Authentication surety and decay system and method

US 20040153656A1
Filed: 01/30/2003
Published: 08/05/2004
Est. Priority Date: 01/30/2003
Status: Active Grant

First Claim

Patent Images

1. A method in a computing environment for maintaining security and access to a plurality of networked devices, comprising:

accepting a user identification;

assigning a surety level to said user identification; and

utilizing said user identification in conjunction with said surety level to grant or deny access to a plurality of networked devices.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to a method and system for use in security authentication in a network environment. The present invention enables shared security information by networked devices. It also allows access to networked devices on the basis of authentication surety. The system assigns surety levels on the basis of the modes and methods of user authentication to the network. Further, the present invention allows the gradual decay, of user authentication and thus access to networked devices over time. Further still, the present invention distinguishes between individual identities and personas within the network environment. Surety levels associated with an authentication provide a predetermined level of access to networked devices or device features. The present invention provides improved security and diminishes the risk of fraudulent access to a network via identity theft.

79 Citations

View as Search Results

29 Claims

1. A method in a computing environment for maintaining security and access to a plurality of networked devices, comprising:
- accepting a user identification;
  
  assigning a surety level to said user identification; and
  
  utilizing said user identification in conjunction with said surety level to grant or deny access to a plurality of networked devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as recited in claim 1, wherein said user identification is provided through a biometric device.
  - 3. A method as recited in claim 2, wherein said biometric device is an iris scanner.
  - 4. A method as recited in claim 2, wherein said biometric device is a voice recognition system.
  - 5. A method as recited in claim 1, wherein said user identification is provided through a text password input.
  - 6. A method as recited in claim 1, wherein said surety level is a function of the method or device by which said user identification is provided.
  - 7. A method as recited in claim 1, further comprising sharing said user identification and said surety level across a network.
  - 8. A method as recited in claim 1, further comprising a decay of said surety level.
  - 9. A method as recited in claim 8, wherein said decay is by the length of time since the user authentication.
  - 10. A method as recited in claim 8, wherein said decay is a function of the method of said user identification.
  - 11. A method as recited in claim 6 wherein said surety level is aggregated across the network.

12. A method in a network environment for providing access to a plurality of networked devices, based on the network'"'"'s knowledge of a user'"'"'s presence, comprising:
- obtaining an identification from a user;
  
  authenticating said identification; and
  
  making said authenticated identification available to the plurality of networked devices, by providing a storage of said authenticated identification and a requesting process that utilizes said storage.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. A method as recited in claim 12, wherein said authenticating includes assigning a value to said authenticated identification.
  - 14. A method as recited in claim 13, wherein said value is representative of the certainty associated with said obtained user identification.
  - 15. A method as recited in claim 12, wherein said user identification is provided through a biometric device.
  - 16. A method as recited in claim 15, wherein said biometric device is an iris scanner.
  - 17. A method as recited in claim 15, wherein said biometric device is a voice recognition system.
  - 18. A method as recited in claim 13, wherein said value is a function of the method or device by which said user identification is provided.
  - 19. A method as recited in claim 13, further comprising a decay of said value.

20. A method in a computing environment for providing secure access to a networked client device on the basis of the certainty associated with a user authentication, comprising:
- accepting the user identification from a networked input device;
  
  assigning a surety level on the basis of the accuracy of said networked input device, the accuracy being determined as the ability of said networked input device to correctly and uniquely identify an individual; and
  
  utilizing said surety level to grant or deny access to portions of the networked client device or the entire networked client device, by said user.

21. A system for providing authentication in an environment having a number of networked devices, comprising:
- a memory;
  
  an authentication module component to receive requests for access to any one or more of the networked devices; and
  
  a location access control component to provide information on accessible properties of the one or more networked devices and manage events associated with authentications, for storage in said memory;
- View Dependent Claims (22, 23)
- - 22. The authentication system of claim 21, further comprising a decay event manager component, wherein said decay event manager component communicates with said authentication component to provide a level of surety for a user'"'"'s authentication in connection with said user'"'"'s attempt to access said one or more networked devices.
  - 23. The authentication system of claim 22, further comprising an identity persona community component, said identity persona community component communicating with said decay event manager component to associate said user'"'"'s authentication with a persona.

24. A method in a computing environment for providing secure access, comprising:
- associating a surety value with a user authentication;
  
  utilizing said surety value to provide access to one or more features of the computing environment; and
  
  decaying said surety value over time to better secure the provided access.
- View Dependent Claims (25)
- - 25. A method as recited in claim 24, further comprising:
    - accepting a subsequent user authentication; and
      
      updating said surety value in response to said subsequent user authentication.

26. A computer readable medium containing instructions for maintaining security and access to a plurality of networked devices, the instructions comprising:
- accepting a user identification;
  
  assigning a surety level to said user identification; and
  
  utilizing said user identification in conjunction with said surety level to grant access to a plurality of networked devices.

27. A method in a computing environment for providing controlled access, comprising:
- providing multiple personas for a user identity;
  
  defining access rights to features of the computing environment for each of said multiple personas, wherein said access rights may be identical or different;
  
  identifying at least one persona corresponding to a login event by said user identity;
  
  authentication said at least one persona; and
  
  providing access to only the features associated with said persona rather than all features that are available to said user identity.
- View Dependent Claims (28)
- - 28. A method as recited in claim 27, wherein the authentication of said persona includes providing a surety level and the provided access to select features of the computing environment are based on said surety level.

29. A method in a computing environment for authenticating access to a networked device, comprising:
- receiving a user request for access;
  
  requesting a property information structure, to obtain information relating to properties of the network device that can potentially be accessed;
  
  wherein said property information structure specifies a required access level that any user must have in order to access said network device property; and
  
  allowing access to said network device property if said requesting user meets said required access level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Cluts, Jonathan C., Heath, Pamela J., Pleyer, Sven

Granted Patent

US 7,636,853 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/31   User authentication

G06F 21/40   by quorum, i.e. whereby two...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 67/535   Tracking the activity of th...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Authentication surety and decay system and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication surety and decay system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links