Generic framework for EAP

US 8,307,411 B2
Filed: 02/09/2007
Issued: 11/06/2012
Est. Priority Date: 02/09/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-readable storage medium having computer-executable components for execution on a client device, the computer-executable components comprising:

an authentication component, comprising a first Extensible Authentication Protocol (EAP) component located on the client device, that, when executed, authenticates with an authenticator that is external to the client device using first credential information; and

an application component, located on the client device, that, when executed, receives a description of the first credential information from the authentication component, builds a user interface, and obtains the first credential information through the user interface for an entity in accordance with the description and provides the obtained first credential information to the authentication component;

a second EAP component that, when executed, performs a method of authenticating the entity using second credential information entered through the user interface which prompts the entity to enter the credential information and the second credential information;

wherein;

the authentication component is separate from the application component and authenticates with the authenticator by performing a method for authenticating the entity to the authenticator that is external to the client device using at least the first credential information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An EAP-based authentication framework is provided that decouples credential acquisition from EAP methods that use credentials for authentication. An application may request from an EAP method parameters of credentials required by the EAP method. In response, the EAP method provides credential parameters, which may then be used by the application to acquire credentials consistent with the parameters from the user or other entity. The framework enables an application to request credentials in a context specific way. In addition, the application may simultaneously obtain credentials used in multiple authentication operations through a single user interface, or retain credentials for later use without further prompting a user such that a Single Sign-on user experience may be implemented. Additionally, the application can obtain credentials from a device so that the device may gain network access without requiring a user logon.

Citations

14 Claims

1. A computer-readable storage medium having computer-executable components for execution on a client device, the computer-executable components comprising:
- an authentication component, comprising a first Extensible Authentication Protocol (EAP) component located on the client device, that, when executed, authenticates with an authenticator that is external to the client device using first credential information; and
  
  an application component, located on the client device, that, when executed, receives a description of the first credential information from the authentication component, builds a user interface, and obtains the first credential information through the user interface for an entity in accordance with the description and provides the obtained first credential information to the authentication component;
  
  a second EAP component that, when executed, performs a method of authenticating the entity using second credential information entered through the user interface which prompts the entity to enter the credential information and the second credential information;
  
  wherein;
  
  the authentication component is separate from the application component and authenticates with the authenticator by performing a method for authenticating the entity to the authenticator that is external to the client device using at least the first credential information.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-readable storage medium of claim 1, wherein the entity is a device and the application component, when executed, obtains device credential information.
  - 3. The computer-readable storage medium of claim 1, wherein the entity is a user.
  - 4. The computer-readable medium storage of claim 1, wherein the computer-executable components comprise a first application programming interface and a second application programming interface, the first application programming interface providing a credential definition from the authentication component to the application component and the second application programming interface providing at least the first credential information from the application component to the authentication component.
  - 5. The computer-readable storage medium of claim 4, wherein the application component comprises a portion of an operating system that, when executed, performs a user logon function.

6. A method of operating a client device to authenticate an entity, comprising:
- obtaining from a first component of the client device a description of credentials;
  
  building a user interface through which a user may enter credential information;
  
  obtaining, with a second component of the client device, credential information consistent with the description, the credential information being entered at the user interface;
  
  providing, by the second component, the credential information to the first component; and
  
  interacting between the first component and an authenticator external to the client device using the credential information;
  
  the first component comprising a first Extensible Authentication Protocol (EAP) method; and
  
  the method further comprising;
  
  obtaining from a second EAP method a second description of second credentials; and
  
  obtaining, with the second component, second credential information meeting the second description.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising:
    - storing, with the first component, the credential information.
  - 8. The method of claim 6, wherein the credential information may be used to perform network access authentication and entity logon, with the network access authentication preceding the user entity.
  - 9. The method of claim 8, wherein the entity is a device.
  - 10. The method of claim 8, wherein the entity is a user.

11. A method of communicating between an application and an Extensible Authentication Protocol (EAP) component in a device, the method comprising the steps of:
- making a request from the application in the device to the EAP component in the device to receive credential parameters;
  
  providing with the EAP component the credential parameters to the application in response to the request;
  
  obtaining, with the application, credentials consistent with the credential parameters through a user interface built by the application and which prompts the entity to enter the credential information;
  
  providing the credentials from the application to the EAP component; and
  
  accessing with the EAP component an authenticator external to the device using the credentials, wherein;
  
  the EAP component is a first EAP component; and
  
  the method further comprises;
  
  making a second request from the application to receive second credential parameters;
  
  obtaining, with the application, second credentials consistent with the second credential parameters; and
  
  making at least one second call from the application, the at least one second call having at least one argument conveying the credentials and the second credentials.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, wherein providing the credentials from the application to the EAP component comprises making at least one call from the application to the EAP component, the at least one call having at least one argument providing the credentials consistent with the credential parameters.
  - 13. The method of claim 12, further comprising:
    - in response to the at least one call, from the EAP component, accessing the authenticator external to the device using the credentials.
  - 14. The method of claim 12, wherein accessing an authenticator external to the device comprises, with the obtained credentials performing network access authentication and device logon, with the network access authentication preceding the device logon.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Baron, Andrew, Mandhana, Taroon, Mahajan, Saurabh, Malik, Prashant
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
KANAAN, SIMON P

Application Number

US11/704,624
Publication Number

US 20080196089A1
Time in Patent Office

2,097 Days
Field of Search

726 5- 8, 726 15- 21, 713155-158
US Class Current

726/5
CPC Class Codes

H04L 63/083 using passwords cryptograph...

H04L 63/162 at the data link layer

Generic framework for EAP

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Generic framework for EAP

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links