Internetwork Authentication

US 20140068707A1
Filed: 08/29/2013
Published: 03/06/2014
Est. Priority Date: 08/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a request for a policy-based identity routing service for a first network;

providing a local authoritative user datastore interface (LAUDI) to a network device of the first network;

obtaining a set of rules for identity routing to the first network;

establishing a connection between the LAUDI on the network device of the first network;

wherein a successful authentication result, from the LAUDI for a station on a second network, is indicative of the station being allowed access to services on the second network.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for network authentication interoperability involves initiating an authentication procedure on a first network, authenticating on a second network, and allowing access at the first network. The technique can include filtering access to a network, thereby restricting access to users with acceptable credentials. Offering a service that incorporates these techniques can enable incorporation of the techniques into an existing system with minimal impact to network configuration.

20 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving a request for a policy-based identity routing service for a first network;
  
  providing a local authoritative user datastore interface (LAUDI) to a network device of the first network;
  
  obtaining a set of rules for identity routing to the first network;
  
  establishing a connection between the LAUDI on the network device of the first network;
  
  wherein a successful authentication result, from the LAUDI for a station on a second network, is indicative of the station being allowed access to services on the second network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising providing internetwork authentication service on computing resources delivered as a service via a third network.
  - 3. The method of claim 1, further comprising providing the LAUDI via a software download.
  - 4. The method of claim 1, further comprising:
    - installing the LAUDI on the network device;
      
      shipping the network device to a recipient associated with the first network;
      
      wherein the network device is implemented in association with the first network after receipt by the recipient.
  - 5. The method of claim 1, further comprising implementing the network device as a wireless access point (WAP) or controller.
  - 6. The method of claim 1, further comprising coupling the LAUDI to a user datastore at the first network.
  - 7. The method of claim 1, further comprising obtaining the set of rules via an administrative interface.
  - 8. The method of claim 1, further comprising obtaining a set of rules for filtering and identity routing to the first network, wherein the successful authentication result is indicative of station credentials sufficient to avoid filtering an authentication request associated with the station in accordance with the filtering rules and sufficient to permit routing the authentication request to the first network in accordance with the identity routing rules.
  - 9. The method of claim 1, wherein the connection is persistent.
  - 10. The method of claim 1, further comprising:
    - receiving an authentication request from the second network for the station;
      
      routing the authentication request based on a rule of the set of rules to the LAUDI;
      
      receiving an authentication result from the LAUDI;
      
      sending the authentication result to the second network;
      
      wherein the successful authentication result is indicative of the station being allowed access to services on the second network.
  - 11. The method of claim 1, wherein account data from a local authoritative user datastore at the first network is shared with the second network.
  - 12. The method of claim 1, wherein the station is a first station, further comprising:
    - storing user data associated with a second station at the second network;
      
      authenticating the second station at the second network.

13. A system comprising:
- a means for receiving a request for a policy-based identity routing service for a first network;
  
  a means for providing a local authoritative user datastore interface (LAUDI) to a network device of the first network;
  
  a means for obtaining a set of rules for identity routing to the first network;
  
  a means for establishing a connection between the LAUDI on the network device of the first network;
  
  wherein a successful authentication result, from the LAUDI for a station on a second network, is indicative of the station being allowed access to services on the second network.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13, further comprising a means for obtaining a set of rules for filtering and identity routing to the first network, wherein the successful authentication result is indicative of station credentials sufficient to avoid filtering an authentication request associated with the station in accordance with the filtering rules and sufficient to permit routing the authentication request to the first network in accordance with the identity routing rules.
  - 15. The system of claim 13, wherein the connection is persistent, further comprising a means for establishing the persistent connection.

16. A method comprising:
- receiving at a network access point an authentication request for a station;
  
  making a determination that the authentication request is suitable for off-network authentication;
  
  sending the authentication request off-network;
  
  receiving from off-network an off-network authentication result responsive to the authentication request;
  
  providing services to the station consistent with the off-network authentication result.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising:
    - determining an identity associated with the authentication request;
      
      sending the authentication request off-network in accordance with the determination.
  - 18. The method of claim 16, further comprising establishing a persistent connection with an internetwork authentication service provider, wherein the authentication request is sent to the internetwork authentication service provider and the off-network authentication result is received from the internetwork authentication service provider.
  - 19. The method of claim 18, wherein the persistent connection is an outbound encrypted tunnel.
  - 20. The method of claim 16, wherein the authentication request is a first authentication request and the station is a first station, further comprising:
    - receiving at the network access point a second authentication request for a second station;
      
      making a determination that the authentication request is suitable for on-network authentication;
      
      initiating on-network authentication of the second station;
      
      obtaining an on-network authentication result responsive to the second authorization request;
      
      providing services to the second station consistent with the on-network authentication result.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Aerohive Networks Incorporated (Extreme Networks, Inc.)
Inventors
Gast, Matthew Stuart, Sakura, Kenshin, Fu, Long

Granted Patent

US 9,143,498 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

H04L 63/0892   by using authentication-aut...

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04W 12/069   using certificates or pre-s...

Internetwork Authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Internetwork Authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others