Extensible access control architecture

US 20070016939A1
Filed: 07/08/2005
Published: 01/18/2007
Est. Priority Date: 07/08/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium having computer-executable components comprising:

(a) a first interface for receiving messages in a standardized format;

(b) a plurality of authentication components, each of the authentication components having an interface in a predetermined form; and

(c) a component for receiving messages through the first interface and selectively calling an authentication component of the plurality of authentication components through the interface of the authentication component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.

Citations

20 Claims

1. A computer-readable medium having computer-executable components comprising:
- (a) a first interface for receiving messages in a standardized format;
  
  (b) a plurality of authentication components, each of the authentication components having an interface in a predetermined form; and
  
  (c) a component for receiving messages through the first interface and selectively calling an authentication component of the plurality of authentication components through the interface of the authentication component.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-readable medium of claim 1, wherein each of the authentication components manages at least a portion of an authentication interaction according to the Extensible Authentication Protocol.
  - 3. The computer-readable medium of claim 1, additionally comprising a component, separate from the plurality of authentication components, for tracking the state of an interaction according to an authentication protocol.
  - 4. The computer-readable medium of claim 1, additionally comprising a component, separate from the plurality of authentication components, for validating that a message complies with a predetermined format.
  - 5. The computer-readable medium of claim 4, wherein the component for validating that a message complies with a predetermined format verifies that the message complies with a predetermined format for a peer and the computer-readable additionally comprises a component, separate from the plurality of authentication components, for validating that a message complies with a predetermined format for a server.
  - 6. The computer-readable medium of claim 1, wherein the computer readable-medium is associated with a network peer having an operating system and the computer-readable medium additionally comprises a computer-executable component for performing supplicant functions.
  - 7. The computer-readable medium of claim 1, additionally comprising:
    - (d) a further authentication component having an interface in a form different than the predetermined form; and
      
      (e) a component for calling the further authentication component, the component having an interface in the predetermined form.

8. A method of operating access control software, comprising the acts:
- (a) receiving a message forming a portion of an access control interaction with host software executing from within a first process;
  
  (b) communicating between the host software and a method across an inter-process interface; and
  
  (c) executing a function of the access control interaction with the method in a second process.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, additionally comprising the acts:
    - (d) receiving a message forming a portion of a second access control interaction with host software executing from within the first process;
      
      (e) communicating between the host and a second method across an intra-process interface; and
      
      (f) executing a function of the second access control interaction with the second method in the first process.
  - 10. The method of claim 9, wherein the act (b) comprises calling the method through an interface in a predetermined format and the act (e) comprises calling the second method through an interface in the predetermined format.
  - 11. The method of claim 8, wherein the act (a) comprises receiving a message in the Extensible Accessibility Protocol.
  - 12. The method of claim 8, wherein the act (a) comprises receiving a message from an authenticator executing on a RADIUS server.
  - 13. The method of claim 8, wherein the act (a) comprises receiving a message from a network client executing on a processor in a hand-held electronic device.

14. A method of operating a peer in a network, comprising acts:
- a) from within a supplicant, accessing a host through an host interface;
  
  b) with the host, accessing a method through a method interface to obtain access control information; and
  
  c) transmitting the access control information over the network.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, additionally comprising acts:
    - d) receiving received access control information over the network;
      
      e) providing the received access control information to the host through the host interface; and
      
      f) with the host, providing the received access control information to the method through the method interface.
  - 16. The method of claim 15, additionally comprising acts:
    - g) from within a second supplicant, accessing the host through the host interface;
      
      h) with the host, accessing the method through the method interface to obtain second access control information; and
      
      i) transmitting the second access control information over the network.
  - 17. The method of claim 15, additionally comprising acts:
    - g) from within supplicant, accessing the host through the host interface;
      
      h) with the host, accessing a second method through a second method interface to obtain second access control information; and
      
      i) transmitting the second access control information over the network.
  - 18. The method of claim 15, additionally comprising the act:
    - g) transmitting, in response to the received access control information, status information concerning the peer.
  - 19. The method of claim 18, wherein the act g) comprises transmitting information identifying a software configuration of the peer.
  - 20. The method of claim 19, wherein the act g) comprises transmitting information identifying virus protection software installed on the peer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Mandhana, Taroon, Mayfield, Paul, Bao, Xuemei, Goel, Mudit, Zheng, Wei, Kamath, Vivek, Pasupuleti, Sudhakar, Schurman, Mark, Leibovitz, Anthony

Granted Patent

US 8,286,223 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/162   at the data link layer

H04L 67/01   Protocols

Extensible access control architecture

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Extensible access control architecture

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links