Method and system for controlling access privileges for trusted network nodes

US 20060059359A1
Filed: 09/15/2004
Published: 03/16/2006
Est. Priority Date: 09/15/2004
Status: Active Grant

First Claim

Patent Images

1. A system for controlling access to a node in a secured network group, the system comprising:

a plurality of mutually trusted nodes forming the secured network group; and

a mechanism for providing loose security within the secured network group while retaining strong security against external access to the secured network group.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for controlling access to a computer provides for loose security within a local network while retaining strong security against external access to the network. In one embodiment, a user has access to trusted nodes in a secured group within an unmanaged network, without being required to choose, enter and remember a login password. To establish such a secure blank password or one-click logon account for the user on a computer, a strong random password is generated and stored, and the account is designated as a blank password account. If the device is part of a secured network group, the strong random password is replicated to the other trusted nodes. When a user with a blank password account wishes to log in to a computer, the stored strong random password is retrieved and the user is authenticated.

52 Citations

View as Search Results

24 Claims

1. A system for controlling access to a node in a secured network group, the system comprising:
- a plurality of mutually trusted nodes forming the secured network group; and
  
  a mechanism for providing loose security within the secured network group while retaining strong security against external access to the secured network group.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein the mechanism for providing loose security within the secured network group comprises a mechanism for allowing a user within the secured network group to access other nodes without being required to enter authentication credentials.
  - 3. The system of claim 1, wherein the secured network group further comprises a secured network group in an unmanaged network.
  - 4. The system of claim 1, wherein the mechanism for providing loose security within the secured network group comprises, at each node:
    - a database for storing a strong random password associated with a single-click logon account;
      
      a local system security authority;
      
      a security support provider that retrieves the strong random password when a user initiates a login to the single-click logon account;
      
      a security account management service that interacts with the database and the security support provider; and
      
      an authentication engine that interacts with a login user interface component and the local system security authority to regulate the login to the single-click logon account.

5. A method for providing a user with access to one or more computers, the method comprising:
- at a first computer, generating a strong random password for a new account for the user;
  
  designating the new account as a blank password account; and
  
  storing the strong random password.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 6. The method of claim 5, wherein storing the strong random password comprises securely storing the password.
  - 7. The method of claim 5, further comprising initially determining whether the new account is to be a blank password account.
  - 8. The method of claim 7, further comprising, if the new account is not to be a blank password account, prompting the user to choose a password.
  - 9. The method of claim 7, wherein initially determining whether the new account is to be a blank password account further comprises establishing the new account as a blank password account unless the user indicates that the new account is not to be a blank password account.
  - 10. The method of claim 5, wherein designating the new account as a blank password account further comprises setting a flag.
  - 11. The method of claim 5, wherein storing the strong random password further comprises storing the strong random password by way of a database.
  - 12. The method of claim 5, further comprising, if the one or more computers comprise a plurality of linked computers, replicating the strong random password to each computer in the plurality of linked computers other than the first computer.
  - 13. The method of claim 12, wherein replicating the strong random password further comprises replicating the strong random password to one or more trusted nodes in a secured network group.
  - 14. The method of claim 13, further comprising providing the user with at least the same access privileges with respect to the secured network group as a non-blank password account user.
  - 15. The method of claim 5, wherein generating the strong random password for the new account further comprises generating a strong random password for a biometrically authenticated account.

16. A method for controlling access of a user to a computer, the method comprising:
- determining whether an account selected by the user is a blank password account;
  
  if the account is a blank password account, retrieving a stored strong random password associated with the account; and
  
  authenticating the user.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein determining whether the account is a blank password account further comprises determining whether a flag associated with the account is set.
  - 18. The method of claim 16, further comprising, if the account is not a blank password account, prompting the user to enter a password.
  - 19. The method of claim 16, wherein retrieving the stored strong random password further comprises querying a database.
  - 20. The method of claim 16, wherein determining whether the account selected by the user is a blank password account further comprises determining whether the account is a biometrically authenticated account.

21. A computer-readable medium having computer-executable instructions for providing a user with access to a computer, the instructions comprising:
- generating a strong random password for a new account for the user;
  
  designating the new account as a blank password account; and
  
  storing the strong random password.
- View Dependent Claims (22, 23)
- - 22. The computer-readable medium of claim 21, further comprising, if the computer is linked by way of a network to a second computer, replicating the strong random password to the second computer.
  - 23. The computer-readable medium of claim 21, further comprising:
    - determining whether a subsequent request by the user to log in to the account is a blank password account login request;
      
      if the subsequent request is a blank password account login request, retrieving the stored strong random password associated with the account; and
      
      authenticating the user.

24. Computer-readable media having components for implementing a system for controlling access to a node in a secured network group, the system comprising:
- a database for storing a strong random password associated with a single-click logon account;
  
  a local system security authority;
  
  a security support provider that retrieves the strong random password when a user initiates a login to the single-click logon account;
  
  a security account management service that interacts with the database and the security support provider; and
  
  an authentication engine that interacts with a login user interface component and the local system security authority to regulate the login to the single-click logon account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Leach, Paul J., Brezak, John E., Flo, Eric R., Reasor, Sterling M., Chinta, Ramesh

Granted Patent

US 8,230,485 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

H04L 63/0272   Virtual private networks

H04L 63/0815   providing single-sign-on or...

Method and system for controlling access privileges for trusted network nodes

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for controlling access privileges for trusted network nodes

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links