Host credentials authorization protocol

US 20060015724A1
Filed: 07/15/2004
Published: 01/19/2006
Est. Priority Date: 07/15/2004
Status: Active Grant

First Claim

Patent Images

1. A host credentials authorization protocol (HCAP) for exchanging information between an authentication, authorization and accounting (AAA) server and a posture validation server during a posture validation session comprising:

at least one version negotiation request message;

at least one version negotiation response message;

at least one posture validation request message; and

at least one posture validation response message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A protocol, method, apparatus and computer program product for providing and utilizing a host credential authorization protocol (HCAP) is presented. The protocol is utilized by an AAA server and a posture validation server. The AAA server and the posture validation server are utilized to determine whether a host is allowed access to a device.

50 Citations

View as Search Results

34 Claims

1. A host credentials authorization protocol (HCAP) for exchanging information between an authentication, authorization and accounting (AAA) server and a posture validation server during a posture validation session comprising:
- at least one version negotiation request message;
  
  at least one version negotiation response message;
  
  at least one posture validation request message; and
  
  at least one posture validation response message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The protocol of claim 1 wherein said version negotiation request message, said version negotiation response message, said validation request message, and said posture validation response message are in a format comprising a code field, a request ID field, a length field, a type field, a flags field, a version field and a data field.
  - 3. The protocol of claim 2 wherein said code field comprises an eight bit field indicating the message is one of a request message and a response message.
  - 4. The protocol of claim 2 wherein said request ID field comprises a sixteen bit field indicating an identification number for a request.
  - 5. The protocol of claim 2 wherein said length field comprises a sixteen bit field indicating a number of octets in the message.
  - 6. The protocol of claim 2 wherein said type field comprises an eight bit field indicating a message type.
  - 7. The protocol of claim 2 wherein said flag field comprises an eight bit field.
  - 8. The protocol of claim 2 wherein said version field comprises an eight bit field indicating the version of the HCAP.
  - 9. The protocol of claim 2 wherein the data field of at least one of said posture validation request message and said posture validation response message includes at least one Vendor AppType Frame-Type Length Value (VAF-TLV)
  - 10. The protocol of claim 9 wherein said data field of said posture validation response message further includes a Result-TLV.
  - 11. The protocol of claim 9 wherein said VAF-TLV includes at least one Attribute Value Pair (AVP).

12. A host credentials authorization protocol (HCAP) for exchanging information between an authentication, authorization and accounting (AAA) server and a posture validation server during a posture validation session comprising:
- at least one version negotiation request message;
  
  at least one version negotiation response message;
  
  at least one posture validation request message; and
  
  at least one posture validation response message, and wherein said version negotiation request message, said version negotiation response message, said validation request message, and said posture validation response message are in a format comprising a code field comprising an eight bit field indicating the message is one of a request message and a response message, a request ID field comprising a sixteen bit field indicating an identification number for a request, a length field comprising a sixteen bit field indicating a number of octets in the message, a type field comprising an eight bit field indicating a message type, a flags field comprising an eight bit field, a version field comprising an eight bit field indicating the version of said HCAP, and a data field comprising at least one Vendor AppType Frame-Type Length Value (VAF-TLV) including at least one Attribute Value Pair (AVP) and a Result-TLV.

13. A method for controlling access to a device, the method comprising:
- receiving a request for access to the device from a host;
  
  forwarding the request for access from said device to a first server;
  
  initiating a posture validation session between an authentication, authorization and accounting (AAA) server and a posture validation server, said posture validation session utilizing a host credentials authorization protocol (HCAP);
  
  determining whether to allow access by said host to said device by said first server based on a result from said posture validation session; and
  
  when access is allowed then allowing access by said host to said device and when access is not allowed then disabling access by said host to said device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13 wherein said HCAP includes at least one of a version negotiation request message, a version negotiation response message, a posture validation request message, and a posture validation response message.
  - 15. The method of claim 14 wherein said version negotiation request message, said version negotiation response message, said posture validation request message, and said posture validation response message are in a format comprising a code field, a request ID field, a length field, a type field, a flags field, a version field and a data field.
  - 16. The method of claim 15 wherein said code field comprises an eight bit field indicating the message is one of a request message and a response message.
  - 17. The method of claim 15 wherein said request ID field comprises a sixteen bit field indicating an identification number for a request.
  - 18. The method of claim 15 wherein said length field comprises a sixteen bit field indicating a number of octets in the message.
  - 19. The method of claim 15 wherein said type field comprises an eight bit field indicating a message type.
  - 20. The method of claim 15 wherein said flag field comprises an eight bit field.
  - 21. The method of claim 15 wherein said version field comprises an eight bit field indicating the version of the HCAP.
  - 22. The method of claim 15 wherein the data field of at least one of said posture validation request message and said posture validation response message includes at least one Vendor AppType Frame-Type Length Value (VAF-TLV)
  - 23. The method of claim 22 wherein said data field of said posture validation response message further includes a Result-TLV.
  - 24. The method of claim 22 wherein said VAF-TLV includes at least one Attribute Value Pair (AVP).

