Hardware-based credential distribution

US 9,553,858 B2
Filed: 10/25/2013
Issued: 01/24/2017
Est. Priority Date: 11/18/2010
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a network interface configured to communicate data over a network;

one or more processors; and

a memory coupled to the one or more processors and including processor-executable instructions that, responsive to execution by the one or more processors, implement a resource access manager to;

receive, via the network interface, a resource access request from a remote entity, the resource access request received prior to the remote entity accessing a resource and including a unique identifier of the remote entity and a hardware profile of the remote entity, the unique identifier of the remote entity being generated in association with a secure registration process prior to receiving the resource access request;

determine that the hardware profile of the resource access request matches at least a portion of a stored hardware profile associated with the unique identifier;

determine that a frequency of credential distribution associated with the unique identifier of the remote entity does not exceed a credential distribution frequency limit associated with the unique identifier of the remote entity, the credential distribution frequency limit being effective to limit credentials distributed in association with the unique identifier to one credential per one interval of time; and

transmit, via the network interface and responsive to determining that the credential distribution frequency limit has not been exceeded, a credential to the remote entity useful to access the resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.

52 Citations

View as Search Results

20 Claims

1. A system comprising:
- a network interface configured to communicate data over a network;
  
  one or more processors; and
  
  a memory coupled to the one or more processors and including processor-executable instructions that, responsive to execution by the one or more processors, implement a resource access manager to;
  
  receive, via the network interface, a resource access request from a remote entity, the resource access request received prior to the remote entity accessing a resource and including a unique identifier of the remote entity and a hardware profile of the remote entity, the unique identifier of the remote entity being generated in association with a secure registration process prior to receiving the resource access request;
  
  determine that the hardware profile of the resource access request matches at least a portion of a stored hardware profile associated with the unique identifier;
  
  determine that a frequency of credential distribution associated with the unique identifier of the remote entity does not exceed a credential distribution frequency limit associated with the unique identifier of the remote entity, the credential distribution frequency limit being effective to limit credentials distributed in association with the unique identifier to one credential per one interval of time; and
  
  transmit, via the network interface and responsive to determining that the credential distribution frequency limit has not been exceeded, a credential to the remote entity useful to access the resource.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system as recited in claim 1, wherein the hardware profile of the remote entity comprises a collection of serial numbers, model numbers, or parameters of hardware components of the remote entity.
  - 3. The system as recited in claim 1, wherein the unique identifier is a certificate that is digitally signed or encrypted with a private key.
  - 4. The system as recited in claim 1, wherein the resource is a service provided by the system or a resource server associated with the system.
  - 5. The system as recited in claim 1, wherein the resource access manager is further implemented to update, responsive to transmitting the credential to the remote entity, the frequency of credential distribution associated with the unique identifier.
  - 6. The system as recited in claim 1, wherein the resource access manager is further implemented to:
    - determine that a number of credentials distributed in association with the unique identifier of the remote entity does not exceed a numerical credential distribution limit associated with the unique identifier of the remote entity; and
      
      transmit, responsive to determining that the numerical credential distribution limit and the credential distribution frequency limit have not been exceeded, the credential to the remote entity.

7. A method comprising:
- receiving, via a network interface, a resource access request from a remote entity, the resource access request received prior to the remote entity accessing a resource and including a unique identifier of the remote entity and a hardware profile of the remote entity, the unique identifier of the remote entity being generated in association with a secure registration process prior to receiving the resource access request;
  
  determining that the hardware profile of the resource access request matches at least a portion of a stored hardware profile associated with the unique identifier;
  
  determining that a frequency of credential distribution associated with the unique identifier of the remote entity does not exceed a credential distribution frequency limit associated with the unique identifier of the remote entity, the credential distribution frequency limit being effective to limit credentials distributed in association with the unique identifier to one credential per one interval of time; and
  
