Privilege restriction enforcement in a distributed system

US 20080022368A1
Filed: 06/09/2006
Published: 01/24/2008
Est. Priority Date: 06/09/2006
Status: Active Grant

First Claim

Patent Images

1. A method for enforcing an administrative privilege in a distributed system, said method comprising:

receiving an administrative request to administer a remote system in the distributed system in accordance with at least one administrative privilege;

determining if the at least one administrative privilege is authorized; and

if the at least one administrative privilege is authorized, granting the administrative request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Remote administrative privileges in a distributed system are disabled by default. To administer a remote system, express action is taken to elevate a user status to obtain remote administrative privileges. When local and remote systems communicate, information pertaining to the status of the logged on user is included in the communications. If the user wishes to legitimately administer a remote system, the user provides an explicit request. The request is processed. If the user is configured as an administrator of the remote system and the request contains an indication that the user'"'"'s administrative status has been elevated, an authorization token is generated. The authorization token is utilized by the remote system to allow the user to administer the remote system.

22 Citations

View as Search Results

19 Claims

1. A method for enforcing an administrative privilege in a distributed system, said method comprising:
- receiving an administrative request to administer a remote system in the distributed system in accordance with at least one administrative privilege;
  
  determining if the at least one administrative privilege is authorized; and
  
  if the at least one administrative privilege is authorized, granting the administrative request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method in accordance with claim 1, further comprising automatically granting no remote administrative privileges when logging onto the distributed system.
  - 3. A method in accordance with claim 1, further comprising taking an express action to administer the remote system.
  - 4. A method in accordance with claim 1, further comprising receiving the administrative request via one of a secure channel and a non-secure channel.
  - 5. A method in accordance with claim 1, further comprising generating an authentication token indicative of the granted administrative privilege, wherein the authentication token is utilizable by the remote system to permit the user to administer the remote system.
  - 6. A method in accordance with claim 1, further comprising permitting administration of the remote system in accordance with the granted administrative privilege.
  - 7. A method in accordance with claim 1, wherein the administrative request comprises a restriction to the at least one administrative privilege.

8. A computer-readable medium having computer-executable instructions store thereon for enforcing an administrative privilege in a distributed system, comprising:
- receiving an authentication payload comprising at least one administrative privilege associated with a user and a remote system in the distributed system;
  
  determining if the at least one administrative privilege is authorized; and
  
  if the at least one administrative privilege is authorized, permitting administration of the remote system in accordance with the authorized at least one administrative privilege.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. A computer-readable medium in accordance with claim 8, wherein a remote administrative privilege is not automatically granted upon logging on to the distributed system.
  - 10. A computer-readable medium in accordance with claim 8, the computer-readable medium having further executable instructions for receiving the authentication payload via one of a secure channel and a non-secure channel.
  - 11. A computer-readable medium in accordance with claim 8, the computer-readable medium having further executable instructions for generating an authentication token indicative of the authorized administrative privilege, wherein the authentication token is utilizable by the remote system to permit administration of the remote system.
  - 12. A computer-readable medium in accordance with claim 8, the computer-readable medium having further executable instructions for permitting administration of the remote system in accordance with the authorized at least one administrative privilege.
  - 13. A computer readable medium in accordance with claim 8, wherein the authentication payload comprises a restriction to the at least one administrative privilege.

14. A system for enforcing an administrative privilege, said system comprising:
- an input/output portion for;
  
  receiving an administrative request to administer the system in accordance with at least one administrative privilege; and
  
  a processor portion for;
  
  determining if the at least one administrative privilege is authorized; and
  
  if the at least one administrative privilege is authorized, permitting administration of the system in accordance with the authorized at least one administrative privilege.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. A system in accordance with claim 14, wherein:
    - the system comprises a remote system in a distributed system; and
      
      an administrative privilege for administering the remote system is not automatically granted upon logging on to another system of the distributed system.
  - 16. A system in accordance with claim 14, further comprising one of a secure channel and a non-secure channel for receiving the administrative request.
  - 17. A system in accordance with claim 14, further comprising a token generator for generating an authentication token indicative of the authorized at least one administrative privilege, wherein the authentication token is utilizable by the system to permit administration of the system.
  - 18. A system in accordance with claim 14, said processing portion further for permitting administration of the system in accordance with the authorized at least one administrative privilege.
  - 19. A system in accordance with claim 14, wherein the administrative request comprises a restriction to the at least one administrative privilege.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Leach, Paul J., Field, Scott A., Zhu, Liqiang, Brundrett, Peter T.

Granted Patent

US 7,757,281 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/102 Entity profiles

Privilege restriction enforcement in a distributed system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Privilege restriction enforcement in a distributed system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links