Granular authorization for network user sessions

US 20030070091A1
Filed: 10/05/2001
Published: 04/10/2003
Est. Priority Date: 10/05/2001
Status: Active Grant

First Claim

Patent Images

1. In a computing device including a security module that may grant a user session access to network resources, a method for granting a mobile user session access to network resources depending on one or more authentication methods and the security of one or more devices associated with the mobile user session so as to grant access that corresponds to the trustworthiness of the associated authentication methods and devices, the method comprising:

an act of accessing characteristics of one or more authentication methods associated with the mobile user session; and

an act of generating an authentication bundle representative of access to network resources by synthesizing the accessed characteristics, wherein the authentication bundle may be used to grant the mobile user session access to network resources.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Providing access to a mobile user session in a manner that more closely corresponds access to network resources to the trustworthiness of authentication methods and devices associated with the mobile user session. Characteristics of authentication methods associated with a mobile user session are synthesized to generate an authentication bundle. Characteristics may include data associated with passwords, biometric data or devices used to execute an authentication method. By synthesizing characteristics in varied manners, a non-binary sliding scale of access to network resources may be generated. An authentication bundle may be accessed to grant a mobile user session appropriate access to network resources. Granting access may include generating an authorization token that is passed to a filter or reverse proxy. Access to network resources may be dynamically modified as authentication methods associated with a mobile user session change.

Citations

43 Claims

1. In a computing device including a security module that may grant a user session access to network resources, a method for granting a mobile user session access to network resources depending on one or more authentication methods and the security of one or more devices associated with the mobile user session so as to grant access that corresponds to the trustworthiness of the associated authentication methods and devices, the method comprising:
- an act of accessing characteristics of one or more authentication methods associated with the mobile user session; and
  
