Mechanism for authorizing a data communication session between a client and a server
First Claim
Patent Images
1. A method for authorizing a data communication session between a client and a first server, comprising the computer-implemented steps of:
- receiving a request to establish the session, wherein the request is associated with a particular entity that is associated with the client;
determining whether authorization of the session can be performed locally at a second server;
if authorization of the session can be performed locally at the second server, then informing the first server that the session may be established between the client and the first server for the particular entity; and
after informing the first server, informing a third server that is associated with the particular entity that the session has been authorized to be established for the particular entity.
1 Assignment
0 Petitions
Accused Products
Abstract
A mechanism for authorizing a data communication session between a client and a first server is disclosed. When a request is received to establish a session with a particular entity that is associated with the client, it is determined whether authorization of the session can be performed locally at a second server. If it is determined that authorization of the session can be performed locally at the second server then, the first server is informed that the session may be established between the client and the first server for the particular entity. A third server that is associated with the particular entity is identified and once the first server is informed that the session may be established, the third server is informed that the session has been authorized to be established for the particular entity. However, if authorization of the session cannot be performed locally at the second server then, the third server is requested to authorize the session between the client and the first server. Thereafter, based on the response that is received from the third server, the first server is informed as to whether the session may be authorized.
95 Citations
28 Claims
-
1. A method for authorizing a data communication session between a client and a first server, comprising the computer-implemented steps of:
-
receiving a request to establish the session, wherein the request is associated with a particular entity that is associated with the client;
determining whether authorization of the session can be performed locally at a second server;
if authorization of the session can be performed locally at the second server, then informing the first server that the session may be established between the client and the first server for the particular entity; and
after informing the first server, informing a third server that is associated with the particular entity that the session has been authorized to be established for the particular entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
if authorization of the session cannot be performed locally at the second server, then requesting the third server to authorize the session between the client and the first server; and
informing the first server, based on a response received from the third server, whether the session may be authorized.
-
-
3. The method as recited in claim 1, wherein the step of determining whether authorization of the session can be performed locally at the second server comprises the steps of:
-
determining a session counter value, wherein the session counter value indicates the number of sessions that are currently active for the particular entity;
determining a session threshold value, wherein the session threshold value indicates a threshold as to a number of sessions that may be currently active before sessions cannot be authorized locally by the second server; and
comparing the session counter value with the session threshold value to determine whether authorization of the session can be performed locally at the second server.
-
-
4. The method as recited in claim 1, wherein the step of determining whether authorization of the session can be performed locally at the second server comprises the step of determining whether the second server has received a prior request for the particular entity.
-
5. The method as recited in claim 1, further comprising the steps of, prior to receiving the request, maintaining data that is associated with the second server, wherein the data includes,
a session counter value, wherein the session counter value indicates the number of sessions that are currently active for the particular entity; - and
a session threshold value, wherein the session threshold value indicates a particular number of sessions that may be currently active before sessions cannot be authorized locally by the second server.
- and
-
6. The method as recited in claim 5, wherein the step of maintaining data that is associated with the second server further comprises the step of maintaining a server identifier, wherein the server identifier identifies a particular server that is assigned to the particular entity.
-
7. The method as recited in claim 1, wherein the step of receiving the request comprises the step of receiving a connection request, wherein the connection request requests authorization to establish a Point-to-Point Protocol connection between the client and the first server.
-
8. The method as recited in claim 1, wherein the step of identifying the third server comprises the step of retrieving global data, wherein the global data maps a particular server to each entity.
-
9. The method as recited in claim 1, wherein the step of identifying the third server comprises the step of retrieving a server identifier, wherein the server identifier identifies a particular server that is assigned to the particular entity.
-
10. The method as recited in claim 1, wherein the step of informing the third server further comprises the steps of:
-
determining, at the third server, whether other servers have previously authorized sessions for the particular entity; and
if other servers have previously authorized sessions for the particular entity, then informing the other servers that the session has been authorized for the particular entity.
-
-
11. The method as recited in claim 10, further comprising the steps of:
-
prior to informing the other servers, maintaining session counter values at each of the other servers, wherein the session counter values indicate the number of sessions that are currently active for the particular entity; and
after being informed that the session has been authorized for the particular entity, updating the session counter values at each of the other servers to reflect that the session has been authorized for the particular entity.
-
-
12. A method for broadcasting session information to one or more servers, the method comprising the computer-implemented steps of:
-
receiving a message from a first server, wherein the message indicates that a session has been authorized for a particular entity;
determining whether one or more other servers have previously authorized sessions for the particular entity; and
if one or more other servers have previously authorized sessions for the particular entity, then informing the one or more other servers that another session has been authorized for the particular entity. - View Dependent Claims (13)
prior to receiving the message from the first server, maintaining data that is associated with a second server, wherein the data includes a session counter value, wherein the session counter value indicates the number of sessions that are currently active for the particular entity; and
a server list, wherein the server list identifies the one or more other servers that have previously authorized sessions for the particular entity.
-
-
14. A method for authorizing a data communication session between a client and a server in a network, the method comprising the computer-implemented steps of:
-
receiving a connection request at a distributed session counter for authorization to establish a session between the client and the server, wherein the connection request is associated with a particular entity;
determining whether authorization of the session can be performed locally at the distributed session counter;
if authorization of the session can be performed locally at the distributed session counter, then sending an authorization granted message to the server to indicate that the session may be established between the client and the server for the particular entity;
identifying an authoritative distributed session counter that is associated with the particular entity; and
after sending the authorization granted message to the server, sending a authorization update message to the authoritative distributed session counter, wherein the authorization update message notifies the authoritative distribution counter that the session has been authorized to be established for the particular entity. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
if authorization of the session cannot be performed locally at the distributed session counter, then sending an authorization request message to the authoritative distributed session to request authorization to authorize the session between the client and the server; and
sending a response to the server based on a response message that is received from the authoritative distributed session, wherein the response message indicates whether the session should be authorized.
