Device-specific identity

US 8,209,394 B2
Filed: 06/02/2008
Issued: 06/26/2012
Est. Priority Date: 06/02/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method of accessing a user device from a remote device within an account network, the method comprising:

receiving from an account authority service an indication of one or more shareable devices of a specified user, the user device being one of the shareable devices of the specified user;

receiving from the account authority service a device identifier of the user device, the device identifier being extracted from account information of the specified user;

receiving from the user device a device certificate including the device identifier of the user device; and

confirming that the device certificate is signed by the account authority service;

confirming that the device identifier received from the account authority service matches the device identifier received in the device certificate; and

granting authentication if the device identifier received from the account authority service matches the device identifier received in the device certificate and a user credential is authenticated.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device identifier (ID) is used across enterprise boundaries. A user can use the device ID to publish a device for sharing with other remote users. The remote users can discover devices that are shared by other users based on device IDs, connect to a selected device, and then verify that they have connected to the correct device based on its device ID. An account authority service may be used to manage the publication and/or discovery of the shared devices and their device IDs.

33 Citations

View as Search Results

20 Claims

1. A method of accessing a user device from a remote device within an account network, the method comprising:
- receiving from an account authority service an indication of one or more shareable devices of a specified user, the user device being one of the shareable devices of the specified user;
  
  receiving from the account authority service a device identifier of the user device, the device identifier being extracted from account information of the specified user;
  
  receiving from the user device a device certificate including the device identifier of the user device; and
  
  confirming that the device certificate is signed by the account authority service;
  
  confirming that the device identifier received from the account authority service matches the device identifier received in the device certificate; and
  
  granting authentication if the device identifier received from the account authority service matches the device identifier received in the device certificate and a user credential is authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising:
    - providing a request to the account authority service requesting the indication of one or more shareable devices of the specified user, the request identifying the specified user.
  - 3. The method of claim 1 further comprising:
    - identifying to the account authority service a selection of the user device from the indication of the one or more shareable devices, responsive to the operation of receiving the indication of one or more shareable devices and prior to the operation of receiving a device identifier.
  - 4. The method of claim 1 further comprising:
    - establishing communications between the remote device and the shareable device, prior to the operation of receiving the device certificate.
  - 5. The method of claim 1 wherein the one or more shareable devices of the specified user are identified to the account authority service by the specified user and wherein the one or more sharable devices are identified by the specified user as accessible by one or more other user.
  - 6. The method of claim 1 wherein one or more device identifiers of the one or more shareable devices are identified to the account authority service by the specific user.
  - 7. The method of claim 1 wherein the device identifier of the user device is generated by the user device in combination with a device password.
  - 8. The method of claim 1 wherein the device certificate is signed and further comprising:
    - confirming that the device certificate received from the user device is signed by the account authority service.

9. A computer-readable storage medium, the computer-readable storage medium not consisting of a propagating signal, the computer-readable storage medium having computer-executable instructions for performing a computer process that accesses a user device from a remote device within an account network, the computer process comprising:
- receiving from an account authority service an indication of one or more shareable devices of a specified user, the user device being one of the shareable devices of the specified user;
  
  identifying to the account authority service a selection of the user device from the indication of the one or more shareable devices;
  
  receiving from the account authority service a device identifier of the user device;
  
  receiving from the user device a device certificate including the device identifier of the user device; and
  
  confirming that the device certificate is signed by the account authority service;
  
  confirming that the device identifier received from the account authority service matches the device identifier received in the device certificate; and
  
  granting authentication if the device identifier received from the account authority service matches the device identifier received in the device certificate and a user credential is authenticated.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computer-readable storage medium of claim 9 wherein the computer process further comprises:
    - providing a request to the account authority service requesting the indication of one or more shareable devices of the specified user, the request identifying the specified user.
  - 11. The computer-readable storage medium of claim 9 wherein the computer process further comprises:
    - establishing communications between the remote device and the shareable device, prior to the operation of receiving the device certificate.
  - 12. The computer-readable storage medium of claim 9 wherein the one or more shareable devices of the specified user are identified to the account authority service by the specified user.
  - 13. The computer-readable storage medium of claim 9 wherein one or more device identifiers of the one or more shareable devices are identified to the account authority service by the specific user and wherein the one or more sharable devices are identified by the specified user as accessible by one or more other user.
  - 14. The computer-readable storage medium of claim 9 wherein the device identifier of the user device is generated by the user device in combination with a device password.
  - 15. The computer-readable storage medium of claim 9 wherein the device certificate is signed and further comprising:
    - confirming that the device certificate received from the user device is signed by the account authority service.

16. A method of accessing a user device from a remote device within an account network, the method comprising:
- receiving from an account authority service a device identifier of the user device;
  
  receiving from the user device a device certificate signed by the account authority service and including the device identifier of the user device;
  
  confirming that the device certificate is signed by the account authority service;
  
  determining whether the device identifier received from the account authority service matches the device identifier received in the device certificate; and
  
  establishing communications between the user device and the remote device if the device identifier received from the account authority service matches the device identifier received in the device certificate and a user credential is authenticated.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16 further comprising:
    - providing a request to the account authority service requesting indication of one or more shareable devices of a specified user, the request identifying the specified user.
  - 18. The method of claim 17 wherein one or more device identifiers of the one or more shareable devices are identified to the account authority service by the specified user and wherein the one or more sharable devices are identified by the specified user as accessible by one or more other user.
  - 19. The method of claim 16 further comprising:
    - transmitting from the remote device to the user device a security token as evidence of identity of the remote device.
  - 20. The method of claim 16 wherein the device certificate is signed and further comprising:
    - confirming that the device certificate received from the user device is signed by the account authority service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Guo, Wei-Qiang, De, Vaishali, Chen, Rui, Rouskov, Yordan, Rajvanshy, Vikas
Primary Examiner(s)
Nawaz, Asad M
Assistant Examiner(s)
HENRY, MARIEGEORGES A

Application Number

US12/131,140
Publication Number

US 20090300168A1
Time in Patent Office

1,485 Days
Field of Search

709/205, 709/213, 709/217
US Class Current

709/217
CPC Class Codes

G06F 21/73 by creating or determining ...

G06F 2221/2129 Authenticate client device ...

Device-specific identity

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Device-specific identity

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others