Authorization negotiation in multi-domain environment

US 20030226037A1
Filed: 05/31/2002
Published: 12/04/2003
Est. Priority Date: 05/31/2002
Status: Abandoned Application

First Claim

Patent Images

1. A meta-authorization parameter generating device, comprising:

a meta-authorization parameter generating module to generate at least one meta-authorization parameter if an authentication request is approved; and

a transmitting module to send the at least one meta-authorization parameter to a requesting computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multi-domain meta-authorization device generates at least one meta-authorization parameter if an authentication request for a first computing device is approved. The multi-domain meta-authorization device transmits the at least one meta-authorization parameter to a first authentication, authorization, and administration (AAA) device located on a first network. A mutually acceptable parameter generating device, located in the first AAA device, creates a plurality of mutually acceptable authorization parameters based on the input of the at least one meta-authorization parameter and operating characteristics of the first network. The mutually acceptable parameter generating device transmits the plurality of mutually acceptable authorization parameters to an access device to allow the first computing device to access the communications network through the first network.

Citations

34 Claims

1. A meta-authorization parameter generating device, comprising:
- a meta-authorization parameter generating module to generate at least one meta-authorization parameter if an authentication request is approved; and
  
  a transmitting module to send the at least one meta-authorization parameter to a requesting computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The meta-authorization parameter generating device of claim 1, wherein the authentication request passes through an authentication, authorization, and administration (AAA) device in a first network.
  - 3. The meta-authorization parameter generating device of claim 2, wherein the authentication request is further transmitted through at least one intermediate AAA device on at least one intermediate network.
  - 4. The meta-authorization parameter generating device of claim 2, wherein the authentication request is further transmitted through at least one intermediate computing device on at least one intermediate network.
  - 5. The meta-authorization parameter generating device of claim 1, wherein the meta-authorization parameter generating module and the transmitting module are located within a same physical device.
  - 6. The meta-authorization parameter generating device of claim 5, wherein the physical device is an AAA device on a second network.
  - 7. The meta-authorization parameter generating device of claim 5, wherein the physical device is a second computing device on a second network.

8. A multi-domain meta-authorization system, comprising:
- a computing device to transmit an authentication request to enter a communications network;
  
  an access device on a first network to receive the authentication request and to transmit the authentication request;
  
  a first authentication, authorization, and administration (AAA) device on the first network to receive the authentication request from the access device and to relay the authentication request to a second network; and
  
  a second AAA device on the second network to receive the authentication request, to authenticate the computing device, to send an authentication approval, and to transmit a plurality of authorization parameters;
  
  a meta-authorization parameter generating device on the second network to generate at least one meta-authorization parameter if the computing device is authenticated, and to transmit the at least one meta-authorization parameter to the first AAA device on the first network wherein the first AAA device receives the plurality of authorization parameters and the at least one meta-authorization parameter; and
  
  a mutually acceptable parameter generating device to create a plurality of mutually acceptable authorization parameters based on the at least one meta-authorization parameter and first network operating requirements, and to transfer the plurality of mutually acceptable authorization parameters to the access device to allow the computing device to enter the communications network through the first network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The meta-authorization system of claim 8, wherein the communications network is an Internet.
  - 10. The meta-authorization system of claim 8, wherein at least one intermediate AAA device on at least one intermediate network receives the authentication request from the first AAA device on the first network and relays the authentication request to the second AAA device on the second network.
  - 11. The multi-domain meta-authorization system of claim 8, wherein at least one intermediate computing device on at least one intermediate network receives the authentication request from the first AAA device on the first network and relays the authentication request to the second AAA device on the second network.
  - 12. The multi-domain meta-authorization system of claim 11, wherein the at least one intermediate computing device only transfers the at least one meta-authorization parameter.
  - 13. The meta-authorization system of claim 8, wherein the first network is a roaming/visiting Internet Service Provider (ISP) for a user of the computing device, and the second network is a home ISP for the user of the computing device.
  - 14. The meta-authorization system of claim 8, wherein the first network is an application service provider (ASP) for an entity, and the second network is a network for the entity.

