Dynamic, scaleable attribute filtering in a multi-protocol compatible network access environment
First Claim
1. A device for processing network access requests responsive to more than one network access method, said device comprising:
- a protocol gateway responsive to an access request based on a supported protocol;
a gateway layer in communication with said protocol layer having protocol handlers for processing access requests and a state manager defining sets of process states required for each of the network access methods supported;
an inbound filter state object in communication with said gateway that is responsive to at least one of the protocol handlers and is invoked to filter attributes from the access request, said inbound filter state object identifying a set of steps necessary to filter said attributes from the access request;
a service component responsive to an access request received from an access state object;
a protocol handler responsive to an outbound filter attribute of the access request response received from said service component via a state object.
1 Assignment
0 Petitions
Accused Products
Abstract
A device for processing network access requests responsive to more than one network access protocol comprises a protocol layer responsive to a client access request based on a first protocol, a gateway layer in communication with the protocol layer including at least one protocol handler for processing access requests and a state manager having more than one set of process states required for each network access method, and an inbound filter state object in communication with the gateway layer that is responsive to at least one protocol handler and is invoked to filter attribute data in the access request packets. A method for dynamic, scaleable attribute filtering in a multiple-protocol compatible network access environment comprises receiving an access request which is based upon a first supported network access protocol, processing the access request as a task, processing the task at a protocol handler to verify user identity; checking the access request at the protocol handler for an inbound filter attribute, retrieving a state interface pointer from a state manager based upon an inbound filter being found in the access request and invoking an inbound filter state object to filter the first access request in accordance with the first state interface pointer.
104 Citations
28 Claims
-
1. A device for processing network access requests responsive to more than one network access method, said device comprising:
-
a protocol gateway responsive to an access request based on a supported protocol;
a gateway layer in communication with said protocol layer having protocol handlers for processing access requests and a state manager defining sets of process states required for each of the network access methods supported;
an inbound filter state object in communication with said gateway that is responsive to at least one of the protocol handlers and is invoked to filter attributes from the access request, said inbound filter state object identifying a set of steps necessary to filter said attributes from the access request;
a service component responsive to an access request received from an access state object;
a protocol handler responsive to an outbound filter attribute of the access request response received from said service component via a state object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
an outbound filter state object in communication with said gateway layer that is responsive to at least one of the protocol handlers and is invoked to filter attributes from an access request response.
-
-
3. The device of claim 1, wherein said protocol layer further comprises:
-
a task source for receiving access requests from clients;
a task processor in communication with said task source that determines whether the protocol of said access requests is supported and queues the requests for further processing; and
a task sink in communication with said task processor that sends access request responses back to clients.
-
-
4. The device of claim 1, wherein said supported protocol is Remote Authentication Dial-In User Service (RADIUS) protocol used in conjunction with a dial-up client.
-
5. The device of claim 1, wherein said supported protocol is Multimedia Cable Network System (MCNS) protocol used in conjunction with a cable modem client.
-
6. The device of claim 1, wherein said supported protocol is Trivial File Transfer Protocol (TFTP).
-
7. The device of claim 1, wherein said sets of process states define the necessary steps which must be performed by one of the protocol handlers in order to respond to the access request.
-
8. The device of claim 1, further including at least one client for providing an access point interface between a host and said device.
-
9. The device of claim 8, wherein said at least one client includes a network access server.
-
10. The device of claim 8, wherein said at least one client includes a digital subscriber line-based interface.
-
11. The device of claim 8, wherein said at least one client includes a cable modem interface.
-
12. The device of claim 8, wherein said at least one client includes a wireless communication interface.
-
13. A method of dynamic, scaleable attribute filtering in a multiple-protocol compatible network access environment, the method comprising:
-
receiving a first access request which is based upon a first supported network access protocol;
processing the first access request as a first task;
processing the first task at a protocol handler to verify user identity;
checking the first access request at the protocol handler for an inbound filter attribute;
retrieving a first state interface pointer from a state manager based upon an inbound filter being found in the first access request; and
invoking an inbound filter state object to filter the first access request in accordance with the first state interface pointer. - View Dependent Claims (14, 15, 16)
proxying said inbound filtered first access request to an access state object;
sending said inbound filtered first access request from the access state object to a service component;
returning a first access request response from a service component to the protocol handler via the state object;
checking the first access request response at the protocol handler for an outbound filter attribute;
retrieving a second state interface pointer from a state manager based upon an outbound filter being found in the first access request response; and
invoking an outbound filter state object to filter the first access request response in accordance with the second state interface pointer.
-
-
15. The method of claim 13, further comprising:
-
receiving a second access request which is based upon a second supported network access protocol;
processing the second access request as a second task;
processing the second task at a protocol handler to verify user identity;
checking the second access request at the protocol handler for an inbound filter attribute;
retrieving a third state interface pointer from a state manager based upon an inbound filter being found in the second access request; and
invoking an inbound filter state object to filter the second access request in accordance with the third state interface pointer.
