Access to a computing environment by computing devices

US 8,984,291 B2
Filed: 03/23/2006
Issued: 03/17/2015
Est. Priority Date: 03/31/2005
Status: Active Grant

First Claim

Patent Images

1. A method for managing access of a computing device to a plurality of assets of a computing environment, the method comprising:

providing at least one credential at the computing device, the at least one credential identifying both the computing device and a user of the computing device;

storing data at the computing environment relating to the computing device and the user in association with the at least one credential, the data indicating which of the assets the computing device is permitted to access when the at least one credential is authenticated;

the computing device communicating the at least one credential to the computing environment;

the computing environment selectively granting an access request received from the computing device in accordance with the data stored at the computing environment in association with the at least one credential and in accordance with a status the computing environment determined for the at least one credential communicated by the computing device;

flagging the data at the computing environment and associated with the at least one credential as being inactive in response to a reported loss, theft, or decommissioning of the computing device identified by the at least one credential; and

the computing environment denying the access request in the event that the computing environment determines that the computing device identified with the at least one credential associated is inactive.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for managing access to a computing environment by a computing device includes providing at least one credential that identifies both the computing device and a user of the computing device, storing data at the computing environment relating to the computing device and the user in association with the credential, and selectively granting an access request received from the computing device using the credential in accordance with the data stored at the computing environment.

Citations

12 Claims

1. A method for managing access of a computing device to a plurality of assets of a computing environment, the method comprising:
- providing at least one credential at the computing device, the at least one credential identifying both the computing device and a user of the computing device;
  
  storing data at the computing environment relating to the computing device and the user in association with the at least one credential, the data indicating which of the assets the computing device is permitted to access when the at least one credential is authenticated;
  
  the computing device communicating the at least one credential to the computing environment;
  
  the computing environment selectively granting an access request received from the computing device in accordance with the data stored at the computing environment in association with the at least one credential and in accordance with a status the computing environment determined for the at least one credential communicated by the computing device;
  
  flagging the data at the computing environment and associated with the at least one credential as being inactive in response to a reported loss, theft, or decommissioning of the computing device identified by the at least one credential; and
  
  the computing environment denying the access request in the event that the computing environment determines that the computing device identified with the at least one credential associated is inactive.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as claimed in claim 1, wherein the computing environment comprises a processor adapted to implement an asset management policy for the computing device, and wherein the data relating to the computing device and the user comprises data relating to management of the computing device in accordance with the asset management policy.
  - 3. A method as claimed in claim 1, wherein the computing device comprises a trusted component at least logically protected from a main processing environment of the computing device, and wherein the trusted component holds the at least one credential.
  - 4. A method as claimed in claim 1, wherein the computing device is adapted to use the at least one credential to make the access request only when the user has been authenticated by the computing device.
  - 5. A method as claimed in claim 3, wherein the computing device is adapted to use the at least one credential to make the access request only when the user has been authenticated by the computing device and wherein the trusted component is adapted to authenticate the user.
  - 6. A method as claimed in claim 2, further comprising:
    - flagging data associated with the at least one credential as inactive in the event of at least one predetermined condition associated with the computing device, whereupon the access request received from the computing device using the at least one credential is not granted.
  - 7. A method as claimed in claim 1, wherein the computing environment determines that the computing device identified with the at least one credential is inactive in the event of at least one predetermined condition selected from a group consisting of:
    - a reported the reported loss or theft of the computing device;
      
      a decommissioning the decommissioning of the computing device; and
      
      an expiry of a predetermined time period since the computing device was last presented for inspection or maintenance.
  - 8. The method of claim 1, further comprising flagging the data at the computing environment and associated with the at least one credential as being inactive in response to expiry of a predetermined time period since an update of anti-virus software or system software in the computing device identified by the at least one credential.
  - 9. The method of claim 1, further comprising flagging the data at the computing environment and associated with the at least one credential as being inactive in response to expiry of a predetermined time period since synchronization of stored data in the computing device identified by the at least one credential.

10. A method for managing access of a computing device to a plurality of assets of a computing environment, the method comprising:
- storing at least one credential in a trusted component of the computing device, the at least one credential identifying both the computing device and a user of the computing device;
  
  storing data at the computing environment relating to the computing device and the user in association with the at least one credential, the data indicating which of the assets the computing device is permitted to access when the at least one credential is authenticated;
  
  the computing device communicating the at least one credential from the trusted component to the computing environment; and
  
  the computing environment selectively granting access requests from the computing device in accordance with the data stored at the computing environment in association with the at least one credential and in accordance with a status of the computing environment determined for the at least one credential communicated by the computing device.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10, wherein selectively granting access requests comprises applying an asset management policy to select which of the assets of the computing environment the user identified by the at least one credential can access when using the computing device identified by the at least one credential.
  - 12. The method of claim 10, further comprising the computing environment denying the access requests in the event that the computing environment determines that the computing device identified with the at least one credential is inactive.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Plaquin, David, Ricca, Marco, Balacheff, Boris
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Woldemariam, Nega

Application Number

US11/389,336
Publication Number

US 20060265598A1
Time in Patent Office

3,281 Days
Field of Search

713/153, 713/163, 713/183, 713/193, 713/340, 713/164, 713/150, 714/38, 714/49, 714/48, 714/35, 714/37, 709/203, 709/217, 709/223, 709/237, 709/225, 709/229, 709/227, 709/211, 709/216, 709/219, 726/22, 726/14, 726/13, 726/11, 726/34, 726/25, 726/26, 726/27, 726/5, 380/42, 380/55, 380/58, 380/46, 707/E17.128, 707/E17.129, 707/E17.118
US Class Current

713/182
CPC Class Codes

H04L 63/0853 using an additional device,...

H04L 63/0892 by using authentication-aut...

Access to a computing environment by computing devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Access to a computing environment by computing devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links