Interoperable credential gathering and access modularity
First Claim
1. A method comprising:
- translating a credential with a corresponding one of a plurality of different credential provider modules each translating a corresponding different type of said credential into a common credential protocol;
communicating the translated credential having the common credential protocol through a credential provider Application Program Interface (API) to a logon user interface (UI) module of a native operating system (OS) of a local machine;
calling a logon routine for the OS to authenticate the translated credential against a credential database; and
logging on a user identified by the translated credential to access the local machine when the authentication is successful.
2 Assignments
0 Petitions
Accused Products
Abstract
A credential is translated with one of different credential provider modules each translating a corresponding different type of credential into a common protocol. The translated credential is communicated through an API to a logon UI module to an operating system (OS) of a local machine. An OS logon module is called by the logon UI module to authenticate the translated credential against a credential database. A user identified by the translated credential is logged on to access the local machine when the authentication is successful. The credential can also be used with a selection received from the logon UI module via a corresponding one of different pre-log access provider (PLAP) modules that each communicate with the API. The API establishes a network session with an access service specified by the selected PLAP module when the credential is authenticated with the credential database.
121 Citations
32 Claims
-
1. A method comprising:
-
translating a credential with a corresponding one of a plurality of different credential provider modules each translating a corresponding different type of said credential into a common credential protocol;
communicating the translated credential having the common credential protocol through a credential provider Application Program Interface (API) to a logon user interface (UI) module of a native operating system (OS) of a local machine;
calling a logon routine for the OS to authenticate the translated credential against a credential database; and
logging on a user identified by the translated credential to access the local machine when the authentication is successful. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving a credential from a user at an input device in communication with a local machine having an OS;
translating the credential with one of different coexisting credential provider modules for translating respectively different types of credentials into a common credential protocol; and
using a component of the OS to authenticate the translated credential having the common credential protocol against a credential database; and
logging the user on with the OS to access the local machine when the authentication is successful. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
requesting a credential with an application executing at a local machine, the local machine having an OS to which a user is logged on, the local machine being in communication with an input device;
using one of different coexisting credential provider modules to gather the credential at the input device from the user; and
giving the gathered credential to the application for authentication, wherein;
each said credential provider module can gather a respectively different type of credential;
each said credential provider module interfaces through a credential provider API with the OS;
the credential provider API receives credentials gathered by any said credential provider module; and
each said credential provider module can provide a respective said type of credential that it gathers to the credential provider API for authentication of a principal in order to log on with the OS to access the local machine. - View Dependent Claims (16)
-
-
17. A method comprising:
-
receiving a credential from a user at an input device in communication with a local machine having an OS;
translating the credential with a credential provider module that corresponds to the input device, wherein;
the credential provider module is one of a plurality of coexisting different said credential provider modules; and
each said credential provider module can perform a translation of a respectively different type of said credential received at a different said input device in communication with the local machine; and
each said translation of each said credential is in a common credential protocol;
communicating the translated credential having the common credential protocol through a credential provider interface to a logon UI routine of the OS;
passing the translated credential having the common credential protocol to a logon routine of the OS from the logon UI routine;
authenticating the translated credential against a credential database with the logon routine of the OS; and
logging the user on to access the local machine with the OS when the authentication is successful. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A computer-readable medium comprising a credential provider module including instructions that, when executed by a local machine having an OS, receive and translate a credential into a credential protocol so as to be compatible for authentication by an authentication component of the OS against a credential database for logging a user identified by the credential on with the OS to access the local machine when the authentication is successful, wherein:
-
the translated credential can be received via an interface to the authentication component of the OS;
the interface to the authentication component of the OS is compatible for receiving each of a plurality of said credentials from a corresponding plurality of different coexisting credential provider modules; and
each said different coexisting credential provider module can;
receive a respective different type of said credential from a respective input device; and
translate each said different type of said credential into the credential protocol so as to be compatible for authentication by the authentication component of the OS against the credential database. - View Dependent Claims (23)
-
-
24. A native OS comprising an authentication module to:
-
authenticate a user with a credential received from one of plurality of different and coexisting credential provider modules each translating a corresponding different type of user-input into the credential in a common credential protocol; and
log on the user identified by the translated credential to access the local machine when the authentication is successful.
