System and method for password authentication for non-LDAP regions

US 20030131264A1
Filed: 12/07/2000
Published: 07/10/2003
Est. Priority Date: 12/07/2000
Status: Active Grant

First Claim

Patent Images

1. A method for dial roaming for users having a home non-LDAP (Lightweight Directory Access Protocol) region to allow access comprising:

dialing into a local dial access provider;

creating an access request;

forwarding the dial access request to a corporate remote authentication dial-in user service (RADIUS) server;

proxying the request to a regional RADIUS server associated with the user'"'"'s home region;

accessing the regional user database to determine if the user is present in the regional database;

authenticating the user; and

providing configuration information to the user to allow access to the network.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for allowing roaming of a subscriber and password authentication a non-LDAP region. A user signs onto a network access server which in turn connects to the regional LDAP RADIUS server. Password authentication occurs by hashing a transmitted password and comparing it to a clear text password from an LDAP database that has been hashed in the same manner as the transmitted password. When the subscriber is in a non-LDAP region, The password proceeds trough a proxy server to a regional RADIUS server which connects to a non-LDAP server. The non-LDAP server connects to and SMS database and retrieve the clear text password associated with the non-LDFSAP user, hashes it according the same method as the transmitted hashed password and formats the password for comparison in the regional RADIUS server. If the hashed passwords compare, the access is permitted.

31 Citations

View as Search Results

27 Claims

1. A method for dial roaming for users having a home non-LDAP (Lightweight Directory Access Protocol) region to allow access comprising:
- dialing into a local dial access provider;
  
  creating an access request;
  
  forwarding the dial access request to a corporate remote authentication dial-in user service (RADIUS) server;
  
  proxying the request to a regional RADIUS server associated with the user'"'"'s home region;
  
  accessing the regional user database to determine if the user is present in the regional database;
  
  authenticating the user; and
  
  providing configuration information to the user to allow access to the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method for dial roaming of claim 1 wherein the access request is forwarded to an access provider via a network access server (NAS).
  - 3. The method of claim 2 wherein the NAS functions as a client of the corporate RADIUS server.
  - 4. The method of claim 1 further comprising:
    - the corporate RADIUS server determining if the user is a member of an LDAP or non-LDAP region.
  - 5. The method of claim 4 wherein the determining if the user is a member of an LDAP or non-LDAP region is accomplished by reviewing a configuration file stored in the corporate RADIUS server.
  - 6. The method of claim 1 further comprising forwarding the access request to a regional LDAP database if the home region is LDAP enabled.
  - 7. The method of claim 6 further comprising the regional LDAP database authenticating the user.
  - 8. The method of claim 7 further comprising the regional LDAP database sending an “
    - accept”
      
      message if the user is in the regional LDAP database and a “
      
      deny”
      
      message if the user is not in the regional LDAP database.
  - 9. The method of claim 1 wherein the access request comprises a user name and password.
  - 10. The method of claim 9 wherein the user name comprises a regional naming convention for identifying the home region of the user.
  - 11. The method of claim 9 wherein the user name comprises an email address of the user.
  - 12. The method of claim 9 further comprising comparing the user password to the password stored in the non-LDAP database.
  - 13. The method of claim 12 wherein the password from the database is CHAP hashed, and wherein the password delivered to the database is CHAP hashed, and wherein the password comparison comprises comparing the CHAP hashed password delivered to the database with the CHAP hashed password extracted from the database.
  - 14. The method of claim 12 wherein the database of the non-LDAP regions is an subscriber management system (SMS) database.
  - 15. The method of claim 9 wherein the password is hashed to maintain security.

16. A system for dial roaming for users having a home non-LDAP region to allow access comprising:
- a user computer having a home service region for creating a network access request;
  
  a dial up connection over a first network to a network access server (NAS) in a roaming area;
  
  a second network connected to the NAS for receiving the network access request;
  
  a local network service provider connected to the second network;
  
  a third network connected to the network service provider;
  
  a corporate RADIUS server connected to the third network for receiving the access request; and
  
  a regional LDAP server comprising a user database for authenticating the user access request and for allowing access to the regional network.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The system of claim 16 further comprising a regional RADIUS server connected to a non-LDAP regional server connected to the second network for receiving the access request.
  - 18. The system of claim 17 wherein the non-LDAP regional server further comprises a user database and access instructions for authenticating the user access request in the non-LDAP server database.
  - 19. The system of claim 18 wherein the database is an SMS database.
  - 20. The system of claim 16 wherein the user access request comprises a user ID and password.
  - 21. The system of claim 20 wherein the NAS further comprises instructions for hashing the user ID and password to enhance security.
  - 22. The system of claim 18 wherein the non-LDAP server further comprises instructions to permit access if the user is in the database and to deny access if the user is not in the database.

23. A system for authenticating users using a standard RADIUS protocol against a non-standard subscriber management system and database comprising:
- a RADIUS server, having a RADIUS authentication protocol, connected to a first network for receiving an access request from a user;
  
  a subscriber management server, connected to a second network, comprising a user database for authenticating the user access request over the second network; and
  
  a database view created in memory on the subscriber management server for providing user access information in the correct format for the RADIUS authentication protocol.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The system for authenticating users using a standard RADIUS protocol against a non-standard subscriber management system and database of claim 23 wherein the user access request is a username and password.
  - 25. The system for authenticating users using a standard RADIUS protocol against a non-standard subscriber management system and database of claim 24 wherein the username is and email address.
  - 26. The system for authenticating users using a standard RADIUS protocol against a non-standard subscriber management system and database of claim 24 wherein the password from the user database is CHAP hashed to compare to the password presented in the user access request.
  - 27. The system for authenticating users using a standard RADIUS protocol against a non-standard subscriber management system and database of claim 26 wherein the subscriber management server further comprises instructions for sending an “
    - accept”
      
      message to the RADIUS server if the user password from the user database matches the user password presented in the user access request, and for sending a “
      
      deny”
      
      message to the RADIUS server if the user password from the user database does not matche the user password presented in the user access request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Time Warner Cable Internet LLC (Charter Communications Incorporated)
Original Assignee
Road Runner
Inventors
Pfeffer, Howard, Cashman, Jack, Gazillo, Michael, Huff, Barbara

Granted Patent

US 7,099,475 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

H04L 63/0281 Proxies

H04L 63/083 using passwords cryptograph...

System and method for password authentication for non-LDAP regions

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for password authentication for non-LDAP regions

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links