Method and system for controlling access privileges for trusted network nodes

US 8,230,485 B2
Filed: 09/15/2004
Issued: 07/24/2012
Est. Priority Date: 09/15/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing a user with access to one or more computers, the method comprising:

establishing a blank password account by default at a first computer that does not require user entry of a password to login at any time unless a selection is received to establish a conventional account that requires user entry of a password each time to login that is used to generate a new account for the user;

receiving an entry of a human generated password when the selection is the conventional account and for subsequent logins to the conventional account entry of the human generated password is required;

when the selection is not received to establish the conventional account, creating a black password account performing actions comprising;

automatically generating a strong random password without any user input for the a black password account for the user;

wherein the strong random password is the only password that is used to login when in physical proximity to the first computer;

wherein the strong random password comprises at least seven characters including numbers and symbols generated entirely without user input;

designating the new account as the blank password account that is a one-click logon account such that the user is not prompted to enter any authentication information including any password including the strong random password upon any logon attempt to the established blank password account while in physical proximity to the first computer;

storing the strong random password on the first computing device;

receiving a selection of a representation of a user'"'"'s account on a second computer;

determining when the second computer is at a location that is within physical proximity of the first computer and is part of a secured group with the first computer;

determining when the user'"'"'s account is associated with the conventional account and when the user'"'"'s account is associated with the blank password account;

when the account is the conventional account then requiring the user entry of the password;

when the account is the established blank password account then not displaying a password-entry dialog and automatically retrieving the strong random password entered at the first computer without prompting the user to enter the strong random password or any other information such that the user is logged into the blank password account after receiving the selection of the representation of the user'"'"'s account on the second computer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for controlling access to a computer provides for loose security within a local network while retaining strong security against external access to the network. In one embodiment, a user has access to trusted nodes in a secured group within an unmanaged network, without being required to choose, enter and remember a login password. To establish such a secure blank password or one-click logon account for the user on a computer, a strong random password is generated and stored, and the account is designated as a blank password account. If the device is part of a secured network group, the strong random password is replicated to the other trusted nodes. When a user with a blank password account wishes to log in to a computer, the stored strong random password is retrieved and the user is authenticated.

34 Citations

View as Search Results

20 Claims

1. A method for providing a user with access to one or more computers, the method comprising:
- establishing a blank password account by default at a first computer that does not require user entry of a password to login at any time unless a selection is received to establish a conventional account that requires user entry of a password each time to login that is used to generate a new account for the user;
  
  receiving an entry of a human generated password when the selection is the conventional account and for subsequent logins to the conventional account entry of the human generated password is required;
  
  when the selection is not received to establish the conventional account, creating a black password account performing actions comprising;
  
  automatically generating a strong random password without any user input for the a black password account for the user;
  
  wherein the strong random password is the only password that is used to login when in physical proximity to the first computer;
  
  wherein the strong random password comprises at least seven characters including numbers and symbols generated entirely without user input;
  
  designating the new account as the blank password account that is a one-click logon account such that the user is not prompted to enter any authentication information including any password including the strong random password upon any logon attempt to the established blank password account while in physical proximity to the first computer;
  
  storing the strong random password on the first computing device;
  
  receiving a selection of a representation of a user'"'"'s account on a second computer;
  
  determining when the second computer is at a location that is within physical proximity of the first computer and is part of a secured group with the first computer;
  
  determining when the user'"'"'s account is associated with the conventional account and when the user'"'"'s account is associated with the blank password account;
  
  when the account is the conventional account then requiring the user entry of the password;
  
  when the account is the established blank password account then not displaying a password-entry dialog and automatically retrieving the strong random password entered at the first computer without prompting the user to enter the strong random password or any other information such that the user is logged into the blank password account after receiving the selection of the representation of the user'"'"'s account on the second computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein storing the strong random password comprises securely storing the password.
  - 3. The method of claim 1, further comprising initially determining whether the new account is to be a blank password account.
  - 4. The method of claim 3, further comprising, if the new account is not to be a blank password account, prompting the user to choose a password.
  - 5. The method of claim 3, wherein initially determining whether the new account is to be a blank password account further comprises establishing the new account as a blank password account unless the user indicates that the new account is not to be a blank password account.
  - 6. The method of claim 1, wherein designating the new account as a blank password account further comprises setting a flag.
  - 7. The method of claim 1, wherein storing the strong random password further comprises storing the strong random password by way of a database.
  - 8. The method of claim 1, further comprising replicating the strong random password to each computer in a plurality of linked computers other than the first computer.
  - 9. The method of claim 8, wherein replicating the strong random password further comprises replicating the strong random password to one or more trusted nodes in a secured network group.
  - 10. The method of claim 9, further comprising providing the user with at least the same access privileges with respect to the secured network group as a non-blank password account user.
  - 11. The method of claim 1, wherein generating the strong random password for the new account further comprises generating a strong random password for a biometrically authenticated account.

