Internetwork Authentication
First Claim
Patent Images
1. A method comprising:
- providing an internetwork authentication service between a first network and a second network by establishing a connection between a first network device of the first network and a second network device of the second network through a first local authoritative user datastore interface at the first network device and an internetwork authentication proxy and a second local authoritative user datastore interface at the second network device and the internetwork authentication proxy, the first and second local authoritative user datastore interfaces associated with identity routing rules for routing to the first network;
receiving at the second network device, an authentication request for a station to access the first network;
routing the authentication request according to the identity routing rules to the first network device through the first and second local authoritative user datastore interfaces;
receiving at the second local authoritative user datastore interface from the first local authoritative user datastore interface an authentication result indicating the station is authenticated to access the first network;
providing the station access to network services provided through the second network according to the authentication result.
4 Assignments
0 Petitions
Accused Products
Abstract
A technique for network authentication interoperability involves initiating an authentication procedure on a first network, authenticating on a second network, and allowing access at the first network. The technique can include filtering access to a network, thereby restricting access to users with acceptable credentials. Offering a service that incorporates these techniques can enable incorporation of the techniques into an existing system with minimal impact to network configuration.
-
Citations
20 Claims
-
1. A method comprising:
-
providing an internetwork authentication service between a first network and a second network by establishing a connection between a first network device of the first network and a second network device of the second network through a first local authoritative user datastore interface at the first network device and an internetwork authentication proxy and a second local authoritative user datastore interface at the second network device and the internetwork authentication proxy, the first and second local authoritative user datastore interfaces associated with identity routing rules for routing to the first network; receiving at the second network device, an authentication request for a station to access the first network; routing the authentication request according to the identity routing rules to the first network device through the first and second local authoritative user datastore interfaces; receiving at the second local authoritative user datastore interface from the first local authoritative user datastore interface an authentication result indicating the station is authenticated to access the first network; providing the station access to network services provided through the second network according to the authentication result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
a first local authoritative user datastore interface at a first network device of a first network configured to establish a connection with an internetwork authentication proxy for purposes of providing internetwork authentication services between the first network and a second network; a second local authoritative user datastore interface at a second network device of the second network configured to; establish a connection with the internetwork authentication proxy for purposes of providing the internetwork authentication services between the first network and the second network, the second local authoritative user datastore interface associated with identity routing rules for routing to the first network; receive at the second network device, an authentication request for a station to access the first network; a policy-based identity routing engine configured to rout the authentication request according to the identity routing rules to the first network device through the first and second local authoritative user datastore interfaces; the second local authoritative user datastore interface further configured to; receive from the first local authoritative user datastore interface an authentication result indicating the station is authenticated to access the first network; provide the station access to network services provided through the second network according to the authentication result. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system comprising:
-
means for providing an internetwork authentication service between a first network and a second network by establishing a connection between a first network device of the first network and a second network device of the second network through a first local authoritative user datastore interface at the first network device and an internetwork authentication proxy and a second local authoritative user datastore interface at the second network device and the internetwork authentication proxy, the first and second local authoritative user datastore interfaces associated with identity routing rules for routing to the first network; means for receiving at the second network device, an authentication request for a station to access the first network; means for routing the authentication request according to the identity routing rules to the first network device through the first and second local authoritative user datastore interfaces; means for receiving at the second local authoritative user datastore interface from the first local authoritative user datastore interface an authentication result indicating the station is authenticated to access the first network; means for providing the station access to network services provided through the second network according to the authentication result.
-
Specification