15. A method of providing meta-authorization parameters for a first network and a second network, comprising:
- creating, at a meta-authorization parameter generating device, at least one meta-authorization parameter if an authentication request is approved for a first computing device; and
  
  transmitting the at least one meta-authorization parameter to a first authentication, authorization, and administration (AAA) device to allow a mutually acceptable parameter generating device to create a plurality of mutually acceptable authorization parameters, which allow the first computing device to access a communications network through the first network.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 16. The method of claim 15, wherein creating the plurality of mutually acceptable authorization parameters includes at least one of adding, inserting, and deleting the plurality of authorization parameters.
  - 17. The method of claim 15, wherein access to the communications network is provided through an access device on a first network.
  - 18. The method of claim 17, wherein the first AAA device is located on the first network.
  - 19. The method of claim 18, wherein a second AAA device is located on a second network.
  - 20. The method of claim 19, wherein generating the at least one meta-authorization parameter, and transmitting the at least one meta-authorization parameter all occur in the second AAA device located on the second network.
  - 21. The method of claim 19, wherein generating the at least one meta-authorization parameter, and transmitting the at least one meta-authorization parameter all occur in a second computing device located on the second network.
  - 22. The method of claim 19, wherein the first network is a roaming/visiting Internet Service Provider (ISP), and the second network is the computing device'"'"'s home ISP.
  - 23. The method of claim 19, wherein at least one intermediate network is located between the first network and the second network, the at least one meta-authorization parameter is received from the second AAA device by at least one intermediate AAA device, and the at least one meta-authorization parameter is transmitted from the at least one intermediate AAA device to the first AAA device.
  - 24. The method of claim 23, wherein the first network is a data center network, the first AAA device is a data center AAA device, the second network is an entity network, the second AAA device is an entity AAA device, the at least one intermediate network is at least one Application Service Provider (ASP) network, and the at least one intermediate AAA device is at least one ASP AAA device.

25. A program code storage device, comprising:
- a machine-readable storage medium; and
  
  machine-readable program code, stored on a machine-readable storage medium, the machine-readable program code having instructions to generate at least one meta-authorization parameter if an authentication request is approved for a first computing device, and transmit the at least one meta-authorization parameter to a first authentication, authorization, and administration (AAA) device to allow a mutually acceptable parameter generating device to create a plurality of mutually acceptable authorization parameters, which allow the first computing device to access a communications network through a first network.
- View Dependent Claims (26, 27)
- - 26. The program code storage device of claim 25, wherein the instructions to generate the at least one meta-authorization parameter and the instructions to transmit the at least one meta-authorization parameter reside within a second AAA device on a second network.
  - 27. The program code storage device of claim 25, wherein the instructions to generate the at least one meta-authorization parameter and the instructions to transmit the at least one meta-authorization parameter reside within a second computing device on a second network.

28. A mutually acceptable parameter generating device, comprising:
- a mutually acceptable generating module to generate a plurality of mutually acceptable authorization parameters based on the at least one meta-authorization parameter received at a first authentication, authorization, and administration (AAA) device and operating characteristics of a first network; and
  
  a transmission module to transmit the plurality of mutually acceptable authorization parameters to an access device to allow a user of a computing device to gain access to the first network.
- View Dependent Claims (29)
- - 29. The mutually acceptable parameter generating device of claim 28, wherein the mutually acceptable generating module and the transmission module are located in a first authentication, authorization, and administration (AAA) device.

30. A method to create mutually acceptable authorization parameters, comprising:
- receiving, at a first authentication, authorization, and administration (AAA) device, at least one meta-authorization parameter;
  
  creating, at a mutually acceptable parameter generating module, a plurality of mutually acceptable authorization parameters based on the at least one meta-authorization parameter and first network operating characteristics; and
  
  transmitting the plurality of mutually acceptable authorization parameters to an access device to allow a computing device to gain access to a communications network through a first network.
- View Dependent Claims (31, 32)
- - 31. The method of claim 30, wherein the access device is a dial-up device.
  - 32. The method of claim 30, wherein the access device is a virtual private network (VPN) gateway.

33. A program code storage device, comprising:
- a machine-readable storage medium; and
  
  machine-readable program code, stored on a machine-readable storage medium, the machine-readable program code having instructions to receive at least one meta-authorization parameter;
  
  create, at a mutually acceptable parameter generating module, a plurality of mutually acceptable authorization parameters based on the at least one meta-authorization parameter and first network operating characteristics; and
  
  transmit the plurality of mutually acceptable authorization parameters to an access device to allow a computing device to gain access to a communications network through a first network.
- View Dependent Claims (34)
- - 34. The program code storage device of claim 33, wherein a first authentication, authorization, and administration (AAA) device receives the at least one meta-authorization parameter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Mak, Wai Kwan

Application Number

US10/161,331
Publication Number

US 20030226037A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 12/66   Arrangements for connecting...

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

Authorization negotiation in multi-domain environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization negotiation in multi-domain environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links