DISTRIBUTED AUTHENTICATION, AUTHORIZATION AND ACCOUNTING
First Claim
1. A first computer system, residing on a first computer network of a plurality of computer networks, for controlling access to the plurality of computer networks, the first computer system configured to:
- store authentication routing data comprising;
address information related to at least two authentication databases against which credentials related to connecting devices may be authenticated, wherein at least one of the at least two authentication databases is contained on a second computer system residing on a second computer network; and
a criterion for selecting which of the at least two authentication databases a given credential is authenticated against;
receive a first credential from a network access controller on the first computer network, the first credential being relatable to a first connecting device requesting access to the plurality of computer networks at the network access controller;
determine the criterion;
based on the determined criterion, select a first authentication database of the at least two authentication databases against which the first credential is to be authenticated;
communicate the first credential to the first authentication database using the address information;
receive an authentication response from the first authentication database; and
communicate the authentication response to the network access controller.
9 Assignments
0 Petitions
Accused Products
Abstract
In some embodiments, computer systems, storage mediums, and methods are provided for controlling a connecting device'"'"'s access to a plurality of computer networks. In other embodiments, the provided computer systems, storage mediums, and methods may provide for authentication, authorization, and accounting of connecting devices connecting to a plurality of computer networks. In other embodiments, the provided computer systems, storage mediums, and methods may provide for the distribution of authentication routing data and authorization policies among a plurality of computer networks. In yet other embodiments, the provided computer systems, storage mediums, and methods may provide for the distribution of accounting among a plurality of computer networks.
-
Citations
24 Claims
-
1. A first computer system, residing on a first computer network of a plurality of computer networks, for controlling access to the plurality of computer networks, the first computer system configured to:
-
store authentication routing data comprising; address information related to at least two authentication databases against which credentials related to connecting devices may be authenticated, wherein at least one of the at least two authentication databases is contained on a second computer system residing on a second computer network; and a criterion for selecting which of the at least two authentication databases a given credential is authenticated against; receive a first credential from a network access controller on the first computer network, the first credential being relatable to a first connecting device requesting access to the plurality of computer networks at the network access controller; determine the criterion; based on the determined criterion, select a first authentication database of the at least two authentication databases against which the first credential is to be authenticated; communicate the first credential to the first authentication database using the address information; receive an authentication response from the first authentication database; and communicate the authentication response to the network access controller. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 16)
-
-
12-13. -13. (canceled)
-
17. (canceled)
-
18. A first computer system, residing on a first computer network of a plurality of computer networks, for controlling access to the plurality of computer networks, the first computer system configured to:
-
receive, from a second computer system, residing on a computer network different than the first computer network, at least a portion of an authorization policy comprising one or more rules for controlling a connecting device'"'"'s access to the plurality of computer networks; store an authorization policy including the at least a portion of an authorization policy; receive first authorization information related to a first connecting device requesting access to the plurality of computer networks at a network access controller residing on the first network; compare the first authorization information to the authorization policy; and control the first connecting device'"'"'s access to the plurality of computer networks based at least in part on the result of the comparison. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A storage medium, readable by a first processor of a first computer system residing on a first computer network of a plurality of computer networks, having embodied therein a program of commands executable by the first processor, the program being adapted to be executed to:
-
store authentication routing data comprising; address information related to at least two authentication databases against which credentials related to connecting devices may be authenticated, wherein at least one of the authentication databases is contained on a second computer system residing on a second computer network; and a criterion for selecting which of the at least two authentication databases a given credential is authenticated against; receive a first credential from a network access device on the first computer network, the first credential being relatable to a first connecting device requesting access to the plurality of computer networks at the network access device; determine the criterion; based on the determined criterion, select a first authentication database of the at least two authentication databases against which the first credential is to be authenticated; communicate the first credential to the first authentication database using the address information; receive an authentication response from the first authentication database; communicate the authentication response to the network access device; receive at least a portion of an authorization policy comprising one or more rules for controlling a connecting device'"'"'s access to the plurality of computer networks from a third computer system residing on a computer network different than the first computer network; store the authorization policy; receive first authorization information related to the first connecting device; compare the first authorization information to the authorization policy; and control the first connecting device'"'"'s access to the plurality of computer networks based on a result of the comparison.
-
-
24-66. -66. (canceled)
Specification