Authenticated credential-based multi-tenant access to a service
First Claim
Patent Images
1. A method comprising:
- receiving, by a first computing device, a first credential from a second computing device associated with a user and an identifier associated with the second computing device, said received first credential being associated with a plurality of computing devices associated with other users to which the first computing device exposes services and the identifier being calculated based on hardware in the second computing device, wherein the first credential is not unique to the second computing device associated with the user;
associating the second computing device with the plurality of computing devices having the same received first credential, such that associating the second computing device with the plurality of computing devices associates the second computing device and the plurality of computing devices as both devices belonging to a particular account for accessing the exposed services on the first computing device based on a list of preauthorized computing devices and their associated calculated identifiers specified for the particular account;
generating a second credential based on the received first credential and the received calculated identifier, said generated second credential being particular to the second computing device; and
transmitting the generated second credential to the second computing device, wherein the second computing device includes the second credential in subsequent communications with the first computing device for authentication by the first computing device of the second computing device, wherein the first computing device exposes the services particular to the second computing device as a function of the particular account and the association between the second computing device and the plurality of computing devices based on the second credential received in the subsequent communications.
2 Assignments
0 Petitions
Accused Products
Abstract
Associating a computing device with a group of other computing devices. A service receives a common credential from the computing device and associates the computing device with the other computing devices also associated with the common credential. The service generates a machine-specific credential for use by the computing device in subsequent communications with the service. The machine-specific credential is used to authenticate, identify, and group the computing device with the other computing devices in the subsequent communications.
-
Citations
19 Claims
-
1. A method comprising:
-
receiving, by a first computing device, a first credential from a second computing device associated with a user and an identifier associated with the second computing device, said received first credential being associated with a plurality of computing devices associated with other users to which the first computing device exposes services and the identifier being calculated based on hardware in the second computing device, wherein the first credential is not unique to the second computing device associated with the user; associating the second computing device with the plurality of computing devices having the same received first credential, such that associating the second computing device with the plurality of computing devices associates the second computing device and the plurality of computing devices as both devices belonging to a particular account for accessing the exposed services on the first computing device based on a list of preauthorized computing devices and their associated calculated identifiers specified for the particular account; generating a second credential based on the received first credential and the received calculated identifier, said generated second credential being particular to the second computing device; and transmitting the generated second credential to the second computing device, wherein the second computing device includes the second credential in subsequent communications with the first computing device for authentication by the first computing device of the second computing device, wherein the first computing device exposes the services particular to the second computing device as a function of the particular account and the association between the second computing device and the plurality of computing devices based on the second credential received in the subsequent communications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
a memory area for storing a first credential; and a processor configured to execute computer-executable instructions for; receiving, by the first computing device, the first credential from a second computing device associated with a user and an identifier associated with the second computing device upon registration of a software product by the user on the second computing device, said received first credential being associated with a plurality of computing devices associated with other users to which the first computing device exposes services and the identifier being calculated based on hardware in the second computing device, wherein the first credential is not unique to the second computing device associated with the user, and wherein the first credential represents an account credential associated with a particular account for accessing the exposed services on the first computing device for use with the plurality of computing devices, said particular account indicating that the second computing device and the plurality of computing devices on the account are in a group of authorized computing devices; associating the second computing device with the plurality of computing devices, wherein associating the second computing device with the plurality of computing devices indicates that the second computing device and the plurality of computing devices belong to the account based on a list of preauthorized computing devices and their associated calculated identifiers specified for the particular account; generating a second credential based on the received first credential, the received calculated identifier, and a user identifier associated with the user, said generated second credential being particular to the second computing device and particular to the user associated with the second computing device; generating, particular to the user, an installation package for the generated second credential; and transmitting the generated second credential and generated installation package to the second computing device, wherein the second computing device executes the installation package to install the second credential on the second computing device, wherein the second computing device includes the second credential in subsequent communications with the first computing device for authentication by the first computing device of the second computing device, wherein the first computing device exposes the services particular to the second computing device as a function of the particular account and the association between the second computing device and the plurality of computing devices based on the second credential received in the subsequent communications. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. One or more computer-readable tangible storage media not including a carrier wave or carrier signal having computer-executable components stored thereon, said components comprising:
-
an interface component for receiving, by a first computing device, a first credential from a second computing device associated with a user and an identifier associated with the second computing device, said received first credential being associated with a plurality of computing devices associated with other users to which the first computing device exposes services and the identifier being calculated based on hardware in the second computing device, wherein the first credential is not unique to the second computing device associated with the user; a credential component for; associating the second computing device with the plurality of computing devices having the same received first credential, wherein associating the second computing device with the plurality of computing devices indicates that the second computing device and the plurality of computing devices belong to a particular account for accessing the exposed services on the first computing device based on a list of preauthorized computing devices and their associated calculated identifiers specified for the particular account; and generating a second credential based on the received first credential and the received calculated identifier, said generated second credential being particular to the second computing device; a chain component for associating the second credential with the first credential, wherein the first computing device transmits the generated second credential to the second computing device, wherein the second computing device includes the second credential in subsequent communications with the first computing device for authentication by the first computing device of the second computing device; and a de-authorization component for revoking the first credential which thereby revokes the second credential as a function of the association between the first credential and the second credential to prevent access by the second computing device to the services exposed by the first computing device. - View Dependent Claims (18, 19)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsWilliams, Juanya Davon, Badwe, Ashutosh, Edwards, Adam Patrick
-
Primary Examiner(s)Flynn, Nathan
-
Assistant Examiner(s)Vaughan, Michael R
-
Application NumberUS11/677,332Publication NumberTime in Patent Office1,938 DaysField of SearchNoneUS Class Current726/7CPC Class CodesG06F 21/31 User authenticationH04L 63/083 using passwords cryptograph...