-
-
25. A computer-readable medium comprising a pre-logon access provider (PLAP) module including instructions that, when executed by a local machine having an OS, receive a credential and an access service corresponding to the PLAP module;
establish a communication with a domain using the access service for authentication by an authentication component of the OS against a credential database for logging a user identified by the credential on with the OS to access the local machine when the authentication is successful, wherein;
the credential can be received via an interface to the authentication component of the OS;
the interface to the authentication component of the OS is compatible for receiving each of a plurality of said credentials and said access services from a corresponding plurality of different and coexisting said PLAP modules; and
each said different coexisting PLAP module can establish a connection of a respective different type so as to be compatible for communications in the authentication by the authentication component of the OS against the credential database. - View Dependent Claims (26)
-
27. A native OS comprising a PLAP Manager API to an authentication module, wherein:
-
each of a plurality of different and coexisting PLAP modules can establish a connection between the PLAP Manager API and an access service corresponding to the PLAP module;
each said PLAP module specifies a credential and a corresponding different type of connection to the corresponding access service;
the authentication module authenticates a principal using the credential specified by one said PLAP module to access a local machine through the native OS; and
when the authentication of the principal is successful, the principal can use the local machine to communicate between the PLAP Manager API and the access service corresponding to the one said PLAP module.
-
-
28. A method comprising:
-
requesting, with a logon UI module of an OS through a PLAP manager API thereto, a flat list of access services from a corresponding plurality of coexisting and different PLAP modules;
displaying the flat list of access services on a display rendered by the logon UI module;
receiving an input of a credential and a selection of one said access service from the flat list of access services on the display;
when a connection to a domain is established using the one said access service;
passing the credential to an authentication provider at the domain;
performing a first authentication of the credential against the authentication provider at the domain; and
when the first authentication is successful;
communicating the credential from the PLAP API to the logon UI module;
performing an RPC call from the logon UI module passing the credential to an OS logon module;
passing the credential from the OS logon module with an LSA logon user call to an LSA;
performing a second authentication with the LSA against a credential database that is selected from the group consisting of;
a SAM database;
a local database other than the SAM database;
a remote credential database;
a token protocol credential service;
a challenge and response protocol service; and
an AD and KDC at a domain remote from the local machine;
when the second authentication is successful, logging on a user identified by the credential to use a local machine executing the OS. - View Dependent Claims (29)
-
-
30. In a computing device having a processor for executing an OS including an authentication component having a logon UI module, an OS logon module for receiving RPC calls from the logon UI module, an LSA for receiving LSA logon User calls from the OS logon module, wherein the LSA is in communication with one or more credential databases, wherein the computing device executes instructions in a computer-readable medium, and wherein the instructions comprise a plurality of different, coexisting, and respective PLAP and credential provider modules, wherein:
-
each said module communicates with an API to the logon UI module;
the logon UI module is compatible for receiving;
a credential; and
a selection of an access service specified by a corresponding said PLAP module;
the API can establish and maintain a network session via a connection to a domain using the selected access service when the received credential is authenticated by the API against the one or more credential databases at the domain;
the credential received by the logon UI module is translated with a corresponding one of the credential provider modules each translating a corresponding different type of said credential into a common credential protocol;
each said credential provider module communicates the translated credential having the common credential protocol through the API to the authentication component of the OS to authenticate the translated credential against the one or more credential databases; and
the authentication component of the OS logs on a user identified by the translated credential to access the local machine when the authentication is successful. - View Dependent Claims (31, 32)
-
Specification