Extensible access control architecture

US 9,521,119 B2
Filed: 10/14/2015
Issued: 12/13/2016
Est. Priority Date: 07/08/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a second process of a computing device across a process boundary from a first process, a message that is part of an access control exchange; and

invoking, by a proxy manager of the second process in response to the receiving and across another process boundary, a access method in a third process where the invoked access method performs at least a portion of the access control exchange.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.

27 Citations

20 Claims

1. A method comprising:
- receiving, by a second process of a computing device across a process boundary from a first process, a message that is part of an access control exchange; and
  
  invoking, by a proxy manager of the second process in response to the receiving and across another process boundary, a access method in a third process where the invoked access method performs at least a portion of the access control exchange.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 where the access method is a third-party access method relative to the proxy manager.
  - 3. The method of claim 2 where a reliability of the third-party access method is not ascertained to be executed as part of the second process.
  - 4. The method of claim 2 where the third-party access method comprises an extensible authenticating protocol (“
    - EAP”
      
      ) interface that is directly compatible with an EAP application programming interface utilized by the second process.
  - 5. The method of claim 1 where the access method is a legacy third-party access method.
  - 6. The method of claim 5 where the legacy third-party access method comprises a legacy interface that is not directly compatible with an EAP application programming interface (“
    - API”
      
      ) utilized by the second process.
  - 7. The method of claim 6, the method further comprising translating, in the third process, between the legacy interface and the EAP API.

8. A computing device comprising:
- at least one processor;
  
  memory coupled to the at least one processor;
  
  a second process configured to receive, across a process boundary from a first process, a message that is part of an access control exchange; and
  
  a proxy manager of the second process configured to invoke, in response to the receiving and across another process boundary, a access method in a third process where the invoked access method performs at least a portion of the access control exchange.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computing device of claim 8 where the access method is a third-party access method relative to the proxy manager.
  - 10. The computing device of claim 9 where a reliability of the third-party access method is not ascertained to be executed as part of the second process.
  - 11. The computing device of claim 9 where the third-party access method comprises an extensible authenticating protocol (“
    - EAP”
      
      ) interface that is directly compatible with an EAP application programming interface utilized by the second process.
  - 12. The computing device of claim 8 where the access method is a legacy third-party access method.
  - 13. The computing device of claim 12 where the legacy third-party access method comprises a legacy interface that is not directly compatible with an EAP application programming interface (“
    - API”
      
      ) utilized by the second process.
  - 14. The computing device of claim 13, the third process comprising a translator configured to translate, in the third process, between the legacy interface and the EAP API.

15. At least one computer storage device comprising:
- memory that comprises computer-executable instructions that, based on execution by a computing device, configure the computing device to perform actions comprising;
  
  receiving, by a second process of a computing device across a process boundary from a first process, a message that is part of an access control exchange; and
  
  invoking, by a proxy manager of the second process in response to the receiving and across another process boundary, a access method in a third process where the invoked access method performs at least a portion of the access control exchange.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The at least one computer storage device of claim 15 where the access method is a third-party access method relative to the proxy manager.
  - 17. The at least one computer storage device of claim 16 where a reliability of the third-party access method is not ascertained to be executed as part of the second process.
  - 18. The at least one computer storage device of claim 16 where the third-party access method comprises an extensible authenticating protocol (“
    - EAP”
      
      ) interface that is directly compatible with an EAP application programming interface utilized by the second process.
  - 19. The at least one computer storage device of claim 15 where the access method is a legacy third-party access method.
  - 20. The at least one computer storage device of claim 19 where the legacy third-party access method comprises a legacy interface that is not directly compatible with an EAP application programming interface (“
    - API”
      
      ) utilized by the second process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Leibovitz, Anthony M., Schurman, Mark C., Goel, Mudit, Mayfield, Paul G., Pasupuleti, Sudhakar, Mandhana, Taroon, Kamath, Vivek P., Zheng, Wei, Bao, Xuemei
Primary Examiner(s)
Schwartz, Darren B
Assistant Examiner(s)
Gyorfi, Thomas

Application Number

US14/883,332
Publication Number

US 20160036781A1
Time in Patent Office

426 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/162   at the data link layer

H04L 67/01   Protocols

Extensible access control architecture

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Extensible access control architecture

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links