Application and device user verification from an operating system-based authentication service

US 20060059569A1
Filed: 08/27/2004
Published: 03/16/2006
Est. Priority Date: 08/27/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of verifying a user'"'"'s identity to utilize a software application functionality, comprising:

initiating a functionality of a software application;

passing an application programming interface (API) call from the software application to an authentication service independent of the software application to determine whether initiation of the functionality is authorized based on verification of user identity;

at the authentication service, determining whether the functionality may be initiated without user identity verification; and

if the functionality does not require user identity verification, notifying the software application that the functionality may be initiated without user identity verification.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems provide an operating system-based user authentication service that operates independently of a computing device or software application requiring verification of a user'"'"'s identity to operate the device or utilize functionality of the software application. A given software application for providing functionality to a user or for allowing a user to operate a desired computing device calls the operating system-based authentication service for verifying the user'"'"'s identity to use the software application functionality or to operate the desired computing device. If the user'"'"'s identity is verified by the authentication service, the application is notified, and the user is allowed to operate the device or utilize the desired application functionality.

Citations

35 Claims

1. A method of verifying a user'"'"'s identity to utilize a software application functionality, comprising:
- initiating a functionality of a software application;
  
  passing an application programming interface (API) call from the software application to an authentication service independent of the software application to determine whether initiation of the functionality is authorized based on verification of user identity;
  
  at the authentication service, determining whether the functionality may be initiated without user identity verification; and
  
  if the functionality does not require user identity verification, notifying the software application that the functionality may be initiated without user identity verification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, whereby if the functionality does require user identity verification, requesting by the authentication service authentication credentials from the user.
  - 3. The method of claim 1, whereby passing the API call to the authentication service includes passing the API call to a local authentication sub-system.
  - 4. The method of claim 3, whereby determining whether the functionality may be initiated without user identity verification includes causing the local authentication sub-system to determine from a verification policies database whether the functionality may be initiated without user identity verification.
  - 5. The method of claim 4, whereby passing the API call to the authentication service includes passing a parameter identifying the functionality.
  - 6. The method of claim 5, whereby passing a parameter identifying the functionality includes passing an API call parameter identifying an authentication event associated with the functionality.
  - 7. The method of claim 6, whereby the API call is a VerifyUser( ) call.
  - 8. The method of claim 4, whereby if the functionality does require user identity verification, passing the API call from the local authentication sub-system to a local authentication plug-in module for obtaining authentication credentials from the user.
  - 9. The method of claim 8, whereby passing the API call to the local authentication plug-in module includes passing an API call parameter identifying an authentication event associated with the functionality for which authentication credentials are required.
  - 10. The method of claim 8, further comprising at the local authentication plug-in module, launching a user interface for requesting authentication credentials from the user.
  - 11. The method of claim 8, further comprising at the local authentication sub-system, determining whether user identity verification is required based on a type of use of the functionality.
  - 12. The method of claim 11, whereby determining whether user identity verification is required based on a type of use of the functionality includes determining whether user identity verification is required based on an elapsed time of use of the functionality by the user.
  - 13. The method of claim 11, whereby determining whether user identity verification is required based on a type of use of the functionality includes determining whether user identity verification is required based on a number of past uses of the functionality by the user.
  - 14. The method of claim 10, further comprising:
    - receiving at the local authentication plug-in module authentication credentials from the user; and
      
      determining at the local authentication plug-in module whether the authentication credentials verify the user'"'"'s identity to initiate the functionality.
  - 15. The method of claim 14, whereby determining at the local authentication plug-in module whether the authentication credentials verify the user'"'"'s identity to initiate the functionality includes comparing the received authentication credentials against known authentication credentials for the user.
  - 16. The method of claim 14, whereby if the user'"'"'s identity to initiate the functionality is verified, at the local authentication sub-system (LASS), notifying the application that the user'"'"'s identity to initiate the functionality is verified.
  - 17. The method of claim 16, whereby notifying the application from the LASS that the user'"'"'s identity to initiate the functionality is verified includes returning a user verified value to the application in response to the API call.
  - 18. The method of claim 14, whereby if the user'"'"'s identity to initiate the functionality is not verified, notifying the application from the LASS that the user'"'"'s identity to initiate the functionality is not verified.
  - 19. The method of claim 18, whereby notifying the application that the user'"'"'s identity is not verified includes returning a user not verified value to the application in response to the API call.

