METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR ACCESS CONTROL SERVICES USING SOURCE PORT FILTERING

US 20110154469A1
Filed: 12/17/2009
Published: 06/23/2011
Est. Priority Date: 12/17/2009
Status: Abandoned Application

First Claim

Patent Images

1. A method of controlling access to a protected server, the method comprising:

receiving an authentication request message at an authentication server computer, the authentication request message identifying a requesting client device;

authenticating the authentication request message at the authentication server computer; and

responsive to authentication of the authentication request message, determining a source port for a redirected communication between the requesting client device and the protected server and transmitting an access authorization message identifying the determined source port from the authentication server computer to a blocking device that controls access to the protected server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication request message is received at an authentication server computer, the authentication request message identifying a requesting client device. The authentication request message is authenticated at the authentication server computer and, responsive to authentication of the authentication request message, a source port for a redirected communication between the requesting client device associated and the protected server is determined. An access authorization message identifying the determined source port is transmitted from the authentication server computer to a blocking device that controls access to the protected server. A redirect message may be transmitted from the authentication server to a browser resident at the client device responsive to authentication of the authentication request message. Embodiments include methods, apparatus and computer readable media.

Citations

18 Claims

1. A method of controlling access to a protected server, the method comprising:
- receiving an authentication request message at an authentication server computer, the authentication request message identifying a requesting client device;
  
  authenticating the authentication request message at the authentication server computer; and
  
  responsive to authentication of the authentication request message, determining a source port for a redirected communication between the requesting client device and the protected server and transmitting an access authorization message identifying the determined source port from the authentication server computer to a blocking device that controls access to the protected server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein determining a source port for a redirected communication between the requesting client device and the protected server comprises predicting the source port for the redirected communication based on a source port identified in the received authentication request message.
  - 3. The method of claim 1, further comprising transmitting a redirect message from the authentication server to a browser resident at the client device responsive to authentication of the authentication request message.
  - 4. The method of claim 1, further comprising controlling access to the protected server via the blocking device responsive to the access authorization message.
  - 5. The method of claim 4, wherein controlling access to the protected server via the blocking device responsive to the access authorization message comprises modifying an access control list (ACL) at the blocking device based on the access authorization message.
  - 6. The method of claim 1, wherein transmitting an access authorization message comprises transmitting a Simple Network Management Protocol version 3 (SNMPv3) message.
  - 7. The method of claim 1, wherein the protected server comprises customer equipment served by network provider infrastructure that comprises the blocking device.
  - 8. A computer-readable medium having computer code configured to perform the method of claim 1 embodied therein.

9. A system comprising:
- an authentication server computer configured to receive an authentication request message identifying an authentication requesting client device, to authenticate the authentication request message, to determine a source port for a redirected communication between the requesting client device and the protected server, and to transmit an access authorization message identifying the determined source port responsive to authentication of the authentication request message; and
  
  a blocking device configured to receive the access authorization message from the authentication server computer and to control access to a protected server responsive to the received access authorization message.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein the authentication server computer is configured to predict the source port for the redirected communication based on a source port identified in the received authentication request message.
  - 11. The system of claim 9, wherein the authentication server computer is further configured to transmit a redirect message to a browser resident at the client device responsive to authentication of the authentication request message.
  - 12. The system of claim 9, wherein the blocking device is configured to modify an access control list (ACL) responsive to the access authorization message.
  - 13. The system of claim 9, wherein the access authorization message comprises a SNMPv3 message.
  - 14. The system of claim 9, wherein the protected server comprises customer equipment served by network provider infrastructure that comprises the blocking device.

15. An authentication server comprising:
- a communications interface circuit configured to receive an authentication request message identifying a requesting client device; and
  
  an authenticator circuit coupled to the communications interface circuit and configured to authenticate the authentication request message and to determine a source port for a redirected communication between the requesting client device and a protected server,wherein the communications interface circuit is further configured to transmit an access authorization message identifying the determined source port from the authentication server computer to a blocking device that controls access to the protected server responsive to authentication of the authentication request message.
- View Dependent Claims (16, 17, 18)
- - 16. The authentication server of claim 15, wherein the authenticator circuit is configured to predict the source port for the redirected communication based on a source port identified in the received authentication request message.
  - 17. The authentication server of claim 15, wherein the communications interface circuit is further configured to transmit a redirect message from the authentication server to a browser resident at the client device responsive to authentication of the authentication request message.
  - 18. The authentication server of claim 15, wherein the access authorization message comprises a SNMPv3 message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Dargis, Anthony B.

Application Number

US12/640,528
Publication Number

US 20110154469A1
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/0263 Rule management

H04L 67/563 Data redirection of data ne...

METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR ACCESS CONTROL SERVICES USING SOURCE PORT FILTERING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR ACCESS CONTROL SERVICES USING SOURCE PORT FILTERING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links