  an act of generating an authentication bundle representative of access to network resources by synthesizing the accessed characteristics, wherein the authentication bundle may be used to grant the mobile user session access to network resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The method as recited in claim 1, wherein accessing characteristics of one or more authentication methods associated with the mobile user session comprises the following:
    - an act of accessing characteristics of one or more authentication methods representative of the mobile user session.
  - 3. The method as recited in claim 1, wherein accessing characteristics of one or more authentication methods associated with the mobile user session comprises the following:
    - an act of accessing characteristics of a device associated with one or more of the authentication methods.
  - 4. The method as recited in claim 3, wherein accessing characteristics of a device associated with one or more authentication methods comprises the following:
    - an act of accessing characteristics of a telephone associated with one or more of the authentication methods.
  - 5. The method as recited in claim 3, wherein accessing characteristics of a device associated with one or more authentication methods comprises the following:
    - an act of accessing characteristics of an unknown device associated with one or more of the authentication methods.
  - 6. The method as recited in claim 3, wherein accessing characteristics representative of a device associated with one or more authentication methods comprises the following:
    - an act of accessing characteristics of an known device associated with one or more of the authentication methods.
  - 7. The method as recited in claim 6, wherein accessing characteristics of a known device associated with one or more of the authentication methods comprises the following:
    - an act of accessing caller line identification data associated with a device.
  - 8. The method as recited in claim 3, wherein accessing characteristics of a device associated with one or more authentication methods comprises the following:
    - an act of accessing characteristics of a secure device associated with one or more of the authentication methods.
  - 9. The method as recited in claim 3, wherein accessing characteristics of a device associated with one or more of the authentication methods comprises the following:
    - an act of accessing characteristics of a computing device associated with one or more of the authentication methods.
  - 10. The method as recited in claim 9, wherein accessing characteristics of a computing device associated with one or more of the authentication methods comprises the following:
    - an act of accessing characteristics a personal computer associated with one or more of the authentication methods.
  - 11. The method as recited in claim 9, wherein accessing characteristics of a computing device associated with one or more of the authentication methods comprises the following:
    - an act of accessing characteristics of a mobile computing device associated with one or more of the authentication methods.
  - 12. The method as recited in claim 11, wherein accessing characteristics of a mobile computing device associated with one or more of the authentication methods comprises the following:
    - an act of accessing characteristics of a mobile telephone associated with one or more of the authentication methods.
  - 13. The method as recited in claim 11, wherein accessing characteristics of a mobile computing device associated with one or more of the authentication methods comprises the following:
    - an act of accessing characteristics of a personal digital assistant associated with one or more of the authentication methods.
  - 14. The method as recited in claim 11, wherein accessing characteristics of a mobile computing device associated with one or more of the authentication methods comprises the following:
    - an act of accessing characteristics of a hand-held computer associated with one or more of the authentication methods.
  - 15. The method as recited in claim 1, wherein accessing characteristics of one or more authentication methods associated with the mobile user session comprises the following:
    - an act of accessing characteristics of a password associated with one or more of authentication methods.
  - 16. The method as recited in claim 15, wherein accessing characteristics of a password associated with one or more authentication methods comprises the following:
    - an act of accessing characteristics of a personal identification number including dual tone multi-frequency tones associated with one or more of authentication methods.
  - 17. The method as recited in claim 15, wherein accessing characteristics of a password associated with one or more authentication methods comprises the following:
    - an act of accessing characteristics of a personal identification number that includes spoken phrases associated with one or more of authentication methods.
  - 18. The method as recited in claim 15, wherein accessing characteristics of a password associated with one or more authentication methods comprises the following:
    - an act of accessing characteristics of a password that was transmitted from a mobile computing device out of band, the password being associated with one or more authentication methods.
  - 19. The method as recited in claim 1, wherein accessing characteristics of one or more authentication methods associated with the mobile user session comprises the following:
    - an act of accessing characteristics of biometric data associated with one or more authentication methods.
  - 20. The method as recited in claim 19, wherein accessing characteristics of biometric data associated with one or more authentication methods comprises the following:
    - an act of accessing characteristics of a voiceprint associated with one or more authentication methods.
  - 21. The method as recited in claim 19, wherein accessing characteristics of biometric data associated with one or more authentication methods comprises the following:
    - an act of accessing characteristics of a fingerprint associated with one or more authentication methods.
  - 22. The method as recited in claim 19, wherein accessing characteristics of biometric data associated with one or more authentication methods comprises the following:
    - an act of accessing characteristics of a retinal scan associated with one or more authentication methods.
  - 23. The method as recited in claim 1, wherein generating an authentication bundle representative of access to network resources by synthesizing the accessed characteristics comprises the following:
    - an act of generating an authentication bundle representative of access to network resources by synthesizing accessed characteristics associated with a device and accessed characteristics associated with a password.
  - 24. The method as recited in claim 1, wherein generating an authentication bundle representative of access to network resources by synthesizing the accessed characteristics comprises the following:
    - an act of generating an authentication bundle representative of access to network resources by synthesizing accessed characteristics associated with a device and accessed characteristics associated with biometric data.
  - 25. The method as recited in claim 1, wherein generating an authentication bundle representative of access to network resources by synthesizing the accessed characteristics comprises the following:
    - an act of generating an authentication bundle representative of access to network resources by synthesizing accessed characteristics associated with a password and accessed characteristics associated with biometric data.
  - 26. The method as recited in claim 1, wherein generating an authentication bundle representative of access to network resources by synthesizing the accessed characteristics comprises the following:
    - an act of generating an authentication bundle representative of access to network resources by synthesizing accessed characteristics associated with a device, accessed characteristics associated with a password and accessed characteristics associated with biometric data.
  - 27. The method as recited in claim 1, wherein generating an authentication bundle representative of access to network resources by synthesizing the accessed characteristics comprises the following:
    - an act of generating an authentication bundle representative of access to network resources by synthesizing characteristics associated with the time one or more authentication methods were executed.

