Deterministic user authentication service for communication network
First Claim
1. A user authentication service for a communication network including a plurality of nodes each having a different network interface, comprising:
- means for accepting and storing, as entries for particular users, user identification information;
means for accepting a log-in response entered on an end system, the system having a LAN interface;
means for comparing for a match the log-in response with the user identification information; and
means for establishing, if a match is found, communicability between the system and a selectable group of the nodes.
12 Assignments
0 Petitions
Accused Products
Abstract
A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network. Log-in attempts are recorded so that the identity and whereabouts of network users may be monitored from a network management station.
-
Citations
21 Claims
-
1. A user authentication service for a communication network including a plurality of nodes each having a different network interface, comprising:
-
means for accepting and storing, as entries for particular users, user identification information; means for accepting a log-in response entered on an end system, the system having a LAN interface; means for comparing for a match the log-in response with the user identification information; and means for establishing, if a match is found, communicability between the system and a selectable group of the nodes. - View Dependent Claims (2, 3)
-
-
4. A user authentication service for a communication network including a plurality of nodes each having a different network interface, comprising:
-
means for accepting and storing, as associated entries for particular users, user identification information and groups of the nodes; means for accepting a log-in response entered on an end system in the network; means for comparing for a match the log-in response with the user identification information; and means for establishing communicability between the system and each member of a group of the nodes associated with matching user identification information. - View Dependent Claims (5)
-
-
6. A user authentication service for a communication network including a plurality of nodes each having a different network interface, comprising:
-
means for accepting and storing, as associated entries for particular users, user identification information, time restrictions defining an access period and groups of the nodes; means for accepting a log-in response entered on an end system in the network; means for comparing for a match the log-in response with the user identification information; means for establishing communicability between the system and each member of a group of the nodes associated with matching user identification information, for the defined access period associated with the matching user identification information. - View Dependent Claims (7)
-
-
8. A user authentication service for a communication network including a plurality of nodes each having a different network interface, comprising:
-
means for accepting and storing, as associated entries for particular users, user identification information, groups of the nodes, and enhanced authentication information, the enhanced authentication information identifying an enhanced authentication server operative in the network; means for accepting a log-in response entered on an end system in the network; means for comparing for a match the log-in response with the user identification information; means for conducting an enhanced authentication session between the system and the enhanced authentication server associated with matching user identification information; and means for establishing, if the enhanced authentication is successfully completed, communicability between the system and each member of a group of the nodes associated with the matching user identification information. - View Dependent Claims (9)
-
-
10. A method for authenticating prospective users of a communication network including a plurality of nodes each having a different network interface, comprising:
-
(a) accepting and storing, as associated entries for particular users, user identification information and groups of the nodes; (b) accepting a log-in response on an end system in the network; (c) comparing for a match the log-in response with the user identification information; and (d) if a match is found, establishing communicability between the system and each member of a group of the nodes associated with the matching user identification information.
-
-
11. A method for authenticating prospective users of a communication network including a plurality of nodes each having a different network interface, comprising:
-
(a) accepting and storing, as associated entries for particular users, user identification information, time restrictions and groups of the nodes, the time restrictions defining authorized times; (b) accepting a log-in response on an end system in the network during a log-in attempt; (c) comparing for a user match the log-in response with the user identification information; (d) upon finding a user match, comparing for a time match the authorized times associated with the matching user identification information with the time of the log-in attempt; (e) upon finding a time match, establishing communicability between said system and each member of a group of the nodes associated with the matching user identification information for the authorized time associated with the matching user identification information.
-
-
12. A method for authenticating prospective users of a communication network including a plurality of nodes each having a different network interface, comprising:
-
(a) accepting and storing, as associated entries for particular users, user identification information, groups of the nodes and enhanced authentication information, the enhanced authentication information identifying an enhanced authentication server operative in the network; (b) accepting a log-in response on an end system in the network; (c) comparing for a match the log-in response with the user identification information; (d) if a match is found, conducting an enhanced authentication method between the system and the identified enhanced authentication server associated with the matching user identification information; and (e) if the enhanced authentication method is successfully completed, establishing communicability between the system and each member of a group of the nodes associated with the matching user identification information.
-
-
13. An authentication agent for a user authentication service for a communication network, comprising:
-
means for receiving a log-in response from an end system; means for communicating the log-in response to an authentication server; means for receiving authorized subnetwork information from the authentication server in response to the log-in response; and means for communicating the authorized subnetwork information to a processing means, the processing means applying the authorized subnetwork information to establish rules for communicability between the system and members of different groups of nodes in the network, wherein each node has a different network interface. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
Specification