EXTENSIBLE AUTHENTICATION MANAGEMENT

US 20080313730A1
Filed: 06/15/2007
Published: 12/18/2008
Est. Priority Date: 06/15/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for determining whether to grant users access a resource, comprising the steps of:

receiving a first request from a first user to access the resource;

determining an access policy that is applicable to the first request;

providing a first gate included in the applicable access policy;

providing a first identifier identifying a first gate client corresponding to the first gate;

receiving at least a first response from the first user; and

granting the first request if the at least first response satisfies the applicable access policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for controlling access to a resource permits an administrator to make changes to access policies at a server level without having to update client code unless and until such updated code is actually needed by a client. Customizable, plug-in gates are provided to permit administrators fine grained control over access policy definition. The most updated versions of corresponding gate clients used to display the gates are identified to client systems when an access request is made. The updated gate clients are downloaded if and when requested by a client system that has not already stored the updated gate clients locally. The user'"'"'s responses to gate challenges are compared to responses presented by the user at registration. If the responses meet the access policy'"'"'s threshold for accuracy, the user is permitted to access the resource.

272 Citations

20 Claims

1. A method for determining whether to grant users access a resource, comprising the steps of:
- receiving a first request from a first user to access the resource;
  
  determining an access policy that is applicable to the first request;
  
  providing a first gate included in the applicable access policy;
  
  providing a first identifier identifying a first gate client corresponding to the first gate;
  
  receiving at least a first response from the first user; and
  
  granting the first request if the at least first response satisfies the applicable access policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising the steps of:
    - receiving a request for the first gate client; and
      
      providing the first gate client.
  - 3. The method of claim 1, wherein the first request includes first user information and wherein the determining step comprises determining an access policy that is applicable to the request based at least upon the first user information.
  - 4. The method of claim 1, wherein the first request includes first user information and resource information and wherein the determining step comprises determining an access policy that is applicable to the first request based at least upon the first user information and the resource information.
  - 5. The method of claim 1, wherein the first identifier comprises a hash value.
  - 6. The method of claim 1, wherein:
    - the first request includes client cultural information referencing a first client culture;
      
      the step of providing a first identifier comprises providing the first identifier from a plurality of identifiers; and
      
      the first identifier identifies a first gate client adapted the first client culture.
  - 7. The method of claim 1, further comprising:
    - validating the first response;
      
      providing, after validation of the first response, a second gate included in the applicable access policy; and
      
      receiving a response to the second gate.
  - 8. The method of claim 1, further comprising:
    - receiving a second request from a second user to access the resource;
      
      determining an access policy that is applicable to the second request;
      
      providing a second gate included in the applicable access policy;
      
      providing a second identifier identifying a second gate client corresponding to the second gate;
      
      receiving a second response from the second user; and
      
      granting the second request if the response satisfies the applicable access policy, wherein the access policy applicable to the second request is different from the access policy applicable to the first request.
  - 9. The method of claim 1, wherein the resource is a module that permits the first user to reset a credential.
  - 10. The method of claim 1, wherein the resource is a computer system.

11. A system for obtaining access to a resource, comprising:
- a processing unit; and
  
  a memory coupled with and readable by the processing unit and having stored therein instructions which, when executed by the processing unit, cause a gate framework module to perform the following acts;
  
  providing a first request from a first user to access the resource;
  
  receiving a first gate and a first identifier identifying a first gate client;
  
  determining whether the first gate client is stored locally;
  
  requesting, if the first gate client is not stored locally, the first gate client;
  
  receiving the first gate client;
  
  presenting the first gate using the first gate client; and
  
  providing a first response to the first gate.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, wherein the first request includes first user information.
  - 13. The system of claim 11, wherein the first request includes resource information and first user information.
  - 14. The system of claim 11, wherein the first request includes client cultural information referencing a first client culture and wherein the first gate client is adapted to the first client culture.
  - 15. The system of claim 11, wherein the first identifier comprises a hash value.
  - 16. The system of claim 11, wherein receiving the first gate client includes receiving multiple files that comprise the first gate client.
  - 17. The system of claim 11, wherein the act of receiving the first gate comprises temporarily storing the first gate in the memory, further comprising the act of:
    - deleting the first gate after providing the first response.

18. A computer readable medium, executable on a computing system, including at least one tangible medium and encoding a computer program of instructions for executing a computer implemented method for determining whether to grant users to access a resource, comprising the steps of:
- receiving a first request from a first user to access the resource, wherein the first request includes client cultural information referencing a first client culture;
  
  determining an access policy that is applicable to the first request;
  
  providing a first gate included in the applicable access policy;
  
  providing a first identifier, from a plurality of identifiers, identifying a first gate client, wherein the first gate client corresponds to the first gate and is adapted to the first client culture;
  
  receiving at least a first response from the first user; and
  
  granting the first request if the at least first response satisfies the applicable access policy.
- View Dependent Claims (19, 20)
- - 19. The computer readable medium of claim 18, further comprising the steps of:
    - receiving a request for the first gate client;
      
      providing the first gate client.
  - 20. The computer readable medium of claim 19, further comprising:
    - validating the first response;
      
      providing, after validation of the first response, a second gate included in the applicable access policy; and
      
      receiving a response to the second gate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bequette, Bruce P., Iftimie, Sorin

Application Number

US11/763,657
Publication Number

US 20080313730A1
Time in Patent Office

Days
Field of Search
US Class Current

726/17
CPC Class Codes

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/6218   to a system of files or obj...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04L 63/20   for managing network securi...

EXTENSIBLE AUTHENTICATION MANAGEMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

272 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

EXTENSIBLE AUTHENTICATION MANAGEMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

272 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links