Methods and apparatus for managing user access to a computing environment

US 20080046753A1
Filed: 08/01/2006
Published: 02/21/2008
Est. Priority Date: 08/01/2006
Status: Active Grant

First Claim

Patent Images

1. A method, performed by a user, of gaining access to at least one computing device, the method comprising acts of:

(A) gaining access to the at least one computing device at a first time by providing credential information to the at least one computing device to authenticate the user'"'"'s identity to the at least one computing device;

(B) presenting to a first user interface for the at least one computing device a physical device comprising identifying information to associate the physical device with the user authenticated by the credential information; and

(C) gaining access to the at least one computing device at a second time, subsequent to the first time, by presenting the physical device to the first user interface or a different user interface of the at least one computing device without providing the credential information to authenticate the user'"'"'s identity to the at least one computing device at the second time.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for controlling user access to a computing environment. In one embodiment, a user gains access to at least one computing device at a first time by providing credential information to authenticate the user'"'"'s identity; presents to a first user interface for the at least one computing device a physical device comprising identifying information to associate the device with the authenticated user; and gains access at a second time by presenting the physical device to the first user interface or a different user interface without providing the credential information. In another embodiment, in response to a user seeking access by presenting a physical device comprising identifying information, granting access only when the device was previously associated with a user who, within a grace period, provided credential information to authenticate the user'"'"'s identity.

38 Citations

View as Search Results

26 Claims

1. A method, performed by a user, of gaining access to at least one computing device, the method comprising acts of:
- (A) gaining access to the at least one computing device at a first time by providing credential information to the at least one computing device to authenticate the user'"'"'s identity to the at least one computing device;
  
  (B) presenting to a first user interface for the at least one computing device a physical device comprising identifying information to associate the physical device with the user authenticated by the credential information; and
  
  (C) gaining access to the at least one computing device at a second time, subsequent to the first time, by presenting the physical device to the first user interface or a different user interface of the at least one computing device without providing the credential information to authenticate the user'"'"'s identity to the at least one computing device at the second time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the credential information provided in the act (A) comprises a user identifier and a password.
  - 3. The method of claim 1, wherein the credential information provided in the act (A) comprises biometric information about the user.
  - 4. The method of claim 1, wherein the physical device presented in the acts (B) and (C) comprises a passive proximity badge.
  - 5. The method of claim 1, wherein the second time is subsequent to the first time by a period of time that is less than a grace period established by the at least one computing device to enable the user to regain access to the at least one computing device without providing the credential information to authenticate the user'"'"'s identity to the at least one computing device.
  - 6. The method of claim 5, further comprising an act of:
    - (D) gaining access to the at least one computing device at a third time that is subsequent to the second time by greater than the grace period by providing the credential information to the at least one computing device to authenticate the user'"'"'s identity to the at least one computing device.
  - 7. The method of claim 1, wherein the at least one computing device is part of a computing system for a healthcare organization and the user is a healthcare provider.
  - 8. The method of claim 1, wherein the at least one computing device comprises a computer system comprising a plurality of computers coupled via at least one communication medium, the plurality of computers comprising at least a first computer and a second computer, wherein the act (A) comprises an act of gaining access to the computer system via the first computer, and wherein the act (C) comprises gaining access to the computer system via the second computer.
  - 9. The method of claim 1, wherein the access to the at least one computing device comprises a first session of the user using the at least one computing device, and wherein the act (B) comprises an act of presenting the at least one physical device to the at least one computing device while gaining access to the at least one computing device at the first time and/or during the first session after the user'"'"'s identify has been authenticated.
  - 10. The method of claim 1, wherein the act (C) comprises gaining access to the at least one computing device at the second time by presenting the physical device to a second user interface of the at least one computing device that is different from the first user interface.
  - 11. The method of claim 10, wherein the at least one computing device comprises a computer system comprising a plurality of computers coupled via at least one communication medium, the plurality of computers comprising at least a first computer and a second computer;
    - wherein the first user interface is associated with the first computer so that the act (A) comprises an act of gaining access to the computer system via the first computer; and
      
      wherein the second user interface is associated with the second computer so that the act (C) comprises gaining access to the computer system via the second computer.
  - 12. The method of claim 1, wherein the act (C) comprises gaining access to the at least one computing device at the second time by presenting the physical device to the first user interface.

13. A method of controlling access to at least one computing device, the method comprising acts of:
- (A) in response to a user seeking access to the at least one computing device by presenting a physical device comprising identifying information, determining whether the physical device was previously associated with a user who, within a grace period of time, accessed the at least one computing device as a result of the user having provided credential information to the at least one computing device to authenticate the user'"'"'s identity and who presented the physical device to the at least one computing device to associate the physical device with the user identified by the credential information;
  
  (B) when it is determined in the act (A) that the physical device was not previously associated with a user who, within the grace period of time, accessed the at least one computing device as a result of the user having provided the credential information to the at least one computing device to authenticate the user'"'"'s identity and who presented the physical device to the at least one computing device to associate the physical device with the user identified by the credential information, requiring that to gain access to the at least one computing device the user provide the credential information to the at least one computing device to authenticate the user'"'"'s identity; and
  
