USING APPLICATION LEVEL AUTHENTICATION FOR NETWORK LOGIN

US 20150121500A1
Filed: 10/31/2013
Published: 04/30/2015
Est. Priority Date: 10/31/2013
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, causes performance of operations comprising:

receiving, by a system comprising one or more network devices, a first client authentication information comprising a first indication that a first client device was successfully authenticated by a first authentication server based on credentials provided by the first client device;

forwarding, by the system, the first client authentication information to a second authentication server without determining that the client device was already successfully authenticated by the first authentication server based on the credentials provided by the first client device;

receiving, by the system from the second authentication server, a second indication that the first client device was successfully authenticated; and

based on the second indication received by the system from the second authentication server;

granting, by the system, network access to the first client device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, in one aspect, embodiments relate to receiving, by a system comprising one or more network devices, a first client authentication information comprising a first indication that a first client device was successfully authenticated by a first authentication server based on credentials provided by the first client device, and forwarding, by the system, the first client authentication information to a second authentication server without determining that the client device was already successfully authenticated by the first authentication server based on the credentials provided by the first client device. The operations further include receiving, by the system from the second authentication server, a second indication that the first client device was successfully authenticated, and based on the second indication received by the system from the second authentication server, granting, by the system, network access to the first client device.

73 Citations

View as Search Results

20 Claims

1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, causes performance of operations comprising:
- receiving, by a system comprising one or more network devices, a first client authentication information comprising a first indication that a first client device was successfully authenticated by a first authentication server based on credentials provided by the first client device;
  
  forwarding, by the system, the first client authentication information to a second authentication server without determining that the client device was already successfully authenticated by the first authentication server based on the credentials provided by the first client device;
  
  receiving, by the system from the second authentication server, a second indication that the first client device was successfully authenticated; and
  
  based on the second indication received by the system from the second authentication server;
  
  granting, by the system, network access to the first client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory computer readable medium of claim 1, wherein the first client authentication information indicating that first client device was successfully authenticated is transmitted from the first authentication server to the first client device and transmitted from the first client device to the system.
  - 3. The non-transitory computer readable medium of claim 1, wherein the system is one of a controller or an access point.
  - 4. The non-transitory computer readable medium of claim 1, wherein prior to receiving the first client authentication information from the first client device, the operations further comprise:
    - receiving, by the system from the first client device, a request for the network access;
      
      responsive to receiving the request, triggering, by the system, a process comprising (a) the first authentication server obtaining the credentials provided by the first client device and (b) the first authentication server authenticating the first client device.
  - 5. The non-transitory computer readable medium of claim 1, wherein the system forwards the first client authentication information to the second authentication server without determining the contents of the first client authentication information.
  - 6. The non-transitory computer readable medium of claim 1, wherein the operations further comprise:
    - receiving, by the system, a second client authentication information comprising credentials provided by a second client device, wherein the second client device has not been authenticated;
      
      forwarding, by the system, the second client authentication information to the second authentication server without determining whether the second client device has already been authenticated;
      
      receiving, by the system from the second authentication server, a third indication that the second client device was successfully authenticated;
      
      based on the third indication indicating that the second client device was successfully authenticated;
      
      granting, by the system, network access to the second client device.
  - 7. The non-transitory computer readable medium of claim 1, wherein the second authentication server transmits the second indication to the system based on the second authentication server using the first client authentication information to determine that the first client device was already successfully authenticated.

8. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, causes performance of operations comprising:
- subsequent to a first client device being authenticated by a first authentication server;
  
  receiving by a second authentication server from a system (a) a request to authenticate the first client device for network access and (b) a first client authentication information comprising a first indication that the first client device has already been authenticated, wherein the system has forwarded the first client authentication information to the second authentication server without determining that the first client device has already been authenticated,wherein the system comprises one or more network devices;
  
  determining, by the second authentication server, that the first client device is authenticated for network access based on the first client authentication information comprising the first indication that the first client device has already been authenticated; and
  
  transmitting, by the second authentication server to the system, a second indication that the first client device is authenticated to access the network,wherein the system provides network access to the first client device based on the second indication received from the second authentication server but not based on the first indication received from the first authentication server.
- View Dependent Claims (9, 10)
- - 9. The non-transitory computer readable medium of claim 8, wherein the operations further comprise:
    - receiving by the second authentication server from the system (a) a request to authenticate a second client device and (b) a second client authentication information comprising credentials provided by the second client device, wherein the system has forwarded the second client authentication information to the second authentication server without determining whether the second client device has already been authenticated;
      
      authenticating, by the second authentication server, the second client device based on the credentials provided by the second client device;
      
      transmitting, by the second authentication server to the system, a third indication that the second client device is authenticated,wherein the system provides network access to the second client device based on the third indication received from the second authentication server.
  - 10. The non-transitory computer readable medium of claim 8, wherein determining, by the second authentication server, that the first client device is authenticated for network access based on the first client authentication information comprises:
    - decoding, by the second authentication server, the first client authentication information to obtain decoded information;
      
      verifying the decoded information to confirm that that the first client device is authenticated for network access.

