Method and apparatus for managing and displaying contact authentication in a peer-to-peer collaboration system

US 20090150968A1
Filed: 07/31/2003
Published: 06/11/2009
Est. Priority Date: 07/31/2003
Status: Active Grant

First Claim

Patent Images

1. (canceled)

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Proper user-to-data associations are maintained in shared spaces created in a peer-to-peer collaborative system by means of a simplified and minimal user interface that permits users to easily authenticate other members of a shared space. In particular, support is provided for automatically building authenticated relationships even if users do not take the time to authenticate other users. When a user enters a shared space and views the contacts in that space, the display names of each contact are accompanied by distinctive icons that identify that authentication status of that contact. A mechanism is provided for resolving conflicts between contacts with the same display names to prevent confusion and contact “spoofing.” Security policies can be established to provide a uniform approach to authentication. These policies can be set by a user or, alternatively, the policies can be set by an administrator.

Citations

65 Claims

1. (canceled)

3. (canceled)

5-8. -8. (canceled)

14. (canceled)

21-42. -42. (canceled)

43. A method of operating a computing device providing an endpoint in a peer-to-peer collaboration system in which each user has an identity and a display name, the method comprising:
- in response to communicating with a first user, recording the first user as a contact in a contact data store in memory associated with the computing device, the recording comprising storing at least an identity and display name of the first user;
  
  in response to receiving a communication from a second user;
  
  determining whether the display name of the second user is equivalent to the display name of a user in the contact data store;
  
  when the display name of the second user is equivalent to the display name of a stored contact in the contact data store, and the identity of the user is different than the identity of the contact with the matching display name, generating a warning on a display associated with the computing device.
- View Dependent Claims (2, 4, 9, 10, 11, 12, 13, 44, 45, 46, 47, 48, 49, 50)
- - 2. The method of claim 43 wherein determining whether the display name of the second user is equivalent to the display name of the contact stored in the contact data store comprises computing a clean name from each display name and comparing clean names of the two display names.
  - 4. The method of claim 43 wherein generating a warning comprises displaying a name conflict indicator next to each display name associated with a contact identity whose authentication level (1) is less than the highest authentication/certification level of all contact identities with equivalent display names or (2) equals the highest authentication/certification level of all contact identities with an equivalent display name and at least one other contact identity with an equivalent display name has been identified having an equal authentication level.
  - 9. The method of claim 43 further comprising:
    - preventing a user from communicating with another user based on a security policy when the other user has a predetermined authentication level.
  - 10. The method of claim 43 wherein generating the warning comprises displaying a dialog box having all display names that are equivalent to the display name of the first user listed therein.
  - 11. The method of claim 49 wherein the step of receiving user input comprises assigning the alternative display name as an alias to the selected display name which alias is not equivalent to either of the first display name and the selected display name and which alias replaces the selected display name.
  - 12. The method of claim 43 wherein displaying the warning comprises:
    - displaying an authentication indicator next to a display name that is not equivalent to another display name, which authentication indicator displays the authentication level of the associated contact.
  - 13. The method of claim 12 wherein each contact can have one of a predetermined number of authentication levels and wherein the authentication indicator that is displayed is unique to one of the authentication levels.
  - 44. The method of claim 43, further comprising, for each of a plurality of instances of the display name of the second user appearing on a display screen of the computing device, displaying the warning in conjunction with the display name.
  - 45. The method of claim 44, wherein at least one of the plurality of instances comprises a listing of contacts in a graphical user interface adapted to receive user input selecting a contact with which to communicate.
  - 46. The method of claim 43, wherein generating the warning in conjunction with the display name comprises displaying an icon adjacent an instance of the display name.
  - 47. The method of claim 43, further comprising:
    - upon receiving a communication from a new user for which there is no entry in the contact data store, making an entry for the new user in the contact data store, the making an entry comprising displaying a graphical user interface presenting information about the new user and containing an input area adapted to receive input from a user of the computing device authenticating the new user.
  - 48. The method of claim 47, wherein:
    - when the input from the user of the computing device authenticating the new user is received, storing in the entry for the new user an indication that the new user is authenticated; and
      
      when the input from the user of the computing device authenticating the new user is not received, storing in the entry for the new user an indication that the new user is unauthenticated.
  - 49. The method of claim 43, wherein:
    - the warning comprises a name conflict indicator displayed in a first graphical user interface to the computing device; and
      
      the method further comprises;
      
      in response to user input received through the first graphical user interface, the user input being associated with the name conflict indicator, displaying on the computing device a plurality of equivalent display names that are equivalent to the first display name;
      
