Ad-hoc user account creation

US 8,813,185 B2
Filed: 06/11/2012
Issued: 08/19/2014
Est. Priority Date: 09/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method for a first computerized apparatus to control access to resources by a second computerized apparatus, the method comprising:

at the first computerized apparatus;

receiving a resource request from the second computerized apparatus, the resource request at least comprising a trusted token from the second computerized apparatus and a calling card, the trusted token containing identity data of a user of the first computerized apparatus;

determining when the resource request is authorized to access at least the requested resource, wherein the determining comprises;

extracting information from the calling card as determined by a rules engine of the first computerized apparatus, andapplying one or more conditions of the rules engine on the extracted information; and

creating an ad-hoc user account configured to access the requested resource by the second computerized apparatus upon a determination of authorized access, the ad-hoc user account comprising at least the identity data, wherein creating the ad-hoc user account is characterized by automatic creation in response to the resource request.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism that allows a user to easily configure a rules engine to apply rules to decide which requests for access to a user'"'"'s computer resources are to be granted and which are denied. A trusted token, such as a certificate of identity issued by a trusted third party authority that verifies identities of computer users, is included in a calling card object provided by the requesting user to the (server) computer that controls the resources desired by the requester. Additional conditions for access may be specified as desired by the user of the server computer.

9 Citations

View as Search Results

20 Claims

1. A method for a first computerized apparatus to control access to resources by a second computerized apparatus, the method comprising:
- at the first computerized apparatus;
  
  receiving a resource request from the second computerized apparatus, the resource request at least comprising a trusted token from the second computerized apparatus and a calling card, the trusted token containing identity data of a user of the first computerized apparatus;
  
  determining when the resource request is authorized to access at least the requested resource, wherein the determining comprises;
  
  extracting information from the calling card as determined by a rules engine of the first computerized apparatus, andapplying one or more conditions of the rules engine on the extracted information; and
  
  creating an ad-hoc user account configured to access the requested resource by the second computerized apparatus upon a determination of authorized access, the ad-hoc user account comprising at least the identity data, wherein creating the ad-hoc user account is characterized by automatic creation in response to the resource request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the trusted token comprises a token issued by an identity-verification authority.
  - 3. The method of claim 1, wherein the trusted token identifies the user by name.
  - 4. The method of claim 1, wherein the calling card comprises information configurable by the user.
  - 5. The method of claim 1, wherein the user account is part of a user-account database configured to track access to the requested resource.
  - 6. The method of claim 1, further comprising receiving from the second computerized apparatus an updated calling card having additional information fulfilling the resource request.
  - 7. The method of claim 1, wherein an authentication of the trusted token is performed prior to creating the ad-hoc user account.

8. A computerized apparatus, comprising:
- a network interface;
  
  a processor in data communication with the network interface; and
  
  a storage apparatus in data communication with the processor, the storage apparatus having a plurality of instructions stored thereon that are configured to, when executed by the processor;
  
  generate a data structure comprising at least a trusted token containing identity information of a user of the computerized apparatus, the data structure generated via a rules engine configured according to one or more criteria;
  
  establish a connection to a remote computerized apparatus using the network interface;
  
  transmit a request via the connection to access at least one resource managed by the remote computerized apparatus, the request comprising at least the data structure; and
  
  access the at least one resource, where the at least one resource is accessed based on establishing an ad-hoc user account comprising at least the identity information, wherein;
  
  establishing the ad-hoc user account comprises automatic creation of the ad-hoc user account in response to the request to access the at least one resource,the transmitted data structure is configured to enable establishing the ad-hoc user account upon authentication of the trusted token, andgenerating the data structure is triggered by a previously denied request to the at least one resource.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computerized apparatus of claim 8, wherein at least a portion of the one or more criteria of the rules engine are configurable by the user.
  - 10. The computerized apparatus of claim 8, wherein the trusted token comprises an electronic certificate issued by an identity-verification authority.
  - 11. The computerized apparatus of claim 10, wherein the identity-verification authority is a third-party.
  - 12. The computerized apparatus of claim 8, wherein the processor is further configured to update a calling card having additional information to fulfill the request according to the remote computerized apparatus.
  - 13. The computerized apparatus of claim 8, wherein portions of the data structure are configured to be editable by the user.
  - 14. The computerized apparatus of claim 8, wherein the processor is further configured to display to the user at least one of the one or more criteria prior to generating the data structure.

15. A non-transitory computer readable storage medium storing executable instructions that, when executed by a processor included in a first computerized apparatus, cause the first computerized apparatus to carry out steps that include:
- receiving a resource request from a second computerized apparatus, the resource request comprising at least a user identifier and a digital certificate;
  
  applying one or more access criteria against the resource request to determine an authorization to access the requested resource according to a rules engine; and
  
  creating an ad-hoc user account to enable access to the requested resource by the second computerized apparatus upon a determination that the resource request is authorized, the ad-hoc user account containing at least the user identifier, wherein;
  
  creating the ad-hoc user account is characterized by automatic creation in response to the resource request without requiring additional user interaction, andat least one of the one or more access criteria comprises a frequency of contact initiation condition.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein the digital certificate comprises a token issued by a third-party entity.
  - 17. The non-transitory computer readable storage medium of claim 15, wherein at least one of the one or more access criteria are configurable by a user.
  - 18. The non-transitory computer readable storage medium of claim 17, wherein the steps further include receiving an updated calling card having additional information to fulfill the resource request according to the one or more access criteria.
  - 19. The non-transitory computer readable storage medium of claim 15, wherein the account is part of an access management database, and the steps further include tracking access to the requested resource.
  - 20. The non-transitory computer readable storage medium of claim 15, wherein an authentication of the digital certificate is performed prior to the creation of the ad-hoc user account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Wallace, Leland A., O'Rourke, David M.
Primary Examiner(s)
Rahman, Mohammad L

Application Number

US13/493,880
Publication Number

US 20120278863A1
Time in Patent Office

799 Days
Field of Search

726/2
US Class Current

726/2
CPC Class Codes

G06F 21/33   using certificates

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

Ad-hoc user account creation

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Ad-hoc user account creation

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links