Validating connections to a network system
First Claim
Patent Images
1. A method for establishing connections between a client and a server, the method comprising the steps of:
- receiving a request to establish a connection between the client and the server;
performing client authentication by determining whether the client is allowed to connect to the server;
performing client authorization by assigning a set of client access privileges to the connection;
performing user authentication by determining whether the user is allowed to access the server; and
performing user authorization by assigning a set of user access privileges to the connection.
1 Assignment
0 Petitions
Accused Products
Abstract
A mechanism for authenticating multiple connections to a network server is disclosed. A client establishes a first connection to the server. In establishing the first connection, the client provides authentication information and authorization information, and in response the server assigns first access privileges to the client. When the client requests a second connection, the server receives authentication information from the client, and assigns limited access privileges to the client. The server associates the first connection with the second connection and the client. The server automatically associates the first access privileges with the second connection, without requiring the client to provide authorization information for the second connection.
-
Citations
22 Claims
-
1. A method for establishing connections between a client and a server, the method comprising the steps of:
-
receiving a request to establish a connection between the client and the server;
performing client authentication by determining whether the client is allowed to connect to the server;
performing client authorization by assigning a set of client access privileges to the connection;
performing user authentication by determining whether the user is allowed to access the server; and
performing user authorization by assigning a set of user access privileges to the connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
receiving user access information, wherein the user access information is associated with a particular user; and
determining whether the user is allowed to access the server based on the user access information that is received.
-
-
3. The method as recited in claim 2, wherein the step of performing user authorization comprises the steps of:
-
determining the set of user access privileges based on the user access information; and
replacing the set of client access privileges assigned to the connection with the set of user access privileges.
-
-
4. The method as recited in claim 1, wherein the step of receiving the request to establish the connection comprises the step of receiving a dial-in request at the server from the client.
-
5. The method as recited in claim 1, wherein the step of performing client authentication phase comprises the steps of:
-
receiving client access information that is associated with the client; and
determining whether the user is allowed to access the server based on the client access information that is received.
-
-
6. The method as recited in claim 5, wherein the step of performing client authorization comprises the steps of:
-
identifying a set of minimal access rights, wherein the set of minimal access rights severely restricts functions that can be performed through the connection; and
assigning the set of minimal access rights to the connection.
-
-
7. The method as recited in claim 1, wherein the step of performing client authentication comprises the steps of authenticating the client using the Challenge Handshake Authentication Protocol (CHAP).
-
8. The method as recited in claim 1, wherein the step of performing client authentication phase comprises the step of authenticating the client using the Password Authentication Protocol (PAP).
-
9. The method as recited in claim 1, wherein the step of performing client authentication comprises the step of establishing a first connection between the client and the network access server when the client is allowed to connect to the server.
-
10. The method as recited in claim 2, wherein the step of receiving user access information comprises the step of receiving user access information that is supplied from a Token card.
-
11. The method as recited in claim 2, wherein the step of receiving user access information comprises the steps of:
-
displaying a login window on the client; and
receiving user access information in the login window.
-
-
12. The method as recited in claim 9, wherein the step of establishing the first connection comprises the step of establishing a first Point-to-Point (PPP) connection between the client and the network access server.
-
13. The method recited in claim 9, wherein the step of establishing the first connection comprises the step of establishing a first Serial Line Internet Protocol (SLIP) connection between the client and the network access server.
-
14. The method recited in claim 1, further comprising the steps of:
-
receiving a second request to establish a second connection between the client and the server;
performing a second client authentication by determining whether the client is allowed to connect to the server;
determining whether a first connection is active between the client and the server; and
assigning the set of user access privileges to the second connection, wherein the set of user access privileges are assigned to the second connection without performing a second user authentication.
-
-
15. The method as recited in claim 14, wherein the step of performing the second client authentication comprises the step of establishing the second connection between the client and the network access server when the client is allowed to connect to the server.
-
16. The method recited in claim 15, wherein the step of establishing the second connection comprises the step of establishing a second Point-to-Point (PPP) connection between the client and the network access server.
-
17. The method recited in claim 15, wherein the step of establishing the second connection comprises the step of establishing a second Serial Line Internet Protocol (SLIP) connection between the client and the network access server.
-
18. The method recited in claim 15,wherein the step of establishing the second connection comprises the steps of:
-
generating a bundle header at the network access server;
attaching the first connection and the second connection to the bundle header.
-
-
19. A method for establishing multiple connections between a client and a server, the method comprising the steps of:
-
receiving a request to establish a first connection between the client and the server;
performing a first client authentication phase, wherein the first client authentication phase determines whether the client is allowed to connect to the server;
performing a client authorization phase, wherein the client authorization phase assigns a set of client access privileges to the first connection;
performing a user authentication phase, wherein the user authentication phase determines whether the user is allowed to access the server;
performing a user authorization phase, wherein the user authorization phase assigns a set of user access privileges to the first connection;
receiving a request to establish a second connection between the client and the server;
performing a second client authentication phase, wherein the second client authentication phase determines whether the client is allowed to connect to the server; and
assigning the set of user access privileges to the second connection.
-
-
20. A computer-readable medium carrying one or more sequences of instructions for authenticating connections to a network access server, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
receiving a request to establish a connection between the client and the server;
performing a client authentication phase, wherein the client authentication phase determines whether the client is allowed to connect to the server;
performing a client authorization phase, wherein the client authorization phase assigns a set of client access privileges to the connection;
performing a user authentication phase, wherein the user authentication phase determines whether the user is allowed to access the server; and
performing a user authorization phase, wherein the user authorization phase assigns a set of user access privileges to the connection.
-
-
21. A computer data signal embodied in a carrier wave, the computer data signal carrying one or more sequences of instructions for authenticating connections to a network access server, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
receiving a request to establish a connection between the client and the server;
performing a client authentication phase, wherein the client authentication phase determines whether the client is allowed to connect to the server;
performing a client authorization phase, wherein the client authorization phase assigns a set of client access privileges to the connection;
performing a user authentication phase, wherein the user authentication phase determines whether the user is allowed to access the server; and
performing a user authorization phase, wherein the user authorization phase assigns a set of user access privileges to the connection.
-
-
22. A computer apparatus comprising:
-
a processor; and
a memory coupled to the processor, the memory containing one or more sequences of instructions for authenticating connections to a network access server, wherein execution of the one or more sequences of instructions by the processor causes the processor to perform the steps of;
receiving a request to establish a connection between the client and the server;
performing a client authentication phase, wherein the client authentication phase determines whether the client is allowed to connect to the server;
performing a client authorization phase, wherein the client authorization phase assigns a set of client access privileges to the connection;
performing a user authentication phase, wherein the user authentication phase determines whether the user is allowed to access the server; and
performing a user authorization phase, wherein the user authorization phase assigns a set of user access privileges to the connection.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
InventorsVilhuber, Jan
-
Primary Examiner(s)Wright, Norman M.
-
Application NumberUS09/156,209Time in Patent Office1,496 DaysField of Search713/201, 713/202, 713/200, 709/225, 709/227, 709/229US Class Current726/4CPC Class CodesG06F 21/577 Assessing vulnerabilities a...G06F 21/604 Tools and structures for ma...H04L 63/0815 providing single-sign-on or...H04L 63/083 using passwords cryptograph...H04L 63/10 for controlling access to d...
