Fail-safe network authentication
First Claim
1. A fail-safe method of authenticating a client to a network, comprising the steps of:
- receiving, at an 802.1x authenticator, a request for authentication from an 802.1x supplicant contained in a client;
entering a fail-safe mode, wherein alternative authentication information stored at said 802.1x authenticator is used to authenticate said client, when primary authentication information stored on an 802.1x authentication server is unavailable; and
re-authenticating said client using said primary authentication information once said primary authentication information stored on said 802.1x authentication server is available, thereby exiting said fail-safe mode.
1 Assignment
0 Petitions
Accused Products
Abstract
An authenticator is configured with intelligence for the purpose of providing a “failsafe” mode for port-based authentication (802.1x). This failsafe mode enables end users to access a network when communication between the authenticator and the authentication server has temporarily failed, but keeps security measures in place so that unauthorized users cannot gain network access. An 802.1x access control point (e.g., a switch) is enabled to continue to authenticate certain users onto the network during periods of temporary communication failure with the authentication server, by locally storing alternative authentication information limited to historical authentication information of clients that have previously accessed the network via the authentication server. Subsequent revalidation of specific users using the primary authentication information follows restoration of communication with the authentication server.
21 Citations
9 Claims
-
1. A fail-safe method of authenticating a client to a network, comprising the steps of:
-
receiving, at an 802.1x authenticator, a request for authentication from an 802.1x supplicant contained in a client;
entering a fail-safe mode, wherein alternative authentication information stored at said 802.1x authenticator is used to authenticate said client, when primary authentication information stored on an 802.1x authentication server is unavailable; and
re-authenticating said client using said primary authentication information once said primary authentication information stored on said 802.1x authentication server is available, thereby exiting said fail-safe mode. - View Dependent Claims (2, 3)
-
-
4. A fail-safe system for authenticating a client to a network, comprising:
-
an 802.1x authenticator coupleable to said client, said client containing an 802.1x supplicant;
an 802.1x authentication server, coupleable to said 802.1x authenticator, storing primary authentication information; and
a database local to said 802.1x authenticator, storing alternative authentication information, wherein;
said alternative authentication information is used to authenticate said client when said primary authentication information is unavailable. - View Dependent Claims (5, 6)
-
-
7. A fail-safe computer program product for authenticating a client to a network, the computer program product comprising a computer-readable storage medium having computer readable program code embodied in the medium, the computer-readable program code comprising:
-
computer-readable program code that receives, at an 802.1x authenticator, a request for authentication from an 802.1x supplicant contained in a client;
computer-readable program code that configures said 802.1x authenticator to enter a fail-safe mode, wherein alternative authentication information stored at said 802.1x authenticator is used to authenticate said client when primary authentication information stored on an 802.1x authentication server is unavailable; and
computer-readable program code that re-authenticates said client using said primary authentication information once said primary authentication information stored on said 802.1x authentication server is available, thereby exiting said fail-safe mode. - View Dependent Claims (8, 9)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsKim, Nathaniel, Lingafelt, Charles, Bardsley, Jeffrey, Roginsky, Allen
-
Application NumberUS11/324,868Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current726/15CPC Class CodesH04L 63/08 for authentication of entit...H04W 12/06 Authentication
