System and method of user logon in combination with user authentication for network access
First Claim
Patent Images
1. A computer-readable medium having computer-executable instructions for performing steps by a network access control server, comprising:
- receiving a first network access request from a computer for a user logging onto the computer;
authenticating the user;
querying an account service for account data for the user required for logging onto the computer;
receiving account data for the user from the account service; and
inserting the account data for the user in a network access control response; and
sending the network access control response to the computer.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method of combined user logon-authentication provides enhanced logon performance by utilizing communications with a network access control server for user authentication to provide user account data required for user logon. When a user logs on a computer, the computer initiates a network access control process with a network access control server for obtaining access to network services, including the computer that the user is logging on. During the access control process, the network access control server authenticates the user and queries a directory service for the account data for the user. The network access control server includes the user account data in one of the communication packets sent to the computer in the network access control process. The computer retrieves the user account data from the communication packet and uses the data to complete the user logon.
249 Citations
12 Claims
-
1. A computer-readable medium having computer-executable instructions for performing steps by a network access control server, comprising:
-
receiving a first network access request from a computer for a user logging onto the computer;
authenticating the user;
querying an account service for account data for the user required for logging onto the computer;
receiving account data for the user from the account service; and
inserting the account data for the user in a network access control response; and
sending the network access control response to the computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
receiving a second network access request from the computer for an access control document for accessing the computer as a network service;
inserting the account data for the user in an access control document for accessing the computer;
sending the access control document for accessing the computer to the computer.
-
-
4. A computer-readable medium as in claim 3, wherein the access control document for communicating with the network access control server is a ticket-granting ticket.
-
5. A computer-readable medium as in claim 4, wherein the access control document for accessing the computer is a service ticket.
-
6. A computer-readable medium as in claim 5, wherein the step of inserting the account data for the user in the service ticket places the account data in an authorization data field in the service ticket.
-
7. A computer-readable medium as in claim 6, wherein the account server is a network directory server.
-
8. A computer-readable medium as in claim 1, wherein the first network access request identifies the account data required by the computer for the user logging onto the computer, and the step of querying queries the account service for the account data identified in the first network access request.
-
9. A computer-readable medium having computer-executable instructions for performing steps by a network access control server, comprising:
-
receiving a ticket-granting ticket request from a computer for a user logging onto the computer;
authenticating the user;
querying an account service for account data for the user required for logging onto the computer;
receiving account data for the user from the account service; and
inserting the account data for the user in a ticket-granting ticket for the user; and
sending the ticket-granting ticket for the user to the computer. - View Dependent Claims (10, 11, 12)
receiving a service ticket request from the computer, the service ticket request including the ticket-granting ticket for the user;
transferring the account data for the user from the ticket-granting ticket into a service ticket for accessing the computer;
sending the service ticket containing the account data for the user to the computer.
-
-
12. A computer-readable medium as in claim 9, wherein the network access control center is a Kerberos Key Distribution Center (KDC).
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsBrezak, John E. Jr., Leach, Paul J., Ward, Richard B., Swift, Michael M.
-
Primary Examiner(s)HUA, LY
-
Application NumberUS09/525,419Time in Patent Office811 DaysField of Search713/200, 713/201, 713/202, 713/155, 713/156, 713/157, 713/183, 713/185, 707/10, 707/9, 707/203, 707/201US Class Current726/5CPC Class CodesG06F 21/33 using certificatesH04L 63/0807 using tickets, e.g. Kerbero...H04L 63/102 Entity profilesH04L 67/306 User profilesH04L 69/329 in the application layer [O...