-
-
16. The method as recited in claim 14, wherein the step of determining whether authorization of the session can be performed locally at the distributed session counter comprises the steps of:
-
determining a local session counter value, wherein the local session counter value indicates the number of sessions that are currently active for the particular entity;
determining a local session threshold value, wherein the local session threshold value indicates a threshold as to a number of sessions that may be currently active before sessions cannot be authorized locally by the distributed session counter; and
comparing the local session counter value with the local session threshold value to determine whether authorization of the session can be performed locally at the distributed session counter.
-
-
17. The method as recited in claim 14, wherein the step of determining whether authorization of the session can be performed locally at the distributed session counter comprises the step of determining whether the distributed session counter has received a prior connection request for the particular entity.
-
18. The method as recited in claim 14, further comprising the steps of, prior to receiving the connection request,
maintaining a connection data storage area, wherein the connection data storage area includes a local session counter value, wherein the local session counter value indicates the number of sessions that are currently active for the particular entity; - and
a local session threshold value, wherein the local session threshold value indicates a particular number of sessions that may be currently active before sessions cannot be authorized locally by the distributed session counter.
- and
-
19. The method as recited in claim 18, wherein the step of maintaining the connection data storage area further comprises the step of maintaining an authoritative distributed session counter identifier, wherein the authoritative distributed session counter identifier identifies a particular authoritative distributed session counter that is assigned to the particular entity.
-
20. The method as recited in claim 14, wherein the step of receiving the connection request comprises the steps of receiving a request to authorize a Point-to-Point Protocol connection between the client and the server.
-
21. The method as recited in claim 14, wherein the step of identifying the authoritative distributed session counter comprises the step of interfacing with a global storage area, wherein the global storage area maps a particular authoritative distributed session counter to each entity.
-
22. The method as recited in claim 14, wherein the step of identifying the authoritative distributed session counter comprises the steps of:
retrieving an authoritative distributed session counter identifier, wherein the authoritative distributed session counter identifier identifies the authoritative distributed session counter that is assigned to the particular entity.
-
23. The method as recited in claim 14, wherein the step of sending the authorization update message to the authoritative distributed session counter further comprises the steps of:
-
determining, by the authoritative distributed session counter, whether other distributed session counters have previously authorized sessions for the particular entity; and
if other distributed session counters have previously authorized sessions for the particular entity, then broadcasting an update message to the other distributed session counters to indicate that another session has been authorized for the particular entity.
-
-
24. The method as recited in claim 23, further comprising the steps of:
-
prior to the other distributed session counters receiving the update message, maintaining a local session counter value at each of the other distributed session counters, wherein the local session counter value indicates the number of sessions that are currently active for the particular entity; and
after receiving the update message, updating the local session counter value at each of the other distributed session counters based on the update message.
-
-
25. A method for broadcasting session update information to distributed session counters, the method comprising the computer-implemented steps of:
-
receiving an authorization update message from a distributed session counter, wherein the authorization update message indicates that a session has been authorized for a particular entity;
determining whether other distributed session counters have previously authorized sessions for the particular entity; and
if other distributed session counters have previously authorized sessions for the particular entity, then broadcasting an update message to the other distributed session counters, wherein the update message notifies the other distributed session counters that another session has been authorized for the particular entity. - View Dependent Claims (26)
prior to receiving the authorization update message, maintaining a connection data storage area, wherein the connection data storage area includes a global session counter value, wherein the global session counter value indicates a global value of the number of sessions that are currently active for the particular entity; and
a local distributed session counter list, wherein the local distributed session counter list identifies the other distributed session counters that have previously authorized sessions for the particular entity.
-
-
27. A computer apparatus comprising:
-
a processor; and
a memory coupled to the processor, the memory containing one or more sequences of instructions for authorizing a data communication session between a client and a first server, wherein execution of the one or more sequences of instructions by the processor causes the processor to perform the steps of;
receiving a request to establish the session, wherein the request is associated with a particular entity that is associated with the client;
determining whether authorization of the session can be performed locally a second server;
if authorization of the session can be performed locally at the second server, then informing the first server that the session may be established between the client and the first server for the particular entity;
identifying a third server that is associated with the particular entity; and
after informing the first server, informing the third server that the session has been authorized to be established for the particular entity.
-
-
28. A computer apparatus comprising:
-
a processor; and
a memory coupled to the processor, the memory containing one or more sequences of instructions for broadcasting session information to one or more servers, wherein execution of the one or more sequences of instructions by the processor causes the processor to perform the steps of;
receiving a message from a first server, wherein the message indicates that a session has been authorized for a particular entity;
determining whether one or more other servers have previously authorized sessions for the particular entity; and
if one or more other servers have previously authorized sessions for the particular entity then, informing the one or more other servers that another session has been authorized for the particular entity.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
InventorsKerstetter, Terry, Cates, David, Patil, Kavita Shekhar, Roden, Thomas Anthony, Knight, John, Bui, Sonny, Chen, Pauline
-
Primary Examiner(s)Etienne, Ario
-
Application NumberUS09/231,926Time in Patent Office1,258 DaysField of Search709/227, 709/203, 709/204, 709/217, 709/228, 709/229, 709/225, 709/230, 709/226, 709/245, 709/249, 709/206, 709/219US Class Current709/227CPC Class CodesH04L 63/10 for controlling access to d...H04L 67/14 Session management for real...H04L 67/535 Tracking the activity of th...H04L 69/329 in the application layer [O...