      receiving user input from a user of the computing device specifying an alternative display name for a selected display name, the alternative display name being selected by the user from the plurality of equivalent display names displayed on the computing device, the alternative display name being associated with a selected identity and being different than the first display name; and
      
      identifying on a second graphical user interface of the computing device the selected identity with the alternative display name, the second graphic user interface providing a function related to controlling communication within the peer-to-peer collaboration system, the communication being between the computing device and a second device associated with the selected identity.
  - 50. The method of claim 43, wherein generating the warning comprises generating a warning about a potentially masquerading user having a display name equivalent to the display name of the first user, the potentially masquerading user selected from a set of users, including the first user, having display names equivalent to the display name of the first user, the potentially masquerading user being selected based on relative authorization levels of the users in the set.

51. A method of operating a computing device providing an endpoint in a peer-to-peer collaboration system in which each user has an identity and a display name, the method comprising:
- receiving an input setting a security policy from a user of the computing device and/or a system administrator;
  
  in response to an event that triggers a function that includes display of a display name of a first user;
  
  determining an authentication level of the first user, the authentication level comprising an authentication level being selected from a set comprising a certified level, an authenticated level, and an unauthenticated level, the certified level being higher then the authenticated level and the authenticated level being higher than the unauthenticated level;
  
  selectively responding to the event based on the authentication level and the security policy, the security policy having at least an allow option, a restrict option and a warn option, and the selectively responding comprising;
  
  when the security policy option is determined to be allow, presenting on a graphical user interface the display name of the first user in conjunction with performance of the function in response to the event;
  
  when the security policy option is determined to be warn and the authentication level is less than or equal to a threshold level, presenting on the graphical user interface the display name of the first user in conjunction with performance of the function, the presenting including presenting a warning on the authentication level of the first user; and
  
  when the security policy option is set to restrict and the authentication level is less than or equal to the threshold level, omitting performance of the function.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 52, 53, 54, 55, 56)
- - 15. The method of claim 51 wherein receiving an input setting a security policy comprises receiving from a user of the computing device the input setting the security policy.
  - 16. The method of claim 51 wherein receiving an input setting a security policy comprises receiving from a system administrator the input setting the security policy.
  - 17. The method of claim 51 wherein selectively responding to the event comprises warning a user when the security policy is set to warn and the user attempts to communicate with an unauthenticated and uncertified contact.
  - 18. The method of claim 51 wherein selectively responding to the event comprises preventing a user from communicating with an uncertified contact when the security policy is set to restrict and the user attempts to communicate with an uncertified contact.
  - 19. The method of claim 51 wherein selectively responding to the event comprises allowing a user to communicate with an unauthenticated and uncertified contact when the security policy is set to allow without warning and the user attempts to communicate with an unauthenticated and uncertified contact.
  - 20. The method of claim 51 wherein determining the authentication level of the first user comprises:
    - compiling a contact list of contacts;
      
      checking the contact list to determine contacts that are not authenticated;
      
      checking the unauthenticated contacts to determine whether a certification policy applies to any unauthenticated contact; and
      
      placing an unauthenticated contact on the list of unauthenticated and uncertified contacts when no certification policy applies to that contact.
  - 52. The method of claim 51, wherein the threshold level is determined dynamically based on an authentication level of at least one other user having a display name equivalent to the display name of the first user.
  - 53. The method of claim 51, wherein the selectively responding comprises processing the event based on the authentication level and a security policy and the nature of the response to the event.
  - 54. The method of claim 51, further comprising:
    - upon receiving a communication from a new user for which there is no entry in a contact data store, making an entry for the new user in the contact store, the making an entry comprising displaying a graphical user interface presenting information about the new user and containing an input area through which a user of the computing device can authenticate the new user.
  - 55. The method of claim 51, wherein the event comprises receiving a communication from the first user.
  - 56. The method of claim 51, wherein the event comprises receiving user input including a command to initiate communication with a user.

57. A computer storage medium comprising computer-executable instructions that, when executed on a computing device providing an endpoint in a peer-to-peer collaboration system in which each user has an identity and a display name, perform a method comprising:
- in response to communicating with a first user, recording the first user as a contact in a contact data store in memory associated with the computing device, the recording comprising storing at least an identity and display name of the first user;
  
  in response to receiving a communication from a second user;
  
  determining whether the display name of the second user is equivalent to the display name of a user in the contact data store; and
  
  when the display name of the second user is equivalent to the display name of a stored contact in the contact data store, but the identity of the user is different than the identity of the contact with the matching display name, generating a warning on a display associated with the computing device.

