Logon system and method thereof

US 8,613,060 B2
Filed: 12/28/2009
Issued: 12/17/2013
Est. Priority Date: 12/30/2008
Status: Active Grant

First Claim

Patent Images

1. A logon system comprising a non-transitory computer-readable medium and a key device, wherein the computer-readable medium comprises computer instructions executable by a processor to cause the processor to perform a logon method of:

calling, by a computer operating system, a Credential Provider module corresponding to the key device according to a key device logon certificate in the key device;

popping up, by the Credential Provider module, a human-computer interactive interface when the Credential Provider module is called by the computer operating system;

collecting, by the Credential Provider module, information needed for logging on the computer operating system;

transferring, by the Credential Provider module, authentication information in the collected information to the computer operating system;

receiving, by a Cryptographic Service Provider module, the authentication information from the computer operating system;

performing, by the Cryptographic Service Provider module, authentication with the authentication information; and

performing, by the Cryptographic Service Provider module, an operation with a private key corresponding to the key device logon certificate to generate credential information needed for logging on the computer operating system in case authentication is successful,wherein before transferring the authentication information in the collected information to the computer operating system, an assembly unit in the Credential Provider module assembles the authentication information, and an encryption unit in the Credential Provider module encrypts the authentication information; and

wherein a disassembly unit in the Cryptographic Service Provider module disassembles the received authentication information before performing authentication with the authentication information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention discloses a logon system and a method thereof, which relates to information security field. The invention solves the problems that the user can log on Windows by username and password only. In the invention, the Credential Provider module adapted to pop up a human-computer interactive interface when the Credential Provider module is called by the operating system of the computer; further adapted to collect the information needed for logging on the operating system and transfer the collected information to the operating system of the computer; the Cryptographic Service Provider module is adapted to perform authentication with the information received from the operating system of the computer; and, if the authentication is successful, to perform operation with the corresponding private key of the key device logon certificate to generate credential information needed for logging on the operating system. The embodiments of the invention are applied for logging on the Windows, which provide more alternative logon ways for the user.

9 Citations

20 Claims

1. A logon system comprising a non-transitory computer-readable medium and a key device, wherein the computer-readable medium comprises computer instructions executable by a processor to cause the processor to perform a logon method of:
- calling, by a computer operating system, a Credential Provider module corresponding to the key device according to a key device logon certificate in the key device;
  
  popping up, by the Credential Provider module, a human-computer interactive interface when the Credential Provider module is called by the computer operating system;
  
  collecting, by the Credential Provider module, information needed for logging on the computer operating system;
  
  transferring, by the Credential Provider module, authentication information in the collected information to the computer operating system;
  
  receiving, by a Cryptographic Service Provider module, the authentication information from the computer operating system;
  
  performing, by the Cryptographic Service Provider module, authentication with the authentication information; and
  
  performing, by the Cryptographic Service Provider module, an operation with a private key corresponding to the key device logon certificate to generate credential information needed for logging on the computer operating system in case authentication is successful,wherein before transferring the authentication information in the collected information to the computer operating system, an assembly unit in the Credential Provider module assembles the authentication information, and an encryption unit in the Credential Provider module encrypts the authentication information; and
  
  wherein a disassembly unit in the Cryptographic Service Provider module disassembles the received authentication information before performing authentication with the authentication information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The logon system as claimed in claim 1, whereinthe Credential Provider module pops up the human-computer interactive interface when a GetSerialization interface function in the Credential Provider module is called by the computer operating system;
    - andthe Cryptographic Service Provider module receives the authentication information via a CryptSetProvParam interface function in the Cryptographic Service Provider module from the computer operating system.
  - 3. The logon system as claimed in claim 1, wherein the logon method further comprises:
    - performing, by a drive module, data exchange between the key device and the computer after a connection between the key device and the computer is set up;
      
      enumerating and registering, by a registry module, one or more key device logon certificates after the connection between the key device and the computer is set up;
      
      associating, by the registry module, the key device logon certificates to the corresponding Credential Provider module and Cryptographic Service Provider module respectively;
      
      displaying, by a prompt module, the registered key device logon certificates in a predefined interface;
      
      prompting, by the prompt module, the user to choose at least one of the registered key device logon certificates; and
      
