Authenticating using cloud authentication

US 8,584,221 B2
Filed: 10/23/2009
Issued: 11/12/2013
Est. Priority Date: 10/23/2009
Status: Active Grant

First Claim

Patent Images

1. A domain server comprising:

a processor;

a local area network connection to a plurality of client devices;

a wide area network connection to a cloud authentication mechanism;

a database comprising user identification and passwords;

a domain authentication mechanism configured to perform a method comprising;

receiving a first authentication request from a first client device, said authentication request comprising a first user identification and a first password;

transmitting said first user identification and said first password to said cloud authentication mechanism;

receiving a first acceptance token from said cloud authentication mechanism;

based on said first acceptance token, storing said first user identification and said first password in said database;

transmitting a second acceptance token to said first client devicereceiving a second authentication request from a second client device, said second authentication request comprising said first user identification and said first password;

looking up said first user identification and said first password in said database and determining that said first user identification and said first password are found in said database; and

transmitting a third acceptance token to said second client device without performing a cloud authentication.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication mechanism in a local area network may use a cloud authentication mechanism to allow or deny authentication requests. A user may gain access within a local area network by entering a cloud identification and password, which may be verified by a cloud authentication mechanism. If the authentication is successful from the cloud authentication mechanism, the user identification and password are stored locally for subsequent authentication requests. In some embodiments, the cloud password may be periodically flushed so that subsequent requests may be passed to the cloud authentication mechanism. The authentication mechanism may be used in both domain and workgroup local area networks, and may operate in parallel with other users who may have local area network or client credentials which may not be authenticated from the cloud.

25 Citations

View as Search Results

18 Claims

1. A domain server comprising:
- a processor;
  
  a local area network connection to a plurality of client devices;
  
  a wide area network connection to a cloud authentication mechanism;
  
  a database comprising user identification and passwords;
  
  a domain authentication mechanism configured to perform a method comprising;
  
  receiving a first authentication request from a first client device, said authentication request comprising a first user identification and a first password;
  
  transmitting said first user identification and said first password to said cloud authentication mechanism;
  
  receiving a first acceptance token from said cloud authentication mechanism;
  
  based on said first acceptance token, storing said first user identification and said first password in said database;
  
  transmitting a second acceptance token to said first client devicereceiving a second authentication request from a second client device, said second authentication request comprising said first user identification and said first password;
  
  looking up said first user identification and said first password in said database and determining that said first user identification and said first password are found in said database; and
  
  transmitting a third acceptance token to said second client device without performing a cloud authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14)
- - 2. The domain server of claim 1, said first user identification being identified as a cloud authenticated user identification.
  - 3. The domain server of claim 1, said method further comprising:
    - receiving a third authentication request from said first client device, said third authentication request comprising said first user identification and a second password;
      
      checking said database to determine that said first user identification and said second password do not match said database;
      
      transmitting said first user identification and said second password to said cloud authentication mechanism,receiving a third acceptance token from said cloud authentication mechanism; and
      
      based on said third acceptance token, transmitting a fourth acceptance token to said first client device and updating said database by removing said first password and storing said second password.
  - 4. The domain server of claim 3, said method further comprising:
    - receiving a fourth authentication request from said first client device, said fourth authentication request comprising said first user identification and said second password;
      
      checking said database to determine that said first user identification and said second password do not match said database;
      
      transmitting said first user identification and said second password to said cloud authentication system,receiving a first failure token from said cloud authentication mechanism; and
      
      based on said first failure token, transmitting a second failure token to said first client device.
  - 5. The domain server of claim 1, said first user identification having a cloud authentication identifier.
  - 6. The domain server of claim 5, said method comprising:
    - receiving a second authentication request from a second client device, said second authentication request comprising a second user identification and a second password;
      
      determining that said second user identification has a local authentication indicator;
      
