Hardware-based credential distribution

US 8,572,699 B2
Filed: 11/18/2010
Issued: 10/29/2013
Est. Priority Date: 11/18/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a server device, a resource access request from a remote entity, the resource access request including a unique identifier of the remote entity and a hardware profile of the remote entity;

determining that the hardware profile matches at least a portion of a stored hardware profile associated with the unique identifier;

determining that a credential distribution limit associated with the unique identifier of the remote entity has not been exceeded, the credential distribution limit limiting a number of credentials distributed by the server device;

incrementing a credential distribution count value associated with the unique identifier of the remote entity; and

transmitting, from the server device and responsive to determining that the credential distribution limit associated with the unique identifier has not been exceeded, a credential to the remote entity useful to access a resource.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.

Citations

20 Claims

1. A method comprising:
- receiving, at a server device, a resource access request from a remote entity, the resource access request including a unique identifier of the remote entity and a hardware profile of the remote entity;
  
  determining that the hardware profile matches at least a portion of a stored hardware profile associated with the unique identifier;
  
  determining that a credential distribution limit associated with the unique identifier of the remote entity has not been exceeded, the credential distribution limit limiting a number of credentials distributed by the server device;
  
  incrementing a credential distribution count value associated with the unique identifier of the remote entity; and
  
  transmitting, from the server device and responsive to determining that the credential distribution limit associated with the unique identifier has not been exceeded, a credential to the remote entity useful to access a resource.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as recited in claim 1, wherein the hardware profile of the remote entity includes a collection of serial numbers, model numbers, or parameters of hardware components.
  - 3. The method as recited in claim 1, wherein determining that the hardware profile matches at least a portion of a stored hardware profile associated with the unique identifier employs a fuzzy-logic algorithm.
  - 4. The method as recited in claim 1, further comprising:
    - receiving, from the remote entity, an initial hardware profile;
      
      storing, at the server device, the initial hardware profile as the stored hardware profile;
      
      associating the stored hardware profile with the unique identifier; and
      
      transmitting, prior to receiving the resource access request, the unique identifier to the remote entity for use in subsequent attempts to access the resource.
  - 5. The method as recited in claim 1, wherein the credential distribution limit is based on a total number of credentials distributed, a rate of credential distribution, or a frequency of credential distribution.
  - 6. The method as recited in claim 1, wherein the unique identifier is electronically signed or encrypted with a private key unknown to the remote entity.

7. A method comprising:
- receiving, at a server device hosting a resource, a request from a remote entity for access of the resource, the request including a unique identifier and a hardware profile of the remote entity;
  
  forwarding the unique identifier and the hardware profile to a request-validating entity having access to an historical hardware profile associated with the unique identifier;
  
  receiving an indication of a validity of the request if the hardware profile of the remote entity matches at least a portion of the historical hardware profile;
  
  determining that a frequency of credential distribution associated with the unique identifier of the remote entity does not exceed a credential distribution frequency limit, the credential distribution frequency limit limiting a frequency at which the server device distributes credentials associated with the unique identifier; and
  
  transmitting, from the server device and responsive to determining that the frequency of credential distribution does not exceed the credential distribution frequency limit, a credential to the remote entity effective to enable access of the resource.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method as recited in claim 7, wherein the indication of validity includes identification information relating to the remote identity.
  - 9. The method as recited in claim 8, further comprising limiting access to the resource based on the identification information relating to the remote entity.
  - 10. The method as recited in claim 7, wherein the unique identifier is a certificate digitally signed or encrypted with a private key.
  - 11. The method as recited in claim 7, wherein the credential distribution frequency limit is effective to limit a distribution of credentials, associated with the unique identifier, to one credential per one interval of time.
  - 12. The method as recited in claim 7, wherein the resource is a service requiring authentication.

13. A system comprising:
- one or more processors; and
  
  a memory coupled to the one or more processors and including processor-executable instructions that, responsive to execution by the one or more processors, implement a resource access manager to;
  
  receive, via a network interface, a resource access request from a remote entity, the resource access request including a unique identifier of the remote entity and a hardware profile of the remote entity;
  
  determine that the hardware profile matches at least a portion of a stored hardware profile associated with the unique identifier;
  
  determine that a credential distribution limit associated with the unique identifier of the remote entity has not been exceeded, the credential distribution limit limiting a total number of credentials issued by the resource access manager in association with the unique identity of the remote entity; and
  
  transmit, via the network interface and responsive to determining that the credential distribution limit associated with the unique identifier of the remote entity has not been exceeded, a credential to the remote entity useful to access a resource.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system as recited in claim 13, wherein the hardware profile of the remote entity includes a collection of serial numbers, model numbers, or parameters of hardware components.
  - 15. The system as recited in claim 13, wherein the resource access manager is configured to determine that the hardware profile matches at least a portion of a stored hardware profile associated with the unique identifier using a fuzzy-logic algorithm.
  - 16. The system as recited in claim 13, wherein the resource access manager is further configured to, in response to transmitting the credential to the remote entity, increment a credential distribution count value associated with the unique identifier.
  - 17. The system as recited in claim 13, wherein the credential distribution limit is further based on a rate at which credentials are distributed in association with the unique identifier.
  - 18. The system as recited in claim 13, wherein the unique identifier is electronically signed or encrypted with a private key unknown to the remote entity.
  - 19. The system as recited in claim 13, wherein the resource access manager is further configured to transmit, during a secure registration process in which an initial hardware profile is received from the remote entity, the unique identifier to the remote entity.
  - 20. The system as recited in claim 19, wherein the resource access manager is further configured to store the initial hardware profile as the stored hardware profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Microsoft Corporation
Inventors
Anand, Gaurav S., Woley, Kevin Michael, Ayers, Matthew R., Dutt, Rajeev, Fleischman, Eric
Primary Examiner(s)
Nalven, Andrew L
Assistant Examiner(s)
MALINOWSKI, WALTER J

Application Number

US12/949,589
Publication Number

US 20120131652A1
Time in Patent Office

1,076 Days
Field of Search

726 2- 21
US Class Current

726/5
CPC Class Codes

G06F 21/31   User authentication

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 67/303   Terminal profiles

Hardware-based credential distribution

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware-based credential distribution

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links