  transmitting, via the network interface and responsive to determining that the credential distribution frequency limit has not been exceeded, a credential to the remote entity useful to access the resource.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method as recited in claim 7, wherein the hardware profile of the remote entity includes a collection of serial numbers, model numbers, or parameters of hardware components of the remote entity.
  - 9. The method as recited in claim 7, wherein the unique identifier of the remote entity is a certificate that is digitally signed or encrypted with a private key.
  - 10. The method as recited in claim 7, wherein determining that the hardware profile matches at least a portion of a stored hardware profile associated with the unique identifier employs a fuzzy-logic algorithm.
  - 11. The method as recited in claim 7, further comprising:
    - receiving, from the remote entity, an initial hardware profile;
      
      storing, at the server device, the initial hardware profile as the stored hardware profile;
      
      associating the stored hardware profile with the unique identifier; and
      
      transmitting, prior to receiving the resource access request, the unique identifier to the remote entity for use in subsequent attempts to access the resource.
  - 12. The method as recited in claim 7, further comprising updating, responsive to transmitting the credential to the remote entity, the frequency of credential distribution associated with the unique identifier.
  - 13. The method as recited in claim 7, further comprising:
    - determining that a rate at which credentials are distributed in association with the unique identifier of the remote entity does not exceed a credential distribution rate limit associated with the unique identifier of the remote entity; and
      
      transmit, responsive to determining that the credential distribution rate limit and the credential distribution frequency limit have not been exceeded, the credential to the remote entity.
  - 14. The method as recited in claim 7, wherein determining that the hardware profile of the resource access request matches at least a portion of a stored hardware profile associated with the unique identifier employs a fuzzy-logic algorithm.

15. One or more computer-readable storage devices comprising processor-executable instructions that, responsive to execution by one or more processors, implement a resource access manager to:
- receive, via a network interface, a resource access request from a remote entity, the resource access request received prior to the remote entity accessing a resource for which the resource access request requests access and including a unique identifier of the remote entity and a hardware profile of the remote entity, the unique identifier of the remote entity being generated in association with a secure registration process prior to receiving the resource access request;
  
  determine that the hardware profile of the resource access request matches at least a portion of a stored hardware profile associated with the unique identifier;
  
  determine that a frequency of credential distribution associated with the unique identifier of the remote entity does not exceed a credential distribution frequency limit associated with the unique identifier, the credential distribution frequency limit being effective to limit credentials distributed in association with the unique identifier to one credential per one interval of time; and
  
  transmit, via the network interface and responsive to determining that the credential distribution frequency limit associated with the unique identifier of the remote entity has not been exceeded, a credential to the remote entity effective to grant the remote entity access to the resource for which the resource access request requests access.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The one or more computer-readable storage devices as recited in claim 15, wherein the resource access manager is further implemented to update, responsive to transmitting the credential to the remote entity, the frequency of credential distribution associated with the unique identifier.
  - 17. The one or more computer-readable storage devices as recited in claim 15, wherein the hardware profile of the remote entity includes a collection of serial numbers, model numbers, or parameters of hardware components of the remote entity.
  - 18. The one or more computer-readable storage devices as recited in claim 15, wherein the resource is a software product or a software update and transmitting the credential is effective to enable the remote entity to access the software product or the software update.
  - 19. The one or more computer-readable storage devices as recited in claim 18, wherein the resource access manager is implemented on a first server device, the software product or the software update are provided by a second server device, and transmitting the credential from the first server device to the remote entity is effective to enable the remote entity to access the software product or the software update provided by the second server device.
  - 20. The one or more computer-readable storage devices as recited in claim 15, wherein the resource access manager is further implemented to update, responsive to transmitting the credential to the remote entity, the frequency of credential distribution associated with the unique identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Anand, Gaurav S., Woley, Kevin Michael, Ayers, Matthew R., Dutt, Rajeev, Fleischman, Eric
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
MALINOWSKI, WALTER J

Application Number

US14/064,004
Publication Number

US 20140059664A1
Time in Patent Office

1,187 Days
Field of Search

726/5, 726/6, 709/206, 713/156, 713/168
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 67/303   Terminal profiles

Hardware-based credential distribution

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware-based credential distribution

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links