PROPRIETARY PROTOCOL TUNNELING OVER EAP

US 20090193247A1
Filed: 01/29/2008
Published: 07/30/2009
Est. Priority Date: 01/29/2008
Status: Abandoned Application

First Claim

Patent Images

1. In a computing system environment, a tunneling method comprising:

providing a first authentication framework between a supplicant and an authenticating server; and

tunneling a second authentication framework over the first authentication framework, the second authentication framework having a plurality of strong authentication protocols that can be, used in a tunnel for authenticating the supplicant with the authenticating server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus provide tunneling one authentication framework over a more widely accepted framework (e.g., EAP). In this manner, pluralities of strong authentication protocols are wirelessly enabled between a supplicant and server that are not otherwise wirelessly enabled. During use, packets are wirelessly transmitted and received between the supplicant and server according to EAP'"'"'s prescribed message format, including a wireless access point. In a tunnel, various authentication protocols form the payload component of the message format which yields execution capability of more than one protocol, instead of the typical single protocol authentication. Certain tunneled frameworks include NMAS, LDAP/SASL, Open LDAP/SLAPD, or IPSEC. Computer program products, computing systems and various interaction between the supplicant and server are also disclosed.

Citations

24 Claims

1. In a computing system environment, a tunneling method comprising:
- providing a first authentication framework between a supplicant and an authenticating server; and
  
  tunneling a second authentication framework over the first authentication framework, the second authentication framework having a plurality of strong authentication protocols that can be, used in a tunnel for authenticating the supplicant with the authenticating server.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the providing the first authentication framework further includes providing a lower layer for transmitting and receiving packets between the supplicant and the authenticating server.
  - 3. The method of claim 2, wherein the providing the lower layer further includes providing a PPP, IEEE-802.1x, IEEE-802.11, UDP, IKEv2 or TCP.
  - 4. The method of claim 1, wherein the providing the first authentication framework further includes providing an EAP.
  - 5. The method of claim 4, wherein the tunneling the second authentication framework over the first authentication framework further includes tunneling an NMAS computer program product over the EAP.
  - 6. The method of claim 1, wherein the tunneling the second authentication framework over the first authentication framework further includes tunneling LDAP/SASL, Open LDAP/SLAPD or IPSEC over the first authentication framework.

7. In a computing system environment, a tunneling method comprising:
- providing a first authentication framework for use in negotiating a desired authentication method between a supplicant and an authenticating server, the first authentication framework having a predefined message format; and
  
  tunneling a second authentication framework over the first authentication framework, the second authentication framework included in the predefined message format and having a plurality of strong authentication protocols that can be used in a tunnel for authenticating the supplicant with the authenticating server.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7, wherein the providing the first authentication framework further includes providing a lower layer for transmitting and receiving packets of the predefined message format between the supplicant and the authenticating server.
  - 9. The method of claim 8, wherein the transmitting and receiving packets of the predefined message format occurs wirelessly for at least a portion thereof.

10. In a computing system environment including a supplicant, an authenticating server, and an access point communicating with the authenticating server and in wireless communication with the supplicant, a tunneling method comprising:
- providing a first authentication framework for use in negotiating a desired authentication method between the supplicant and the authenticating server, the first authentication framework having a predefined message format that is transmitted and received between the supplicant and the authenticating server by way of the access point intervening the supplicant and the authenticating server, the first authentication framework being an EAP; and
  
  tunneling a second authentication framework over the EAP, the second authentication framework included in the predefined message format and being a multiple factor authentication framework with a plurality of strong authentication protocols that can be used in a tunnel for authenticating the supplicant with the authenticating server thereby wirelessly enabling the plurality of strong authentication protocols that are not otherwise wirelessly enabled.

11. In a computing system environment having a first authentication framework between a wirelessly arranged supplicant and an authenticating server, a tunneling method comprising:
- tunneling a second authentication framework over the first authentication framework, the second authentication framework having a plurality of strong authentication protocols; and
  
  authenticating a user of the supplicant with the authenticating server by at least one of the plurality of strong authentication protocols of the second authentication framework thereby wirelessly enabling the plurality of strong authentication protocols that are not otherwise wirelessly enabled.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, wherein the tunneling the second authentication framework over the first authentication framework further includes tunneling the second authentication framework over an EAP.
  - 13. The method of claim 11, wherein the tunneling the second authentication framework over the first authentication framework further includes tunneling NMAS, LDAP/SASL, Open LDAP/SLAPD or IPSEC over the first authentication framework.
  - 14. The method of claim 11, wherein the first authentication framework has a predefined message format that is transmitted and received as packets between the supplicant and the authenticating server by way of an access point intervening the supplicant and the authenticating server, the second authentication framework included in the predefined message format.

15. In a computing system environment having an EAP between a wirelessly arranged supplicant and an authenticating server, a tunneling method comprising tunneling a second authentication framework over the EAP, the second authentication framework having a plurality of strong authentication protocols that are used for authenticating the supplicant with the authenticating server.

16. A computer program product available as a download or on a computer readable medium for loading on a computing device of a plurality of computing devices, the computer program product having executable instructions to provide tunneling, comprising:
- a first component for installation on an authenticating server of the pluralities of computing devices, the first component to tunnel an authentication framework over an EAP to a client workstation of the pluralities of computing devices during a wireless connection between the client workstation and the authenticating server; and
  
  a second component for authenticating the user according to a selected one of a plurality of authentication protocols thereby wirelessly enabling the authentication protocols that are not otherwise wirelessly enabled.

17. A computer program product available as a download or on a computer readable medium for loading on a computing device of a plurality of computing devices, the computer program product having executable instructions, comprising:
- a first component for installation on a client workstation of the pluralities of computing devices, the first component to communicate with an authenticating server of the pluralities of computing devices via an authentication framework over a tunnel in an EAP during a wireless connection between the client workstation and the authenticating server; and
  
  a second component for causing the authentication of the user according to a selected one of a plurality of authentication protocols of the authentication framework.

18. A computing system environment having pluralities of computing devices arranged to provide wireless communication, comprising:
- a client workstation arranged as part of the pluralities of computing devices;
  
  an authenticating server arranged as part of the pluralities of computing devices, the authenticating server having a first authentication framework with a plurality of strong authentication protocols that are used for authenticating a user of the client workstation with the authenticating server; and
  
  a tunnel in a second authentication framework between the client workstation and the authenticating server, the second authentication framework being EAP and the tunnel including the first authentication framework for wirelessly enabling the strong authentication protocols that are not otherwise wirelessly enabled.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The computing system environment of claim 18, further including an access point connected directly to the authenticating server and wirelessly connected to the client workstation.
  - 20. The computing system environment of claim 18, further including a lower layer for the EAP to transmit and receive packets between the client workstation and the authenticating server.
  - 21. The computing system environment of claim 20, wherein the lower layer includes a PPP, IEEE-802.1x, IEEE-802.11, UDP, IKEv2 or TCP.
  - 22. The computing system environment of claim 18, wherein the authenticating server is a radius server.
  - 23. The computing system environment of claim 18, further including an EAP server communicating with the authenticating server.
  - 24. The computing system environment of claim 18, wherein the authenticating server further includes an NMAS computer program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EMC Corporation (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Kiester, W. Scott, Ford, Karl E., Mashayekhi, Cameron

Application Number

US12/021,381
Publication Number

US 20090193247A1
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/162 at the data link layer

PROPRIETARY PROTOCOL TUNNELING OVER EAP

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

PROPRIETARY PROTOCOL TUNNELING OVER EAP

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links