      checking said database to determine that said second user identification and said second password do match said database, generating a failure token, and transmitting said failure token without performing a cloud authentication.
  - 7. The domain server of claim 1, said transmitting to said cloud authentication mechanism being performed using a secure connection.
  - 8. The domain server of claim 1, said method further comprising:
    - performing a hash on said first password to generate a hashed value and transmitting said first password in the form of said hashed value to said cloud authentication mechanism.
  - 9. The domain server of claim 1, said wide area network connection comprising a connection through said local area network connection to a gateway to said wide area network.
  - 10. The domain server of claim 1 further comprising:
    - an expiration mechanism configured to determine when a predetermined amount of time has elapsed since said storing said first user identification and causing said first password to be expired.
  - 11. The domain server of claim 10, said causing said first password to be expired comprising erasing said first password from said database.
  - 12. The domain server of claim 1, said database being a duplicate of a second database located on a second domain server, said second domain server being configured to authenticate users.
  - 14. The workgroup computer of claim 3, said method further comprising:
    - receiving a third authentication request for said first user, said third authentication request comprising said first user identification and a second password;
      
      checking said database to determine that said first user identification and said second password do not match said database;
      
      transmitting said first user identification and said second password to said cloud authentication mechanism,receiving a third acceptance token from said cloud authentication mechanism; and
      
      based on said third acceptance token, permitting access for said first user to said workgroup computer and updating said database by removing said first password and storing said second password.

13. A workgroup computer comprising:
- a processor;
  
  a wide area network connection to a cloud authentication mechanism;
  
  a database comprising user identification and passwords;
  
  a domain authentication mechanism configured to perform a method comprising;
  
  receiving a first authentication request for a first user, said first authentication request comprising a first user identification and a first password;
  
  determining if the first authentication request is configured for cloud authentication;
  
  transmitting said first user identification and said first password to said cloud authentication mechanism when the first authentication request is configured for cloud authentication;
  
  receiving a first acceptance token from said cloud authentication mechanism;
  
  based on said first acceptance token, storing said first user identification and said first password in said database;
  
  permitting access for said first user to said workgroup computer;
  
  receiving a second authentication request for said first user, said second authentication request comprising said first user identification and said first password;
  
  looking up said first user identification and said first password in said database and determining that said first user identification and said first password are found in said database; and
  
  permitting access for said first user to said workgroup computer without performing a cloud authentication.

15. A computer-readable storage medium not comprising a signal, said medium comprising computer executable instructions configured to perform a method comprising:
- receiving a first authentication request for a first user, said first authentication request comprising a first set of credentials;
  
  determining that said first user has a cloud authenticated account and transmitting said first set of credentials to a cloud authentication mechanism;
  
  receiving a first acceptance token from said cloud authentication mechanism;
  
  storing said first set of credentials to a user database;
  
  permitting access for said first user to a computer system based on said first acceptance token;
  
  receiving a second authentication request for the first user, said second authentication request comprising a second set of credentials;
  
  determining that said second set of credentials are not a match to credentials in said user database;
  
  transmitting said second set of credentials to said cloud authentication mechanism;
  
  receiving a second acceptance token from said cloud authentication mechanism; and
  
  updating said user database by replacing the first set of credentials for the first user with the second set of credentials.
- View Dependent Claims (16, 17, 18)
- - 16. The medium of claim 15 said method further comprising encrypting at least a portion of said first set of credentials before said transmitting.
  - 17. The medium of claim 15 said computer system being the same computer system as executes said computer executable instructions.
  - 18. The method of claim 15, said computer system being a different computer system as executes said computer executable instructions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Mazur, Leszek, Xie, Jianhui, Daniel, Sean D., Saretto, Cesare John
Primary Examiner(s)
DADA, BEEMNET W

Application Number

US12/604,673
Publication Number

US 20110099616A1
Time in Patent Office

1,481 Days
Field of Search

726 6- 8, 713/168, 713/155, 713/172
US Class Current

726/8
CPC Class Codes

G06F 21/31   User authentication

H04L 2209/80   Wireless network architectu...

H04L 63/083   using passwords cryptograph...

H04L 63/0846   using time-dependent-passwo...

H04L 9/3226   using a predetermined code,...

Authenticating using cloud authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating using cloud authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links