12. A system for controlling access to computers in a secured network group, the system comprising:
- establishing a blank password account by default at a first computer that does not require user entry of a password to login at any time unless a selection is received to establish a conventional account that requires user entry of a password each time to login that is used to generate a new account for the user;
  
  receiving an entry of a human generated password when the selection is the conventional account and for subsequent logins to the conventional account entry of the human generated password is required;
  
  when the selection is not received to establish the conventional account, creating a black password account performing actions comprising;
  
  automatically generating a strong random password without any user input for the a black password account for the user;
  
  wherein the strong random password is the only password that is used to login when in physical proximity to the first computer;
  
  wherein the strong random password comprises at least seven characters including numbers and symbols generated entirely without user input;
  
  designating the new account as the blank password account that is a one-click logon account such that the user is not prompted to enter any authentication information including any password including the strong random password upon any logon attempt to the established blank password account while in physical proximity to the first computer;
  
  storing the strong random password on the first computing device;
  
  receiving a selection of a representation of a user'"'"'s account on a second computer;
  
  determining when the second computer is at a location that is within physical proximity of the first computer and is part of a secured group with the first computer;
  
  determining when the user'"'"'s account is associated with the conventional account and when the user'"'"'s account is associated with the blank password account;
  
  when the account is the conventional account then requiring the user entry of the password;
  
  when the account is the established blank password account then not displaying a password-entry dialog and automatically retrieving the strong random password entered at the first computer without prompting the user to enter the strong random password or any other information such that the user is logged into the blank password account after receiving the selection of the representation of the user'"'"'s account on the second computer.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The system of claim 12, wherein storing the strong random password comprises securely storing the password.
  - 14. The system of claim 12, wherein designating the new account as a blank password account further comprises setting a flag.
  - 15. The system of claim 12, further comprising replicating the strong random password to each computer in the secured network group.
  - 16. The system of claim 12, further comprising providing the user with at least the same access privileges with respect to the secured network group as a non-blank password account user.
  - 17. The system of claim 12, wherein generating the strong random password for the new account further comprises generating a strong random password for a biometrically authenticated account.

18. A memory storing computer-executable instructions for providing a user with access to a computer, the instructions comprising:
- establishing a blank password account by default at a first computer that does not require user entry of a password to login at any time unless a selection is received to establish a conventional account that requires user entry of a password each time to login that is used to generate a new account for the user;
  
  receiving an entry of a human generated password when the selection is the conventional account and for subsequent logins to the conventional account entry of the human generated password is required;
  
  when the selection is not received to establish the conventional account, creating a black password account performing actions comprising;
  
  automatically generating a strong random password without any user input for the a black password account for the user;
  
  wherein the strong random password is the only password that is used to login when in physical proximity to the first computer;
  
  wherein the strong random password comprises at least seven characters including numbers and symbols generated entirely without user input;
  
  designating the new account as the blank password account that is a one-click logon account such that the user is not prompted to enter any authentication information including any password including the strong random password upon any logon attempt to the established blank password account while in physical proximity to the first computer;
  
  storing the strong random password on the first computing device;
  
  receiving a selection of a representation of a user'"'"'s account on a second computer;
  
  determining when the second computer is at a location that is within physical proximity of the first computer and is part of a secured group with the first computer;
  
  determining when the user'"'"'s account is associated with the conventional account and when the user'"'"'s account is associated with the blank password account;
  
  when the account is the conventional account then requiring the user entry of the password;
  
  when the account is the established blank password account then not displaying a password-entry dialog and automatically retrieving the strong random password entered at the first computer without prompting the user to enter the strong random password or any other information such that the user is logged into the blank password account after receiving the selection of the representation of the user'"'"'s account on the second computer.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, further comprising replicating the strong random password to each computer in a secured network group.
  - 20. The system of claim 18, further comprising providing the user with at least the same access privileges with respect to the secured network group as a non-blank password account user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Reasor, Sterling M., Chinta, Ramesh, Leach, Paul J., Brezak, John E., Flo, Eric R.
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Tolentino, Roderick

Application Number

US10/941,559
Publication Number

US 20060059359A1
Time in Patent Office

2,869 Days
Field of Search

726 1- 21, 709/225, 711147-153, 713155-159, 713/186, 382/115, 380247-250
US Class Current

726/5
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

H04L 63/0272   Virtual private networks

H04L 63/0815   providing single-sign-on or...

Method and system for controlling access privileges for trusted network nodes

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for controlling access privileges for trusted network nodes

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links