58. A computer storage medium comprising computer-executable instructions that, when executed on a computing device providing an endpoint in a peer-to-peer collaboration system in which each user has an identity and a display name, perform a method comprising:
- in response to an event that triggers a function that includes display of a display name of a first user;
  
  determining an authentication level of the first user, the authentication level comprising an authentication level selected from a set comprising a certified level, an authenticated level, and an unauthenticated level, the certified level being higher then the authenticated level and the authenticated level being higher than the unauthenticated level;
  
  selectively responding to the event based on the authentication level and a security policy, the security policy having at least an allow option, a restrict option and a warn option, and the selectively responding comprising;
  
  when the security policy option is determined to be allow, presenting on a graphical user interface the display name of the first user in conjunction with of a function performed in response to the event;
  
  when the security policy option is determined to be warn and the authentication level is less than or equal to a threshold level, presenting on the graphical user interface the display name of the first user in conjunction with performance of the function, the presenting including presenting a warning on the authentication level of the first user; and
  
  when the security policy option is set to restrict and the authentication level is less than or equal to the threshold level, omitting performance of the function.

59. A computer storage medium comprising computer-executable instructions that, when executed on a computing device providing an endpoint in a peer-to-peer collaboration system in which each user has an identity and a display name, perform a method comprising:
- in response to an event adapted to trigger a function associated with a first user different than a user of the computing device;
  
  determining an authentication level of the first user, the authentication level comprising an authentication level being selected from a set comprising a certified level, an authenticated level, and an unauthenticated level, the certified level being higher then the authenticated level and the authenticated level being higher than the unauthenticated level;
  
  selectively responding to the event based on the authentication level and a security policy, the security policy having at least an allow option, a restrict option and a warn option, and the selectively responding comprising;
  
  when the security policy option is set to restrict and the authentication level is less than or equal to the threshold level, blocking performance of the function.
- View Dependent Claims (60, 61, 62, 63, 64, 65)
- - 60. The computer storage medium of claim 59, wherein the method further comprises:
    - when the security policy option is determined to be warn and the authentication level is less than or equal to a threshold level, presenting on the graphical user interface the display name of the first user in conjunction with performance of the function in response to the event, the presenting including presenting a warning on the authentication level of the first user.
  - 61. The computer storage medium of claim 60, wherein determining the authentication level of the first user comprises accessing a contact data store in memory associated with the computing device.
  - 62. The computer storage medium of claim 61, wherein the method further comprises, prior to the event, in response to communicating with the first user, recording the first user as a contact in the contact data store, the recording comprising storing at least an identity, display name and authentication level of the first user.
  - 63. The computer storage medium of claim 62, wherein the method further comprises, determining the authentication level of the first user, the determining comprising:
    - displaying a graphical user interface presenting information about the first user and containing an input area adapted to receive input from the user of the computing device authenticating the first user;
      
      when input is received from the user of the computing device authenticating the first user, determining that the first user has an authenticated level of authenticated.
  - 64. The computer storage medium of claim 62, wherein the method further comprises, determining the authentication level of the first user, the determining comprising:
    - receiving information on authentication level of users of the peer-to-peer collaboration system from a network administrator;
      
      when the received information comprises an indication that the first user is certified, determining that the authentication of the first user is certified.
  - 65. The method of claim 64, wherein:
    - the authentication level comprises an authentication level selected from a set comprising a certified level, an authenticated level, and an unauthenticated level, the certified level being higher then the authenticated level and the authenticated level being higher than the unauthenticated level; and
      
      when the first user is not determined to be certified;
      
      displaying a graphical user interface presenting information about the first user and containing an input area adapted to receive input from a user of the computing device authenticating the first user;
      
      when input is received from the user of the computing device authenticating the first user, determining that the first user has an authenticated level of authenticated; and
      
      when input is not received from the user of the computing device authenticating the first user, determining that the first user has an unauthenticated level of authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Groove Networks, Inc. (Microsoft Corporation)
Inventors
Dai, Wei, Weiss, Adam, Cote, Mark, Asthagiri, Nimisha, Moromisato, George P., Ozzie, Raymond E., Evdokimov, Alexei

Granted Patent

US 7,624,421 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

H04L 67/104   Peer-to-peer [P2P] networks

Method and apparatus for managing and displaying contact authentication in a peer-to-peer collaboration system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

65 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for managing and displaying contact authentication in a peer-to-peer collaboration system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

65 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links