28. In a computing device including an access granting module that may grant a user session access to network resources, a method for granting a mobile user session access to network resources depending on one or more authentication methods and the security of one or more devices associated with the mobile user session so as to grant access that corresponds to the trustworthiness of the associated authentication methods and devices, the method comprising:
- an act of accessing an authentication bundle, the authentication bundle having been generated by synthesizing characteristics of one or more authentication methods associated with the mobile user session; and
  
  an act of granting access to network resources, wherein the extent of access may differ depending on the characteristics.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 29. The method as recited in claim 28, wherein accessing an authentication bundle comprises the following:
    - an act of the access granting module accessing an authentication bundle.
  - 30. The method as recited in claim 28, wherein accessing an authentication bundle comprises the following:
    - an act of accessing an authentication bundle which causes the mobile user session to be granted access to the network resources represented by the authentication bundle.
  - 31. The method as recited in claim 28, wherein accessing an authentication bundle comprises the following:
    - an act of accessing an authentication bundle which causes generation of an authorization token associated with a level of access to network resources.
  - 32. The method as recited in claim 28, wherein accessing an authentication bundle comprises the following:
    - an act of accessing an authentication bundle which causes generation of an authorization token that includes data representative of one or more authentication methods associated with the mobile user session.
  - 33. The method as recited in claim 28, wherein granting access to network resources comprises the following:
    - an act of granting a mobile user session less than the maximum level of access associated with a user.
  - 34. The method as recited in claim 33, wherein granting a mobile user session less than the maximum level of access associated with a user comprises the following:
    - an act of receiving an authentication bundle, which causes a filter to reduce the mobile user session'"'"'s access to network resources to less than the maximum level of access associated with a user.
  - 35. The method as recited in claim 33, wherein granting a mobile user session less than the maximum level of access associated with a user comprises the following:
    - an act of receiving an authentication bundle, which causes a reverse proxy to reduce the mobile user session'"'"'s access to network resources to less than the maximum level of access associated with a user.
  - 36. The method as recited in claim 28, wherein granting access to network resources comprises the following:
    - an act of modifying a mobile user session'"'"'s existing access to network resources, the modified access being different than the existing access.
  - 37. The method as in claim 36 wherein modifying a mobile user session'"'"'s existing access to network resources, the modified access being different than the existing access comprises the following:
    - an act of modifying a mobile user session'"'"'s existing access to network resources by granting access to network resources in addition to the existing access.
  - 38. The method as in claim 36 wherein modifying a mobile user session'"'"'s existing access to network resources, the modified updated access being different than the existing access comprises the following:
    - an act of modifying a mobile user session'"'"'s access to network resources by revoking some of the existing access to network resource.
  - 39. The method as recited in claim 28, further comprising:
    - an act of notifying a user associated with the mobile user session what network resources the mobile user session may access.

40. A computer program product for implementing, in a computing device including a security module that may grant a user session access to network resources, a method for granting a mobile user session access to network resources depending on one or more authentication methods and the security of one or more devices so as to grant access that corresponds to the trustworthiness of the associated authentication methods and devices, the computer program product comprising:
- a computer-readable medium carrying computer-executable instructions, that when executed at the computing device, cause the computing device to perform the method, including;
  
  an act of accessing characteristics of one or more authentication methods associated with the mobile user session; and
  
  an act of generating an authentication bundle representative of access to network resources by synthesizing accessed characteristics.
- View Dependent Claims (41)
- - 41. The computer program product as recited claim 40, wherein the computer-readable medium is a physical storage media.

42. A computer program product for implementing, in a computing device including a security module that may grant a user session access to network resources, a method for granting a mobile user session access to network resources depending on one or more authentication methods and the security of one or more devices so as to grant access that corresponds to the trustworthiness of the associated authentication methods and devices, the computer program product comprising:
- a computer-readable medium carrying computer-executable instructions, that when executed at the computing device, cause the computing device to perform the method, including;
  
  an act of accessing an authentication bundle, the authentication bundle having been generated by synthesizing characteristics of one or more authentication methods associated with the mobile user session; and
  
  an act of granting access to network resources, wherein the extent of access may differ depending on the characteristics.
- View Dependent Claims (43)
- - 43. The computer program product as recited claim 42, wherein the computer-readable medium is a physical storage media.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Loveland, Shawn Domenic

Granted Patent

US 7,076,797 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/104   Grouping of entities

H04L 63/205   involving negotiation or de...

H04L 67/30   Profiles

H04W 12/068   using credential vaults, e....

H04W 12/082   using revocation of authori...

H04W 12/088   using filters or firewalls

Granular authorization for network user sessions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Granular authorization for network user sessions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links