System and Method for Redundancy in a Communication Network

US 20100325719A1
Filed: 06/10/2010
Published: 12/23/2010
Est. Priority Date: 06/19/2009
Status: Abandoned Application

First Claim

Patent Images

1. A network fail-over system comprising:

first and second secure proxy servers;

first and second authentication servers, each communicatively coupled to the first and second proxy servers;

a first service monitor configured to monitor an operating status of the first authentication server; and

a second service monitor configured to monitor an operating status of the second authentication server, the second service monitor configured to set an operating status of the second authentication server and to accept communication traffic from the first proxy server based on the operating status of the first authentication server;

wherein the first service monitor is configured to set an operating status of the first authentication server and to accept communication traffic from the second proxy server based on the operating status of the second authentication server; and

wherein each of the first and second authentication servers is configured to determine an access privilege of a client device to a virtual private network by authenticating a client identifier received from the client device, the client identifier derived from a combination of at least one user-configurable parameter and at least one non-user-configurable parameter resident in the client device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network fail-over system provides redundant first and second secure proxy servers, first and second authentication servers each communicatively coupled to the proxy servers, first and second service monitors configured to monitor, respectively, operating status of the first and second authentication servers, the second service monitor configured to set an operating status of the second authentication server and to accept communication traffic from the first proxy server based on the operating status of the first authentication server, wherein the first service monitor is configured to set an operating status of the first authentication server and to accept communication traffic from the second proxy server based on the operating status of the second authentication server, and wherein the authentication servers are each configured to determine an access privilege of a client device by authenticating a client identifier received from the client device, the client identifier derived from a user-configurable parameter and a non-user-configurable parameter resident in the client device.

89 Citations

View as Search Results

20 Claims

1. A network fail-over system comprising:
- first and second secure proxy servers;
  
  first and second authentication servers, each communicatively coupled to the first and second proxy servers;
  
  a first service monitor configured to monitor an operating status of the first authentication server; and
  
  a second service monitor configured to monitor an operating status of the second authentication server, the second service monitor configured to set an operating status of the second authentication server and to accept communication traffic from the first proxy server based on the operating status of the first authentication server;
  
  wherein the first service monitor is configured to set an operating status of the first authentication server and to accept communication traffic from the second proxy server based on the operating status of the second authentication server; and
  
  wherein each of the first and second authentication servers is configured to determine an access privilege of a client device to a virtual private network by authenticating a client identifier received from the client device, the client identifier derived from a combination of at least one user-configurable parameter and at least one non-user-configurable parameter resident in the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The network fail-over system of claim 1, wherein the first proxy server is configured to transmit a simple network management protocol (SNMP) trap signal indicating a non-operating status of the first authentication server to a controller directly coupled to the second proxy server when the operating status of the first authentication server is non-active.
  - 3. The network fail-over system of claim 1, wherein the first proxy server, the first authentication server, and the first service monitor have independent power sources from the second proxy server, the second authentication server, and the second service monitor.
  - 4. The network fail-over system of claim 1, further comprising:
    - a first virtual private network (VPN) server being communicatively coupled to the first proxy server and the first authentication server; and
      
      a second virtual private network server being communicatively coupled to the second proxy server and the second authentication server.
  - 5. The network fail-over system of claim 1, wherein the at least one non-user-configurable parameter is based on a carbon degradation characteristic of a computer chip of the device.
  - 6. The network fail-over system of claim 1, wherein the at least one non-user-configurable parameter is based on a silicone degradation characteristic of a computer chip of the device.
  - 7. The network fail-over system of claim 1, wherein the at least one user-configurable parameter comprises one of hard disk volume name, user name, device name, user password, and hard disk initialization date for the device.
  - 8. The network fail-over system of claim 1, wherein the device identifier is generated by utilizing at least one irreversible transformation of the at least one user-configurable parameter and the at least one non-user-configurable parameter of the device.
  - 9. The network fail-over system of claim 1, wherein the device identifier is generated by utilizing a cryptographic hash function on the at least one user-configurable parameter and the at least one non-user-configurable parameter of the device.

10. A method for providing redundancy, comprising:
- setting a first authentication server to active mode and a second authentication server to standby mode, wherein the first and second authentication servers are configured to use separate power sources;
  
  establishing a virtual private network (VPN) connection between a client device via and the first authentication server based on an access privilege determination of the client device to the VPN by authenticating a device identifier received from the client device, the device identifier being based on a combination of at least one user-configurable parameter and at least one non-user-configurable parameter resident in the client device;
  
  monitoring an operating status of the first authentication server with a first monitor;
  
  setting the second authentication server to active mode when the operating status of the first authentication server is inactive; and
  
  establishing a VPN connection between the proxy server and the second authentication server when the second authentication server is active.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein the VPN connection between the proxy server and the first authentication server is established using a first VPN server.
  - 12. The method of claim 10, wherein the VPN connection between the proxy server and the second authentication server is established using a second VPN server.
  - 13. The method of claim 10, wherein the at least one non-user-configurable parameter is based on a carbon degradation characteristic of a computer chip of the device.
  - 14. The method of claim 10, wherein the at least one non-user-configurable parameter is based on a silicone degradation characteristic of a computer chip of the device.
  - 15. The method of claim 10, wherein the at least one user-configurable parameter comprises one of hard disk volume name, user name, device name, user password, and hard disk initialization date for the device.
  - 16. The method of claim 10, wherein the device identifier is generated by utilizing at least one irreversible transformation of the at least one user-configurable parameter and the at least one non-user-configurable parameter of the device.
  - 17. The method of claim 10, wherein the device identifier is generated by utilizing a cryptographic hash function on the at least one user-configurable parameter and the at least one non-user-configurable parameter of the device.

18. A computer readable medium having stored thereon, computer executable instructions that, if executed by a device, cause the device to perform a method comprising:
- setting a first authentication server to active mode and a second authentication server to standby mode, wherein the first and second authentication servers are configured to use separate power sources;
  
  establishing a virtual private network (VPN) connection between a client device and the first authentication server based on an access privilege determination of the client device to the VPN by authenticating a device identifier received from an extended trust device, the device identifier being based on a combination of at least one user-configurable parameter and at least one non-user-configurable parameter resident in the client device;
  
  monitoring an operating status of the first authentication server with a first monitor;
  
  setting the second authentication server to active mode when the operating status of the first authentication server is inactive; and
  
  establishing a VPN connection between the proxy server and the second authentication server when the second authentication server is active.
- View Dependent Claims (19, 20)
- - 19. The computer readable medium of claim 18, wherein the VPN connection between the proxy server and the first authentication server is established using a first VPN server.
  - 20. The computer readable medium of claim 18, wherein the VPN connection between the proxy server and the second authentication server is established using a second VPN server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Uniloc Luxembourg S.à r.l. (f/k/a Uniloc Luxembourg S.A.) (Uniloc Corporation Pty. Limited)
Original Assignee
Uniloc Luxembourg S.à r.l. (f/k/a Uniloc Luxembourg S.A.) (Uniloc Corporation Pty. Limited)
Inventors
Etchegoyen, Craig Stephen

Application Number

US12/813,415
Publication Number

US 20100325719A1
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/0663   Performing the actions pred...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 69/40   for recovering from a failu...

System and Method for Redundancy in a Communication Network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

89 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and Method for Redundancy in a Communication Network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others