Dynamic update of authentication information

US 20080196090A1
Filed: 02/09/2007
Published: 08/14/2008
Est. Priority Date: 02/09/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium having computer-executable components comprising:

an authentication component that, when executed, performs a method for authenticating an entity using first credential information, wherein, during authentication, the authentication component may identify that second credential information is required to complete the method for authenticating; and

at least one application component, separate from the authentication component, that, when executed, obtains the first credential information and the second credential information for the entity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A framework is provided that decouples credential acquisition from authentication processes using those credentials in a way that facilitates dynamic update of credential information. An authentication component may receive credential information for authentication of a user or a device for access to a resource. During interactions with an external authenticator, the authentication component may identify that updated credential information is required and issue a request to the application including credential parameters defining the updated credential information. An application component receiving the request may acquire updated credential information from a user or another entity. In addition, the authentication method may issue notifications to the application. The framework enables the application to update credentials in a context specific way.

49 Citations

View as Search Results

20 Claims

1. A computer-readable medium having computer-executable components comprising:
- an authentication component that, when executed, performs a method for authenticating an entity using first credential information, wherein, during authentication, the authentication component may identify that second credential information is required to complete the method for authenticating; and
  
  at least one application component, separate from the authentication component, that, when executed, obtains the first credential information and the second credential information for the entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer-readable medium of claim 1, wherein the entity is a device and the at least one application component, when executed, obtains device credential information.
  - 3. The computer-readable medium of claim 1, wherein the entity is a user and the at least one application component, when executed, obtains first user credential information through a first user interface and second user credential information through a second user interface.
  - 4. The computer-readable medium of claim 3, wherein the at least one application component, when executed:
    - obtains first parameters of the first user credentials from the authentication component;
      
      builds the first user interface using the first parameters;
      
      receives second parameters of the second user credentials from the authentication component; and
      
      builds the second user interface using the second parameters.
  - 5. The computer-readable medium of claim 4, wherein:
    - the authentication component comprises a first EAP component;
      
      the computer-readable medium further comprises a second EAP component that, when executed, performs a second method of authenticating the entity using third credential information; and
      
      the at least one application component, when executed, builds a first user interface thorough which the application prompts a user to enter the first credential information and the third credential information.
  - 6. The computer-readable medium of claim 1, wherein the authentication component, when executed, identifies that the second credential information is required to complete authentication and sends a notification to the at least one application component, the notification comprising parameters of the second credential information.
  - 7. The computer-readable medium of claim 1, wherein the computer-executable components comprise a first application programming interface, a second application programming interface, a third application programming interface, and a fourth application programming interface, the first application programming interface providing a first credential definition from the authentication component to the at least one application component, the second application programming interface providing first credential information from the at least one application component to the authentication component, the third application programming interface providing a second credential definition from the authentication component to the at least one application component, and the fourth application programming interface providing second credential information from the at least one application component to the authentication component.
  - 8. The computer-readable medium of claim 1, wherein the authentication component may further provide at least one notification to the at least one application component.
  - 9. The computer-readable medium of claim 1, wherein the second credential information comprises a dynamic update of the first credential information and the computer-readable medium further comprises a second application component, and the at least one application component is adapted to notify the second application component of the dynamic update.
  - 10. The computer-readable medium of claim 1, wherein the at least one application component comprises a first application component that, when executed, obtains the first credential information and a second application component that, when executed, obtains the second credential information.
  - 11. The computer-readable medium of claim 4, wherein the first user credentials may be stored with the at least one application component as stored first used credentials.
  - 12. The computer-readable medium of claim 11, wherein the stored first user credentials may be dynamically updated using the second user credentials.
  - 13. The method of claim 1, wherein the updated first credential information may be used to perform network access authentication and entity logon, with the network access authentication preceding the entity logon.

14. A method of operating a client device to authenticate an entity, comprising:
- obtaining, with a first component, first credential information;
  
  providing the first credential information to a second component;
  
  interacting between the second component and an authenticator external to the client device using the first credential information;
  
  identifying, by the second component, that second credential information is required;
  
  providing, by the second component, second parameters of the second credential information;
  
  obtaining, with a first component, second credential information consistent with the second parameters; and
  
  interacting between the second component and the authenticator external to the client device using the second credential information.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, further comprising:
    - storing, with the first component, the credential information.
  - 16. The method of claim 14, further comprising:
    - issuing at least one notification from the second component to the first component; and
      
      building, with the first component, a notification interface based at least in part on the at least one notification.
  - 17. The method of claim 15, wherein:
    - the second component is a first EAP method; and
      
      the method further comprises;
      
      obtaining from a second EAP method third parameters of third credentials;
      
      obtaining, with the first component, third credential information meeting the third parameters.

18. A method of communicating between an EAP component and an application in a device, comprising the steps of:
- identifying, by the EAP component, that credential information is required; and
  
  obtaining, by the EAP component, the credential information from the application.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, further comprising:
    - issuing a notification from the EAP component to the application to provide the credential information consistent with credential parameters, with the notification including the credential parameters; and
      
      obtaining with the application the credential information consistent with the credential parameters.
  - 20. The method of claim 19, further comprising updating previously provided credential information using the credential information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Baron, Andrew, Ranganathan, Karthik, Mandhana, Taroon, Malik, Prashant, Mahajan, Saurabh, Zohrenejad, Amir Ali

Granted Patent

US 7,941,831 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0815   providing single-sign-on or...

H04L 9/321   involving a third party or ...

Dynamic update of authentication information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic update of authentication information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links