Extensible access control architecture
First Claim
1. A method of operating access control software, comprising:
- with a computing device having at least one processor that implements a plurality of processes on the computing device, including a first process and a second process within which computer-executable components are executed, performing acts in the computing device, the acts comprising;
with host software executing within the first process, receiving a message forming a portion of an access control interaction and selecting a method component to execute a function of the access control interaction based on the message;
selectively accessing the selected method component with a proxy based on the nature of the selected method component, the selectively accessing comprising;
when the selected method component is executable within the first process, placing a call to the selected method component through an intra-process interface within the first process;
when the selected method component is not executable within the first process;
placing a call to the proxy component executing within the first process through the intra-process interface;
with the proxy component, communicating with the selected method component across an inter-process interface between the first process and the second process; and
executing a function of the access control interaction with the selected method component in the second process.
2 Assignments
0 Petitions
Accused Products
Abstract
Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.
-
Citations
20 Claims
-
1. A method of operating access control software, comprising:
-
with a computing device having at least one processor that implements a plurality of processes on the computing device, including a first process and a second process within which computer-executable components are executed, performing acts in the computing device, the acts comprising; with host software executing within the first process, receiving a message forming a portion of an access control interaction and selecting a method component to execute a function of the access control interaction based on the message; selectively accessing the selected method component with a proxy based on the nature of the selected method component, the selectively accessing comprising; when the selected method component is executable within the first process, placing a call to the selected method component through an intra-process interface within the first process; when the selected method component is not executable within the first process; placing a call to the proxy component executing within the first process through the intra-process interface; with the proxy component, communicating with the selected method component across an inter-process interface between the first process and the second process; and executing a function of the access control interaction with the selected method component in the second process. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. At least one computer storage device storing computer-executable instructions that, when executed by a computing device, cause the computing device to implement a plurality of processes, including a first process and a second process, and to perform acts comprising:
-
with host software executing within the first process, receiving a message forming a portion of an access control interaction and selecting a method component to execute a function of the access control interaction based on the message; selectively accessing the selected method component with a proxy based on the nature of the selected method component, the selectively accessing comprising; when the selected method component is executable within the first process, placing a call to the selected method component through an intra-process interface within the first process; when the selected method component is not executable within the first process; placing a call to the proxy component executing within the first process through the intra-process interface; with the proxy component, communicating with the selected method component across an inter-process interface between the first process and the second process; and executing a function of the access control interaction with the selected method component in the second process. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a computing device having at least one processor configured to implement a plurality of processes on the computing device, including a first process and a second process within which computer-executable components are executed that configure the computing device to perform acts comprising; with host software executing within the first process, receiving a message forming a portion of an access control interaction and selecting a method component to execute a function of the access control interaction based on the message; selectively accessing the selected method component with a proxy based on the nature of the selected method component, the selectively accessing comprising; when the selected method component is executable within the first process, placing a call to the selected method component through an intra-process interface within the first process; when the selected method component is not executable within the first process; placing a call to the proxy component executing within the first process through the intra-process interface; with the proxy component, communicating with the selected method component across an inter-process interface between the first process and the second process; and executing a function of the access control interaction with the selected method component in the second process. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification