System and method of user logon in combination with user authentication for network access
First Claim
1. A computer-readable medium having computer-executable instructions for performing steps by a computer in a logon process, comprising:
- receiving user input for logging onto the computer;
sending a first network access request for the user to a network access control server requesting authentication of the user;
receiving an access control document from the network access control server;
retrieving account data for the user from the access control document;
completing the logon process using the retrieved account data for the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method of combined user logon-authentication provides enhanced logon performance by utilizing communications with a network access control server for user authentication to provide user account data required for user logon. When a user logs on a computer, the computer initiates a network access control process with a network access control server for obtaining access to network services, including the computer that the user is logging on. During the access control process, the network access control server authenticates the user and queries a directory service for the account data for the user. The network access control server includes the user account data in one of the communication packets sent to the computer in the network access control process. The computer retrieves the user account data from the communication packet and uses the data to complete the user logon.
-
Citations
8 Claims
-
1. A computer-readable medium having computer-executable instructions for performing steps by a computer in a logon process, comprising:
-
receiving user input for logging onto the computer;
sending a first network access request for the user to a network access control server requesting authentication of the user;
receiving an access control document from the network access control server;
retrieving account data for the user from the access control document;
completing the logon process using the retrieved account data for the user. - View Dependent Claims (2, 3, 4, 5, 6)
receiving a session ticket for communicating with the network access control server;
sending a second network access request to the network access control server for the service ticket for the computer.
-
-
5. A computer-readable medium as in claim 4, wherein the network access control server is a Kerberos Key Distribution Center (KDC).
-
6. A computer-readable medium as in claim 1, wherein the step of sending includes identifying in the first network access request the user account data needed for the logon process.
- 7. A computer-readable medium having stored thereon a data structure transmitted to a user computer for use in completing a log-on process of a user, the data structure comprising data fields representing a network access ticket formatted according to the Kerberos protocol and issued to the user computer for the user, including an authorization data field containing data representing account data for the user required for the user to log onto the user computer.
Specification
-
- Resources
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsLeach, Paul J., Ward, Richard B., Swift, Michael M., Brezak, John E. Jr.
-
Primary Examiner(s)HUA, LY
-
Application NumberUS09/549,794Time in Patent Office837 DaysField of Search713/171, 713/175, 713/200, 713/201, 713/168US Class Current726/10CPC Class CodesG06F 21/33 using certificatesH04L 63/0807 using tickets, e.g. Kerbero...H04L 63/102 Entity profilesH04L 67/306 User profilesH04L 69/329 in the application layer [O...
