Authentication and authorization mechanisms for Fortezza passwords

US 6,434,700 B1
Filed: 12/22/1998
Issued: 08/13/2002
Est. Priority Date: 12/22/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for receiving and authenticating a Fortezza password within a computer system that also receives and authenticates passwords of other types and to thereby selectively permit a client associated with the Fortezza password to access a network that is protected by the computer system, the method comprising the steps of:

receiving, from the client, user access information associated with a particular user of the client;

determining, based on the user access information and a database that contains profile information associated with the user, a password type associated with the user;

when the password type is FORTEZZA, requesting authentication of the password from a Fortezza server;

granting the client access to the network when the Fortezza server approves the password; and

when the password type is any type other than FORTEZZA, requesting authentication of the password from an authentication process that is associated with that password type.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus that provide network access control are disclosed. In one embodiment, a network access control apparatus is configured to receive and authenticate a password that uses the “Fortezza” cryptographic protocol, and to receive and authenticate passwords of other types, to thereby selectively permit a client associated with the Fortezza password to access a protected network. A Fortezza card reader is coupled to the client and associated with a Fortezza card that contains the Fortezza password. A network access server is logically coupled to the client. An access control server is coupled logically between the client and the protected network and that controls access of the client to the protected network. A Fortezza authentication server is coupled to the access control server for communication therewith. A database is coupled to the access control server and that contains profile information associated with the user. The access control server receives, from the client, user access information associated with a particular user of the client; determining, based on the user access information and a database, a type of a password associated with the user; when the password type is FORTEZZA, requesting authentication of the password from a Fortezza server; granting the client access to the network when the Fortezza server approves the password; and when the password type is any type other than FORTEZZA, requesting authentication of the password from an authentication process that is associated with that password type.

228 Citations

15 Claims

1. A method for receiving and authenticating a Fortezza password within a computer system that also receives and authenticates passwords of other types and to thereby selectively permit a client associated with the Fortezza password to access a network that is protected by the computer system, the method comprising the steps of:
- receiving, from the client, user access information associated with a particular user of the client;
  
  determining, based on the user access information and a database that contains profile information associated with the user, a password type associated with the user;
  
  when the password type is FORTEZZA, requesting authentication of the password from a Fortezza server;
  
  granting the client access to the network when the Fortezza server approves the password; and
  
  when the password type is any type other than FORTEZZA, requesting authentication of the password from an authentication process that is associated with that password type.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as recited in claim 1, wherein the step of receiving the user access information comprises the step of receiving, from the client, user access information associated with a particular user of the client at an access control server that is logically interposed between the client and the network.
  - 3. The method as recited in claim 2 further comprising the step of receiving, from the client, user access information associated with a particular user of the client at a network access server that is coupled to the access control server and logically interposed between the client and the network.
  - 4. The method of claim 1, wherein the step of determining the password type further comprises the step of accessing a user profile that is stored in the database and that stores profile information of a plurality of users, in which the profile information identifies users of FORTEZZA type passwords and passwords of other types.
  - 5. The method as recited in claim 1, wherein the step of requesting authentication and authorization from the Fortezza server further comprises the step of communicating with the Fortezza server through a cryptologic library.

6. A computer-readable medium carrying one or more sequences of instructions for receiving and authenticating a Fortezza password within a computer system that also receives and authenticates passwords of other types and to thereby selectively permit a client associated with the Fortezza password to access a network that is protected by the computer system, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
- receiving, from the client, user access information associated with a particular user of the client;
  
  determining, based on the user access information and a database that contains profile information associated with the user, a password type associated with the user;
  
  when the password type is FORTEZZA, requesting authentication of the password from a Fortezza server;
  
  granting the client access to the network when the Fortezza server approves the password; and
  
  when the password type is any type other than FORTEZZA, requesting authentication of the password from an authentication process that is associated with that password type.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer-readable medium as recited in claim 6, wherein the step of receiving the user access information comprises the step of receiving, from the client, user access information associated with a particular user of the client at an access control server that is logically interposed between the client and the network.
  - 8. The computer-readable medium as recited in claim 7 further comprising the step of receiving, from the client, user access information associated with a particular user of the client at a network access server that is coupled to the access control server and logically interposed between the client and the network.
  - 9. The computer-readable medium of claim 6, wherein the step of determining the password type further comprises the step of accessing a user profile that is stored in the database and that stores profile information of a plurality of users, in which the profile information identifies users of FORTEZZA type passwords and passwords of other types.
  - 10. The computer-readable medium as recited in claim 6, wherein the step of requesting authentication and authorization from the Fortezza server further comprises the step of communicating with the Fortezza server through a cryptologic library.

11. A password authentication apparatus configured to receive and authenticate a Fortezza password and to receive and authenticate passwords of other types, to thereby selectively permit a client associated with the Fortezza password to access a protected network, the apparatus comprising:
- an access control server logically interposed between the client and the protected network;
  
  a Fortezza authentication server coupled to the access control server for communication therewith;
  
  a database coupled to the access control server and that contains profile information associated with the user;
  
  means for generating the Fortezza password, coupled to the client;
  
  means in the access control server for receiving, from the client, user access information associated with a particular user of the client;
  
  determining, based on the user access information and a database, a password type associated with the user;
  
  when the password type is FORTEZZA, requesting authentication of the password from a Fortezza server;
  
  granting the client access to the network when the Fortezza server approves the password; and
  
  when the password type is any type other than FORTEZZA, requesting authentication of the password from an authentication process that is associated with that password type.
- View Dependent Claims (12, 13, 14)
- - 12. The apparatus recited in claim 11, wherein the means in the access control server further comprises means for receiving, from the client, user access information associated with a particular user of the client at a network access server that is coupled to the access control server and logically interposed between the client and the network.
  - 13. The apparatus of claim 11, wherein means in the access control server further comprises means for determining the password type by accessing a user profile that is stored in the database and that stores profile information of a plurality of users, in which the profile information identifies users of FORTEZZA type passwords and passwords of other types.
  - 14. The apparatus as recited in claim 11, wherein the means in the access control server for requesting authentication and authorization from the Fortezza server further comprises a cryptologic library in the access control server that is logically coupled to the Fortezza server for communication therewith.

15. A password authentication apparatus configured to receive and authenticate a Fortezza password and to receive and authenticate passwords of other types, to thereby selectively permit a client associated with the Fortezza password to access a protected network, the apparatus comprising:
- a Fortezza card reader coupled to the client and associated with a Fortezza card that contains the Fortezza password;
  
  a network access server logically coupled to the client;
  
  an access control server coupled logically between the client and the protected network and that controls access of the client to the protected network;
  
  a Fortezza authentication server coupled to the access control server for communication therewith;
  
  a database coupled to the access control server and that contains profile information associated with the user;
  
  means in the access control server for receiving, from the client, user access information associated with a particular user of the client;
  
  determining, based on the user access information and a database, a password type associated with the user;
  
  when the password type is FORTEZZA, requesting authentication of the password from a Fortezza server;
  
  granting the client access to the network when the Fortezza server approves the password; and
  
  when the password type is any type other than FORTEZZA, requesting authentication of the password from an authentication process that is associated with that password type.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Victa, Rodelito L., Alonso, Oscar S., Calabrese, John S., Morris, Herbert C.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/218,730
Time in Patent Office

1,330 Days
Field of Search

713/168-169, 713/170, 713/176, 713/182
US Class Current

713/169
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

Authentication and authorization mechanisms for Fortezza passwords

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

228 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication and authorization mechanisms for Fortezza passwords

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

228 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links