Supporting authentication across multiple network access servers

US 6,011,910 A
Filed: 04/08/1997
Issued: 01/04/2000
Est. Priority Date: 04/08/1997
Status: Expired due to Term

First Claim

Patent Images

1. In a system for coupling a plurality of telephone lines to a packet-switched network, including a plurality of modules connected to a communication channel, modules in the plurality of modules including resources for facilitating communications between the plurality of telephone lines and the packet-switched network, a method for authenticating an access by a user through the plurality of modules, comprising:

receiving a request at a module in the plurality of modules to establish a connection from the user between telephone lines in the plurality of telephone lines and the packet-switched network through a module in the plurality of modules; and

authenticating the request using authentication data within the module and authentication data from other modules in the plurality of modules.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a modular architecture for connecting a plurality of telephone lines to a computer network. The invention binds a plurality of network access servers together so that they form a single system image to clients dialing into the plurality of network access servers. The invention operates by providing a tunneling mechanism for communication between the network access servers. The tunneling mechanism facilitates packet re-forwarding so that a call dialed into a physical port in a network access server can be re-forwarded through a logical port in another network access server. This allows a call to be routed through a physical port in a network access server even if no logical port is available in the network access server. Packet re-forwarding also allows multilink connections through physical ports in multiple network access servers to be routed through a single logical port in a network access server. Packet re-forwarding also provides support for spoofing; if the telephone line is torn down during spoofing, the logical port is maintained so that the connection may be reestablished through a physical port in another network access server. Finally, the present invention supports authentication across multiple network access servers using a security server, by allowing the network access servers to share authentication information.

269 Citations

17 Claims

1. In a system for coupling a plurality of telephone lines to a packet-switched network, including a plurality of modules connected to a communication channel, modules in the plurality of modules including resources for facilitating communications between the plurality of telephone lines and the packet-switched network, a method for authenticating an access by a user through the plurality of modules, comprising:
- receiving a request at a module in the plurality of modules to establish a connection from the user between telephone lines in the plurality of telephone lines and the packet-switched network through a module in the plurality of modules; and
  
  authenticating the request using authentication data within the module and authentication data from other modules in the plurality of modules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the step of authenticating includes exchanging authentication data between modules in the plurality of modules.
  - 3. The method of claim 1, wherein the step of authenticating includes exchanging authentication data between modules in the plurality of modules in response to the request to establish a connection.
  - 4. The method of claim 1, wherein the step of authenticating includes exchanging authentication data between modules in the plurality of modules before the request to establish a connection is received.
  - 5. The method of claim 1, wherein the step of authenticating includes seeking authentication from a security server.
  - 6. The method of claim 1, wherein the step of authenticating includes seeking authentication from a security server using the RADIUS protocol.
  - 7. The method of claim 1, wherein the step of authenticating includes seeking authentication from a security server, wherein the seeking involves forwarding communications between the security server and the user.
  - 8. The method of claim 1, wherein the step of authenticating includes seeking authentication from a security server, wherein the seeking involves forwarding a login prompt and response between the security server to the user, and forwarding a challenge and response between the security server and the user.
  - 9. The method of claim 1, wherein the step of authenticating includes searching through authentication data in the resources within the module.
  - 10. The method of claim 1, wherein the step of authenticating includes:
    - searching for the user in authentication data in the resources within the module;
      
      seeking authentication for the user from a security server; and
      
      searching for the user in authentication data in resources within other modules within the plurality of modules.

11. In a system for coupling a plurality of telephone lines to a packet-switched network, including a plurality of modules connected to a communication channel, modules in the plurality of modules including resources for facilitating communications between the plurality of telephone lines and the packet-switched network, a method for authenticating an access by a user through the plurality of modules, comprising:
- receiving a request at a module in the plurality of modules to establish a connection from a user between telephone lines in the plurality of telephone lines and the packet-switched network through a module in the plurality of modules;
  
  searching for the user in authentication data in the resources within the module;
  
  if the user is not found in the resources, seeking authentication for the user from a security server; and
  
  if authentication is not obtained from the security server, searching for the user in authentication data in resources within other modules within the plurality of modules.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein the step of authenticating includes exchanging authentication data between modules in the plurality of modules.
  - 13. The method of claim 11, wherein the step of authenticating includes exchanging authentication data between modules in the plurality of modules in response to the request to establish a connection.
  - 14. The method of claim 11, wherein the step of authenticating includes exchanging authentication data between modules in the plurality of modules before the request to establish a connection is received.
  - 15. The method of claim 11, wherein the step of authenticating includes seeking authentication from a security server using the RADIUS protocol.
  - 16. The method of claim 11, wherein the step of authenticating includes seeking authentication from a security server, wherein the seeking involves forwarding communications between the security server and the user.
  - 17. The method of claim 11, wherein the step of authenticating includes seeking authentication from a security server, wherein the seeking involves forwarding a login prompt and response between the security server to the user, and forwarding a challenge and response between the security server and the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
3Com Corporation (HP Inc.)
Inventors
Chau, Wing Cheong, Tai, Wayming Daniel, Wang, Xiaohu, Liu, Tze-jian, Leu, Darren, Sun, Tsyr-Shya Joe, Pao, Jeffrey Kaiping, Nilakantan, Chandy
Primary Examiner(s)
ASTA, FRANK J

Application Number

US08/833,663
Time in Patent Office

1,001 Days
Field of Search

395/186, 395/187.01, 395/188.01, 395/200.57, 395/200.58, 395/200.59, 380/23, 380/25, 711/146, 711/164, 711/165
US Class Current

709/229
CPC Class Codes

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/2874   Processing of data for dist...

H04L 63/08   for authentication of entit...

Supporting authentication across multiple network access servers

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

269 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Supporting authentication across multiple network access servers

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

269 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links