Single step network logon based on point to point protocol
First Claim
1. A method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
- causing a host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
identifying a source address for the host; and
authorizing the host to access said first domain and said second domain based upon login information obtained from said subscriber.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for providing single-step logon access for a subscriber to a differentiated computer network having more than one separate access area. In a method for single-step logon a network gateway interface grants a subscriber access to both one or more public network domains, such as the Internet, and one or more private domains, such as community of interest domains or intra-network domains, without requiring the subscriber to launch a separate logon application. Once the subscriber has completed a single step logon to the network interface, the service provider is able to provide the subscriber with simultaneous secure channel access to both public areas and secured private areas. A network gateway interface provides the capability to authenticate the subscriber, provide the subscriber with an TIP address and negotiate a point to point protocol session with the subscriber'"'"'s host, thereby eliminating the need to have the subscriber logon for public area access and then logon for private area access.
-
Citations
42 Claims
-
1. A method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
-
causing a host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
identifying a source address for the host; and
authorizing the host to access said first domain and said second domain based upon login information obtained from said subscriber. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
authenticating said subscriber based upon login information obtained from said subscriber.
-
-
3. The method of claim 2 wherein said authenticating is accomplished using Link Control Protocol.
-
4. The method of claim 1 wherein said identifying is accomplished using Internet Protocol Control Protocol (IPCP).
-
5. The method of claim 1 wherein said identifying further comprises:
assigning an Internet Protocol address to said subscriber from a pool of addresses located in memory.
-
6. The method of claim 1 wherein said identifying further comprises:
assigning an Internet Protocol address to said subscriber from an authentication reply packet received from an authentication server.
-
7. The method of claim 1 wherein said causing is accomplished using Point-to-Point Protocol (PPP).
-
8. The method of claim 1 wherein said authorizing further comprises:
writing said login information into a memory.
-
9. A method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
-
authenticating a subscriber based upon login information obtained from said subscriber;
causing the subcriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link;
identifying a source address for said subscriber;
writing said login information into a memory; and
authorizing said subscriber to access said first domain and said second domain based upon said login information obtained from said subscriber.
-
-
10. A method for single-step subscriber logon to a differentiated data communication network including same-session access capabilities to a first domain and a second domain, said method comprising:
-
causing the subscriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
identifying a source address for a subscriber; and
authorizing said subscriber to access said first domain and said second domain based upon login information obtained from said subscriber. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
authenticating said subscriber based upon login information obtained from said subscriber.
-
-
12. The method of claim 11 wherein said authenticating is accomplished using Link Control Protocol.
-
13. The method of claim 10 wherein said identifying is accomplished using Internet Protocol Control Protocol (IPCP).
-
14. The method of claim 10 wherein said identifying further comprises:
assigning an Internet Protocol address to said subscriber from a pool of addresses located in a memory.
-
15. The method of claim 10 wherein said identifying further comprises:
assigning an Internet Protocol address to said subscriber from an authentication reply packet received from an authentication server.
-
16. The method of claim 10 wherein said causing is accomplished using Point-to-Point Protocol (PPP).
-
17. The method of claim 10 wherein said authorizing further comprises:
writing said login information into a memory.
-
18. A method for single-step subscriber logon to a differentiated data communication network including same-session access capabilities to a first domain and a second domain, said method comprising:
-
authenticating a subscriber based upon login information obtained from said subscriber;
causing the subscriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link;
identifying a source address for said subscriber;
writing said login information into a memory; and
authorizing said subscriber to access said first domain and said second domain based upon login information obtained from said subscriber.
-
-
19. A method for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
-
receiving login information from the subscriber;
authenticating said subscriber based upon said login information;
storing said login information in memory;
notifying the subscriber'"'"'s host once a successful authentication process has been completed;
setting an address allocation session with said host;
assigning a source address to said host;
causing said host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link; and
writing a subscriber-related entry into memory based upon said source address and said login information. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
processing an authentication request packet based upon said login information;
sending said authentication request packet to an authentication memory bank; and
receiving an access accept reply packet from said authentication memory bank.
-
-
21. The method of claim 20 wherein said sending further comprises:
sending said authentication reply packet via a Remote Access Dial-In User Service (RADIUS) protocol communication link.
-
22. The method of claim 19 wherein said writing further comprises:
writing said subscriber-related entry into a memory based upon configuration information in said access accept reply packet.
-
23. The method of claim 19 wherein said subscriber login information includes the user name and user authenticator.
-
24. The method of claim 19 wherein said receiving further comprises:
receiving login information using a Link Central Protocol (LCP) communication link.
-
25. The method of claim 19 wherein said setting further comprises:
setting an address allocation session using an Internet Protocol Control Protocol (IPCP) communication link.
-
26. The method of claim 19 wherein said assigning further comprises:
retrieving a subscriber Internet Protocol address from a pool of addresses located in memory.
-
27. The method of claim 19 wherein said assigning further comprises:
retrieving a subscriber Internet Protocol address from an access accept reply packet received from an authentication server.
-
28. The method of claim 19 wherein said causing further comprises:
causing said host to communicate with said network interface using a Point-to-Point Protocol session.
-
29. An apparatus for single step logon of a host to a differentiated data communication network having the capacity to create same-session open channels to a first domain and a second domain, the apparatus comprising:
-
means for causing a subscriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link;
means for identifying a source address for a subscriber; and
means for authorizing said subscriber to access said first domain and said second domain based upon login information obtained from said subscriber. - View Dependent Claims (30, 31, 32)
means for authenticating said subscriber based upon login information obtained from said subscriber.
-
-
31. The apparatus of claim 29 wherein said means for negotiating for the transport of multi-protocol data packets further comprises:
means for communicating between said host and said network interface using a Point-to-Point Protocol session.
-
32. The apparatus of claim 29 wherein said means for authorizing said subscriber to access said first domain and said second domain further comprises:
means for writing said login information into a memory.
-
33. An apparatus for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
-
means for receiving login information from the subscriber;
means for authenticating said subscriber based upon said login information;
means for storing said login information in a memory;
means for notifying the subscriber'"'"'s host once a successful authentication process has been completed;
means for setting an address allocation session with said host;
means for assigning a source address to said host;
means for causing said host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link; and
means for writing a subscriber-related entry into memory based upon said source address and said login information.
-
-
34. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
-
causing the host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
identifying a source address for a host; and
authorizing said host to access said first domain and said second domain based upon login information obtained from said subscriber. - View Dependent Claims (35, 36)
authenticating said subscriber based upon login information obtained from said subscriber.
-
-
36. The program storage device of claim 34 wherein said authorizing further comprises:
writing said login information into a memory.
-
37. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for single-step subscriber logon to a differentiated data communication network including secure simultaneous access capabilities to a first domain and a second domain, said method comprising:
-
causing the subscriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
identifying a source address for a subscriber; and
authorizing said subscriber to access said first domain and said second domain based upon login information obtained from said subscriber.- View Dependent Claims (38, 39)
authenticating said subscriber based upon login information obtained from said subscriber.
-
-
39. The program storage device of claim 37 wherein said method further comprises:
writing said login information into a memory.
-
40. A gateway for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
-
a multi-protocol point-to-point link device establishing a communication link for the transport of multi-protocol data packets between said host and the gateway;
an authentication processor receiving an identification information from said host;
a notification device sending notification of successful authentication to said host;
a source address device obtaining an IP address for said host upon said notification device sending notification of successful authentication to said host; and
a device for storing said identification information from said host and the authenticity of said identification information from said authentication processor. - View Dependent Claims (41)
said authentication processor authenticating said subscriber based upon login information, said authentication processor in communication with said host.
-
-
42. An apparatus for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
-
a multi-protocol point-to-point link device in communication with said host for establishing a communication link;
an authentication processor in communication with said host for receiving login information from said host and for authenticating said subscriber;
a notifier in communication with said authentication processor and said host for notifying said host of authentication status;
a source address device in communication with said host for negotiating a dynamic IP address; and
a registration memory in communication with said authentication processor and said source address negotiator for tabulating said login information and said source address.
-
Specification