Dynamic update of authentication information

US 7,941,831 B2
Filed: 02/09/2007
Issued: 05/10/2011
Est. Priority Date: 02/09/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-readable storage medium having computer-executable instructions that, when executed by at least one processor, implement components comprising:

an authentication component that, when executed by the at least one processor, performs a method for authenticating an entity using first credential information, wherein, during authentication, the authentication component may identify that second credential information is required to complete the method for authenticating;

an interface component that;

receives the first credential information from at least one application component and provides the first credential information to the authentication component;

when the authentication component identifies that second credential information is required to complete the method for authenticating, notifies the at least one application component that the second credential information is required; and

after the at least one application obtains the second credential information in response to the notification from the interface component, provides the second credential information to the authentication component; and

the at least one application component, separate from the authentication component, that, when executed by the at least one processor, obtains the first credential information and the second credential information for the entity by;

generating at least one user interface in the context of the at least one application component; and

collecting the first credential information and the second credential information via the at least one user interface.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A framework is provided that decouples credential acquisition from authentication processes using those credentials in a way that facilitates dynamic update of credential information. An authentication component may receive credential information for authentication of a user or a device for access to a resource. During interactions with an external authenticator, the authentication component may identify that updated credential information is required and issue a request to the application including credential parameters defining the updated credential information. An application component receiving the request may acquire updated credential information from a user or another entity. In addition, the authentication method may issue notifications to the application. The framework enables the application to update credentials in a context specific way.

25 Citations

View as Search Results

20 Claims

1. A computer-readable storage medium having computer-executable instructions that, when executed by at least one processor, implement components comprising:
- an authentication component that, when executed by the at least one processor, performs a method for authenticating an entity using first credential information, wherein, during authentication, the authentication component may identify that second credential information is required to complete the method for authenticating;
  
  an interface component that;
  
  receives the first credential information from at least one application component and provides the first credential information to the authentication component;
  
  when the authentication component identifies that second credential information is required to complete the method for authenticating, notifies the at least one application component that the second credential information is required; and
  
  after the at least one application obtains the second credential information in response to the notification from the interface component, provides the second credential information to the authentication component; and
  
  the at least one application component, separate from the authentication component, that, when executed by the at least one processor, obtains the first credential information and the second credential information for the entity by;
  
  generating at least one user interface in the context of the at least one application component; and
  
  collecting the first credential information and the second credential information via the at least one user interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer-readable storage medium of claim 1, wherein the entity is a device and the at least one application component, when executed, obtains device credential information.
  - 3. The computer-readable storage medium of claim 1, wherein:
    - the entity is a user;
      
      the at least one user interface comprises a first user interface and a second user interface; and
      
      the at least one application component, when executed, obtains the first user credential information through the first user interface and the second user credential information through the second user interface.
  - 4. The computer-readable storage medium of claim 3, wherein the at least one application component, when executed:
    - obtains first parameters of the first user credentials from the authentication component;
      
      builds the first user interface using the first parameters;
      
      receives second parameters of the second user credentials from the authentication component; and
      
      builds the second user interface using the second parameters.
  - 5. The computer-readable storage medium of claim 4, wherein:
    - the authentication component comprises a first Extensible Authentication Protocol (EAP) component;
      
      the computer-readable medium further comprises a second EAP component that, when executed, performs a second method of authenticating the entity using third credential information; and
      
      the at least one application component, when executed, builds a first user interface thorough which the application prompts a user to enter the first credential information and the third credential information.
  - 6. The computer-readable storage medium of claim 4, wherein the first user credentials may be stored with the at least one application component as stored first used credentials.
  - 7. The computer-readable storage medium of claim 6, wherein the stored first user credentials may be dynamically updated using the second user credentials.
  - 8. The computer-readable storage medium of claim 1, wherein the authentication component, when executed, identifies that the second credential information is required to complete authentication and sends a notification to the at least one application component, the notification comprising parameters of the second credential information.
  - 9. The computer-readable storage medium of claim 1, wherein the interface comprises a first application programming interface, a second application programming interface, a third application programming interface, and a fourth application programming interface, the first application programming interface providing a first credential definition from the authentication component to the at least one application component, the second application programming interface providing first credential information from the at least one application component to the authentication component, the third application programming interface providing a second credential definition from the authentication component to the at least one application component, and the fourth application programming interface providing second credential information from the at least one application component to the authentication component.
  - 10. The computer-readable storage medium of claim 1, wherein the authentication component may further provide at least one notification to the at least one application component.
  - 11. The computer-readable storage medium of claim 1, wherein the second credential information comprises a dynamic update of the first credential information and the computer-readable medium further comprises a second application component, and the at least one application component is adapted to notify the second application component of the dynamic update.
  - 12. The computer-readable storage medium of claim 1, wherein the at least one application component comprises a first application component that, when executed, obtains the first credential information and a second application component that, when executed, obtains the second credential information.
  - 13. The computer-readable storage medium of claim 1, wherein the updated first credential information may be used to perform network access authentication and entity logon, with the network access authentication preceding the entity logon.

14. A method of operating a client device to authenticate an entity, comprising:
- with at least one processor;
  
  obtaining, with an application component, first credential information;
  
  providing the first credential information to an authentication component via an interface between the application component and the authentication component;
  
  interacting between the authentication component and an authenticator external to the client device using the first credential information;
  
  identifying, by the authentication component, that second credential information is required;
  
  providing, by the authentication component via the interface, second parameters of the second credential information to the first application component;
  
  obtaining, with the application component, second credential information consistent with the second parameters; and
  
  interacting between the authentication component and the authenticator external to the client device using the second credential information.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, further comprising:
    - storing, with the application component, the credential information.
  - 16. The method of claim 15, wherein:
    - the authentication component is a first Extensible Authentication Protocol (EAP) method; and
      
      the method further comprises;
      
      obtaining from a second EAP method third parameters of third credentials;
      
      obtaining, with the application component, third credential information meeting the third parameters.
  - 17. The method of claim 14, further comprising:
    - issuing at least one notification from the authentication component to the application component; and
      
      building, with the application component, a notification interface based at least in part on the at least one notification.

18. A method of communicating between an Extensible Authentication Protocol (EAP) component and an application in a device, comprising the steps of:
- with at least one processor;
  
  identifying, by the EAP component, that credential information is required;
  
  providing, by the EAP component, a description of the credential information, using credential parameters, to an interface between the EAP component and the application, wherein the application collects the credential information in accordance with the credential parameters by;
  
  generating at least one user interface in the context of the at least one application; and
  
  collecting the credential information via the at least one user interface; and
  
  obtaining, by the EAP component, the collected credential information from the application.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, further comprising:
    - issuing a notification from the (EAP) component to the application to provide the credential information consistent with the credential parameters, with the notification including the credential parameters.
  - 20. The method of claim 19, further comprising updating previously provided credential information using the credential information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ranganathan, Karthik, Mandhana, Taroon, Malik, Prashant, Mahajan, Saurabh, Zohrenejad, Amir, Baron, Andrew
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US11/704,844
Publication Number

US 20080196090A1
Time in Patent Office

1,551 Days
Field of Search

726/8, 713/168
US Class Current

726/5
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0815   providing single-sign-on or...

H04L 9/321   involving a third party or ...

Dynamic update of authentication information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic update of authentication information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links