Method and system for authenticating access to heterogeneous computing services
First Claim
1. A method in a computer system network environment for authenticating access to computing services, the computer system network environment having a local computer system that can be connected to multiple heterogeneous networks, the local computer system having local authentication code to access local computer system services, the method comprising the computer-implemented steps of:
- determining a primary logon driver, the primary logon driver for providing access to a first network and having a user interface with components for collecting identification information for the primary logon driver;
invoking the primary logon driver;
under control of the primary logon driver,invoking the user interface of the primary logon driver when needed;
in response to receiving identification information through the user interface components, authenticating the received identification information to allow access to the first network; and
indicating the authenticated identification information to the local authentication code;
under control of the local authentication code, authenticating the indicated identification information to allow access to the local computer system services;
determining a supplemental logon driver for providing access to a second network;
invoking the determined supplemental logon driver; and
under control of the invoked supplemental logon driver, authenticating previously provided identification information to allow access to the second network.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for authenticating access to heterogeneous computing services is provided. In a preferred embodiment, logon providers are configured into the computer system, which provide secure access to their services by requiring authentication of user identification information using a logon mechanism. According to this embodiment, a user designates a primary logon provider to provide an initial logon user interface. The user enters identification information when this user interface is displayed, for example a user name, a password and a domain. The computer system executes a logon sequence, which first invokes the primary logon provider to collect identification information and to authenticate the user for access to services provided by the primary logon provider. The system then authenticates the collected identification information to provide the user access to operating system computer services. If the system logon authentication procedure is not successful, then the logon sequence displays its own user interface to collect additional identification information. The logon sequence then invokes the logon routines of other logon providers to enable them to authenticate already collected identification information without displaying additional user interfaces. A preferred embodiment enables the system logon sequence to use authentication information stored on a network to authenticate the user for access to local computing services. Also, logon providers can be provided for drivers other than network drivers when a logon mechanism is required to access their computing services. Further, using a primary logon provider, the initial logon user interface displayed to collect identification information can be replaced.
-
Citations
50 Claims
-
1. A method in a computer system network environment for authenticating access to computing services, the computer system network environment having a local computer system that can be connected to multiple heterogeneous networks, the local computer system having local authentication code to access local computer system services, the method comprising the computer-implemented steps of:
-
determining a primary logon driver, the primary logon driver for providing access to a first network and having a user interface with components for collecting identification information for the primary logon driver; invoking the primary logon driver; under control of the primary logon driver, invoking the user interface of the primary logon driver when needed; in response to receiving identification information through the user interface components, authenticating the received identification information to allow access to the first network; and indicating the authenticated identification information to the local authentication code; under control of the local authentication code, authenticating the indicated identification information to allow access to the local computer system services; determining a supplemental logon driver for providing access to a second network; invoking the determined supplemental logon driver; and under control of the invoked supplemental logon driver, authenticating previously provided identification information to allow access to the second network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method in a computer system for authenticating access to local system services, the computer system having system authentication code to secure access to the local system services, the method comprising the computer-implemented steps of:
-
selecting one of a plurality of logon providers as a primary logon provider, the primary logon provider for providing access to provider services and having a user interface with components for collecting identification information; invoking the user interface of the primary logon provider when needed; under control of the primary logon provider and in response to receiving identification information through the user interface components or using provided authentication information, authenticating the received or provided identification information to allow access to the provider services and indicating the received or provided information to the system authentication code; and under control of the system authentication code, authenticating the indicated received or provided identification information to allow access to the local system services. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method in a computer system for authenticating access to a plurality of resources using a single user interface, the computer system having authentication code to access system services, the method comprising the computer-implemented steps of:
-
determining a primary logon provider, the primary logon provider for providing access to provider services and having a user interface for identifying access information; invoking the user interface of the primary logon provider when appropriate; identifying access information, the access information being collected through the invoked user interface of the primary logon provider when appropriate; authenticating the identified access information to allow access to the provider services; authenticating the identified access information to allow access to the system services without invoking an additional user interface; determining a supplemental logon provider, the supplemental logon provider for providing access to supplemental provider services; and authenticating the identified access information to allow access to the supplemental provider services without invoking an additional user interface. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A method in a computer system for authenticating access to the computer system, the computer system having a system defined user interface to identify access information and having authentication code to access system services, the method comprising the computer-implemented steps of:
-
determining a primary logon provider, the primary logon provider for providing access to provider services and having a user interface for identifying access information; determining whether the primary logon provider is successfully connected to a device or pseudo-device for which the provider services are provided; when it is determined that the primary logon provider is successfully connected, invoking the user interface of the primary logon provider; identifying access information through the invoked user interface of the primary logon provider; authenticating the identified access information to allow access to the provider services; and authenticating the identified access information to allow access to the system services without invoking an additional user interface; and when it is determined that the primary logon provider is not successfully connected, invoking the system defined user interface; identifying access information through the invoked system defined user interface; and authenticating the access information identified through the system defined user interface to allow access to the system services.