  (C) when it is determined in the act (A) that the physical device was previously associated with a user who, within the grace period of time, accessed the at least one computing device as a result of the user having provided the credential information to the at least one computing device to authenticate the user'"'"'s identity and who presented the physical device to the at least one computing device to associate the physical device with the user identified by the credential information, enabling the user to gain access to the at least one computing device by presenting the physical device to the at least one computing device without requiring the user to provide the credential information to the at least one computing device to authenticate the user'"'"'s identity.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The method of claim 13, wherein the credential information comprises a user identifier and a password.
  - 15. The method of claim 13, wherein the credential information comprises biometric information about the user.
  - 16. The method of claim 13, wherein the physical device comprises a passive proximity badge.
  - 17. The method of claim 13, wherein the at least one computing device is part of a computing system for a healthcare organization and the user is a healthcare provider.
  - 18. The method of claim 13, further comprising an act of:
    - (D) when the user gains access to the at least one computing device by providing the credential information to the at least one computing device to authenticate the user'"'"'s identity and presents the physical device to the at least one computing device to associate the physical device with the user identified by the credential information, storing information that associates the physical device with the user.
  - 19. The method of claim 18, wherein the at least one computing device comprises a plurality of computers coupled via at least one communication medium, and wherein the act (D) comprises an act of storing the information that associates the physical device with the user in at least one storage location that is accessible to at least two of the plurality of computers.
  - 20. The method of claim 19, wherein the plurality of computers comprises a plurality of user workstations at which a user may gain access to the system, and wherein the act (D) comprises an act of storing the information that associates the physical device with the user in at least one storage location that is accessible to each of the plurality of user workstations.
  - 21. The method of claim 18, wherein the user gaining access to the at least one computing device begins a session of the user using the at least one computing device, and wherein the act (D) comprises an act of storing information that associates the physical device with the user when the user presents the at least one physical device to the at least one computing device while gaining access to the at least one computing device and/or during the session.

22. At least one computer readable medium encoded with a plurality of instructions that, when executed, perform a method of controlling access to at least one computing device, the method comprising acts of:
- (A) in response to a user seeking access to the at least one computing device by presenting a physical device comprising identifying information, determining whether the physical device was previously associated with a user who, within a grace period of time, accessed the at least one computing device as a result of the user having provided credential information to the at least one computing device to authenticate the user'"'"'s identity and who presented the physical device to the at least one computing device to associate the physical device with the user identified by the credential information;
  
  (B) when it is determined in the act (A) that the physical device was not previously associated with a user who, within the grace period of time, accessed the at least one computing device as a result of the user having provided the credential information to the at least one computing device to authenticate the user'"'"'s identity and who presented the physical device to the at least one computing device to associate the physical device with the user identified by the credential information, requiring that to gain access to the at least one computing device the user provide the credential information to the at least one computing device to authenticate the user'"'"'s identity; and
  
  (C) when it is determined in the act (A) that the physical device was previously associated with a user who, within the grace period of time, accessed the at least one computing device as a result of the user having provided the credential information to the at least one computing device to authenticate the user'"'"'s identity and who presented the physical device to the at least one computing device to associate the physical device with the user identified by the credential information, enabling the user to gain access to the at least one computing device by presenting the physical device to the at least one computing device without requiring the user to provide the credential information to the at least one computing device to authenticate the user'"'"'s identity.

23. A computer system comprising:
- at least one processor programmed to control access to computer system, wherein in response to a user seeking access to the at least one computer system by presenting a physical device comprising identifying information, the at least one processor is programmed to;
  
  determine whether the physical device was previously associated with a user who, within a grace period of time, accessed the at least one computer system as a result of the user having provided credential information to the at least one computer system to authenticate the user?s identity and who presented the physical device to the at least one computer system to associate the physical device with the user identified by the credential information;
  
  require that to gain access to the at least one computer system the user provide the credential information to the at least one computer system to authenticate the user'"'"'s identity when the at least one processor determines that the physical device was not previously associated with a user who, within the grace period of time, accessed the at least one computer system as a result of the user having provided the credential information to the at least one computer system to authenticate the user'"'"'s identity and who presented the physical device to the at least one computer system to associate the physical device with the user identified by the credential information; and
  
  enable the user to gain access to the at least one computer system by presenting the physical device to the at least one computer system without requiring the user to provide the credential information to the at least one computer system to authenticate the user'"'"'s identity when the at least one processor determines that the physical device was previously associated with a user who, within the grace period of time, accessed the at least one computer system as a result of the user having provided the credential information to the at least one computer system to authenticate the user'"'"'s identity and who presented the physical device to the at least one computer system to associate the physical device with the user identified by the credential information.

24. A method of controlling access to at least one computing device, the method comprising an act of:
- (A) in response to a user accessing the at least one computing device by providing credential information to the at least one computing device to authenticate the user'"'"'s identity and presenting a physical device comprising identifying information to the at least one computing device to associate the physical device with the user identified by the credential information, establishing a grace period of time during which the user may gain access to the at least one computing device by presenting the physical device to the at least one computing device without providing the credential information to the at least one computing device to authenticate the user'"'"'s identity.
- View Dependent Claims (25, 26)
- - 25. The method of claim 24, wherein the at least one computing device is used by an organization, and wherein the act (A) comprises an act of establishing the grace period based upon at least one criterion comprising a role of the user in the organization.
  - 26. The method of claim 24, wherein the at least one computing device comprises a computer system comprising a plurality of computers coupled via at least one communication medium, wherein the computer system comprises a plurality of user interfaces in a facility comprising a plurality of functional units, and wherein the act (A) comprises, in response to the user accessing the computing system via one of the plurality of user interfaces associated with a first of the functional units, establishing the grace period based upon at least one criterion comprising an identity of the first functional unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Sentillion Incorporated (Microsoft Corporation)
Inventors
Fusari, David

Granted Patent

US 7,647,324 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 2221/2117   User registration

G06F 2221/2137   Time limited access, e.g. t...

G07C 9/22   in combination with an iden...

G16H 40/63   for local operation

Methods and apparatus for managing user access to a computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Methods and apparatus for managing user access to a computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others