25. A method for controlling access to a device, the method comprising:
- receiving a request for access to the device from a host;
  
  forwarding the request for access from said device to an AAA server;
  
  initiating a posture validation session between said AAA server and a posture validation server, said posture validation session utilizing a host credentials authorization protocol (HCAP), said HCAP including at least one of a version negotiation request message, a version negotiation response message, a posture validation request message, and a posture validation response message, wherein said version negotiation request message, said version negotiation response message, said posture validation request message, and said posture validation response message are in a format comprising a code field comprising an eight bit field indicating the message is one of a request message and a response message, a request ID field comprising a sixteen bit field indicating an identification number for a request, a length field comprising a sixteen bit field indicating a number of octets in the message, a type field comprising comprises an eight bit field indicating a message type, a flags field comprising an eight bit field, a version field comprising an eight bit field indicating the version of the HCAP and a data field comprising at least one Vendor AppType Frame-Type Length Value (VAF-TLV) including at least one Attribute Value Pair (AVP) and a Result-TLV;
  
  determining whether to allow access by said host to said device by said AAA server based on a result from said posture validation session; and
  
  when access is allowed then allowing access by said host to said device and when access is not allowed then disabling access by said host to said device.

26. A system comprising:
- a host;
  
  a device in communication with said host;
  
  an authentication, authorization and accounting (AAA) server in communication with said device; and
  
  a posture validation server (PVS) in communication with said AAA server, said PVS communicating with said AAA server using a host credentials authorization protocol (HCAP) and wherein said AAA server and said PVS determine whether said host is allowed access to said device.
- View Dependent Claims (27, 28)
- - 27. The system of claim 26 wherein said HCAP includes at least one of a posture validation request message, a posture validation response message, a version negotiation request message and a version negotiation response message.
  - 28. The system of claim 27 wherein said posture validation request message, said posture validation response message, said version negotiation request message and said version negotiation response message are in a format comprising a code field, a request ID field, a length field, a type field, a flags field, a version field and a data field.

29. A system comprising:
- a host;
  
  a device in communication with said host;
  
  a first server in communication with said device; and
  
  a second server in communication with said first server, said second server communicating with said first server using a host credentials authorization protocol (HCAP) wherein said first server and second server determine whether said host is allowed access to said device and wherein said HCAP includes at least one of a version negotiation request message, a version negotiation response message, a posture validation request message, and a posture validation response message, wherein said version negotiation request message, said version negotiation response message, said posture validation request message, and said posture validation response message are in a format comprising a code field comprising an eight bit field indicating the message is one of a request message and a response message, a request ID field comprising a sixteen bit field indicating an identification number for a request, a length field comprising a sixteen bit field indicating a number of octets in the message, a type field comprising comprises an eight bit field indicating a message type, a flags field comprising an eight bit field, a version field comprising an eight bit field indicating the version of the HCAP and a data field comprising at least one Vendor AppType Frame-Type Length Value (VAF-TLV) including at least one Attribute Value Pair (AVP) and a Result-TLV.

30. A computer program medium having computer readable code thereon for providing a host credentials authorization protocol, the medium comprising:
- instructions for receiving a request for access to the device from a host;
  
  instructions for forwarding the request for access from said device to an authentication, authorization and accounting (AAA) server;
  
  instructions for initiating a posture validation session between said AAA server and a posture validation server (PVS), said posture validation session utilizing a host credentials authorization protocol (HCAP);
  
  instructions for determining whether to allow access by said host to said device by said AAA server based on a result from said posture validation session; and
  
  instructions for allowing access by said host to said device when access is allowed and instructions for disabling access by said host to said device when access is not allowed.
- View Dependent Claims (31, 32)
- - 31. The computer program medium of claim 30 wherein said HCAP includes at least one of a posture validation request message, a posture validation response message, a version negotiation request message and a version negotiation response message.
  - 32. The computer program medium of claim 31 wherein said posture validation request message, said posture validation response message, said version negotiation request message and said version negotiation response message are in a format comprising a code field, a request ID field, a length field, a type field, a flags field, a version field and a data field.

33. A computer program medium having computer readable code thereon for providing a host credentials authorization protocol, the medium comprising:
- instructions for receiving a request for access to the device from a host;
  
  instructions for forwarding the request for access from said device to a first server;
  
  instructions for initiating a posture validation session between said first server and a second server, said posture validation session utilizing a host credentials authorization protocol (HCAP), wherein said HCAP includes at least one of a version negotiation request message, a version negotiation response message, a posture validation request message, and a posture validation response message, wherein said version negotiation request message, said version negotiation response message, said posture validation request message, and said posture validation response message are in a format comprising a code field comprising an eight bit field indicating the message is one of a request message and a response message, a request ID field comprising a sixteen bit field indicating an identification number for a request, a length field comprising a sixteen bit field indicating a number of octets in the message, a type field comprising comprises an eight bit field indicating a message type, a flags field comprising an eight bit field, a version field comprising an eight bit field indicating the version of the HCAP and a data field comprising at least one Vendor AppType Frame-Type Length Value (VAF-TLV) including at least one Attribute Value Pair (AVP) and a Result-TLV;
  
  instructions for determining whether to allow access by said host to said device by said first server based on a result from said posture validation session; and
  
  instructions for allowing access by said host to said device when access is allowed and instructions for disabling access by said host to said device when access is not allowed.

34. A system comprising:
- means for receiving a request for access to a device from a host;
  
  means for forwarding the request for access from said device to an authentication, authorization and accounting (AAA) server;
  
  means for initiating a posture validation session between said AAA server and a posture validation server, said posture validation session utilizing a host credentials authorization protocol (HCAP);
  
  means for determining whether to allow access by said host to said device by said AAA server based on a result from said posture validation session; and
  
  when access is allowed then means for allowing access by said host to said device and when access is not allowed then means for disabling access by said host to said device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Naftali, Amir, Fux, Eitan, Thomson, Susan, Howard, Thomas Gary, Bronshtein, Ilan

Granted Patent

US 7,512,970 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/162   at the data link layer

H04L 67/02   based on web technology, e....

Host credentials authorization protocol

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Host credentials authorization protocol

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links