TECHNIQUES FOR ACCESSING DESKTOP APPLICATIONS USING FEDERATED IDENTITY

US 20110154465A1
Filed: 12/18/2009
Published: 06/23/2011
Est. Priority Date: 12/18/2009
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

circuitry for receiving a web-service access token that includes information identifying a user;

circuitry for generating a system access token for a remote desktop session from information stored in the web-service access token; and

circuitry for effectuating a remote desktop session that is associated with the system access token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for extending federation services to access desktop applications are herein described. In addition to the foregoing, other aspects are described in the claims, drawings, and text forming a part of the present disclosure.

55 Citations

View as Search Results

20 Claims

1. A system, comprising:
- circuitry for receiving a web-service access token that includes information identifying a user;
  
  circuitry for generating a system access token for a remote desktop session from information stored in the web-service access token; and
  
  circuitry for effectuating a remote desktop session that is associated with the system access token.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, further comprising:
    - circuitry for storing a user identifier in the system access token, the user identifier created by hashing a username obtained from the web-service access token.
  - 3. The system of claim 1, further comprisingcircuitry for generating the web-service access token from a second web-service access token, wherein the second web-service access token was issued by an authentication service for a second security realm that maintains a user account for the user.
  - 4. The computer system of claim 1, wherein the circuitry for generating a system access token for a remote desktop session further comprises:
    - circuitry for creating a user identifier from invariant information stored in the web-service access token.
  - 5. The computer system of claim 1, wherein a user account for the user is not maintained by a computer system in a first security realm that generated the system access token.
  - 6. The computer system of claim 1, further comprising:
    - circuitry for storing user privilege information and user group information in the system access token, the user privilege information and user group information generated from claims stored in the web-service access token.
  - 7. The computer system of claim 1, further comprising:
    - circuitry for storing user information for the remote desktop session in a user profile associated with a user identifier created from invariant information stored in the web-service access token.

8. A computer readable storage medium including executable instructions, the computer readable storage medium comprising:
- instructions for receiving a web-service access token issued by an authentication service in a first security realm;
  
  instructions for creating a user identifier from information in the web-service access token;
  
  instructions for effectuating a remote desktop session, wherein the remote desktop session includes profile settings associated with the created user identifier.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The computer readable storage medium of claim 8, further comprising:
    - instructions for obtaining a set of one or more claims from the web-service access token.
  - 10. The computer readable storage medium of claim 8, further comprising:
    - instructions for storing a set of one or more privileges generated from claims stored in the web-service access token.
  - 11. The computer readable storage medium of claim 8, further comprising:
    - instructions for generating the web-service access token in response to receiving a web-service access token issued by an authentication service in a second security realm.
  - 12. The computer readable storage medium of claim 8, wherein the instructions for receiving the web-service access token further comprise:
    - instructions for receiving a web-service access token conforming to the security assertion markup language standard issued by an authentication service in a first security realm.
  - 13. The computer readable storage medium of claim 8, wherein the instructions for creating the user identifier further comprise:
    - instructions for creating the user identifier from information that identifies an organization.
  - 14. The computer readable storage medium of claim 8, further comprising:
    - instructions for sending the web-service access token to a computer system configured to effectuate a service, wherein the computer system is in the first security realm.
  - 15. The computer readable storage medium of claim 8, wherein the instructions for creating a user identifier further comprise:
    - instructions for generating a user identifier from a hash of a username.
  - 16. The computer readable storage medium of claim 8, wherein the instructions for receiving the web-service access token further comprise:
    - instructions for receiving a web-service access token that was digitally signed by an authentication service in the second security realm.

17. A method, comprising:
- obtaining a set of claims from a web-service access token issued by an authentication service in a first security realm, the web-service access token including information that identifies a user having an account in a second security realm;
  
  storing a set of privileges generated from the claims in a system access token, wherein privileges control access to system resources and system-related operations; and
  
  effectuating a remote desktop session associated with the system access token.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - sending the web-service access token to a computer system configured to effectuate a service, wherein the computer system is in the first security realm.
  - 19. The method of claim 17, wherein the web-service access token issued by an authentication service was generated in response to receiving a web-service access token issued by a second authentication service in the second security realm.
  - 20. The method of claim 17, further comprising:
    - generating a user identifier from a hash of invariant information stored in the web-service access token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Nanda, Arun K., Kuzin, Sergey A., Melton, Lucas R., Sampath, Sriram, Ivanova, Olga B., Palekar, Ashwin

Granted Patent

US 8,887,250 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 67/08 specially adapted for termi...

TECHNIQUES FOR ACCESSING DESKTOP APPLICATIONS USING FEDERATED IDENTITY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR ACCESSING DESKTOP APPLICATIONS USING FEDERATED IDENTITY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links