      locating, by a locating module, the corresponding Credential Provider module and Cryptographic Service Provider module according to the registered key device logon certificate chosen by the user.
  - 4. The logon system as claimed in claim 1, whereinthe human-computer interactive interface comprises one or more output controls, or multiple input controls, or one or more input controls and one or more output controls.
  - 5. The logon system as claimed in claim 4, whereinwhen the human-computer interactive interface comprises one or more output controls, the output controls are for prompting the user to input biotic authentication information.
  - 6. The logon system as claimed in claim 5, whereinwhen the output controls are for prompting the user to input biotic authentication information, the key device stores the biotic authentication information in a temporary storage area of the key device.
  - 7. The logon system as claimed in claim 4, whereinwhen the human-computer interactive interface comprises multiple input controls, the Credential Provider module collects authentication information input by the user according to a prompt of the human-computer interactive interface.
  - 8. The logon system as claimed in claim 7, whereinthe multiple input controls comprise an input control for prompting the user to input a one-time password and an input control for prompting the user to input a PIN code.
  - 9. The logon system as claimed in claim 4, whereinwhen the human-computer interactive interface comprises one or more input controls and one or more output controls, the Credential Provider module collects authentication information input by the user according to a prompt of the human-computer interactive interface.
  - 10. The logon system as claimed in claim 9, whereinthe one or more input controls are input controls for prompting the user to input a verification code;
    - andthe one or more output controls are output controls for displaying a generated challenge code.

11. A logon method comprising:
- calling, by a computer operating system, a Credential Provider module corresponding to a key device according to a key device logon certificate in the key device;
  
  popping up, by the Credential Provider module, a human-computer interactive interface when the Credential Provider module is called by the computer operating system;
  
  collecting, by the Credential Provider module, information needed for logging on the computer operating system;
  
  transferring, by the Credential Provider module, authentication information in the collected information to the computer operating system;
  
  receiving, by a Cryptographic Service Provider module, the authentication information from the computer operating system;
  
  performing, by the Cryptographic Service Provider module, authentication with the authentication information; and
  
  performing, by the Cryptographic Service Provider module, an operation with a private key corresponding to the key device logon certificate to generate credential information needed for logging on the computer operating system in case authentication is successful,wherein before transferring the authentication information in the collected information to the computer operating system, an assembly unit in the Credential Provider module assembles the authentication information, and an encryption unit in the Credential Provider module encrypts the authentication information; and
  
  wherein a disassembly unit in the Cryptographic Service Provider module disassembles the received authentication information before performing authentication with the authentication information.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The logon method as claimed in claim 11, whereinthe Credential Provider module pops up the human-computer interactive interface when a GetSerialization interface function in the Credential Provider module is called by the computer operating system;
    - andthe Cryptographic Service Provider module receives the authentication information via a CryptSetProvParam interface function in the Cryptographic Service Provider module.
  - 13. The logon method as claimed in claim 11, wherein the method further comprises:
    - performing, by a drive module, data exchange between the key device and the computer after a connection between the key device and the computer is set up;
      
      enumerating and registering, by a registry module, one or more key device logon certificates after the connection between the key device and the computer is set up;
      
      associating, by the registry module, the key device logon certificates to the corresponding Credential Provider module and Cryptographic Service Provider module respectively;
      
      displaying, by a prompt module, the registered key device logon certificates in a predefined interface;
      
      prompting, by the prompt module, the user to choose at least one of the registered key device logon certificates; and
      
      locating, by a locating module, the corresponding the Credential Provider module and Cryptographic Service Provider module according to the registered key device logon certificate chosen by the user.
  - 14. The logon method as claimed in claim 11, whereinthe human-computer interactive interface includes one or more output controls, or multiple input controls, or one or more input controls and one or more output controls.
  - 15. The logon method as claimed in claim 14, whereinwhen the human-computer interactive interface comprises one or more output controls, the output controls are for prompting the user to input biotic authentication information.
  - 16. The logon method as claimed in claim 15, whereinwhen the output controls are for prompting the user to input biotic authentication information, the key device stores the biotic authentication information in a temporary storage area of the key device.
  - 17. The logon method as claimed in claim 14, whereinwhen the human-computer interactive interface includes multiple input controls, the Credential Provider module collects authentication information input by the user according to a prompt of the human-computer interactive interface.
  - 18. The logon method as claimed in claim 17, whereinthe multiple input controls comprise an input control for prompting the user to input a one-time password and an input control for prompting a user to input a PIN code.
  - 19. The logon method as claimed in claim 14, whereinwhen the human-computer interactive interface comprises one or more input controls and one or more output controls, the Credential Provider module collects authentication information input by the user according to a prompt of the human-computer interactive interface.
  - 20. The logon method as claimed in claim 19, whereinthe one or more input controls are input controls for prompting the user to input a verification code;
    - andthe one or more controls are output controls for displaying a generated challenge code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Feitian Technologies Company Limited
Original Assignee
Feitian Technologies Company Limited
Inventors
Lu, Zhou, Yu, Huazhang
Primary Examiner(s)
Reza, Mohammad W
Assistant Examiner(s)
RAHIM, MONJUR

Application Number

US12/647,848
Publication Number

US 20100115465A1
Time in Patent Office

1,450 Days
Field of Search

713/185, 713/175, 713/173, 713/182, 726/5, 726 16- 17, 726 19- 20
US Class Current

726/5
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

Logon system and method thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Logon system and method thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links