Simplified user registration

US 9,251,331 B2
Filed: 01/16/2014
Issued: 02/02/2016
Est. Priority Date: 01/22/2013
Status: Active Grant

First Claim

Patent Images

1. A method of registering a security token at a computing device, the method comprising:

receiving, at a computing device, a security token identifier and a request to access one or more resources of the computing device, the security token identifier comprising static information that identifies a security token which has been presented at the computing device;

sending, from the computing device to a server computing system, a request to identify domains having a trust relationship with a domain associated with the computing device;

receiving, at the computing device from the server computing system, a response to the request to identify domains having a trust relationship with the domain associated with the computing device, the response comprising information that identifies one or more domains each having a trust relationship with the domain associated with the computing device;

determining that an entry in a first data store matches the security token identifier, the first data store associated with a first domain of the one or more domains each having a trust relationship with the domain associated with the computing device;

in response to the determining that an entry in the first data store matches the security token identifier, updating a local data store at the computing device such that, in the local data store, the security token identifier is associated with first domain information that identifies the first domain; and

granting the requested access to one or more resources of the computing device based on the trust relationship determined to exist between the domain associated with the computing device and the first domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer-readable media are provided. Some embodiments include receiving, at a computing device, a security token identifier and a request to access one or more resources of the computing device. The computing device obtains information that identifies one or more domains each having a trust relationship with the domain associated with the computing device. The computing device determines that an entry in a first data store associated with a first domain of the one or more domains matches the security token identifier. In response to the determining that an entry in the first data store matches the security token identifier, the computing device updates a local data store such that, in the local data store, the security token identifier is associated with first domain information that identifies the first domain. The computing device grants the requested access to one or more resources of the computing device.

Citations

19 Claims

1. A method of registering a security token at a computing device, the method comprising:
- receiving, at a computing device, a security token identifier and a request to access one or more resources of the computing device, the security token identifier comprising static information that identifies a security token which has been presented at the computing device;
  
  sending, from the computing device to a server computing system, a request to identify domains having a trust relationship with a domain associated with the computing device;
  
  receiving, at the computing device from the server computing system, a response to the request to identify domains having a trust relationship with the domain associated with the computing device, the response comprising information that identifies one or more domains each having a trust relationship with the domain associated with the computing device;
  
  determining that an entry in a first data store matches the security token identifier, the first data store associated with a first domain of the one or more domains each having a trust relationship with the domain associated with the computing device;
  
  in response to the determining that an entry in the first data store matches the security token identifier, updating a local data store at the computing device such that, in the local data store, the security token identifier is associated with first domain information that identifies the first domain; and
  
  granting the requested access to one or more resources of the computing device based on the trust relationship determined to exist between the domain associated with the computing device and the first domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the receiving the security token identifier comprises receiving the security token identifier via a data input device, the security token identifier having been read directly from the security token by the data input device.
  - 3. The method of claim 1, wherein the determining that an entry in the first data store matches the security token identifier comprises:
    - sending, from the computing device to a directory service associated with the first domain, a request to search the first data store for an entry that matches the security token identifier; and
      
      receiving, at the computing device from the directory service associated with the first domain, an indication that an entry in the first data store matches the security token identifier.
  - 4. The method of claim 1, wherein the updating the local data store comprises adding a user account to the local data store, the user account including the security token identifier and the first domain information as entries in the user account.
  - 5. The method of claim 1, wherein the updating the local data store comprises:
    - deleting second domain information from a user account in the local data store, the second domain information comprising information that identifies a second domain different from the first domain; and
      
      adding the first domain information to the user account such that the user account includes the security token identifier and the first domain information as entries in the user account.
  - 6. The method of claim 1, further comprising:
    - in response to the receiving the security token identifier and the request to access one or more resources of the computing device, determining whether an entry in the local data store matches the security token identifier,wherein the sending the request to identify domains having a trust relationship with the domain associated with the computing device is performed in response to determining that no entry in the local data store matches the security token identifier.
  - 7. The method of claim 1, further comprising:
    - in response to the receiving the security token identifier and the request to access one or more resources of the computing device, determining whether an entry in the local data store matches the security token identifier;
      
      in response to determining that an entry in the local data store matches the security token identifier, identifying a second domain based on second domain information that identifies the second domain, the second domain information associated with the security token identifier in the local data store, the second domain different from the first domain; and
      
      determining that no entry in a second data store matches the security token identifier, the second data store associated with the second domain,wherein the sending the request to identify domains having a trust relationship with the domain associated with the computing device is performed in response to the determining that no entry in the second data store matches the security token identifier.
  - 8. The method of claim 1, further comprising:
    - determining that no entry in a second data store matches the security token identifier, the second data store associated with a second domain of the one or more domains each having a trust relationship with the domain associated with the computing device, the second domain different from the first domain; and
      
      in response to the determining that no entry in the second data store matches the security token identifier, determining whether the first domain has been checked to determine whether an entry in the first data store matches the security token identifier,wherein the determining that an entry in the first data store matches the security token identifier is performed in response to determining that the first domain has not been checked to determine whether an entry in the first data store matches the security token identifier.
  - 9. The method of claim 1, further comprising:
    - after the requested access to one or more resources of the computing device has terminated, receiving, at the computing device, the security token identifier and a second request to access one or more resources of the computing device;
      
      determining that an entry in the local data store matches the security token identifier;
      
      identifying the first domain based on the first domain information, the first domain information associated with the security token identifier in the local data store;
      
      determining that an entry in the first data store matches the security token identifier; and
      
      granting the second requested access to one or more resources of the computing device.

