ACCESS CONTROL TO SECURED APPLICATION FEATURES USING CLIENT TRUST LEVELS

US 20100319063A1
Filed: 06/12/2009
Published: 12/16/2010
Est. Priority Date: 06/12/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented communications security system, comprising:

a sign-in component of a near endpoint for sending sign-in credentials for registration to a communications infrastructure and receiving registration trust level information based on the sign-in credentials; and

a communications component of the near endpoint for sending the registration trust level information to a far endpoint, the far endpoint managing communicative interaction with the near endpoint based on the registration trust level information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Architecture that facilitates the conveyance of a trust level when the caller makes a call, the trust level in dependence on the state of the caller system. The callee (call recipient) receives notification of the trust level and can use this information in the communication such as to request verification from the caller and/or initiate other modes of communication. A caller can authenticate the caller identity in different ways to a communication server. Based on that, the server can assign an appropriate server-verified trust level to the caller. Further, an unsecured phone controller can indicate a lower client-side defined trust level. The server verified and client-side trust levels are then sent to the callee, where the callee determines whether to allow caller access to one or more secured features based on the feature values and the trust level imposed by the callee to access those features.

41 Citations

View as Search Results

20 Claims

1. A computer-implemented communications security system, comprising:
- a sign-in component of a near endpoint for sending sign-in credentials for registration to a communications infrastructure and receiving registration trust level information based on the sign-in credentials; and
  
  a communications component of the near endpoint for sending the registration trust level information to a far endpoint, the far endpoint managing communicative interaction with the near endpoint based on the registration trust level information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the near endpoint sends the registration trust level information in combination with a call initiated by the near endpoint to the far endpoint.
  - 3. The system of claim 2, wherein the communications infrastructure is IP-based, and the near endpoint sends the registration trust level information as session initiation protocol (SIP) messages in combination with an IP call via the IP-based communications infrastructure to the far endpoint.
  - 4. The system of claim 1, further comprising a near endpoint trust component for computing near endpoint trust level information, the near endpoint trust level information sent with the sign-in credentials for registration, the registration trust level information computed based on the sign-in credentials and the near endpoint trust level information.
  - 5. The system of claim 4, wherein the far endpoint requests access to features of secured applications based on the registration trust level information and the near endpoint trust level information.
  - 6. The system of claim 4, wherein the near endpoint trust component recomputes the near endpoint trust level information based on a change in access security state to the near endpoint, and sends updated near endpoint trust level information to the far endpoint.
  - 7. The system of claim 4, wherein the near endpoint trust component creates a verify message that designates verification results of the near endpoint to the far endpoint.
  - 8. The system of claim 1, wherein the registration trust level information is signed as part of the registration.
  - 9. The system of claim 1, wherein the near endpoint receives suggestions as to actions to take that result in a different level of the registration trust level information.

10. A computer-implemented communications security system, comprising:
- a sign-in component of a caller client for sending caller sign-in credentials for registration to a call communications infrastructure and receiving registration trust level information based on the caller sign-in credentials;
  
  a caller client trust component for computing caller trust level information; and
  
  a communications component of the caller client for sending the registration trust level information and the caller trust level information to a callee client, the callee client manages interaction with the caller client based on the registration trust level information and the caller trust level information.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system of claim 10, wherein the caller trust level information is sent with the sign-in credentials to the call communications infrastructure for registration, the registration trust level information computed based on the sign-in credentials and the caller trust level information.
  - 12. The system of claim 10, wherein the caller client sends the registration trust level information and caller trust level information as SIP messages in combination with an IP call initiated by the caller client to the callee client.
  - 13. The system of claim 10, wherein the callee client requests access to features of secured applications based on the registration trust level information and the caller trust level information.
  - 14. The system of claim 10, wherein the caller client trust component creates a verify message that designates access security state of the caller client, recomputes the caller trust level information based on a change in the access security state, and sends updated caller trust level information to the callee client.

15. A computer-implemented communications security method, comprising:
- sending sign-in credentials from a caller client to a call communications infrastructure for registration;
  
  receiving registration trust level information at the caller client based on the registration;
  
  transmitting the registration trust level information to a callee client; and
  
  controlling interaction from the callee client to the caller client based on the registration trust level information.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further comprising:
    - validating the registration trust level information as part of transmission to the callee client; and
      
      exposing application features to the caller client via the callee client based on the validated registration trust level information.
  - 17. The method of claim 15, further comprising:
    - creating client trust level information at the caller client;
      
      sending the client trust level information with the sign-in credentials; and
      
      creating the registration trust level information based on both the sign-in credentials and the client trust level information.
  - 18. The method of claim 17, wherein the call communications infrastructure is IP-based, and the caller client sends the registration trust level information and the client trust level information in SIP messages to the callee client.
  - 19. The method of claim 15, further comprising:
    - creating client trust level information at the caller client;
      
      transmitting the client trust level information and the registration trust level information to the callee client; and
      
      controlling interaction from the callee client to the caller client based on the client trust level information and the registration trust level information.
  - 20. The method of claim 19, further comprising exposing application features to the caller client via the callee client based on the client trust level information and the registration trust level information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Krantz, Anton W., Raghav, Amritansh, Koppolu, Lokesh Srinivas

Granted Patent

US 9,531,695 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/33   using certificates

G06F 21/50   Monitoring users, programs ...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 65/1073   Registration or de-registra...

H04L 65/1104   Session initiation protocol...

ACCESS CONTROL TO SECURED APPLICATION FEATURES USING CLIENT TRUST LEVELS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ACCESS CONTROL TO SECURED APPLICATION FEATURES USING CLIENT TRUST LEVELS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links