Extensible access control architecture

US 8,286,223 B2
Filed: 07/08/2005
Issued: 10/09/2012
Est. Priority Date: 07/08/2005
Status: Active Grant

First Claim

Patent Images

1. A method of operating access control software, comprising:

with a computing device having at least one processor that implements a plurality of processes on the computing device, including a first process and a second process within which computer-executable components are executed, performing acts in the computing device, the acts comprising;

with host software executing within the first process, receiving a message forming a portion of an access control interaction and selecting a method component to execute a function of the access control interaction based on the message;

selectively accessing the selected method component with a proxy based on the nature of the selected method component, the selectively accessing comprising;

when the selected method component is executable within the first process, placing a call to the selected method component through an intra-process interface within the first process;

when the selected method component is not executable within the first process;

placing a call to the proxy component executing within the first process through the intra-process interface;

with the proxy component, communicating with the selected method component across an inter-process interface between the first process and the second process; and

executing a function of the access control interaction with the selected method component in the second process.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.

Citations

20 Claims

1. A method of operating access control software, comprising:
- with a computing device having at least one processor that implements a plurality of processes on the computing device, including a first process and a second process within which computer-executable components are executed, performing acts in the computing device, the acts comprising;
  
  with host software executing within the first process, receiving a message forming a portion of an access control interaction and selecting a method component to execute a function of the access control interaction based on the message;
  
  selectively accessing the selected method component with a proxy based on the nature of the selected method component, the selectively accessing comprising;
  
  when the selected method component is executable within the first process, placing a call to the selected method component through an intra-process interface within the first process;
  
  when the selected method component is not executable within the first process;
  
  placing a call to the proxy component executing within the first process through the intra-process interface;
  
  with the proxy component, communicating with the selected method component across an inter-process interface between the first process and the second process; and
  
  executing a function of the access control interaction with the selected method component in the second process.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, additionally comprising the acts:
    - with the host software executing within the first process, receiving a second message forming a portion of a second access control interaction;
      
      communicating between the host software and a second selected method component across the intra-process interface; and
      
      executing a function of the second access control interaction with the second method component in the first process.
  - 3. The method of claim 2, wherein placing a call to a proxy component through the intra-process interface comprises placing the call in a predetermined format and communicating between the host software and the second selected method component across the intra-process interface comprises calling the second method component through an interface in the predetermined format.
  - 4. The method of claim 1, wherein receiving the message forming the portion of the access control interaction comprises receiving a message in an Extensible Accessibility Protocol.
  - 5. The method of claim 1, wherein receiving the message forming the portion of the access control interaction comprises receiving a message from an authenticator executing on a RADIUS server.
  - 6. The method of claim 1, wherein receiving the message forming the portion of the access control interaction comprises receiving a message from a network client executing on a processor in a hand-held electronic device.
  - 7. The method of claim 1, wherein the selected method is a legacy EAP method that is not executable within the first process.

8. At least one computer storage device storing computer-executable instructions that, when executed by a computing device, cause the computing device to implement a plurality of processes, including a first process and a second process, and to perform acts comprising:
- with host software executing within the first process, receiving a message forming a portion of an access control interaction and selecting a method component to execute a function of the access control interaction based on the message;
  
  selectively accessing the selected method component with a proxy based on the nature of the selected method component, the selectively accessing comprising;
  
  when the selected method component is executable within the first process, placing a call to the selected method component through an intra-process interface within the first process;
  
  when the selected method component is not executable within the first process;
  
  placing a call to the proxy component executing within the first process through the intra-process interface;
  
  with the proxy component, communicating with the selected method component across an inter-process interface between the first process and the second process; and
  
  executing a function of the access control interaction with the selected method component in the second process.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The at least one computer storage device of claim 8, additionally comprising acts:
    - with the host software executing within the first process, receiving a second message forming a portion of a second access control interaction;
      
      communicating between the host software and a second selected method component across the intra-process interface; and
      
      executing a function of the second access control interaction with the second method component in the first process.
  - 10. The at least one computer storage device of claim of claim 9, wherein placing a call to a proxy component through the intra-process interface comprises placing the call in a predetermined format and communicating between the host software and the second selected method component across the intra-process interface comprises calling the second method component through an interface in the predetermined format.
  - 11. The at least one computer storage device of claim of claim 8, wherein receiving the message forming the portion of the access control interaction comprises receiving a message an Extensible Accessibility Protocol.
  - 12. The at least one computer storage device of claim of claim 8, wherein receiving the message forming the portion of the access control interaction comprises receiving a message from an authenticator executing on a RADIUS server.
  - 13. The at least one computer storage device of claim of claim 8, wherein receiving the message forming the portion of the access control interaction comprises receiving a message from a network client executing on a processor in a hand-held electronic device.
  - 14. The at least one computer storage device of claim of claim 8, wherein the selected method is a legacy EAP method that is not executable within the first process.

15. A system comprising:
- a computing device having at least one processor configured to implement a plurality of processes on the computing device, including a first process and a second process within which computer-executable components are executed that configure the computing device to perform acts comprising;
  
  with host software executing within the first process, receiving a message forming a portion of an access control interaction and selecting a method component to execute a function of the access control interaction based on the message;
  
  selectively accessing the selected method component with a proxy based on the nature of the selected method component, the selectively accessing comprising;
  
  when the selected method component is executable within the first process, placing a call to the selected method component through an intra-process interface within the first process;
  
  when the selected method component is not executable within the first process;
  
  placing a call to the proxy component executing within the first process through the intra-process interface;
  
  with the proxy component, communicating with the selected method component across an inter-process interface between the first process and the second process; and
  
  executing a function of the access control interaction with the selected method component in the second process.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, additionally comprising acts:
    - with the host software executing within the first process receiving a second message forming a portion of a second access control interaction;
      
      communicating between the host software and a second selected method component across the intra-process interface; and
      
      executing a function of the second access control interaction with the second method component in the first process.
  - 17. The system of claim 16, wherein placing a call to a proxy component through the intra-process interface comprises placing the call in a predetermined format and communicating between the host software and the second selected method component across the intra-process interface comprises calling the second method component through an interface in the predetermined format.
  - 18. The system of claim 15, wherein receiving the message forming the portion of the access control interaction comprises receiving a message an Extensible Accessibility Protocol.
  - 19. The system of claim 15, wherein receiving the message forming the portion of the access control interaction comprises receiving a message from an authenticator executing on a RADIUS server.
  - 20. The system of claim 15, wherein receiving the message forming the portion of the access control interaction comprises receiving a message from a network client executing on a processor in a hand-held electronic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Goel, Mudit, Mayfield, Paul G., Pasupuleti, Sudhakar, Mandhana, Taroon, Kamath, Vivek P., Zheng, Wei, Bao, Xuemei, Leibovitz, Anthony M., Schurman, Mark C.
Primary Examiner(s)
Zee, Edward
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US11/177,757
Publication Number

US 20070016939A1
Time in Patent Office

2,650 Days
Field of Search

726/3, 726/2, 726/16
US Class Current

726/3
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/162   at the data link layer

H04L 67/01   Protocols

Extensible access control architecture

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Extensible access control architecture

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links