Authorization of device access to network services

US 20070039039A1
Filed: 08/10/2005
Published: 02/15/2007
Est. Priority Date: 08/10/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for securing a network, comprising:

sending, by a first device, an authorization request;

presenting, by a second device, a representation of the authorization request in a User Interface (UI);

providing, by said first device, a device identifier (ID);

approving, by a user via said UI, the first device, wherein said approving comprises using the device ID;

generating a key for the first device, wherein at least one network service may be accessed using said key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides for authorization of devices entering a network. A new device entering a network sends an authorization request. Another device in the network may receive the request and display a User Interface (UI) which prompts the user to approve the device. The user can use a device identifier provided by the new device in approving the new device. Assuming the identifier provided by the new device matches an identifier accessible by the authorizing device, the user authorizes the new device. A key is then generated for the new device, which allows access to an appropriate range of network services. Authorization decisions can be synchronized among the various devices in a network, so even if an authorizing device leaves the network, the new device key can be validated. A security service can be replicated in a new device once the device is authorized to access the network.

Citations

20 Claims

1. A method for securing a network, comprising:
- sending, by a first device, an authorization request;
  
  presenting, by a second device, a representation of the authorization request in a User Interface (UI);
  
  providing, by said first device, a device identifier (ID);
  
  approving, by a user via said UI, the first device, wherein said approving comprises using the device ID;
  
  generating a key for the first device, wherein at least one network service may be accessed using said key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said authorization request comprises the device ID.
  - 3. The method of claim 2, wherein said representation of the authorization request comprises the device ID.
  - 4. The method of claim 3, wherein said using the device ID comprises comparing, by the user, the device ID in said representation of the authorization request with the device ID provided by said first device.
  - 5. The method of claim 1, wherein said using the device ID comprises entering, by the user, the device ID provided by said first device, and wherein the device ID is entered into the second device.
  - 6. The method of claim 5, wherein the key is generated by the first device and by the second device.
  - 7. The method of claim 1, further comprising broadcasting, by the second device, the authorization request.
  - 8. The method of claim 1, further comprising sending, by the second device to a third device, an indication that the first device is authorized to access the at least one network service.

9. An article of manufacture comprising computer readable instructions for execution by a computing device, the instructions comprising:
- instructions for detecting a signal from a first computing device, wherein said signal comprises an authorization request;
  
  instructions for displaying said authorization request in a User Interface (UI);
  
  instructions for generating a key for said first computing device, wherein said key allows said first computing device to access at least one network service, and wherein said instructions for generating are carried out in response to an approval from a user provided via said UI.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The article of manufacture of claim 9, wherein the network service comprises a software application executing on one or more of a plurality of networked computing devices.
  - 11. The article of manufacture of claim 9, wherein the instructions for detecting a broadcast signal utilize the Web Services Security (WS-Security) protocol.
  - 12. The article of manufacture of claim 9, wherein the instructions for detecting a signal utilize the Universal Plug and Play (UPnP) discovery protocol.
  - 13. The article of manufacture of claim 9, wherein the UI prompts the user to compare a first device ID in said UI with a second device ID provided by said first computing device to determine if the first and second device IDs are identical.
  - 14. The article of manufacture of claim 9, further comprising instructions for restricting access by said first computing device to a subset of network services corresponding to a device class associated with said first computing device.
  - 15. The article of manufacture of claim 9, further comprising instructions for restricting access by said first computing device to a subset of network services allowed to a user of said first computing device.
  - 16. The article of manufacture of claim 9, further comprising instructions for synchronizing security information with at least one second computing device, such that if the first computing device delivers the key to the second computing device, then the second computing device allows access to the network service.

17. A computing device comprising means for requesting authorization to access a network service, said means comprising:
- means for detecting that said computing device is operably connected to a network;
  
  means for determining if said computing device can access a network service available on said network;
  
  means for sending an authorization request, wherein said means for sending is triggered if it is determined by said means for determining that said computing device can not access said network service;
  
  means for providing a device ID;
  
  means for receiving a key from a second computing device associated with said network;
  
  means for using the key to access the network service.
- View Dependent Claims (18, 19, 20)
- - 18. The computing device of claim 17, wherein said means for sending an authorization request utilizes the Web Services Security (WS-Security) protocol.
  - 19. The computing device of claim 17, said means for sending an authorization request utilizes the Universal Plug and Play (UPnP) discovery protocol.
  - 20. The computing device of claim 17, further comprising means for authorizing a third device to access the network service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Gilbert, Mark, Mevissen, Ron

Application Number

US11/201,232
Publication Number

US 20070039039A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2129   Authenticate client device ...

G06F 2221/2149   Restricted operating enviro...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

Authorization of device access to network services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization of device access to network services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links