-
-
23. A method in a computer system for accessing system authentication information stored on a network, the computer system having local system logon code to enable access to local computer system services, the method comprising the computer-implemented steps of:
-
invoking a primary logon provider, the primary logon provider providing a user interface for collecting identification information and having code for accessing a network; under control of the primary logon provider, invoking the user interface of the primary logon provider when needed; identifying identification information, the identified information either received through the displayed user interface or provided without invoking the user interface of the primary logon provider; authenticating the identified identification information for access to the network; and indicating the identified identification information to the local system logon code; invoking the local system logon code; and under control of the local system logon code, using the indicated identification information to access the network; retrieving the system authentication information stored on the network using the primary logon provider code; and authenticating the indicated identification information for access to the local computer system services using the system authentication information retrieved from the network.
-
-
24. A computer system for authenticating access to local system services comprising:
-
means for determining a primary logon driver, the primary logon driver for providing access to driver services and having a user interface for identifying access information; driver means for invoking the user interface of the determined primary logon driver, identifying access information, authenticating the identified access information for access to the driver services, and sending the authenticated access information; system means for authenticating the sent access information for access to the local system services, which operates in response to receiving the authenticated access information from the driver means and which operates without invoking another user interface; and logon means for invoking the primary logon driver determination means and for invoking the driver means. - View Dependent Claims (25, 26)
-
-
27. A computer system for authenticating access to system services comprising:
-
means for determining a primary logon driver, the primary logon driver for providing access to driver services and having a user interface for identifying access information; driver means for, when the primary logon driver is successfully connected to a device or pseudo-device, invoking the user interface of the determined primary logon driver, identifying access information, authenticating the identified access information for access to the driver services, and sending the authenticated access information; system means for authenticating the sent access information for access to the system services, which operates in response to receiving the authenticated access information from the driver means and which operates without invoking another user interface; logon means for invoking the primary logon driver determination means and for invoking the driver means; and an alternate system means for authenticating access information for access to the system services, which is invoked by the logon means to operate when the primary logon driver is not successfully connected to a device or to a pseudo-device and which invokes a system user interface for identifying access information and authenticates the access information identified by the system user interface in order to provide access to the system services.
-
-
28. A local computer system comprising:
-
a input-output device; a primary logon driver associated with a set of driver services that provide access to the input-output device that, in response to being invoked, invokes a user interface when needed to retrieve an identification name and password from a user, authenticates the retrieved identification name and password for access to the driver services, and returns the authentication results; a router that, in response to being invoked, invokes the primary logon driver and uses the authentication results returned by the primary logon driver to authenticate the user for access to the local computer system; and a command sequence that causes the router to be invoked. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
-
-
36. A distributed computer-readable memory medium containing instructions for controlling a computer processor in a computer system network environment to authenticate access to computing services, the computer system network environment having a local computer system that can be connected to multiple heterogeneous networks, the local computer system having local authentication code to access local :
- .computer system services, by performing the steps of;
determining a primary logon driver, the primary logon driver for providing access to a first network and having a user interface with components for collecting identification information for the primary logon driver; invoking the primary logon driver; under control of the primary logon driver, invoking the user interface of the primary logon driver when needed; in response to receiving identification information through the user interface components, authenticating the received identification information to allow access to the first network; and indicating the authenticated identification information to the local authentication code; under control of the local authentication code, authenticating the indicated identification information to allow access to the local computer system services; determining a supplemental logon driver for providing access to a second network; invoking the determined supplemental logon driver; and under control of the invoked supplemental logon driver, authenticating previously provided identification information to allow access to the second network. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43)
- .computer system services, by performing the steps of;
-
44. A distributed computer-readable memory medium containing instructions for controlling a computer processor in a computer system to authenticate access to local system services, the computer system having system authentication code to secure access to the local system services, by performing the steps of:
-
selecting one of a plurality of logon providers as a primary logon provider, the primary logon provider for providing access to provider services and having a user interface with components for collecting identification information; invoking the user interface of the primary logon provider when needed; under control of the primary logon provider and in response to receiving identification information through the user interface components or using provided authentication information, authenticating the received or provided identification information to allow access to the provider services and indicating the received or provided information to the system authentication code; and under control of the system authentication code, authenticating the indicated received or provided identification information to allow access to the local system services. - View Dependent Claims (45, 46, 47, 48, 49, 50)
-
Specification