Linking web identity and access to devices

US 8,656,473 B2
Filed: 05/14/2009
Issued: 02/18/2014
Est. Priority Date: 05/14/2009
Status: Active Grant

First Claim

Patent Images

1. A system for linking a web identity and a portable device to provide web access to a user from a vehicle, the system comprising:

a memory resident on the portable device configured to hold a device identifier; and

an onboard computing device having a processor and associated onboard memory, the processor being configured to execute processor-executable instructions stored in the onboard memory comprising;

a presence agent configured to recognize and to validate the presence of the portable device within the vehicle by receiving the device identifier and comparing the device identifier to a known device value;

a security manager configured to receive the device identifier, and further configured to receive a user identifier, the security manager configured to verify if the user identifier corresponds with a known user value, upon receipt of the device identifier, and upon verifying the user identifier, the security manager configured to send a user identity secure proxy to a credential manager;

the credential manager configured to receive the user identity secure proxy from the security manager, to pass one or more credentials to a computing device onboard the vehicle, the one or more credentials indicating that the user is authorized to access a first group of a plurality of web services from the computing device onboard the vehicle, and to grant the user access to the first group of a plurality of web services from the onboard vehicle computing device;

a password input mechanism configured to pre-store authenticating credentials for the user, for accessing remote web services having a higher level of security than the first group of web services, in a credential store associated with the password input mechanism, the authenticating credentials for the higher level of security comprising one or more credentials in addition to the one or more credentials authorizing the user to access the first group of web services, for authorizing the user to access a higher level of service than the first group of web services; and

a communication agent configured to send a request to access a specified web service having the higher level of security than the first group of web services;

wherein the password input mechanism is configured to receive the request from the specified web service for the one or more of the authenticating credentials pre-stored at the password input mechanism in addition to the one or more credentials authorizing the user to access the first group of web services, via the communication agent, and based on the request, to pass a predetermined authenticating credential for the specified web service for processing by a web credential manager of the specified web service to enable the user to have access to the specified web service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for linking a web identity and a portable device to provide web access to a user from a vehicle. An example system includes a presence agent that may be configured to validate the presence of the portable device in the vehicle by recognizing a device identifier saved on the portable device. After the presence of the portable device is validated, a security manager may receive a user identifier, and verify if the user identifier corresponds with a known user value. Then, the security manager may send a user identity secure proxy to a credential manager. The credential manager may be configured to receive the user identity secure proxy, and in response, pass one or more credentials to a computing device onboard the vehicle. The credentials may indicate that the user is authorized to access one or more web services from the computing device.

25 Citations

View as Search Results

17 Claims

1. A system for linking a web identity and a portable device to provide web access to a user from a vehicle, the system comprising:
- a memory resident on the portable device configured to hold a device identifier; and
  
  an onboard computing device having a processor and associated onboard memory, the processor being configured to execute processor-executable instructions stored in the onboard memory comprising;
  
  a presence agent configured to recognize and to validate the presence of the portable device within the vehicle by receiving the device identifier and comparing the device identifier to a known device value;
  
  a security manager configured to receive the device identifier, and further configured to receive a user identifier, the security manager configured to verify if the user identifier corresponds with a known user value, upon receipt of the device identifier, and upon verifying the user identifier, the security manager configured to send a user identity secure proxy to a credential manager;
  
  the credential manager configured to receive the user identity secure proxy from the security manager, to pass one or more credentials to a computing device onboard the vehicle, the one or more credentials indicating that the user is authorized to access a first group of a plurality of web services from the computing device onboard the vehicle, and to grant the user access to the first group of a plurality of web services from the onboard vehicle computing device;
  
  a password input mechanism configured to pre-store authenticating credentials for the user, for accessing remote web services having a higher level of security than the first group of web services, in a credential store associated with the password input mechanism, the authenticating credentials for the higher level of security comprising one or more credentials in addition to the one or more credentials authorizing the user to access the first group of web services, for authorizing the user to access a higher level of service than the first group of web services; and
  
  a communication agent configured to send a request to access a specified web service having the higher level of security than the first group of web services;
  
