Split authentication network systems and methods
First Claim
1. A method comprising:
- receiving one or more packets wirelessly transmitted from a user device through a wireless access point to access a trusted network;
determining a type of an extensible authorization protocol (EAP) associated with the user device based on the one or more packets;
upon determining that the type of EAP associated with the user device is a first EAP, routing the one or more packets to a first authentication server provided in the trusted network and associated with the first EAP, for authentication of the user device according to the first EAP;
upon determining that the type of EAP associated with the user device is a second EAP different from the first EAP, routing the one or more packets to a second authentication server provided in the trusted network and associated with the second EAP, for authentication of the user device according to the second EAP;
wherein the first EAP involves a server certificate and does not involve a self-signed user certificate for authentication, and the second EAP involves a server certificate and a self-signed user certificate for authentication.
4 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a system comprising: an authentication datastore; a device presence engine; a traffic monitor engine; an authentication presence monitor engine; an authentication server selection engine; and a traffic routing engine. In operation: the device presence engine is configured to detect presence of a user device on a trusted network; the traffic monitor engine is configured to monitor, in response to the detection, traffic on the trusted network from the device; the authentication presence monitor engine is configured to evaluate onboarding characteristics of the user device in response to the monitoring; the authentication server selection engine is configured to select one of a plurality of authentication servers to authenticate the user device to the trusted network, the selecting based on the onboarding characteristics; and the traffic routing engine is configured to route traffic from the user device to the selected authentication server.
90 Citations
20 Claims
-
1. A method comprising:
-
receiving one or more packets wirelessly transmitted from a user device through a wireless access point to access a trusted network; determining a type of an extensible authorization protocol (EAP) associated with the user device based on the one or more packets; upon determining that the type of EAP associated with the user device is a first EAP, routing the one or more packets to a first authentication server provided in the trusted network and associated with the first EAP, for authentication of the user device according to the first EAP; upon determining that the type of EAP associated with the user device is a second EAP different from the first EAP, routing the one or more packets to a second authentication server provided in the trusted network and associated with the second EAP, for authentication of the user device according to the second EAP; wherein the first EAP involves a server certificate and does not involve a self-signed user certificate for authentication, and the second EAP involves a server certificate and a self-signed user certificate for authentication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
- one or more processors;
memory coupled to the one or more processors, the memory configured to store instructions to instruct the one or more processors to perform a computer-implemented method, the computer-implemented method comprising; receiving one or more packets wirelessly transmitted from a user device through a wireless access point to access a trusted network; determining a type of an extensible authorization protocol (EAP) associated with the user device based on the one or more packets; upon determining that the type of EAP associated with the user device is a first EAP, routing the one or more packets to a first authentication server provided in the trusted network and associated with the first EAP, for authentication of the user device according to the first EAP; upon determining that the type of EAP associated with the user device is a second EAP different from the first EAP, routing the one or more packets to a second authentication server provided in the trusted network and associated with the second EAP, for authentication of the user device according to the second EAP; wherein the first EAP involves a server certificate and does not involve a self-signed user certificate for authentication, and the second EAP involves a server certificate and a self-signed user certificate for authentication. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- one or more processors;
-
18. A method comprising:
-
receiving one or more packets wirelessly transmitted from a user device through a wireless access point to access a trusted network; determining a type of an EAP associated with the user device based on the one or more packets; upon determining that the type of extensible authorization protocol (EAP) associated with the user device is a first EAP, routing the one or more packets to a first authentication server provided in the trusted network and associated with the first EAP, for authentication of the user device according to the first EAP; upon determining that the type of EAP associated with the user device is a second EAP different from the first EAP, routing the one or more packets to a second authentication server provided in the trusted network and associated with the second EAP, for authentication of the user device according to the second EAP; wherein the one or more packets include information on an operating system of the user device, and the EAP associated with the user device is determined based on the information on the operating system of the user device. - View Dependent Claims (19, 20)
-
Specification