Remote management of resource license

US 8,474,027 B2
Filed: 12/20/2006
Issued: 06/25/2013
Est. Priority Date: 09/29/2006
Status: Active Grant

First Claim

Patent Images

1. A system that facilitates user-centric licensing of a plurality of resources, the system comprising:

an interface component that receives an access request that corresponds to a subset of the resources; and

an aggregated resource license component to;

establish identity of a requestor associated with the access request;

maintain a cloud-based store of multiple resource licenses previously obtained by the requestor;

determine whether the identity of the requestor is associated with the multiple resource licenses;

verify that one or more resource license of the multiple resource licenses in the cloud-based store is a resource license of, and allows access to, each resource of the subset of resources;

allow the requestor to access the subset of resources upon;

determination that the identity of the requestor is associated with the multiple resource licenses; and

verification that at least one resource license of each resource of the subset of resources exists in the multiple resource licenses stored in the cloud-based store; and

when the identity of the requestor is determined to be associated with the multiple resource licenses and the multiple resource licenses are verified to include licenses associated with the subset of resources, generate a token which includes the identity and an aggregation of the multiple resource licenses, the token being used to grant access to the subset of the resources residing off-premise, on-premise, or in combination thereof.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user-centric or identity-centric resource licensing system that manages access to ‘cloud-based’ resources (e.g., applications and services) is provided. A ‘cloud’ refers to a collection of resources (e.g., hardware and/or software) provided and maintained by an off-site or off-premise party (e.g., third party), wherein the collection of resources can be accessed by an identified user via a network. In accordance with the user-centric licensing model, the resource license (and subscription) rights can migrate with a user without regard to physical location, device used, or other contextual factors (e.g., activity engaged). Effectively, the rights are mapped (and tracked) as a function of a user identity, which can be a core identity or an identity based upon activity engaged, role, capacity, etc.

Citations

20 Claims

1. A system that facilitates user-centric licensing of a plurality of resources, the system comprising:
- an interface component that receives an access request that corresponds to a subset of the resources; and
  
  an aggregated resource license component to;
  
  establish identity of a requestor associated with the access request;
  
  maintain a cloud-based store of multiple resource licenses previously obtained by the requestor;
  
  determine whether the identity of the requestor is associated with the multiple resource licenses;
  
  verify that one or more resource license of the multiple resource licenses in the cloud-based store is a resource license of, and allows access to, each resource of the subset of resources;
  
  allow the requestor to access the subset of resources upon;
  
  determination that the identity of the requestor is associated with the multiple resource licenses; and
  
  verification that at least one resource license of each resource of the subset of resources exists in the multiple resource licenses stored in the cloud-based store; and
  
  when the identity of the requestor is determined to be associated with the multiple resource licenses and the multiple resource licenses are verified to include licenses associated with the subset of resources, generate a token which includes the identity and an aggregation of the multiple resource licenses, the token being used to grant access to the subset of the resources residing off-premise, on-premise, or in combination thereof.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, the aggregated resource license component encrypts the token using a public key associated with the requestor.
  - 3. The system of claim 1, further comprising an access management component that decrypts the token and authorizes access to the subset of resources.
  - 4. The system of claim 3, further comprising an identity determination component that establishes a current identity and compares the current identity to the identity encrypted within the token.
  - 5. The system of claim 1, at least one of the subset of resources is an off-premise resource.
  - 6. The system of claim 1, at least one of the subset of the resources is an on-premise resource.
  - 7. The system of claim 1, the aggregated resource license component comprises:
    - an identity analysis component that determines a current identity of the requestor; and
      
      an access management component that grants or denies access to the subset of resources as a function of the current identity in view of the token.
  - 8. The system of claim 7, further comprising a tracking component that monitors a use of each of the subset of resources and modifies a license right based at least in part upon the use.
  - 9. The system of claim 8, further comprising a mapping component that maps the current identity to the license right.
  - 10. The system of claim 1, further comprising an information gathering component that establishes information that relates to the identity of the requestor.
  - 11. The system of claim 10, further comprising an identity analysis component that evaluates the information to determine the identity.
  - 12. The system of claim 10, the information gathering component employs at least one of a physiological and an environmental sensor to establish the information.