-
-
16. The method of claim 15 further comprising:
-
proxying said inbound filtered second-access request to an access state object;
sending said inbound filtered second access request from the access state object to a service component;
returning a second access request response from a service component to the protocol handler via the state object;
checking the second access request response at the protocol handler for an outbound filter attribute;
retrieving a fourth state interface pointer from a state manager based upon an outbound filter being found in the second access request response; and
invoking an outbound filter state-object to filter the second access request response in accordance with the fourth interface pointer.
-
-
17. A method of dynamic, scaleable attribute filtering in a multiple-protocol compatible network access environment, the method comprising:
-
receiving a first access request which is based upon a first supported network access protocol;
processing the first access request as a first task;
processing the first task at a protocol handler to verify user identity;
checking the first access request response at the protocol handler for an inbound filter attribute;
proxying the first access request to an access state object;
sending first access request from the access state object to a service component;
returning a first access request response from a service component to the protocol handler via the state object;
checking the first access request response at the protocol handler for an outbound filter attribute;
retrieving a second state interface pointer from a state manager based upon an outbound filter being found in the first access request response; and
invoking an outbound filter state object to filter the first access request in accordance with the first state interface pointer.
-
-
18. A device for processing network access requests responsive to more than one network access method and having dynamic, scaleable filtration, said device comprising:
-
means for receiving a first access request that is based upon a first supported network access protocol;
means for processing the first access request as a first task;
means for processing the first task at a protocol handler to verify user identity;
means for checking the first access request at the protocol handler for an inbound filter attribute;
means for retrieving a first state interface pointer from a state manager based upon an inbound filter being found in the first access request; and
means for invoking an inbound filter state object to filter the first access request in accordance with the first state interface pointer. - View Dependent Claims (19)
means for proxying inbound filtered first access request to an access state object;
means for sending inbound filtered first access request from the access state object to a service component;
means for returning a first access request response from a service component to the protocol handler via the state object;
means for checking the first access request response at the protocol handler for an outbound filter attribute;
means for retrieving a second state interface pointer from a state manager based upon an outbound filter being found in the first access request response; and
means for invoking an outbound filter state object to filter the first access request response in accordance with the second state interface pointer.
-
-
20. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for dynamic, scaleable filtration of attribute data in a multiple-protocol network access environment, the method comprising:
-
receiving a first access request which is based upon a first supported network access protocol;
processing the first access request as a first task;
processing the first task at a protocol handler to verify user identity;
checking the first access request at the protocol handler for an inbound filter attribute;
retrieving a first state interface pointer from a state manager based upon an inbound filter being found in the first access request; and
invoking an inbound filter state object to filter the first access request in accordance with the first state interface pointer. - View Dependent Claims (21)
proxying said inbound filtered first access request to an access state object;
sending said inbound filtered first access request from the access state object to a service component;
returning a first access request response from a service component to the protocol handler via the state object;
checking the first access request response at the protocol handler for an outbound filter attribute;
retrieving a second state interface pointer from a state manager based upon an outbound filter being found in the first access request response; and
invoking an outbound filter state object to filter the first access request response in accordance with the second state interface pointer.
-
-
22. A method for dynamically filtering an attribute in a multiple-protocol compatible network access environment, the method comprising:
-
receiving an access request;
checking said access request for an inbound filter attribute;
retrieving a data structure identifying a set of steps necessary to implement said inbound filter attribute;
executing said set of steps;
sending said access request from an access state object to a service component;
returning an access request response from a service component to a protocol handler via a state object; and
checking said access request response at said protocol handler for an outbound filter attribute. - View Dependent Claims (23, 24)
verifying a user identify of said of said access request.
-
-
25. An apparatus for dynamically filtering an attribute in a multiple-protocol compatible network access environment, the apparatus comprising:
-
means for receiving an access request;
means for checking said access request for an inbound filter attribute;
means for retrieving a data structure identifying a set of steps necessary to implement said inbound filter attribute;
means for executing said set of steps;
means for sending said access request from an access state object to a service component;
means for returning an access request response from a service component to a protocol handler via a state object; and
means for checking said access request response at said protocol handler for an outbound filter attribute. - View Dependent Claims (27, 28)
means for verifying a user identify of said of said access request.
-
-
26. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for dynamically filtering an attribute in a multiple-protocol compatible network access environment, the method comprising:
-
receiving an access request;
checking said access request for an inbound filter attribute;
retrieving a data structure identifying a set of steps necessary to implement said inbound filter attribute;
executing said set of steps;
sending said access request from an access state object to a service component;
returning an access request response from a service component to a protocol handler via a state object; and
checking said access request response at said protocol handler for an outbound filter attribute.
-
Specification