Systems and methods for implementing hybrid dynamic wallet tokens
US-2016071094-A1 · Mar 10, 2016 · US
Hybrid remote desktop logon
US10459752B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10459752-B2 |
| Application number | US-201715648433-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 12, 2017 |
| Priority date | Jul 12, 2017 |
| Publication date | Oct 29, 2019 |
| Grant date | Oct 29, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A hybrid account logon is disclosed for logging into remote desktops. In one embodiment, the hybrid logon combines local and domain accounts by building a local primary access token which provides credentials for local and domain-based accounts. In one embodiment, a credentials provider creates a serialized structure including both local account information and domain credentials and sends the serialized structure to a logon user interface (UI) process. The logon UI process calls a user authentication service that itself calls a hybrid authentication package which performs a domain logon, discards any identity associated with the domain logon session, and builds a local identity for the local account. The user authentication service then generates a primary access token including the local identity and the domain logon session data, thereby supporting interactive logon based on the local user identity which is also linked to network credentials for use in accessing network resources.
First claim
Opening claim text (preview).
I claim: 1. A computer-implemented method of logging on to a system using domain credentials and local user account information, comprising: initiating a domain logon session using the domain credentials; generating a local user identity based on at least the local user account information, wherein the local user account information includes (i) a username associated with an available unauthenticated account, or (ii) a username associated with an available unauthenticated account and password combination; generating a token which includes the generated local user identity and data associated with the initiated domain logon session; and logging on to the system using the generated token. 2. The method of claim 1 , further comprising, discarding a domain user identity generated as part of initiating the domain logon session. 3. The method of claim 1 , further comprising, applying one or more properties associated with a domain user account during the logging on to the system. 4. The method of claim 1 , wherein: the domain credentials include one of a username and password or a virtual smartcard. 5. The method of claim 4 , wherein: the local user account information further includes a password generated by an account manager; and the method further includes verifying the generated password with the account manager. 6. The method of claim 1 , wherein a user is not required to enter authentication credentials. 7. The method of claim 6 , wherein: an alias selected by the user is mapped to a domain user account; and the domain user account is mapped to the local user account. 8. The method of claim 1 , wherein the data associated with the domain logon session includes a session identifier (ID) linked to a kerberos ticket-granting ticket. 9. The method of claim 1 , wherein initiating the domain logon session includes calling a kerberos authentication service without calling a user authentication service which the kerberos authentication service is an extension for. 10. The method of claim 1 , further comprising, launching an application which uses the token to access network resources. 11. A non-transitory computer-readable medium comprising instructions executable by a computer, the computer having one or more physical central processing units (CPUs), wherein the instructions, when executed, cause the computer to perform operations for logging on to a system using domain credentials and local user account information, the operations comprising: initiating a domain logon session using the domain credentials; generating a local user identity based on at least the local user account information, wherein the local user account information includes (i) a username associated with an available unauthenticated account, or (ii) a username associated with an available unauthenticated account and password combination; generating a token which includes the generated local user identity and data associated with the initiated domain logon session; and logging on to the system using the generated token. 12. The computer-readable medium of claim 11 , the operations further comprising, discarding a domain user identity generated as part of initiating the domain logon session. 13. The computer-readable medium of claim 11 , the operations further comprising, applying one or more properties associated with a domain user account during the logging on to the system. 14. The computer-readable medium of claim 11 , wherein: the domain credentials include one of a username and password or a virtual smartcard. 15. The computer-readable medium of claim 14 , wherein: the local user account information further includes a password generated by an account manager; and the operations further comprise verifying the generated password with the account manager. 16. The computer-readable medium of claim 11 , wherein a user is not required to enter authentication credentials. 17. The computer-readable medium of claim 16 , wherein: an alias selected by the user is mapped to a domain user account; and the domain user account is mapped to the local user account. 18. The computer-readable medium of claim 11 , wherein initiating the domain logon session includes calling a kerberos authentication service without calling a user authentication service which the kerberos authentication service is an extension for. 19. The computer-readable medium of claim 11 , the operations further comprising, launching an application which uses the token to access network resources. 20. A system, comprising: a processor; and a memory, wherein the memory includes a program for logging on to a system using domain credentials and local user account information, the program being configured to perform operations comprising: initiating a domain logon session using the domain credentials, generating a local user identity based on at least the local user account information, wherein the local user account information includes (i) a username associated with an available unauthenticated account, or (ii) a username associated with an available unauthenticated account and password combination, generating a token which includes the generated local user identity and data associated with the initiated domain logon session, and logging on to the system using the generated token.
Assignees
Inventors
Classifications
Remote windowing, e.g. X-Window System, desktop virtualisation (protocols for virtual reality H04L67/131) · CPC title
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
where a single sign-on provides access to a plurality of computers · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
involving the use of external additional devices, e.g. dongles or smart cards · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10459752B2 cover?
- A hybrid account logon is disclosed for logging into remote desktops. In one embodiment, the hybrid logon combines local and domain accounts by building a local primary access token which provides credentials for local and domain-based accounts. In one embodiment, a credentials provider creates a serialized structure including both local account information and domain credentials and sends the …
- Who is the assignee on this patent?
- Vmware Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0815. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 29 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).