Ad-hoc user account creation

US 8,201,214 B1
Filed: 09/30/2005
Issued: 06/12/2012
Est. Priority Date: 09/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method for a first computer to gain access to a second computer, the method comprising:

executing a rules engine on the first computer, the rules engine having one or more conditions managed by a user;

establishing a connection between the first computer and the second computer;

sending a calling card comprising a trusted token to the second computer, the trusted token containing an identity information of the user of the first computer, where the calling card is generated by the rules engine; and

accessing a resource controlled by the second computer, wherein the resource is accessed based on the establishment of an ad hoc user-identity for the user and is characterized by a lack of using third party resources for ad-hoc user-identity establishment at the time of establishment, the ad hoc user-identity comprising the identity information provided in the trusted token; and

wherein the sending of the calling card causes the establishment of the ad hoc user-identity upon authentication of the trusted token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism that allows a user to easily configure a rules engine to apply rules to decide which requests for access to a user'"'"'s computer resources are to be granted and which are denied. A trusted token, such as a certificate of identity issued by a trusted third party authority that verifies identities of computer users, is included in a calling card object provided by the requesting user to the (server) computer that controls the resources desired by the requester. Additional conditions for access may be specified as desired by the user of the server computer.

33 Citations

View as Search Results

14 Claims

1. A method for a first computer to gain access to a second computer, the method comprising:
- executing a rules engine on the first computer, the rules engine having one or more conditions managed by a user;
  
  establishing a connection between the first computer and the second computer;
  
  sending a calling card comprising a trusted token to the second computer, the trusted token containing an identity information of the user of the first computer, where the calling card is generated by the rules engine; and
  
  accessing a resource controlled by the second computer, wherein the resource is accessed based on the establishment of an ad hoc user-identity for the user and is characterized by a lack of using third party resources for ad-hoc user-identity establishment at the time of establishment, the ad hoc user-identity comprising the identity information provided in the trusted token; and
  
  wherein the sending of the calling card causes the establishment of the ad hoc user-identity upon authentication of the trusted token.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the trusted token comprises a token issued by an identity-verification authority.
  - 3. The method of claim 1, wherein the trusted token identifies the user by name.
  - 4. The method of claim 1, wherein the trusted token comprises an electronic certificate issued by an identity-verification authority.

5. A computerized apparatus, comprising:
- a network interface capable of receiving one or more requests;
  
  a user-identity database that stores user-identity information associated with requests received over the network interface;
  
  a rules engine that manages access to the computerized apparatus, the rules engine configured at least in part by a user of the computerized apparatus; and
  
  a processing apparatus in communication with the network interface, user-identity database, rules engine, and a storage apparatus, the storage apparatus having a plurality of instructions stored thereon which are configured to, when executed by the processing apparatus;
  
  receive a resource request, where the resource request comprises information associated with an other user of an external device;
  
  read the resource request to extract the information associated with the other user;
  
  apply one or more access rules governed by the rules engine module to the extracted information;
  
  create an ad hoc user-identity account associated with only the other user in the user-identity database configured to access the requested resource;
  
  store the ad hoc user-identity account for future use; and
  
  wherein the ad-hoc user-identity account creation is characterized by a lack of third party resource usage for ad-hoc user-identity account creation at the time of creation.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The computerized apparatus of claim 5, further comprising a verification module, the verification module utilized to verify an identity indicia associated with received resource requests.
  - 7. The computerized apparatus of claim 6, wherein the identity indicia is issued by a third party, the third party comprising a user identity authority.
  - 8. The computerized apparatus of claim 7, wherein the identity indicia comprises a trustable indication of a user'"'"'s identity.
  - 9. The computerized apparatus of claim 6, wherein the identity indicia comprises a verifiable portion of a public/private key scheme.
  - 10. The computerized apparatus of claim 6, wherein the verification module is invoked by the rules engine module to verify the identity indicia in response to a determination that a condition for access is present.
  - 11. The computerized apparatus of claim 5, wherein the user-identity database is further utilized to track access requests received via the network interface.
  - 12. The computerized apparatus of claim 11, further comprising a user interface in communication with a module that allows a user of the computerized apparatus to configure one or more configurable conditions that are checked on received resource requests.
  - 13. The computerized apparatus of claim 12, wherein at least one of the one or more configurable conditions comprises a frequency of contact initiation condition over a given time period.
  - 14. The computerized apparatus of claim 13, wherein in response to a requesting user exceeding the frequency of contact initiation condition, the requesting user gets added to a blacklisted user list on the user-identity database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Wallace, Leland A., O'Rourke, David M.
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Rahman, Mohammad

Application Number

US11/240,031
Time in Patent Office

2,447 Days
Field of Search

713182-185, 713/156, 713/159, 713/166, 713/172, 713/176, 726/3, 726/20, 726 27- 29, 726/2, 380228-229, 380/232, 380/283, 380/285, 380/45
US Class Current

726/2
CPC Class Codes

G06F 21/33   using certificates

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

Ad-hoc user account creation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Ad-hoc user account creation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links