Method and apparatus for remotely administered authentication and access control
First Claim
1. A system for controlling access by a user to sessions, comprising:
- an authentication manager for obtaining an authentication request from said user, wherein said authentication request comprises at least one of a token and a pseudo token;
a plurality of authentication modules for authenticating said user, wherein said plurality authentication modules are distinct from said authentication manager and wherein said plurality authentication modules are not input devices; and
a session manager for obtaining notification of authentication from said plurality of authentication modules.
2 Assignments
0 Petitions
Accused Products
Abstract
Authentication and session management can be used with a system architecture that partitions functionality between a human interface device (HID) and a computational service provider such as a server. An authentication manager executing on a server interacts with the HID to validate the user when the user connects to the system via the HID. The authentication manager interacts with authentication modules. Each authentication module may be configured to authenticate a user based on a different authentication mechanism (e.g., using a smart card, using a login and password, using biometric data, etc.) and may be utilized in connection with one or more sessions. The authentication manager and authentication modules are also responsible for controlling access to services/sessions and may remove/revoke or augment such access. A session manager executing on a server manages services running on computers providing computational services (e.g., programs) on behalf of the user. The session manager notifies each service in a session that the user is attached to the system using a given desktop machine. A service can direct display output to the HID while the user is attached to the system. When a user detaches from the system, each of the service'"'"'s executing for the user is notified via the authentication manager and the session manager. Upon notification that the user is detached from the system, a service continues to execute while stopping its display to the desktop machine.
387 Citations
21 Claims
-
1. A system for controlling access by a user to sessions, comprising:
-
an authentication manager for obtaining an authentication request from said user, wherein said authentication request comprises at least one of a token and a pseudo token;
a plurality of authentication modules for authenticating said user, wherein said plurality authentication modules are distinct from said authentication manager and wherein said plurality authentication modules are not input devices; and
a session manager for obtaining notification of authentication from said plurality of authentication modules. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for controlling access by a user to sessions, comprising:
-
an authentication manager for obtaining an authentication request from said user;
first and second authentication modules for authenticating said user, wherein said first and second authentication modules are distinct from said authentication manager, wherein said first and second authentication modules are not input devices, wherein said first authentication module is configured to accept said authentication request if said authentication request is registered with the system, and wherein said second authentication module is configured to accept all authentication requests; and
a session manager for obtaining notification of authentication from said first and second authentication modules. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system for controlling access by a user to sessions, comprising:
-
an authentication manager for obtaining an authentication request from said user;
an authentication module for authenticating said user, wherein said authentication module is distinct from said authentication manager, wherein said authentication module is not an input device, and wherein said authentication manager is configured to present said authentication request to said authentication module; and
a session manager for obtaining notification of authentication from said authentication module, wherein said authentication manager is configured to provide said authentication module with a start session service for ensuring that a session is started. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification