Single step network logon based on point to point protocol

US 6,253,327 B1
Filed: 12/02/1998
Issued: 06/26/2001
Est. Priority Date: 12/02/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:

causing a host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;

identifying a source address for the host; and

authorizing the host to access said first domain and said second domain based upon login information obtained from said subscriber.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for providing single-step logon access for a subscriber to a differentiated computer network having more than one separate access area. In a method for single-step logon a network gateway interface grants a subscriber access to both one or more public network domains, such as the Internet, and one or more private domains, such as community of interest domains or intra-network domains, without requiring the subscriber to launch a separate logon application. Once the subscriber has completed a single step logon to the network interface, the service provider is able to provide the subscriber with simultaneous secure channel access to both public areas and secured private areas. A network gateway interface provides the capability to authenticate the subscriber, provide the subscriber with an TIP address and negotiate a point to point protocol session with the subscriber'"'"'s host, thereby eliminating the need to have the subscriber logon for public area access and then logon for private area access.

261 Citations

42 Claims

1. A method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
- causing a host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
  
  identifying a source address for the host; and
  
  authorizing the host to access said first domain and said second domain based upon login information obtained from said subscriber.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising:
3. The method of claim 2 wherein said authenticating is accomplished using Link Control Protocol.
4. The method of claim 1 wherein said identifying is accomplished using Internet Protocol Control Protocol (IPCP).
5. The method of claim 1 wherein said identifying further comprises:
- assigning an Internet Protocol address to said subscriber from a pool of addresses located in memory.
6. The method of claim 1 wherein said identifying further comprises:
- assigning an Internet Protocol address to said subscriber from an authentication reply packet received from an authentication server.
7. The method of claim 1 wherein said causing is accomplished using Point-to-Point Protocol (PPP).
8. The method of claim 1 wherein said authorizing further comprises:
- writing said login information into a memory.

9. A method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
- authenticating a subscriber based upon login information obtained from said subscriber;
  
  causing the subcriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link;
  
  identifying a source address for said subscriber;
  
  writing said login information into a memory; and
  
  authorizing said subscriber to access said first domain and said second domain based upon said login information obtained from said subscriber.

10. A method for single-step subscriber logon to a differentiated data communication network including same-session access capabilities to a first domain and a second domain, said method comprising:
- causing the subscriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
  
  identifying a source address for a subscriber; and
  
  authorizing said subscriber to access said first domain and said second domain based upon login information obtained from said subscriber.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10 further comprising:
12. The method of claim 11 wherein said authenticating is accomplished using Link Control Protocol.
13. The method of claim 10 wherein said identifying is accomplished using Internet Protocol Control Protocol (IPCP).
14. The method of claim 10 wherein said identifying further comprises:
- assigning an Internet Protocol address to said subscriber from a pool of addresses located in a memory.
15. The method of claim 10 wherein said identifying further comprises:
- assigning an Internet Protocol address to said subscriber from an authentication reply packet received from an authentication server.
16. The method of claim 10 wherein said causing is accomplished using Point-to-Point Protocol (PPP).
17. The method of claim 10 wherein said authorizing further comprises:
- writing said login information into a memory.

18. A method for single-step subscriber logon to a differentiated data communication network including same-session access capabilities to a first domain and a second domain, said method comprising:
- authenticating a subscriber based upon login information obtained from said subscriber;
  
  causing the subscriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link;
  
  identifying a source address for said subscriber;
  
  writing said login information into a memory; and
  
  authorizing said subscriber to access said first domain and said second domain based upon login information obtained from said subscriber.

19. A method for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
- receiving login information from the subscriber;
  
  authenticating said subscriber based upon said login information;
  
  storing said login information in memory;
  
  notifying the subscriber'"'"'s host once a successful authentication process has been completed;
  
  setting an address allocation session with said host;
  
  assigning a source address to said host;
  