11. A system comprising:
- at least one network device including a hardware processor configured to perform operations comprising;
  
  receiving a first client authentication information comprising a first indication that a first client device was successfully authenticated by a first authentication server based on credentials provided by the first client device;
  
  forwarding the first client authentication information to a second authentication server without determining that the client device were already successfully authenticated by the first authentication server based on the credentials provided by the first client device;
  
  receiving, from the second authentication server, a second indication that the first client device was successfully authenticated; and
  
  based on the second indication received by the system from the second authentication server;
  
  granting network access to the first client device.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, wherein the first client authentication information indicating that first client device was successfully authenticated is transmitted from the first authentication server to the first client device and transmitted from the first client device to the system.
  - 13. The system of claim 11, wherein the system is one of a controller or an access point.
  - 14. The system of claim 11, wherein prior to receiving the first client authentication information from the first client device, the operations further comprise:
    - receiving, from the first client device, a request for the network access;
      
      responsive to receiving the request, triggering process comprising (a) the first authentication server obtaining the credentials provided by the first client device and (b) the first authentication server authenticating the first client device.
  - 15. The system of claim 11, wherein the system forwards the first client authentication information to the second authentication server without determining the contents of the first client authentication information.
  - 16. The system of claim 11, wherein the operations further comprise:
    - receiving a second client authentication information comprising credentials provided by the second client device, wherein the second client device has not been authenticated;
      
      forwarding the second client authentication information to the second authentication server without determining whether the second client device has already been authenticated;
      
      receiving, from the second authentication server, a third indication that the second client device was successfully authenticated;
      
      based on the third indication indicating that the second client device was successfully authenticated;
      
      granting network access to the second client device.
  - 17. The system of claim 11, wherein the second authentication server transmits the second indication to the system based on the second authentication server using the first client authentication information to determine that the first client device was already successfully authenticated.

18. A computer system comprising:
- a hardware processor; and
  
  a first authentication server being configured to perform operations configured to execute on the hardware processor comprising;
  
  subsequent to a first client device being authenticated by a second authentication server;
  
  receiving from a system (a) a request to authenticate the first client device for network access and (b) a first client authentication information comprising a first indication that the first client device has already been authenticated, wherein the system has forwarded the first client authentication information to the first authentication server without determining that the first client device has already been authenticated,wherein the system comprises one or more network devices,determining that the first client device is authenticated for network access based on the first client authentication information comprising the first indication that the first client device has already been authenticated, andtransmitting, to the system, a second indication that the first client device is authenticated to access the network,wherein the system provides network access to the first client device based on the second indication received from the first authentication server but not based on the first indication received from the second authentication server.
- View Dependent Claims (19, 20)
- - 19. The computer system of claim 18, wherein the operations further comprise:
    - receiving from the system (a) a request to authenticate a second client device and (b) a second client authentication information comprising credentials provided by the second client device, wherein the system has forwarded the second client authentication information to the first authentication server without determining whether the second client device has already been authenticated;
      
      authenticating the second client device based on the credentials provided by the second client device;
      
      transmitting, to the system, a third indication that the second client device is authenticated;
      
      wherein the system provides network access to the second client device based on the third indication received from the first authentication server.
  - 20. The computer system of claim 18, wherein determining that the first client device is authenticated for network access based on the first client authentication information comprises:
    - decoding the first client authentication information to obtain decoded information;
      
      verifying the decoded information to confirm that that the first client device is authenticated for network access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Aruba Networks Incorporated (Hewlett-Packard Enterprise Company)
Inventors
Venkatanaranappa, Venkatraju Tumkur, Achari, Rajesh Kumar Ganapathy, Nair, Anoop Kumaran, Cheeniyil, Santhosh

Granted Patent

US 10,193,878 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

USING APPLICATION LEVEL AUTHENTICATION FOR NETWORK LOGIN

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

USING APPLICATION LEVEL AUTHENTICATION FOR NETWORK LOGIN

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links