Generic framework for EAP
First Claim
1. A computer-readable storage medium having computer-executable components for execution on a client device, the computer-executable components comprising:
- an authentication component, comprising a first Extensible Authentication Protocol (EAP) component located on the client device, that, when executed, authenticates with an authenticator that is external to the client device using first credential information; and
an application component, located on the client device, that, when executed, receives a description of the first credential information from the authentication component, builds a user interface, and obtains the first credential information through the user interface for an entity in accordance with the description and provides the obtained first credential information to the authentication component;
a second EAP component that, when executed, performs a method of authenticating the entity using second credential information entered through the user interface which prompts the entity to enter the credential information and the second credential information;
wherein;
the authentication component is separate from the application component and authenticates with the authenticator by performing a method for authenticating the entity to the authenticator that is external to the client device using at least the first credential information.
2 Assignments
0 Petitions
Accused Products
Abstract
An EAP-based authentication framework is provided that decouples credential acquisition from EAP methods that use credentials for authentication. An application may request from an EAP method parameters of credentials required by the EAP method. In response, the EAP method provides credential parameters, which may then be used by the application to acquire credentials consistent with the parameters from the user or other entity. The framework enables an application to request credentials in a context specific way. In addition, the application may simultaneously obtain credentials used in multiple authentication operations through a single user interface, or retain credentials for later use without further prompting a user such that a Single Sign-on user experience may be implemented. Additionally, the application can obtain credentials from a device so that the device may gain network access without requiring a user logon.
-
Citations
14 Claims
-
1. A computer-readable storage medium having computer-executable components for execution on a client device, the computer-executable components comprising:
-
an authentication component, comprising a first Extensible Authentication Protocol (EAP) component located on the client device, that, when executed, authenticates with an authenticator that is external to the client device using first credential information; and an application component, located on the client device, that, when executed, receives a description of the first credential information from the authentication component, builds a user interface, and obtains the first credential information through the user interface for an entity in accordance with the description and provides the obtained first credential information to the authentication component; a second EAP component that, when executed, performs a method of authenticating the entity using second credential information entered through the user interface which prompts the entity to enter the credential information and the second credential information; wherein; the authentication component is separate from the application component and authenticates with the authenticator by performing a method for authenticating the entity to the authenticator that is external to the client device using at least the first credential information. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of operating a client device to authenticate an entity, comprising:
-
obtaining from a first component of the client device a description of credentials; building a user interface through which a user may enter credential information; obtaining, with a second component of the client device, credential information consistent with the description, the credential information being entered at the user interface; providing, by the second component, the credential information to the first component; and interacting between the first component and an authenticator external to the client device using the credential information; the first component comprising a first Extensible Authentication Protocol (EAP) method; and the method further comprising; obtaining from a second EAP method a second description of second credentials; and obtaining, with the second component, second credential information meeting the second description. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of communicating between an application and an Extensible Authentication Protocol (EAP) component in a device, the method comprising the steps of:
-
making a request from the application in the device to the EAP component in the device to receive credential parameters; providing with the EAP component the credential parameters to the application in response to the request; obtaining, with the application, credentials consistent with the credential parameters through a user interface built by the application and which prompts the entity to enter the credential information; providing the credentials from the application to the EAP component; and accessing with the EAP component an authenticator external to the device using the credentials, wherein; the EAP component is a first EAP component; and the method further comprises; making a second request from the application to receive second credential parameters; obtaining, with the application, second credentials consistent with the second credential parameters; and making at least one second call from the application, the at least one second call having at least one argument conveying the credentials and the second credentials. - View Dependent Claims (12, 13, 14)
-
Specification