wherein the validation message indicates the user is unauthorized to access the computer device when the match does not occur between the received user identification, the password, and the stored credentials.
  - 4. The computer device of claim 3, wherein the operating system is further configured to deny access to the computer device when the user identification does not match the at least one user identification included in the authorized user list or the validation message indicates the user is unauthorized to access the computer device.
  - 5. The computer device of claim 1, wherein the authorized user list includes a plurality of user identifications that identify a plurality of users authorized to access the computer device in the lost state.
  - 6. The computer device of claim 1, wherein the operating system is further configured to set the computer device to a found state when access is granted to the computer device.
  - 7. The computer device of claim 1, wherein the computer device is a multi-user computer device.

8. A method for restricting access to a computer device, the method comprising:
- receiving, at an operating system on the computer device, a lost device message including a device identifier identifying the computer device and an authorized user list including at least one user identification that identifies a user authorized to access the computer device in a lost state;
  
  receiving a customized lock screen message to present on the computer device;
  
  logging out existing users on the computer device and invalidating credentials of the existing users on the computer device based at least on receiving the lost device message;
  
  activating a lock screen including presenting the customized lock screen message on the computer device and setting the computer device to the lost state;
  
  initiating a log on manager that is configured to recognize the lost state and to restrict access to the computer device to users included in the authorized user list;
  
  receiving, at the log on manager, at least one log on attempt from a user utilizing a user identification and a password;
  
  performing, at the computer device, a first comparison of the received user identification with the at least one user identification included in the authorized user list to generate a first authentication of the received user identification when a match occurs between the received user identification and the at least one user identification included in the authorized user list;
  
  transmitting the received user identification and the password when the first authentication occurs to perform a second comparison of the received user identification and the password with stored credentials on a network based server for a second authentication of the received user identification and the password; and
  
  granting access to the computer device based at least on the first authentication and the second authentication.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the method further comprises:
    - receiving a validation message based on the second authentication that indicates whether the user is authorized to access the computer device.
  - 10. The method of claim 9, wherein the validation message indicates the user is authorized to access the computer device when a match occurs between the received user identification, the password, and the stored credentials, andwherein the validation message indicates the user is unauthorized to access the computer device when the match does not occur between the received user identification, the password, and the stored credentials.
  - 11. The method of claim 10, wherein the operating system is further configured to deny access to the computer device when the user identification does not match the at least one user identification included in the authorized user list or the validation message indicates the user is unauthorized to access the computer device.
  - 12. The method of claim 8, wherein the authorized user list includes a plurality of user identifications that identify a plurality of users authorized to access the computer device in the lost state.
  - 13. The method of claim 8, wherein the operating system is further configured to set the computer device to a found state when access is granted to the computer device.
  - 14. The method of claim 8, wherein the computer device is a multi-user computer device.

15. A server, comprising:
- memory configured to store data and instructions;
  
  at least one processor configured to communicate with the memory, wherein the at least one processor is further configured to;
  
  receive a notice identifying a computer device;
  
  receive at least one user authorized to access the computer device;
  
  create an authorized user list including at least one user identification that identifies the at least one user authorized to access the computer device in a lost state;
  
  create a customized lock screen message to present on the computer device;
  
  send the customized lock screen message and a lost device message including a device identifier identifying the computer device and the authorized user list including the at least one user identification that identifies a user authorized to access the computer device in a lost state to the computer device;
  
  receive a user identification and a password of a user requesting access to the computer device;
  
  determine whether the user identification and the password match stored credentials associated with the at least one user identification included in the authorized user list; and
  
  send a validation message to the computer device, wherein the validation message indicates that the user is authorized to access the computer device.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The server of claim 15, wherein the memory is further configured to store the authorized user list.
  - 17. The server of claim 15, wherein the authorized user list changes with received updates.
  - 18. The server of claim 15, wherein the validation message indicates the user is unauthorized to access the computer device when the match does not occur between the received user identification, the password, and the stored credentials.
  - 19. The server of claim 15, wherein the authorized user list includes a plurality of user identifications that identify a plurality of users authorized to access the computer device in the lost state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Rahman, Mizanur
Primary Examiner(s)
Shayanfar, Ali

Application Number

US15/799,485
Publication Number

US 20190132324A1
Time in Patent Office

924 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/88   Detecting or preventing the...

H04L 63/083   using passwords cryptograph...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04W 12/08   Access security

H04W 12/082   using revocation of authori...

H04W 12/12   Detection or prevention of ...

H04W 12/126   Anti-theft arrangements, e....

Remote locking a multi-user device to a set of users

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Remote locking a multi-user device to a set of users

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links