Self-Initiated End-to-End Monitoring of an Authentication Gateway

US 20080209537A1
Filed: 02/28/2007
Published: 08/28/2008
Est. Priority Date: 02/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

creating, at an authentication gateway, temporary logon information for access to a network;

securely transmitting a test initiation message including the temporary logon information to a test agent, wherein the test agent is operative to attempt network access using the temporary logon information;

receiving a verification report from the test agent, wherein the verification report includes one ore more logged events of an attempted network access using the temporary logon information; and

taking one or more actions based on the verification report.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example embodiment of the present invention provides processes relating to self-initiated end-to-end monitoring for an authentication gateway. In one particular implementation, the authentication gateway periodically creates and stores a temporary logon for access to a network and then sends a message including the temporary logon over a secure connection to a client. When the client receives the temporary logon, the client responds to the message by attempting to access a configurable network site. The authentication gateway redirects the client to a captive portal which prompts the client for a logon and the client enters the temporary logon at the captive portal. Then upon validating the temporary logon against the stored temporary logon, the authentication gateway authorizes access to the network. If the client successfully accesses the site, the client sends a verification report to the authentication gateway indicating successful access. Otherwise, the client reports on the failed access.

Citations

20 Claims

1. A method, comprising:
- creating, at an authentication gateway, temporary logon information for access to a network;
  
  securely transmitting a test initiation message including the temporary logon information to a test agent, wherein the test agent is operative to attempt network access using the temporary logon information;
  
  receiving a verification report from the test agent, wherein the verification report includes one ore more logged events of an attempted network access using the temporary logon information; and
  
  taking one or more actions based on the verification report.
- View Dependent Claims (2, 3, 4)
- - 2. A method as in claim 1, wherein the attempted network access seeks access to a configurable site on the network.
  - 3. A method as in claim 1, wherein the verification report additionally concerns verification of a configurable sequence of web pages transmitted to the client by the authentication gateway.
  - 4. A method as in claim 1, wherein the secure transmission utilizes encryption with a shared key.

5. An apparatus, comprising logic encoded in one or more computer-readable media and when executed operable to:
- create, at an authentication gateway, temporary logon information for access to a network;
  
  securely transmit a test initiation message including the temporary logon information to a test agent, wherein the test agent is operative to attempt network access using the temporary logon information;
  
  receive a verification report from the test agent, wherein the verification report includes one or more logged events of an attempted network access using the temporary logon information; and
  
  take one or more actions based on the verification report.
- View Dependent Claims (6, 7, 8)
- - 6. An apparatus as in claim 5, wherein the attempted network access seeks access to a configurable site on the network.
  - 7. An apparatus as in claim 5, wherein the verification report additionally concerns verification of a configurable sequence of web pages transmitted to the client by the authentication gateway.
  - 8. An apparatus as in claim 5, wherein the secure transmission utilizes encryption with a shared key.

9. An apparatus comprising:
- means for creating, at an authentication gateway, temporary logon information for access to a network;
  
  means for securely transmitting a test initiation message including the temporary logon information to a test agent, wherein the test agent is operative to attempt network access using the temporary logon information;
  
  means for receiving a verification report from the test agent, wherein the verification report includes one or more logged events of an attempted network access using the temporary logon information; and
  
  means for taking one or more actions based on the verification report.
- View Dependent Claims (10, 11)
- - 10. An apparatus as in claim 9, wherein the attempted network access seeks access to a configurable site on the network.
  - 11. An apparatus as in claim 9, wherein the verification report additionally concerns verification of a configurable sequence of web pages transmitted to the client by the authentication gateway.

12. A method, comprising:
- receiving, from a web authentication gateway, a test initiation message with temporary logon information for access to a network;
  
  attempting network access using the temporary logon information;
  
  logging one or more events detected during the attempted network access; and
  
  sending a verification report with one or more of the logged events to the web authentication gateway.
- View Dependent Claims (13, 14)
- - 13. A method as in claim 12, wherein the attempted network access seeks access to a configured site on the network.
  - 14. A method as in claim 12, wherein the verification report additionally concerns verification of a configurable sequence of web pages transmitted to the client by the authentication gateway.

15. An apparatus, comprising logic encoded in one or more computer-readable media and when executed operable to:
- receive, from a web authentication gateway, a test initiation message with temporary logon information for access to a network;
  
  attempt network access using the temporary logon information;
  
  log one or more events detected during the attempted network access; and
  
  send a verification report with one or more of the logged events to the web authentication gateway.
- View Dependent Claims (16, 17)
- - 16. An apparatus as in claim 15, wherein the attempted network access seeks access to a configurable site on the network.
  - 17. An apparatus as in claim 15, wherein the verification report additionally concerns verification of a configurable sequence of web pages transmitted to the client by the authentication gateway.

18. An apparatus comprising:
- means for receiving, from a web authentication gateway, a test initiation message with temporary logon information for access to a network;
  
  means for attempting network access using the temporary logon information;
  
  means for logging one or more events detected during the attempted network access; and
  
  means for sending a verification report with one or more of the logged events to the web authentication gateway.
- View Dependent Claims (19, 20)
- - 19. An apparatus as in claim 18, wherein the attempted network access seeks access to a configured site on the network.
  - 20. An apparatus as in claim 18, wherein the verification report additionally concerns verification of a configurable sequence of web pages transmitted to the client by the authentication gateway.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Systems, Inc.
Inventors
Mehta, Sunil Bhupatrai, Wong, Pok

Granted Patent

US 8,327,432 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/12
CPC Class Codes

H04L 43/50 Testing arrangements

H04L 63/1433 Vulnerability analysis

Self-Initiated End-to-End Monitoring of an Authentication Gateway

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Self-Initiated End-to-End Monitoring of an Authentication Gateway

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links