Single step network logon based on point to point protocol
First Claim
1. A method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
- causing a host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
identifying a source address for the host; and
authorizing the host to access said first domain and said second domain based upon login information obtained from said subscriber.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for providing single-step logon access for a subscriber to a differentiated computer network having more than one separate access area. In a method for single-step logon a network gateway interface grants a subscriber access to both one or more public network domains, such as the Internet, and one or more private domains, such as community of interest domains or intra-network domains, without requiring the subscriber to launch a separate logon application. Once the subscriber has completed a single step logon to the network interface, the service provider is able to provide the subscriber with simultaneous secure channel access to both public areas and secured private areas. A network gateway interface provides the capability to authenticate the subscriber, provide the subscriber with an TIP address and negotiate a point to point protocol session with the subscriber'"'"'s host, thereby eliminating the need to have the subscriber logon for public area access and then logon for private area access.
261 Citations
42 Claims
-
1. A method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
-
causing a host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
identifying a source address for the host; and
authorizing the host to access said first domain and said second domain based upon login information obtained from said subscriber. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
authenticating said subscriber based upon login information obtained from said subscriber.
-
-
3. The method of claim 2 wherein said authenticating is accomplished using Link Control Protocol.
-
4. The method of claim 1 wherein said identifying is accomplished using Internet Protocol Control Protocol (IPCP).
-
5. The method of claim 1 wherein said identifying further comprises:
assigning an Internet Protocol address to said subscriber from a pool of addresses located in memory.
-
6. The method of claim 1 wherein said identifying further comprises:
assigning an Internet Protocol address to said subscriber from an authentication reply packet received from an authentication server.
-
7. The method of claim 1 wherein said causing is accomplished using Point-to-Point Protocol (PPP).
-
8. The method of claim 1 wherein said authorizing further comprises:
writing said login information into a memory.
-
9. A method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
-
authenticating a subscriber based upon login information obtained from said subscriber;
causing the subcriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link;
identifying a source address for said subscriber;
writing said login information into a memory; and
authorizing said subscriber to access said first domain and said second domain based upon said login information obtained from said subscriber.
-
-
10. A method for single-step subscriber logon to a differentiated data communication network including same-session access capabilities to a first domain and a second domain, said method comprising:
-
causing the subscriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
identifying a source address for a subscriber; and
authorizing said subscriber to access said first domain and said second domain based upon login information obtained from said subscriber. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
authenticating said subscriber based upon login information obtained from said subscriber.
-
-
12. The method of claim 11 wherein said authenticating is accomplished using Link Control Protocol.
-
13. The method of claim 10 wherein said identifying is accomplished using Internet Protocol Control Protocol (IPCP).
-
14. The method of claim 10 wherein said identifying further comprises:
assigning an Internet Protocol address to said subscriber from a pool of addresses located in a memory.
-
15. The method of claim 10 wherein said identifying further comprises:
assigning an Internet Protocol address to said subscriber from an authentication reply packet received from an authentication server.
-
16. The method of claim 10 wherein said causing is accomplished using Point-to-Point Protocol (PPP).
-
17. The method of claim 10 wherein said authorizing further comprises:
writing said login information into a memory.
-
18. A method for single-step subscriber logon to a differentiated data communication network including same-session access capabilities to a first domain and a second domain, said method comprising:
-
authenticating a subscriber based upon login information obtained from said subscriber;
causing the subscriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link;
identifying a source address for said subscriber;
writing said login information into a memory; and
authorizing said subscriber to access said first domain and said second domain based upon login information obtained from said subscriber.
-
-
19. A method for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
-
receiving login information from the subscriber;
authenticating said subscriber based upon said login information;
storing said login information in memory;
notifying the subscriber'"'"'s host once a successful authentication process has been completed;
setting an address allocation session with said host;
assigning a source address to said host;
causing said host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link; and
writing a subscriber-related entry into memory based upon said source address and said login information. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
processing an authentication request packet based upon said login information;
sending said authentication request packet to an authentication memory bank; and
receiving an access accept reply packet from said authentication memory bank.
-
-
21. The method of claim 20 wherein said sending further comprises:
sending said authentication reply packet via a Remote Access Dial-In User Service (RADIUS) protocol communication link.
-
22. The method of claim 19 wherein said writing further comprises:
writing said subscriber-related entry into a memory based upon configuration information in said access accept reply packet.
-
23. The method of claim 19 wherein said subscriber login information includes the user name and user authenticator.
-
24. The method of claim 19 wherein said receiving further comprises:
receiving login information using a Link Central Protocol (LCP) communication link.
-
25. The method of claim 19 wherein said setting further comprises:
setting an address allocation session using an Internet Protocol Control Protocol (IPCP) communication link.
-
26. The method of claim 19 wherein said assigning further comprises:
retrieving a subscriber Internet Protocol address from a pool of addresses located in memory.
-
27. The method of claim 19 wherein said assigning further comprises:
retrieving a subscriber Internet Protocol address from an access accept reply packet received from an authentication server.
-
28. The method of claim 19 wherein said causing further comprises:
causing said host to communicate with said network interface using a Point-to-Point Protocol session.
-
29. An apparatus for single step logon of a host to a differentiated data communication network having the capacity to create same-session open channels to a first domain and a second domain, the apparatus comprising:
-
means for causing a subscriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link;
means for identifying a source address for a subscriber; and
means for authorizing said subscriber to access said first domain and said second domain based upon login information obtained from said subscriber. - View Dependent Claims (30, 31, 32)
means for authenticating said subscriber based upon login information obtained from said subscriber.
-
-
31. The apparatus of claim 29 wherein said means for negotiating for the transport of multi-protocol data packets further comprises:
means for communicating between said host and said network interface using a Point-to-Point Protocol session.
-
32. The apparatus of claim 29 wherein said means for authorizing said subscriber to access said first domain and said second domain further comprises:
means for writing said login information into a memory.
-
33. An apparatus for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
-
means for receiving login information from the subscriber;
means for authenticating said subscriber based upon said login information;
means for storing said login information in a memory;
means for notifying the subscriber'"'"'s host once a successful authentication process has been completed;
means for setting an address allocation session with said host;
means for assigning a source address to said host;
means for causing said host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point link; and
means for writing a subscriber-related entry into memory based upon said source address and said login information.
-
-
34. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
-
causing the host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
identifying a source address for a host; and
authorizing said host to access said first domain and said second domain based upon login information obtained from said subscriber. - View Dependent Claims (35, 36)
authenticating said subscriber based upon login information obtained from said subscriber.
-
-
36. The program storage device of claim 34 wherein said authorizing further comprises:
writing said login information into a memory.
-
37. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for single-step subscriber logon to a differentiated data communication network including secure simultaneous access capabilities to a first domain and a second domain, said method comprising:
-
causing the subscriber'"'"'s host to communicate with a network interface using a transport of multi-protocol data packets over a point-to-point communication link;
identifying a source address for a subscriber; and
authorizing said subscriber to access said first domain and said second domain based upon login information obtained from said subscriber.- View Dependent Claims (38, 39)
authenticating said subscriber based upon login information obtained from said subscriber.
-
-
39. The program storage device of claim 37 wherein said method further comprises:
writing said login information into a memory.
-
40. A gateway for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
-
a multi-protocol point-to-point link device establishing a communication link for the transport of multi-protocol data packets between said host and the gateway;
an authentication processor receiving an identification information from said host;
a notification device sending notification of successful authentication to said host;
a source address device obtaining an IP address for said host upon said notification device sending notification of successful authentication to said host; and
a device for storing said identification information from said host and the authenticity of said identification information from said authentication processor. - View Dependent Claims (41)
said authentication processor authenticating said subscriber based upon login information, said authentication processor in communication with said host.
-
-
42. An apparatus for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
-
a multi-protocol point-to-point link device in communication with said host for establishing a communication link;
an authentication processor in communication with said host for receiving login information from said host and for authenticating said subscriber;
a notifier in communication with said authentication processor and said host for notifying said host of authentication status;
a source address device in communication with said host for negotiating a dynamic IP address; and
a registration memory in communication with said authentication processor and said source address negotiator for tabulating said login information and said source address.
-
Specification