System security using human authorization

US 20070006302A1
Filed: 06/30/2005
Published: 01/04/2007
Est. Priority Date: 06/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining that a system configuration parameter of a computing device has been modified from a first state to a second state;

determining whether the system configuration parameter is protected;

if it is determined that the system configuration parameter is designated as protected, presenting to a user of the computing device a message including human-discernable information that is obscured from detection by a computer-implemented process;

requesting from the user an action that indicates recognition of the human-discernable information; and

if the user does not perform the requested action, returning the system configuration parameter to the first state.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In response to the occurrence of a restricted event in a computing device, a user of the computing device is presenting with a challenge including information designed to assist in determining whether the challenge is answered by a human. If it is determined that the challenge was not answered by a human, the restricted event is counteracted.

Citations

20 Claims

1. A method comprising:
- determining that a system configuration parameter of a computing device has been modified from a first state to a second state;
  
  determining whether the system configuration parameter is protected;
  
  if it is determined that the system configuration parameter is designated as protected, presenting to a user of the computing device a message including human-discernable information that is obscured from detection by a computer-implemented process;
  
  requesting from the user an action that indicates recognition of the human-discernable information; and
  
  if the user does not perform the requested action, returning the system configuration parameter to the first state.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein determining that the system configuration parameter has been modified from a first state to a second state comprises:
    - receiving an indication from an operating system of the computing device that the system configuration parameter has been modified.
  - 3. The method of claim 1, wherein determining whether the system configuration parameter is protected comprises:
    - consulting a list of protected system configuration parameters.
  - 4. The method of claim 1, wherein determining whether the system configuration parameter is protected comprises:
    - determining whether the system configuration parameter has been modified as a result of the installation of software authenticated using a digital certificate; and
      
      if it is determined that the system configuration parameter has been modified as a result of the installation of software authenticated using a digital certificate, determining that the system configuration has not been protected.
  - 5. The method of claim 1, wherein determining whether the system configuration parameter is designated as restricted comprises:
    - determining whether the system configuration parameter has been modified as a result of the installation of software by a trusted source; and
      
      if it is determined that the system configuration parameter has been modified as a result of the installation of software by a trusted source, determining that the system configuration has not been protected.
  - 6. The method of claim 1, wherein the human-discernable information that is obscured from detection by a computer-implemented process comprises visually distorted letters and/or numbers.
  - 7. The method of claim 1, wherein the human-discernable information that is obscured from detection by a computer-implemented process comprises an audio message including sounds selected to prevent accurate identification of the message by a computer-implemented process.
  - 8. The method of claim 1, wherein the message includes information indicating use in the computing device of the system configuration parameter.

9. A method comprising:
- in response to the occurrence of a restricted event in a computing device, presenting to a user of the computing device a challenge including information designed to assist in determining whether the challenge is answered by a human;
  
  determining whether the challenge was answered by a human; and
  
  if it is determined that the challenge was not answered by a human, counteracting the restricted event.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the restricted event comprises a call to a specified Application Programming Interface (API) to modify a system configuration parameter and wherein counteracting the restricted event comprises preventing the API from modifying the system configuration parameter.
  - 11. The method of claim 9, wherein the restricted event comprises modifying a system configuration parameter of the computing device from a first state to a second state and wherein counteracting the restricted event comprises returning the system configuration parameter to the first state.
  - 12. The method of claim 9, wherein the challenge comprises a puzzle and puzzle directions.
  - 13. The method of claim 9, wherein the challenge comprises a visual challenge.
  - 14. The method of claim 9, wherein the challenge comprises an audio challenge.

15. One or more computer-readable media embodying computer-executable instruction that, when executed by a computer, cause the computer to implement a method comprising:
- detecting a request to modify a system configuration parameter of a computing device;
  
  in response to detecting the request, determining whether the system configuration parameter is protected;
  
  if it is determined that the system configuration parameter is protected, presenting to a user of the computing device a human-discernable a message including information that is obscured from detection by a computer-implemented process;
  
  requesting from the user an action that indicates recognition of the information; and
  
  if the user does not perform the requested action, preventing modification of the system configuration parameter.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein detecting a request to modify select configuration information of the computing device comprises:
    - determining whether a call has been made to a specified Application Programming Interface (API) to modify the system configuration parameter.
  - 17. The method of claim 15, wherein determining whether the system configuration parameter is protected comprises:
    - determining whether the request to modify the system configuration parameter has been made in conjunction with the installation of software that is signed by a trusted authority; and
      
      if it is determined that the request to modify the system configuration parameter has been made in conjunction with the installation of software that is signed by a trusted authority, determining that the system configuration parameter is not protected.
  - 18. The method of claim 15, wherein determining the system configuration parameter is protected comprises:
    - determining whether the request to modify the system configuration parameter has been made in conjunction with installing software according to a predefined group policy; and
      
      if it is determined that the request to modify the system configuration parameter has been made in conjunction with installing software according to a predefined group policy, determining that the system configuration parameter is not protected.
  - 19. The method of claim 15, wherein the human-discernable information that is obscured from detection by a computer-implemented process comprises visually distorted letters and/or numbers.
  - 20. The method of claim 15, wherein the message includes information indicating use in the computing device of the system configuration parameter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Gunawardena, Dinan, Zugenmaier, Alf, Donnelly, Austin, Scott, Jacob

Granted Patent

US 7,603,706 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/31 User authentication

G06F 2221/2103 Challenge-response

System security using human authorization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System security using human authorization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links