  wherein the password input mechanism is configured to receive the request from the specified web service for the one or more of the authenticating credentials pre-stored at the password input mechanism in addition to the one or more credentials authorizing the user to access the first group of web services, via the communication agent, and based on the request, to pass a predetermined authenticating credential for the specified web service for processing by a web credential manager of the specified web service to enable the user to have access to the specified web service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the portable device is a key fob.
  - 3. The system of claim 2, wherein the user identifier is a user supplied input.
  - 4. The system of claim 3, wherein the user supplied input is one or more of a Personal Identification Number (PIN) and biometric data.
  - 5. The system of claim 1, further comprising a user interface configured to prompt the user to provide the user identifier upon recognition of the portable device by the presence agent.
  - 6. The system of claim 1, wherein the user identifier is provided by an additional portable device.
  - 7. The system of claim 6, wherein one or more of the portable device and the additional portable device is a mobile phone.
  - 8. The system of claim 1, wherein the communication agent is coupled with the security manager and resident on the vehicle, the communication agent configured to establish a connection between the vehicle and the one or more web services.
  - 9. The system of claim 1, wherein the password input mechanism is further configured to supply an authentication failure message to a specified web service of the first group of web services when the one or more credentials to access the specified web service of the first group of web services are insufficient to gain access to the specified web service.

10. A method for linking a web identity and web access to a remote vehicle fob, the remote vehicle fob associated with a vehicle, the method comprising, at an onboard vehicle computing device:
- recognizing a presence of the vehicle fob when the vehicle fob is in the vehicle;
  
  retrieving a fob identifier from a memory on the vehicle fob;
  
  prompting a user, with a user interface, to provide a user identifier;
  
  receiving the user identifier from the user;
  
  passing a combination of the fob identifier and the user identifier to a local credential manager as a user identity secure proxy; and
  
  receiving one or more user credentials from the local credential manager which indicates to a security module that the user is authorized to access a first group of a plurality of web services from the onboard vehicle computing device in the vehicle;
  
  granting the user access to the first group of web services from the onboard vehicle computing device;
  
  pre-storing authenticating credentials for the user for accessing remote web services having a higher level of security than the first group of web services, in a credential store associated with a password input mechanism, the authenticating credentials for the higher level of security comprising one or more credentials in addition to the one or more credentials authorizing the user to access the first group of web services, for authorizing the user to access a higher level of service than the first group of web services;
  
  sending a request to access a specified web service having the higher level of security than the first group of web services;
  
  receiving the request from the specified web service for one or more of the authenticating credentials pre-stored at the password input mechanism, in addition to the one or more credentials authorizing the user to access the first group of web services, via a communication agent; and
  
  based on the request, passing a predetermined authenticating credential for the specified web service for processing by a web credential manager of the specified web service to enable the user to have access to the specified web service.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein the user identifier is a Personal Identification Number (PIN).
  - 12. The method of claim 10, wherein the user identifier is biometric data of the user received by the user interface.
  - 13. The method of claim 10, wherein the web credential manager is executed on a remote server in communication with the onboard vehicle computing device.
  - 14. The method of claim 10, wherein the local credential manager is executed by the onboard vehicle computing device.
  - 15. The method of claim 10, wherein the one or more user credentials to access the first group web services enables an aggregator sign-on service to provide access to multiple web services of the first group of web services.
  - 16. The method of claim 10, wherein the password input mechanism is served by a program executed on a remote server.
  - 17. The method of claim 10, wherein the password input mechanism is executed by the onboard vehicle computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hall, Martin, Khan, Ali, McNulty, Mark, Xu, Zhangwei
Primary Examiner(s)
CHAO, MICHAEL W

Application Number

US12/466,103
Publication Number

US 20100293607A1
Time in Patent Office

1,741 Days
Field of Search

726/9
US Class Current

726/9
CPC Class Codes

G06F 21/31   User authentication

G06F 21/35   communicating wirelessly

H04W 12/068   using credential vaults, e....

Linking web identity and access to devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Linking web identity and access to devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links