DIFFERENTIATED AUTHENTICATION FOR COMPARTMENTALIZED COMPUTING RESOURCES

US 20100017845A1
Filed: 07/18/2008
Published: 01/21/2010
Est. Priority Date: 07/18/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

organizing one or more computing resources accessible in a desktop environment into a group, the one or more computing resources include a data content, an application, a network portal, and a device;

providing an authentication policy for each computing resource, each authentication policy corresponding an authentication input with each of a plurality of actions for the each computing resource;

receiving one authentication input when a user intends one of the plurality of actions on one of the computing resources; and

allowing the user to perform the intended one of the plurality of actions on the one of the computing resources when the one authentication input enables the intended one of the plurality of actions.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments for providing differentiated authentication for accessing groups of compartmentalized computing resources, and accessing each compartmentalized computing resources, as displayed on a desktop environment of an operating system. In one embodiment, a method includes organizing one or more computing resources accessible in a desktop environment into a group. The one or more computing resources include a data content, an application, a network portal, and a device. The method also includes providing an authentication policy for actions that can be performed on each computing resource. The authentication policy is configured to associate an authentication input to each action for a particular computing resource. The method further includes receiving an authentication input when the user intends one of the actions on the particular computing resource. The method additionally includes allowing the user to perform the intended action on the particular computing resource when the received authentication input enables the intended action.

58 Citations

View as Search Results

20 Claims

1. A method, comprising:
- organizing one or more computing resources accessible in a desktop environment into a group, the one or more computing resources include a data content, an application, a network portal, and a device;
  
  providing an authentication policy for each computing resource, each authentication policy corresponding an authentication input with each of a plurality of actions for the each computing resource;
  
  receiving one authentication input when a user intends one of the plurality of actions on one of the computing resources; and
  
  allowing the user to perform the intended one of the plurality of actions on the one of the computing resources when the one authentication input enables the intended one of the plurality of actions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising adding an additional computing resource accessible to the user into the group that includes one or more of a data content, a network portal, an application, and a device.
  - 3. The method of claim 1, wherein the organizing one or more computing resources includes organizing the one or more computing resources into a group based on one or more of a usage pattern of the user, security requirements of the one or more computing resources, reliability of the one or more computing resources, and performance demand of the one or more computing resources.
  - 4. The method of claim 1, wherein each authentication input is provided via one of the device and the network portal.
  - 5. The method of claim 1, wherein the receiving one authentication input includes prompting the user for the one authentication input.
  - 6. The method of claim 1, wherein the one authentication input includes at least one of an identity, a password, a hardware identity certificate, or a software identity certificate.
  - 7. The method of claim 1,wherein the one authentication input is different from other authentication inputs in at least one of a type attribute and a strength attribute,wherein the type attribute is configured to identify the authentication input as including at least one of an identity, a password, a hardware-based input, or a software-based input, andwherein the strength attribute is configured to identify one of a permutational complexity of a password or a cryptographic complexity of an identity certificate.
  - 8. The method of claim 1, wherein the plurality of actions includes at least one of accessing the one of the computing resources, modifying the one of the computing resources, and removing the one of the computing resources.
  - 9. The method of claim 1, wherein the one or more computing resources include a local computing resource and a networked remote computing resource, and the group includes one of a local group and a networked remote group.

10. A computer readable medium storing computer-executable instructions that, when executed, cause one or more processors to perform acts comprising:
- organizing one or more first computing resources accessible in a desktop environment into a first group, the one or more first computing resources include a data content, an application, a network portal, and a device;
  
  providing an authentication policy that associates a first authentication input with a first action on the first group and associating a second authentication input with a second action on the first group, the first authentication input being different from the second authentication input;
  
  receiving one authentication input when a user intends one of the first and second actions on the first group; and
  
  allowing the user to perform the intended action on the first group when the one authentication input is one of the first and second authentication inputs that is associated with the intended action.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computer readable medium of claim 10, further comprising creating a first group prior to organizing the one or more first computing resources accessible in a desktop environment into the first group.
  - 12. The computer readable medium of claim 10, the computer-executable instructions cause the one or more processors to perform further acts comprising creating a second group that includes one or more second computing resources, the one or more second computing resources including a data content, an application, a network portal, and a device.
  - 13. The computer readable medium of claim 10,wherein the authentication policy further associates a third authentication input with a third action on one computing resource, the third authentication input being different from the first and second authentication inputs, andwherein the computer-executable instructions cause the one or more processors to perform further acts comprising:
    - receiving one authentication input when the user intends the third action on the computing resource; and
      
      allowing the user to perform the intended third action on the computing resource when the one authentication input is the third authentication input.
  - 14. The computer readable medium of claim 10, wherein the first and second actions include at least one of accessing the first group, modifying the first group, and deleting the first group, and wherein the user intends one of the first and second actions by selecting the action from a display that presents one or more action options for the group.
  - 15. The computer readable medium of claim 10, wherein the receiving one of the first and second authentication inputs includes prompting the user for the one authentication input.
  - 16. The computer readable medium of claim 10, wherein the authentication input includes at least one of an identity, a password, a hardware identity certificate, or a software identity certificate.
  - 17. The computer readable medium of claim 10,wherein the first and second authentication inputs includes at least one of different type attributes and different strength attributes,wherein the type attribute is configured to identify the authentication input as including at least one of an identity, a password, a hardware-based input, or a software-based input, andwherein the strength attribute is configured to identify one of a permutational complexity of a password or a cryptographic complexity of an identity certificate.

18. A method, comprising:
- organizing one or more computing resources accessible in a desktop environment into a group, the one or more computing resources include a data content, an application, a network portal, and a device;
  
  providing an authentication policy for each computing resource, each authentication policy corresponding an authentication input with each of a plurality of actions for the each computing resource, each of the authentication inputs being different from other authentication in at least one of a type attribute and a strength attribute;
  
  receiving one authentication input when a user intends one of the plurality of actions on one of the computing resources; and
  
  allowing the user to perform the intended action on the one of the computing resources when the one authentication input enables the one of the plurality of actions being intended.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, further comprising adding an additional computing resource accessible to the user into the group, the additional computing resource includes one of a data content, an application, and a device.
  - 20. The method of claim 18, wherein the organizing one or more computing resources includes organizing the one or more computing resources into a group based on one or more of a usage pattern of the user, security requirements of the one or more computing resources, reliability of the one or more computing resources, and performance demand of the one or more computing resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Jones, Thomas C.

Granted Patent

US 10,146,926 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

DIFFERENTIATED AUTHENTICATION FOR COMPARTMENTALIZED COMPUTING RESOURCES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DIFFERENTIATED AUTHENTICATION FOR COMPARTMENTALIZED COMPUTING RESOURCES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links