Method and system for managing access authorization for a user in a local administrative domain when the user connects to an ip network
1 Assignment
0 Petitions
Accused Products
Abstract
In order to control the authorisation of a user during an attempt to access an IP transport network (5) by means of an access network (1, 2), a user terminal (11, 12, 13) emits an access request to an access supplier (6, 7, 8), containing data for authenticating the user to the access supplier, and said request is then transmitted to an access server (9) of the access network (1, 2) in view of being addressed to a remote authentication server (15) of the access supplier. On reception of the access request, the access server (9) emits a RADIUS request to a proxy server (10) of the access network (1, 2) which determines whether the user must be locally authenticated, and if this is the case, the proxy server transmits, to the access server (9), a request for authentication data to be addressed to the terminal of the user, and carries out a local procedure to authenticate the user, on the basis of the authentication data supplied by the user.
-
Citations
23 Claims
-
1-12. -12. (canceled)
-
13. A method for managing the authorization of access of a user terminal connected to an access network to an IP transport network, wherein a proxy server connected to the IP transport network implements the steps of:
-
transmitting a RADIUS access request in accordance with the RADIUS protocol, to a remote authentication server of an IP service or access provider indicated in the access request, said access request having been transmitted, upon the request of said terminal, by an access server of the access network;
transmission to the access server of the user'"'"'s authentication response provided by the remote authentication server, said proxy server also implementing steps for;
determining, for a RADIUS access request received from an access server upon the request of said terminal, whether local authentication of said user must be performed at the level of the access network, if a local authentication of said user must be performed, transmitting, by means of said access server, to said terminal, a message requesting authentication data, upon receipt of a response message from said terminal containing the authentication data requested, executing a local user authentication procedure, on the basis of said authentication data received. - View Dependent Claims (14, 15, 16, 23)
-
-
17. A system for managing authorization of a user during an attempt by a user terminal to access an IP service or access provider by means of an IP transport network, which system includes:
-
at least one access network to which the user terminal is connected, at least one IP gateway ensuring the connection, respectively, between the access network and the IP transport network, at least one access server of the access network, designed to transmit, upon the request of the terminal, a RADIUS access request in accordance with the RADIUS protocol, at least one remote authentication server associated with said IP service or access provider designed to authenticate said user on the basis of authentication data contained in an access request received by the remote authentication server, and a proxy server connected to the IP transport network, designed to retransmit a RADIUS access request, transmitted by the access server upon the request of a terminal, to a remote authentication server of an IP service or access provider indicated in the access request, and to retransmit, to the access server, the user'"'"'s authentication response provided by the remote authentication servers the proxy server includes;
means for determining, for a RADIUS access request received from an access server upon a user'"'"'s request, whether or not a local authentication of the user must be performed at the access network level, means, activated if a local authentication of said user must be performed, for transmitting by way of said access server, to said terminal, a message requesting authentication data, means, activated upon receipt of a response message from said terminal containing the authentication data requested, for executing a local user authentication procedure, on the basis of said authentication information received. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A proxy server for managing authorization of access of a user terminal connected to an access network, to an IP transport network, wherein the proxy server is connected to an IP transport network and includes:
-
means for transmitting a RADIUS access request in accordance with the RADIUS protocol, to a remote authentication server of an IP service or access provider indicated in the access request, said access request having been transmitted, upon the request of said terminal, by an access server of the access network;
means for transmitting, to the access server, the user'"'"'s authentication response provided by the remote authentication server said proxy server also includes;
means for determining, for a RADIUS access request received from an access server upon the request of said terminal, whether a local authentication of said user must be performed at the access network level, means, activated if a local authentication of said user must be performed, for transmitting, by way of said access server, to said terminal, a message requesting authentication data, means, activated upon receipt of a response message from said terminal containing the authentication data requested, for executing a local user authentication procedure, on the basis of said authentication information received.
-
Specification