Supporting authentication across multiple network access servers
First Claim
1. In a system for coupling a plurality of telephone lines to a packet-switched network, including a plurality of modules connected to a communication channel, modules in the plurality of modules including resources for facilitating communications between the plurality of telephone lines and the packet-switched network, a method for authenticating an access by a user through the plurality of modules, comprising:
- receiving a request at a module in the plurality of modules to establish a connection from the user between telephone lines in the plurality of telephone lines and the packet-switched network through a module in the plurality of modules; and
authenticating the request using authentication data within the module and authentication data from other modules in the plurality of modules.
9 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a modular architecture for connecting a plurality of telephone lines to a computer network. The invention binds a plurality of network access servers together so that they form a single system image to clients dialing into the plurality of network access servers. The invention operates by providing a tunneling mechanism for communication between the network access servers. The tunneling mechanism facilitates packet re-forwarding so that a call dialed into a physical port in a network access server can be re-forwarded through a logical port in another network access server. This allows a call to be routed through a physical port in a network access server even if no logical port is available in the network access server. Packet re-forwarding also allows multilink connections through physical ports in multiple network access servers to be routed through a single logical port in a network access server. Packet re-forwarding also provides support for spoofing; if the telephone line is torn down during spoofing, the logical port is maintained so that the connection may be reestablished through a physical port in another network access server. Finally, the present invention supports authentication across multiple network access servers using a security server, by allowing the network access servers to share authentication information.
269 Citations
17 Claims
-
1. In a system for coupling a plurality of telephone lines to a packet-switched network, including a plurality of modules connected to a communication channel, modules in the plurality of modules including resources for facilitating communications between the plurality of telephone lines and the packet-switched network, a method for authenticating an access by a user through the plurality of modules, comprising:
-
receiving a request at a module in the plurality of modules to establish a connection from the user between telephone lines in the plurality of telephone lines and the packet-switched network through a module in the plurality of modules; and authenticating the request using authentication data within the module and authentication data from other modules in the plurality of modules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. In a system for coupling a plurality of telephone lines to a packet-switched network, including a plurality of modules connected to a communication channel, modules in the plurality of modules including resources for facilitating communications between the plurality of telephone lines and the packet-switched network, a method for authenticating an access by a user through the plurality of modules, comprising:
-
receiving a request at a module in the plurality of modules to establish a connection from a user between telephone lines in the plurality of telephone lines and the packet-switched network through a module in the plurality of modules; searching for the user in authentication data in the resources within the module; if the user is not found in the resources, seeking authentication for the user from a security server; and if authentication is not obtained from the security server, searching for the user in authentication data in resources within other modules within the plurality of modules. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification