Single step network logon based on point to point protocol

US 7,036,142 B1
Filed: 02/11/2002
Issued: 04/25/2006
Est. Priority Date: 12/02/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:

communicating, by a network interface, between the network interface and a host, wherein said communicating comprises a transport of multi-protocol data packets over a point-to-point communication link between the host and the network interface;

identifying a source address for the host; and

authorizing the host to access said first domain and said second domain based upon login information obtained from the host.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for providing single-step logon access for a subscriber to a differentiated computer network having more than one separate access area. In a method for single-step logon a network gateway interface grants a subscriber access to both one or more public network domains, such as the Internet, and one or more private domains, such as community of interest domains or intra-network domains, without requiring the subscriber to launch a separate logon application. Once the subscriber has completed a single step logon to the network interface, the service provider is able to provide the subscriber with simultaneous secure channel access to both public areas and secured private areas. A network gateway interface provides the capability to authenticate the subscriber, provide the subscriber with an IP address and negotiate a point to point protocol session with the subscriber'"'"'s host, thereby eliminating the need to have the subscriber logon for public area access and then logon for private area access.

145 Citations

View as Search Results

55 Claims

1. A method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
- communicating, by a network interface, between the network interface and a host, wherein said communicating comprises a transport of multi-protocol data packets over a point-to-point communication link between the host and the network interface;
  
  identifying a source address for the host; and
  
  authorizing the host to access said first domain and said second domain based upon login information obtained from the host.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising:
    - authenticating said subscriber based upon login information obtained from the host.
  - 3. The method of claim 2 wherein said authenticating is accomplished using Link Control Protocol (LCP).
  - 4. The method of claim 1 wherein said identifying is accomplished using Internet Protocol Control Protocol (IPCP).
  - 5. The method of claim 1 wherein said identifying further comprises:
    - assigning an Internet Protocol address to the host from a pool of addresses located in a memory.
  - 6. The method of claim 1 wherein said identifying further comprises:
    - assigning an Internet Protocol address to the host from an authentication reply packet received from an authentication server.
  - 7. The method of claim 1 wherein said communicating is accomplished using Point-to-Point Protocol (PPP).
  - 8. The method of claim 1 wherein said authorizing further comprises:
    - writing said login information into a memory.

9. A method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
- authenticating in a network interface a host based upon login information obtained from the host;
  
  communicating, by the network interface, between the network interface and the host, wherein said communicating comprises a transport of multi-protocol data packets over a point-to-point link existing between the host and the network interface;
  
  identifying a source address for the host;
  
  writing said login information into a memory; and
  
  authorizing the host to access said first domain and said second domain based upon said login information.

10. A method for single-step subscriber logon to a differentiated data communication network including same-session access capabilities to a first domain and a second domain, said method comprising:
- communicating between a network interface and a host, wherein said communicating comprises a transport of multi-protocol data packets over a point-to-point communication link between the host and the network interface;
  
  identifying a source address for the host; and
  
  authorizing the host to access said first domain and said second domain based upon login information obtained from the host.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10 further comprising:
    - authenticating the host based upon login information obtained from the host.
  - 12. The method of claim 11 wherein said authenticating is accomplished using Link Control Protocol (LCP).
  - 13. The method of claim 10 wherein said identifying is accomplished using Internet Protocol Control Protocol (IPCP).
  - 14. The method of claim 10 wherein said identifying further comprises:
    - assigning an Internet Protocol address to the host from a pool of addresses located in a memory.
  - 15. The method of claim 10 wherein said identifying further comprises:
    - assigning an Internet Protocol address to the host from an authentication reply packet received from an authentication server.
  - 16. The method of claim 10 wherein said communicating is accomplished using Point-to-Point Protocol (PPP).
  - 17. The method of claim 10 wherein said authorizing further comprises:
    - writing said login information into a memory.

18. A method for single-step subscriber logon to a differentiated data communication network including same-session access capabilities to a first domain and a second domain, said method comprising:
- authenticating a host based upon login information obtained from the host;
  
  communicating, by the network interface, between the network interface and the host, wherein said communicating comprises a transport of multi-protocol data packets over a point-to-point link existing between the host and the network interface;
  
  identifying a source address for the host;
  
  writing said login information into a memory; and
  
  authorizing the host to access said first domain and said second domain based upon said login information.

19. A method for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
- receiving login information from said host;
  
  authenticating said host based upon said login information;
  
  storing said login information in a memory;
  
  notifying said host once a successful authentication process has been completed;
  
  initiating an address allocation negotiation session;
  
  assigning a source address to said host;
  
  communicating, by a network interface, between the network interface and said host, wherein said communicating comprises a transport of multi-protocol data packets over a point-to-point link existing between said host and said network interface; and
  
  writing a subscriber-related entry into the memory based upon said source address and said login information.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 20. The method of claim 19 wherein said authenticating further comprises:
    - processing an authentication request packet based upon said login information;
      
      sending said authentication request packet to an authentication memory bank; and
      
      receiving a reply packet from said authentication memory bank.
  - 21. The method of claim 20 wherein said sending further comprises:
    - sending said authentication request packet via a Remote Access Dial-In User Service (RADIUS) protocol communication link.
  - 22. The method of claim 20 wherein said writing further comprises:
    - writing said subscriber-related entry into the memory based upon configuration information in said reply packet from said authentication memory bank.
  - 23. The method of claim 19 wherein said login information comprises a user name and a user authenticator.
  - 24. The method of claim 19 wherein said receiving further comprises:
    - receiving login information using a Link Central Protocol (LCP) communication link.
  - 25. The method of claim 19 wherein said initiating further comprises:
    - utilizing an Internet Protocol Control Protocol (IPCP) communication link.
  - 26. The method of claim 19 wherein said assigning further comprises:
    - retrieving a subscriber Internet Protocol address from a pool of addresses located in the memory.
  - 27. The method of claim 19 wherein said assigning further comprises:
    - retrieving a subscriber Internet Protocol address from an access accept reply packet received from an authentication server.
  - 28. The method of claim 19 wherein said communicating further comprises:
    - utilizing a Point-to-Point Protocol session between said host and said network interface.

29. An apparatus for single step logon of a host to a differentiated data communication network having the capacity to create same-session open channels to a first domain and a second domain, the apparatus comprising:
- means for communicating via a network interface with a host, wherein said communicating comprises a transport of multi-protocol data packets over a point-to-point communication link existing between the host and the network interface;
  
  means for identifying a source address for the host; and
  
  means for authorizing the host to access said first domain and said second domain based upon login information obtained from the host.
- View Dependent Claims (30, 31, 32)
- - 30. The apparatus of claim 29 further comprising:
    - means for authenticating the host based upon login information obtained from the host.
  - 31. The apparatus of claim 29 wherein said means for communicating further comprises:
    - means for communicating between the host and the network interface using a Point-to-Point Protocol session.
  - 32. The apparatus of claim 29 wherein said means for authorizing further comprises:
    - means for writing said login information into a memory.

33. An apparatus for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain comprising:
- means for receiving login information from said host;
  
  means for authenticating said host based upon said login information;
  
  means for storing said login information in a memory;
  
  means for notifying said host once a successful authentication process has been completed;
  
  means for initiating an address allocation negotiation session;
  
  means for assigning a source address to said host;
  
  means for communicating, by a network interface, between the network interface and said host, wherein said communicating comprises a transport of multi-protocol data packets over a point-to-point link existing between said host and said network interface; and
  
  means for writing a subscriber-related entry into the memory based upon said source address and said login information.

34. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, said method comprising:
- communicating, by a network interface, between the network interface and a host, wherein said communicating comprises a transport of multi-protocol data packets over a point-to-point communication link between the host and the network interface;
  
  identifying a source address for the host; and
  
  authorizing the host to access said first domain and said second domain based upon login information obtained from the host.
- View Dependent Claims (35, 36)
- - 35. The program storage device of claim 34 wherein said method further comprises:
    - authenticating the host based upon login information obtained from the host.
  - 36. The program storage device of claim 34 wherein said authorizing further comprises:
    - writing said login information into a memory.

37. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for single-step subscriber logon to a differentiated data communication network including secure simultaneous access capabilities to a first domain and a second domain, said method comprising:
- communicating, by a network interface, between the network interface and a host, wherein said communicating comprises a transport of multi-protocol data packets over a point-to-point communication link between the host and the network interface;
  
  identifying a source address for the host; and
  
  authorizing the host to access said first domain and said second domain based upon login information obtained from the host.
- View Dependent Claims (38, 39)
- - 38. The program storage device of claim 37 wherein said method further comprises:
    - authenticating the host based upon login information obtained from the host.
  - 39. The program storage device of claim 37 wherein said method further comprises:
    - writing said login information into a memory.

40. A gateway for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain, the gateway comprising:
- a multi-protocol point-to-point link device for establishing a communication link for the transport of multi-protocol data packets between the host and the gateway;
  
  a source address device for obtaining a source address for the host; and
  
  an authentication processor for authorizing the host to access the first domain and the second domain based upon login information obtained from the host.
- View Dependent Claims (41, 46, 47)
- - 41. The gateway as defined in claim 40, wherein the authentication processor authenticates the host based upon the login information.
  - 46. The gateway as defined in claim 40, further comprising a notification device in communication with the authentication processor and the host for sending the host an authentication status.
  - 47. The gateway as defined in claim 40, further comprising a registration memory in communication with the authentication processor and the source address device for tabulating the login information and the source address.

42. An apparatus for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain, the apparatus comprising:
- a multi-protocol point-to-point link device in communication with the host for establishing a communication link;
  
  a source address device in communication with the host for negotiating a dynamic Internet Protocol (IP) address; and
  
  an authentication processor for authorizing the host to access the first domain and the second domain based upon login information obtained from the host.
- View Dependent Claims (43, 44, 45)
- - 43. The apparatus as defined in claim 42, wherein the authentication processor receives the login information from the host and authenticates the host.
  - 44. The apparatus as defined in claim 42, further comprising a notifier in communication with the authentication processor and the host for notifying the host of an authentication status.
  - 45. The apparatus as defined in claim 42, further comprising a registration memory in communication with the authentication processor and the source address device for tabulating the login information and the dynamic IP address.

48. An apparatus for single-step subscriber logon to a differentiated data communications network including a first domain and a second domain, the apparatus comprising:
- means for communicating, by a network interface, between the network interface and a host, wherein the communicating comprises a transport of multi-protocol data packets over a point-to-point communication link between the host and the network interface;
  
  means for identifying a source address for the host; and
  
  means for authorizing the host to access the first domain and the second domain based upon login information obtained from the host.
- View Dependent Claims (49, 50, 51)
- - 49. The apparatus as defined in claim 48, further comprising means for authenticating the host based upon login information obtained from the host.
  - 50. The apparatus as defined in claim 48, wherein the means for identifying further comprises means for assigning an Internet Protocol address to the host from a pool of addresses located in a memory.
  - 51. The apparatus as defined in claim 48, wherein the means for identifying further comprises means for assigning an Internet Protocol address to the host from an authentication reply packet received from an authentication server.

52. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for single-step subscriber logon of a host to a differentiated data communication network having access to a first domain and a second domain, the method comprising:
- receiving login information from the host;
  
  authenticating the host based upon the login information;
  
  storing the login information in a memory;
  
  notifying the host once a successful authentication process has been completed;
  
  initiating an address allocation negotiation session;
  
  assigning a source address to the host;
  
  communicating, by a network interface, with between the network interface and the host, wherein the communicating comprises a transport of multi-protocol data packets over a point-to-point link existing between the host and the network interface; and
  
  writing a subscriber-related entry into the memory based upon the source address and the login information.
- View Dependent Claims (53, 54, 55)
- - 53. The program storage device as defined in claim 52, wherein the authenticating further comprises:
    - processing an authentication request packet based upon the login information;
      
      sending the authentication request packet to an authentication memory bank; and
      
      receiving a reply packet from the authentication memory bank.
  - 54. The program storage device as defined in claim 52, wherein the assigning further comprises:
    - retrieving a subscriber Internet Protocol address from a pool of addresses located in the memory.
  - 55. The program storage device as defined in claim 52, wherein the assigning further comprises:
    - retrieving a subscriber Internet Protocol address from an access accept reply packet received from an authentication server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Lou, Shuxian, Zhang, Shujin
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Arani, Taghi T.

Application Number

US10/074,307
Time in Patent Office

1,534 Days
Field of Search

713/151, 713/153, 713/182, 713/183, 713/201, 713/202, 709/230, 709/227, 709/228, 726/4, 726/12, 726/15
US Class Current

726/12
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

Single step network logon based on point to point protocol

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

145 Citations

55 Claims

Specification

Use Cases

Quick Links

Others

Single step network logon based on point to point protocol

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

145 Citations

55 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others