20. A method of authenticating a user'"'"'s identity to utilize a software application functionality, comprising:
- initiating a functionality of a software application;
  
  passing an application programming interface (API) call from the software application to a local authentication sub-system of an authentication service independent of the software application to determine whether initiation of the functionality is authorized;
  
  at the local authentication sub-system (LASS), determining from a verification policies database whether the functionality may be initiated without user identity verification;
  
  if the functionality requires user identity verification, passing the API call from the local authentication sub-system to a local authentication plug-in module for obtaining authentication credentials from the user;
  
  receiving at the local authentication plug-in module authentication credentials from the user; and
  
  determining at the local authentication plug-in module whether the authentication credentials verify the user'"'"'s identity to initiate the functionality.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The method of claim 20, whereby if the user'"'"'s identity to initiate the functionality is verified, notifying the application from the LASS that the user may initiate the functionality.
  - 22. The method of claim 21, whereby determining at the local authentication plug-in module whether the authentication credentials verify the user'"'"'s identity to initiate the functionality includes comparing the received authentication credentials against known authentication credentials for the user.
  - 23. The method of claim 20, whereby passing the API call to the local authentication sub-system includes passing a parameter identifying an authentication event associated with the functionality.
  - 24. The method of claim 23, whereby the API call is a VerifyUser( ) call.
  - 25. The method of claim 20, prior to receiving at the local authentication plug-in module authentication credentials from the user, further comprising launching a user interface from the local authentication plug-in module for requesting authentication credentials from the user.

26. A user authentication system operating independently from a software application in use by a user, the authentication system for authenticating a user'"'"'s identity to utilize one or more functionalities of the software application, comprising:
- a local authentication sub-system operative to receive an application programming interface (API) call from the software application to determine whether an initiation of a given software functionality by a user is authorized;
  
  to determine from a verification policies database whether the functionality may be initiated without user identity verification;
  
  to pass the API call to a local authentication plug-in module for obtaining authentication credentials from the user if the functionality requires user identity verification;
  
  the local authentication plug-in module operative to request and receive authentication credentials from the user; and
  
  to determine from the received authentication credentials whether the user identity is verified to initiate the functionality.
- View Dependent Claims (27, 28, 29)
- - 27. The system of claim 26, whereby the local authentication sub-system is further operative to notify the application that the user'"'"'s identity is verified.
  - 28. The system of claim 26, whereby the local authentication plug-in module is further operative to launch a user interface for requesting authentication credentials from the user prior to receiving authentication credentials from the user.
  - 29. The system of claim 26, whereby the API call is a VerifyUser( ) call.

30. A computer-readable medium containing computer-executable instructions which when executed by a computer perform a method of authenticating a user'"'"'s identity to utilize a software application functionality, comprising:
- initiating a functionality of a software application;
  
  passing an application programming interface (API) call from the software application to a local authentication sub-system of an authentication service independent of the software application to determine whether initiation of the functionality is authorized;
  
  at the local authentication sub-system, determining from a verification policies database whether the functionality may be initiated without user identity verification;
  
  if the functionality requires user identity verification, passing the API call from the local authentication sub-system to a local authentication plug-in module for obtaining authentication credentials from the user;
  
  receiving at the local authentication plug-in module authentication credentials from the user; and
  
  determining at the local authentication plug-in module whether the authentication credentials verify the user'"'"'s identity to initiate the functionality.
- View Dependent Claims (31, 32, 33, 34, 35)
- - 31. The computer-readable medium of claim 30, the method further comprising notifying the application from the local authentication sub-system that the user may initiate the functionality if the user'"'"'s identity to initiate the functionality is verified.
  - 32. The computer-readable medium of claim 30, whereby determining at the local authentication plug-in module whether the authentication credentials verify the user'"'"'s identity to initiate the functionality includes comparing the received authentication credentials against known authentication credentials for the user.
  - 33. The computer-readable medium of claim 30, whereby passing the API call to the local authentication sub-system includes passing a parameter identifying an authentication event associated with the functionality.
  - 34. The computer-readable medium of claim 33, whereby the API call is a VerifyUser( ) call.
  - 35. The computer-readable medium of claim 30, prior to receiving at the local authentication plug-in module authentication credentials from the user, further comprising launching a user interface from the local authentication plug-in module for requesting authentication credentials from the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Joy, George, Dasgupta, Mukkul, Dvorkin, Igor

Application Number

US10/927,999
Publication Number

US 20060059569A1
Time in Patent Office

Days
Field of Search
US Class Current

726/28
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/629   to features or functions of...

Application and device user verification from an operating system-based authentication service

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Application and device user verification from an operating system-based authentication service

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links