  causing said host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link; and
  
  writing a subscriber-related entry into memory based upon said source address and said login information.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 20. The method of claim 19 wherein said authenticating further comprises:
21. The method of claim 20 wherein said sending further comprises:
- sending said authentication reply packet via a Remote Access Dial-In User Service (RADIUS) protocol communication link.
22. The method of claim 19 wherein said writing further comprises:
- writing said subscriber-related entry into a memory based upon configuration information in said access accept reply packet.
23. The method of claim 19 wherein said subscriber login information includes the user name and user authenticator.
24. The method of claim 19 wherein said receiving further comprises:
- receiving login information using a Link Central Protocol (LCP) communication link.
25. The method of claim 19 wherein said setting further comprises:
- setting an address allocation session using an Internet Protocol Control Protocol (IPCP) communication link.
26. The method of claim 19 wherein said assigning further comprises:
- retrieving a subscriber Internet Protocol address from a pool of addresses located in memory.
27. The method of claim 19 wherein said assigning further comprises:
- retrieving a subscriber Internet Protocol address from an access accept reply packet received from an authentication server.
28. The method of claim 19 wherein said causing further comprises:
- causing said host to communicate with said network interface using a Point-to-Point Protocol session.

29. An apparatus for single step logon of a host to a differentiated data communication network having the capacity to create same-session open channels to a first domain and a second domain, the apparatus comprising:
- means for causing a subscriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link;
  
  means for identifying a source address for a subscriber; and
  
  means for authorizing said subscriber to access said first domain and said second domain based upon login information obtained from said subscriber.
- View Dependent Claims (30, 31, 32)
- - 30. The apparatus of claim 29 further comprising:
31. The apparatus of claim 29 wherein said means for negotiating for the transport of multi-protocol data packets further comprises:
- means for communicating between said host and said network interface using a Point-to-Point Protocol session.
32. The apparatus of claim 29 wherein said means for authorizing said subscriber to access said first domain and said second domain further comprises:
- means for writing said login information into a memory.

33. An apparatus for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
- means for receiving login information from the subscriber;
  
  means for authenticating said subscriber based upon said login information;
  
  means for storing said login information in a memory;
  
  means for notifying the subscriber'"'"'s host once a successful authentication process has been completed;
  
  means for setting an address allocation session with said host;
  
  means for assigning a source address to said host;
  
  means for causing said host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link; and
  
  means for writing a subscriber-related entry into memory based upon said source address and said login information.

34. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
- causing the host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
  
  identifying a source address for a host; and
  
  authorizing said host to access said first domain and said second domain based upon login information obtained from said subscriber.
- View Dependent Claims (35, 36)
- - 35. The program storage device of claim 34 wherein said method further comprises:
36. The program storage device of claim 34 wherein said authorizing further comprises:
- writing said login information into a memory.

37. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for single-step subscriber logon to a differentiated data communication network including secure simultaneous access capabilities to a first domain and a second domain, said method comprising:
- causing the subscriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
  
  identifying a source address for a subscriber; and
  
  authorizing said subscriber to access said first domain and said second domain based upon login information obtained from said subscriber.
- View Dependent Claims (38, 39)
- - 38. The program storage device of claim 37 wherein said method further comprises:
39. The program storage device of claim 37 wherein said method further comprises:
- writing said login information into a memory.

40. A gateway for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
- a multi-protocol point-to-point link device establishing a communication link for the transport of multi-protocol data packets between said host and the gateway;
  
  an authentication processor receiving an identification information from said host;
  
  a notification device sending notification of successful authentication to said host;
  
  a source address device obtaining an IP address for said host upon said notification device sending notification of successful authentication to said host; and
  
  a device for storing said identification information from said host and the authenticity of said identification information from said authentication processor.
- View Dependent Claims (41)
- - 41. The apparatus of claim 40 wherein

42. An apparatus for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
- a multi-protocol point-to-point link device in communication with said host for establishing a communication link;
  
  an authentication processor in communication with said host for receiving login information from said host and for authenticating said subscriber;
  
  a notifier in communication with said authentication processor and said host for notifying said host of authentication status;
  
  a source address device in communication with said host for negotiating a dynamic IP address; and
  
  a registration memory in communication with said authentication processor and said source address negotiator for tabulating said login information and said source address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Lou, Shuxian, Zhang, Shujin
Primary Examiner(s)
Heckler, Thomas M.

Application Number

US09/204,640
Time in Patent Office

937 Days
Field of Search

713/182, 713/183, 713/201, 713/202, 709/227, 709/228, 709/230
US Class Current

726/14
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

Single step network logon based on point to point protocol

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

261 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Single step network logon based on point to point protocol

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

261 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links