Authorization of device access to network services

US 9,680,810 B2
Filed: 01/29/2013
Issued: 06/13/2017
Est. Priority Date: 08/10/2005
Status: Active Grant

First Claim

Patent Images

1. A method for securing a network comprising a plurality of devices, comprising:

receiving, from a first device, an authorization request to access at least one network service;

broadcasting the authorization request;

presenting a representation of the authorization request in an interface;

receiving, from said first device, a device identifier (ID);

determining that the first device is not included in a list associated with disallowed devices;

receiving, via said interface, an approval of the first device, wherein said approval is performed using the device ID;

generating, from the device ID, a key for the first device, wherein the key is also separately generated from the device ID by the first device, wherein said at least one network service may be accessed using said key;

replicating a security service to the first device based on a determination that the first device can provide the security service and serve as an authorizing device for subsequent device approvals and validations; and

synchronizing, to the first device and to other devices of the plurality of devices, security information indicative of access to said at least one network service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for authorization of devices entering a network. A new device entering a network sends an authorization request. Another device in the network may receive the request and prompt the user to approve the device. The user can use a device identifier provided by the new device in approving the new device. Assuming the identifier provided by the new device matches an identifier accessible by the authorizing device, the user authorizes the new device. A key is then generated for the new device, which allows access to an appropriate range of network services. Authorization decisions can be synchronized among the various devices in a network, so even if an authorizing device leaves the network, the new device key can be validated. A security service can be replicated in a new device once the device is authorized to access the network.

Citations

14 Claims

1. A method for securing a network comprising a plurality of devices, comprising:
- receiving, from a first device, an authorization request to access at least one network service;
  
  broadcasting the authorization request;
  
  presenting a representation of the authorization request in an interface;
  
  receiving, from said first device, a device identifier (ID);
  
  determining that the first device is not included in a list associated with disallowed devices;
  
  receiving, via said interface, an approval of the first device, wherein said approval is performed using the device ID;
  
  generating, from the device ID, a key for the first device, wherein the key is also separately generated from the device ID by the first device, wherein said at least one network service may be accessed using said key;
  
  replicating a security service to the first device based on a determination that the first device can provide the security service and serve as an authorizing device for subsequent device approvals and validations; and
  
  synchronizing, to the first device and to other devices of the plurality of devices, security information indicative of access to said at least one network service.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising sending, by a second device to a third device, an indication that the first device is authorized to access said at least one network service.
  - 3. The method of claim 1, wherein said authorization request comprises the device ID.
  - 4. The method of claim 3, wherein said approval is performed based on a comparison of the device ID in said representation of the authorization request with the device ID provided by said first device.
  - 5. The method of claim 1, wherein said approval is performed by entering the device ID provided by said first device.

6. A method for securing a network comprising a plurality of devices, comprising:
- sending, by a first device, an authorization request to access at least one network service, wherein the authorization request is broadcasted and a representation of the authorization request is presented in an interface;
  
  providing, by said first device, a device identifier (ID), wherein an approval of the first device is received, via said interface, and wherein said approval is performed using the device ID, wherein it is determined that the first device is not included in a list associated with disallowed devices;
  
  generating, from the device ID, by the first device, a key for the first device, wherein the key is also separately generated from the device ID by one or more other devices, wherein said at least one network service may be accessed using said key;
  
  replicating, by the first device, a security service based on a determination that the first device can provide the security service and serve as an authorizing device for subsequent device approvals and validations; and
  
  synchronizing, by the first device and to other devices of the plurality of devices, security information indicative of access to said at least one network service.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein said authorization request comprises the device ID.
  - 8. The method of claim 7, wherein said approval is performed based on a comparison of the device ID in said representation of the authorization request with the device ID provided by said first device.
  - 9. The method of claim 6, wherein said approval is performed by entering the device ID provided by said first device.

10. A computing system for securing a network comprising a plurality of devices, comprising:
- one or more processors; and
  
  one or more memories having stored therein instructions that, upon execution by the one or more processors, cause the computing system to perform operations comprising;
  
  receiving, from a first device, an authorization request to access at least one network service;
  
  broadcasting the authorization request;
  
  presenting a representation of the authorization request in an interface;
  
  receiving, from said first device, a device identifier (ID);
  
  receiving, via said interface, an approval of the first device, wherein said approval is performed using the device ID and serve as an authorizing device for subsequent device approvals and validations, wherein the operations further comprise determining that the first device is not included in a list associated with disallowed devices;
  
  generating, from the device ID, a key for the first device, wherein the key is also separately generated from the device ID by the first device, wherein said at least one network service may be accessed using said key;
  
  replicating a security service to the first device based on a determination that the first device can provide the security service; and
  
  synchronizing, to the first device and to other devices of the plurality of devices, security information indicative of access to said at least one network service.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computing system of claim 10, wherein said authorization request comprises the device ID.
  - 12. The computing system of claim 11, wherein said approval is performed based on a comparison of the device ID in said representation of the authorization request with the device ID provided by said first device.
  - 13. The computing system of claim 10, wherein said approval is performed by entering the device ID provided by said first device.
  - 14. The computing system of claim 10, wherein the operations further comprise sending, by a second device to a third device, an indication that the first device is authorized to access said at least one network service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Gilbert, Mark, Mevissen, Ron J.
Primary Examiner(s)
HO, DAO Q

Application Number

US13/752,665
Publication Number

US 20130205372A1
Time in Patent Office

1,596 Days
Field of Search

713168, 726 4
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2129   Authenticate client device ...

G06F 2221/2149   Restricted operating enviro...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

Authorization of device access to network services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization of device access to network services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links