Hardware-Based Credential Distribution

US 20140059664A1
Filed: 10/25/2013
Published: 02/27/2014
Est. Priority Date: 11/18/2010
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a network interface configured to communicate data over a network;

one or more processors; and

a memory coupled to the one or more processors and including processor-executable instructions that, responsive to execution by the one or more processors, implement a resource access manager to;

receive, via the network interface, a resource access request from a remote entity, the resource access request including a unique identifier of the remote entity and a hardware profile of the remote entity;

determine that the hardware profile matches at least a portion of a stored hardware profile associated with the unique identifier;

determine that a frequency of credential distribution associated with the unique identifier of the remote entity does not exceed a credential distribution frequency limit; and

transmit, via the network interface and responsive to determining that the credential distribution frequency limit has not been exceeded, a credential to the remote entity useful to access a resource.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.

28 Citations

20 Claims

1. A system comprising:
- a network interface configured to communicate data over a network;
  
  one or more processors; and
  
  a memory coupled to the one or more processors and including processor-executable instructions that, responsive to execution by the one or more processors, implement a resource access manager to;
  
  receive, via the network interface, a resource access request from a remote entity, the resource access request including a unique identifier of the remote entity and a hardware profile of the remote entity;
  
  determine that the hardware profile matches at least a portion of a stored hardware profile associated with the unique identifier;
  
  determine that a frequency of credential distribution associated with the unique identifier of the remote entity does not exceed a credential distribution frequency limit; and
  
  transmit, via the network interface and responsive to determining that the credential distribution frequency limit has not been exceeded, a credential to the remote entity useful to access a resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system as recited in claim 1, wherein the credential distribution frequency limit is effective to limit a frequency at which the resource access manager distributes credentials associated with the unique identifier.
  - 3. The system as recited in claim 1, wherein the credential distribution frequency limit is effective to limit credentials distributed in association with the unique identifier to one credential per one interval of time.
  - 4. The system as recited in claim 1, wherein the hardware profile of the remote entity comprises a collection of serial numbers, model numbers, or parameters of hardware components of the remote entity.
  - 5. The system as recited in claim 1, wherein the resource access manager is further implemented to transmit, prior to receiving the resource access request, the unique identifier to the remote entity in association with a secure registration process.
  - 6. The system as recited in claim 1, wherein the unique identifier is a certificate that is digitally signed or encrypted with a private key.
  - 7. The system as recited in claim 1, wherein the resource is a service provided by the system or a resource server associated with the system.

8. A method comprising:
- receiving, via a network interface, a resource access request from a remote entity, the resource access request including a unique identifier of the remote entity and a hardware profile of the remote entity;
  
  determining that the hardware profile matches at least a portion of a stored hardware profile associated with the unique identifier;
  
  determining that a frequency of credential distribution associated with the unique identifier of the remote entity does not exceed a credential distribution frequency limit; and
  
  transmitting, via the network interface and responsive to determining that the credential distribution frequency limit has not been exceeded, a credential to the remote entity useful to access a resource.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method as recited in claim 8, wherein the credential distribution frequency limit is effective to limit a frequency at which the resource access manager distributes credentials associated with the unique identifier.
  - 10. The method as recited in claim 8, wherein the credential distribution frequency limit is effective to limit credentials distributed in association with the unique identifier to one credential per one interval of time.
  - 11. The method as recited in claim 8, wherein the hardware profile of the remote entity includes a collection of serial numbers, model numbers, or parameters of hardware components of the remote entity.
  - 12. The method as recited in claim 8, wherein the unique identifier of the remote entity is a certificate that is digitally signed or encrypted with a private key.
  - 13. The method as recited in claim 8, wherein determining that the hardware profile matches at least a portion of a stored hardware profile associated with the unique identifier employs a fuzzy-logic algorithm.
  - 14. The method as recited in claim 8, further comprising:
    - receiving, from the remote entity, an initial hardware profile;
      
      storing, at the server device, the initial hardware profile as the stored hardware profile;
      
      associating the stored hardware profile with the unique identifier; and
      
      transmitting, prior to receiving the resource access request, the unique identifier to the remote entity for use in subsequent attempts to access the resource.

15. One or more computer-readable storage devices comprising processor-executable instructions that, responsive to execution by one or more processors, implement a resource access manager to:
- receive, via a network interface, a resource access request from a remote entity, the resource access request including a unique identifier of the remote entity and a hardware profile of the remote entity;
  
  determine that the hardware profile matches at least a portion of a stored hardware profile associated with the unique identifier;
  
  determine that a frequency of credential distribution associated with the unique identifier of the remote entity does not exceed a credential distribution frequency limit; and
  
  transmit, via the network interface and responsive to determining that the credential distribution frequency limit associated with the unique identifier of the remote entity has not been exceeded, a credential to the remote entity useful to access a resource.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The one or more computer-readable storage devices as recited in claim 15, wherein the resource access manager is further implemented to update, responsive to transmitting the credential to the remote entity, the frequency of credential distribution associated with the unique identifier.
  - 17. The one or more computer-readable storage devices as recited in claim 15, wherein the credential distribution frequency limit is effective to limit credentials distributed in association with the unique identifier to one credential per one interval of time.
  - 18. The one or more computer-readable storage devices as recited in claim 15, wherein the hardware profile of the remote entity includes a collection of serial numbers, model numbers, or parameters of hardware components of the remote entity.
  - 19. The one or more computer-readable storage devices as recited in claim 15, wherein the resource is a software product or a software update and transmitting the credential is effective to enable the remote entity to access the software product or the software update.
  - 20. The one or more computer-readable storage devices as recited in claim 19, wherein the resource access manager is implemented on a first server device, the software product or the software update are provided by a second server device, and transmitting the credential from the first server device to the remote entity is effective to enable the remote entity to access the software product or the software update provided by the second server device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Microsoft Corporation
Inventors
Anand, Gaurav S., Woley, Kevin Michael, Ayers, Matthew R., Dutt, Rajeev, Fleischman, Eric

Granted Patent

US 9,553,858 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/31   User authentication

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 67/303   Terminal profiles

Hardware-Based Credential Distribution

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware-Based Credential Distribution

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links