10. A non-transitory computer-readable medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising:
- receiving, at a computing device, a security token identifier and a request to access one or more resources of the computing device, the security token identifier comprising static information that identifies a security token which has been presented at the computing device;
  
  sending, from the computing device to a server computing system, a request to identify domains having a trust relationship with a domain associated with the computing device;
  
  receiving, at the computing device from the server computing system, a response to the request to identify domains having a trust relationship with the domain associated with the computing device, the response comprising information that identifies one or more domains each having a trust relationship with the domain associated with the computing device;
  
  determining that an entry in a first data store matches the security token identifier, the first data store associated with a first domain of the one or more domains each having a trust relationship with the domain associated with the computing device;
  
  in response to the determining that an entry in the first data store matches the security token identifier, updating a local data store at the computing device such that, in the local data store, the security token identifier is associated with first domain information that identifies the first domain; and
  
  granting the requested access to one or more resources of the computing device based on the trust relationship determined to exist between the domain associated with the computing device and the first domain.

11. A computing device comprising:
- one or more processors; and
  
  one or more computer-readable media coupled to the one or more processors, the one or more computer-readable media storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  receiving, at the computing device, a security token identifier and a request to access one or more resources of the computing device, the security token identifier comprising static information that identifies a security token which has been presented at the computing device;
  
  sending, from the computing device to a server computing system, a request to identify domains having a trust relationship with a domain associated with the computing device;
  
  receiving, at the computing device from the server computing system, a response to the request to identify domains having a trust relationship with the domain associated with the computing device, the response comprising information that identifies one or more domains each having a trust relationship with the domain associated with the computing device;
  
  determining that an entry in a first data store matches the security token identifier, the first data store associated with a first domain of the one or more domains each having a trust relationship with the domain associated with the computing device;
  
  in response to the determining that an entry in the first data store matches the security token identifier, updating a local data store at the computing device such that, in the local data store, the security token identifier is associated with first domain information that identifies the first domain; and
  
  granting the requested access to one or more resources of the computing device based on the trust relationship determined to exist between the domain associated with the computing device and the first domain.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The device of claim 11, wherein the receiving the security token identifier comprises receiving the security token identifier via a data input device, the security token identifier having been read directly from the security token by the data input device.
  - 13. The device of claim 11, wherein the determining that an entry in the first data store matches the security token identifier comprises:
    - sending, from the computing device to a directory service associated with the first domain, a request to search the first data store for an entry that matches the security token identifier; and
      
      receiving, at the computing device from the directory service associated with the first domain, an indication that an entry in the first data store matches the security token identifier.
  - 14. The device of claim 11, wherein the updating the local data store comprises adding a user account to the local data store, the user account including the security token identifier and the first domain information as entries in the user account.
  - 15. The device of claim 11, wherein the updating the local data store comprises:
    - deleting second domain information from a user account in the local data store, the second domain information comprising information that identifies a second domain different from the first domain; and
      
      adding the first domain information to the user account such that the user account includes the security token identifier and the first domain information as entries in the user account.
  - 16. The device of claim 11, the operations further comprising:
    - in response to the receiving the security token identifier and the request to access one or more resources of the computing device, determining whether an entry in the local data store matches the security token identifier,wherein the sending the request to identify domains having a trust relationship with the domain associated with the computing device is performed in response to determining that no entry in the local data store matches the security token identifier.
  - 17. The device of claim 11, the operations further comprising:
    - in response to the receiving the security token identifier and the request to access one or more resources of the computing device, determining whether an entry in the local data store matches the security token identifier;
      
      in response to determining that an entry in the local data store matches the security token identifier, identifying a second domain based on second domain information that identifies the second domain, the second domain information associated with the security token identifier in the local data store, the second domain different from the first domain; and
      
      determining that no entry in a second data store matches the security token identifier, the second data store associated with the second domain, wherein the sending the request to identify domains having a trust relationship with the domain associated with the computing device is performed in response to the determining that no entry in the second data store matches the security token identifier.
  - 18. The device of claim 11, the operations further comprising:
    - determining that no entry in a second data store matches the security token identifier, the second data store associated with a second domain of the one or more domains each having a trust relationship with the domain associated with the computing device, the second domain different from the first domain; and
      
      in response to the determining that no entry in the second data store matches the security token identifier, determining whether the first domain has been checked to determine whether an entry in the first data store matches the security token identifier,wherein the determining that an entry in the first data store matches the security token identifier is performed in response to determining that the first domain has not been checked to determine whether an entry in the first data store matches the security token identifier.
  - 19. The device of claim 11, the operations further comprising:
    - after the requested access to one or more resources of the computing device has terminated, receiving, at the computing device, the security token identifier and a second request to access one or more resources of the computing device;
      
      determining that an entry in the local data store matches the security token identifier;
      
      identifying the first domain based on the first domain information, the first domain information associated with the security token identifier in the local data store;
      
      determining that an entry in the first data store matches the security token identifier; and
      
      granting the second requested access to one or more resources of the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Information and Imaging Solutions, Inc. (Canon Inc.), Canon USA, Inc. (Canon Inc.)
Original Assignee
Canon Information and Imaging Solutions, Inc. (Canon Inc.), Canon USA, Inc. (Canon Inc.)
Inventors
Dellago, Robert Alfonso Jr.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
LE, THANH H

Application Number

US14/156,929
Publication Number

US 20140208410A1
Time in Patent Office

747 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/34   involving the use of extern...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/104   Grouping of entities

Simplified user registration

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Simplified user registration

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links