Method and system for managing access authorization for a user in a local administrative domain when the user connects to an ip network

US 20070186273A1
Filed: 02/01/2005
Published: 08/09/2007
Est. Priority Date: 02/09/2004
Status: Active Grant

First Claim

Patent Images

1-12. -12. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In order to control the authorisation of a user during an attempt to access an IP transport network (5) by means of an access network (1, 2), a user terminal (11, 12, 13) emits an access request to an access supplier (6, 7, 8), containing data for authenticating the user to the access supplier, and said request is then transmitted to an access server (9) of the access network (1, 2) in view of being addressed to a remote authentication server (15) of the access supplier. On reception of the access request, the access server (9) emits a RADIUS request to a proxy server (10) of the access network (1, 2) which determines whether the user must be locally authenticated, and if this is the case, the proxy server transmits, to the access server (9), a request for authentication data to be addressed to the terminal of the user, and carries out a local procedure to authenticate the user, on the basis of the authentication data supplied by the user.

Citations

23 Claims

1-12. -12. (canceled)

13. A method for managing the authorization of access of a user terminal connected to an access network to an IP transport network, wherein a proxy server connected to the IP transport network implements the steps of:
- transmitting a RADIUS access request in accordance with the RADIUS protocol, to a remote authentication server of an IP service or access provider indicated in the access request, said access request having been transmitted, upon the request of said terminal, by an access server of the access network;
  
  transmission to the access server of the user'"'"'s authentication response provided by the remote authentication server, said proxy server also implementing steps for;
  
  determining, for a RADIUS access request received from an access server upon the request of said terminal, whether local authentication of said user must be performed at the level of the access network, if a local authentication of said user must be performed, transmitting, by means of said access server, to said terminal, a message requesting authentication data, upon receipt of a response message from said terminal containing the authentication data requested, executing a local user authentication procedure, on the basis of said authentication data received.
- View Dependent Claims (14, 15, 16, 23)
- - 14. The method according to claim 13, wherein the authentication data request transmitted by the proxy server to the user terminal if a local user authentication must be performed, is a challenge message containing a random number.
  - 15. Method according to claim 14, wherein the challenge message contains an indication enabling the user terminal to determine whether it concerns a local user authentication.
  - 16. The method according to claim 13, wherein the proxy server determines which access rights to assign to the user on the basis of the result of the local user authentication and the authentication response provided by the remote authentication server.
  - 23. A computer program including program code instructions for implementing the steps of the method for managing authorization of access of a user terminal according to claim 13 when said program is run on a computer.

17. A system for managing authorization of a user during an attempt by a user terminal to access an IP service or access provider by means of an IP transport network, which system includes:
- at least one access network to which the user terminal is connected, at least one IP gateway ensuring the connection, respectively, between the access network and the IP transport network, at least one access server of the access network, designed to transmit, upon the request of the terminal, a RADIUS access request in accordance with the RADIUS protocol, at least one remote authentication server associated with said IP service or access provider designed to authenticate said user on the basis of authentication data contained in an access request received by the remote authentication server, and a proxy server connected to the IP transport network, designed to retransmit a RADIUS access request, transmitted by the access server upon the request of a terminal, to a remote authentication server of an IP service or access provider indicated in the access request, and to retransmit, to the access server, the user'"'"'s authentication response provided by the remote authentication servers the proxy server includes;
  
  means for determining, for a RADIUS access request received from an access server upon a user'"'"'s request, whether or not a local authentication of the user must be performed at the access network level, means, activated if a local authentication of said user must be performed, for transmitting by way of said access server, to said terminal, a message requesting authentication data, means, activated upon receipt of a response message from said terminal containing the authentication data requested, for executing a local user authentication procedure, on the basis of said authentication information received.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The system according to claim 17, the proxy server also includes means for determining an overall authentication result on the basis of the local user authentication result and the user'"'"'s authentication response provided by the authentication server, and for retransmitting the overall authentication result to the access server.
  - 19. The system according to claim 17, wherein each access server includes a RADIUS client and the proxy server includes a client and a RADIUS server, for exchanging messages in accordance with the RADIUS protocol.
  - 20. The system according to claim 17, wherein the authentication data request message transmitted by the proxy server to locally authenticate the user is a challenge message, wherein the proxy server comprises means for generating a random number that is inserted into the challenge message, and means for verifying the response to the challenge message received from the user terminal.
  - 21. The system according to claim 18, wherein the proxy server includes means for determining which access rights to assign to the user on the basis of the overall authentication result.

22. A proxy server for managing authorization of access of a user terminal connected to an access network, to an IP transport network, wherein the proxy server is connected to an IP transport network and includes:
- means for transmitting a RADIUS access request in accordance with the RADIUS protocol, to a remote authentication server of an IP service or access provider indicated in the access request, said access request having been transmitted, upon the request of said terminal, by an access server of the access network;
  
  means for transmitting, to the access server, the user'"'"'s authentication response provided by the remote authentication server said proxy server also includes;
  
  means for determining, for a RADIUS access request received from an access server upon the request of said terminal, whether a local authentication of said user must be performed at the access network level, means, activated if a local authentication of said user must be performed, for transmitting, by way of said access server, to said terminal, a message requesting authentication data, means, activated upon receipt of a response message from said terminal containing the authentication data requested, for executing a local user authentication procedure, on the basis of said authentication information received.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orange S.A.
Original Assignee
Orange S.A.
Inventors
Morand, Lionel, Carpy, Celine

Granted Patent

US 7,665,129 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04W 12/06   Authentication

H04W 80/00   Wireless network protocols ...

H04W 84/12   WLAN [Wireless Local Area N...

Method and system for managing access authorization for a user in a local administrative domain when the user connects to an ip network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for managing access authorization for a user in a local administrative domain when the user connects to an ip network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links