13. A computer-implemented method of controlling access to resources, the method comprising:
- receiving a request for access to a subset of the resources;
  
  determining or inferring a current context of a requestor of the request, wherein the current context includes a business context or a personal context of the requestor;
  
  determining or inferring a current identity of multiple identities of the requestor based in part on the current context;
  
  determining whether the current identity of the requestor is authorized to use multiple persistent licenses, the multiple persistent licenses including at least one persistent license that is valid for each resource of the subset of the resources;
  
  generating an object that identifies the requestor;
  
  when the current identity of the requestor is determined to be authorized to use the multiple persistent licenses, mapping the object to the current identity of the requestor and to an aggregation of the multiple persistent licenses in view of the subset of the resources, wherein the object conveys both the identity and license rights associated with the multiple persistent licenses; and
  
  transferring the object to the requestor.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, further comprising:
    - providing the object to a source of one of the resources; and
      
      analyzing the object to authenticate the requestor and to grant or deny access to the one of the resources.
  - 15. The method of claim 14, further comprising encrypting the object using a public key of the requestor.
  - 16. The method of claim 15, further comprising:
    - decrypting the object to create a decrypted object; and
      
      granting or denying access to the subset of the resources as a function of the decrypted object.
  - 17. The method of claim 14, further comprising authorizing access based upon scope of at least one of the aggregated multiple persistent licenses.

18. A computer-executable protocol that facilitates managing multiple resource licenses associated with a plurality of resources, the protocol to facilitate the performance of acts, the acts comprising:
- receiving a request from a user for access to a subset of the plurality of resources, the subset of the plurality of resources are located on-premise or off-premise;
  
  establishing multiple different identities of the user, wherein the multiple different identities include a business identity and a personal identity of the user;
  
  generating an object that;
  
  aggregates the multiple resource licenses into an aggregation of multiple resource licenses; and
  
  maps each of the multiple different identities of the user to a different subset of the multiple resource licenses, the object including;
  
  the multiple different identities;
  
  a mapping of each of the multiple different identities to a corresponding different subset of the multiple resource licenses; and
  
  the aggregation of the multiple resource licenses; and
  
  transmitting the object to the user, the object enables access to at least a portion of the subset of the plurality of resources from a plurality of disparate sources based in part on a current identity of the multiple different identities of the user.
- View Dependent Claims (19, 20)
- - 19. The computer-executable protocol of claim 18, the acts further comprising encrypting the object using a public key of the user.
  - 20. The computer-executable protocol of claim 19, the acts further comprising:
    - decrypting the object to create a decrypted object;
      
      authenticating the user as a function of the decrypted object; and
      
      authorizing access to the at least a portion of the subset of the plurality of resources as a function of the decrypted object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Meijer, Henricus Johannes Maria, Gates, William H. III, Bergstraesser, Thomas F., Cheng, Lili, Dani, Nishant V., Glasser, Daniel S., Snyder, Ira L. Jr., Zaner-Godsey, Melora
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Woldemariam, Nega

Application Number

US11/613,332
Publication Number

US 20080083025A1
Time in Patent Office

2,379 Days
Field of Search

713/153, 713/163, 713/183, 713/193, 713/340, 713/164, 707/1, 707/2, 707/5, 707/6, 707/9, 707/10, 709/203, 709/217, 709/223, 709/237, 709/225, 709/229, 709/227, 726/22, 726/14, 726/13, 726/11, 726/34, 726/25, 726/26, 726/27, 380/42, 380/55, 380/58, 380/46
US Class Current

726/9
CPC Class Codes

H04L 2209/80   Wireless

H04L 2463/101   applying security measures ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

Remote management of resource license

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Remote management of resource license

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links