System and method for providing distributed and dynamic network services for remote access server users
First Claim
1. A method for dynamically receiving dynamic network services on network devices in a computer network, the method comprising:
- receiving an authorization record from a first network device on a second network device, the authorization record comprising a first certificate associated with a first data string and a second data string, the first certificate authorizing the second network device to dynamically request network services from a third network entity, wherein the authorization record further comprises a second certificate comprising network service configuration settings available to the second network device, wherein the network service configuration settings comprise one or more bandwidth card identifiers for requesting bandwidth from the third network entity;
sending a first message from the second network device to the third network entity, the first message comprising a request for dynamic network services, a request for a bandwidth associated with one of the bandwidth card identifiers and further comprising the first certificate and a first identifier created with the first data string; and
establishing a communication link between the second network device and a data network based on the network services requested in the first message.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and methods for providing distributed and dynamic network services to remote access users. One of the methods includes providing a first certificate for requesting dynamic network services by a user network entity, and at least one second certificate for requesting static network services by the user network entity. According to one method, a user of the user network entity may generate a first message to request dynamic network services from a network service provider entity. For example, the first message may include the first certificate, a digital signature generated with a private encryption key associated with the first certificate and list of network service that the user wishes to set up dynamically. In one embodiment, when the network service provider entity receives the first message, the network service provider entity verifies the authenticity of the first certificate and, if the first certificate is authentic, the network service provider entity configures a network connection between the user network entity and a data network based on the network services requested by the user in the first message.
297 Citations
40 Claims
-
1. A method for dynamically receiving dynamic network services on network devices in a computer network, the method comprising:
-
receiving an authorization record from a first network device on a second network device, the authorization record comprising a first certificate associated with a first data string and a second data string, the first certificate authorizing the second network device to dynamically request network services from a third network entity, wherein the authorization record further comprises a second certificate comprising network service configuration settings available to the second network device, wherein the network service configuration settings comprise one or more bandwidth card identifiers for requesting bandwidth from the third network entity; sending a first message from the second network device to the third network entity, the first message comprising a request for dynamic network services, a request for a bandwidth associated with one of the bandwidth card identifiers and further comprising the first certificate and a first identifier created with the first data string; and establishing a communication link between the second network device and a data network based on the network services requested in the first message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for providing dynamic network services for network devices in a computer network, the method comprising:
-
sending an authorization record from a first network device to a second network device, the authorization record comprising a first certificate with a first data string and a second data string, the first certificate authorizing the second network device to dynamically request network services from a third network entity, wherein the authorization record further comprises at least one second certificate comprising network service configuration settings available to the second network device, the second certificate further comprising a third data string and a fourth data string, wherein the network service configuration settings comprise one or more bandwidth card identifiers; receiving a first message from the second network device on the third network entity, the first message comprising a request for dynamic network services, the first certificate signed with an identifier generated with the first data string; determining whether to provide dynamic network services to the second network device; and
, if so,establishing a communication link between the second network device and a data network based on the network services specified in the first message. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for requesting dynamic network services in a computer network comprising a plurality of network devices, the method comprising:
-
receiving a digital certificate on a user network entity from a first network service provider entity, the digital certificate for accessing dynamic network services, the digital certificate comprising a digital signature generated on a certificate authority entity; generating a first message on the user network entity, the first message comprising a request for dynamic network services signed with a digital signature generated using a private encryption key associated with the digital certificate, the first message further comprising the digital certificate received on the user network entity; and sending the first message to the first network service provider entity to request a communication link between the user network entity and a data network based on the dynamic network services. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A method for providing dynamic network services to a user network entity in a computer network comprising a plurality of network devices, the method comprising:
-
generating a digital certificate for requesting dynamic network services from a network service provider entity; providing the digital certificate to the user network entity; receiving a first message on the network service provider entity, the first message comprising a request for dynamic network services, a list of network traffic filtering rules and the digital certificate for requesting the dynamic network service, the first message signed with a digital signature generated with a private encryption key associated with the digital certificate; verifying an authenticity of the digital certificate in the first message; and providing the requested network services to the user network entity including applying the filtering rules to a network connection between the user network entity and the computer network. - View Dependent Claims (28)
-
-
29. A method for receiving network services on network devices in a computer network, the method comprising:
-
receiving a dynamic certificate for requesting dynamic network services and at least one static certificate for requesting static network services on a user network entity, wherein the at least one static certificate comprises at least one user bandwidth card identifier; generating a first message on the user network entity, the first message comprising a static certificate from the at least one static certificate received on the user network entity, the first message further comprising a request for a bandwidth associated with one of the user bandwidth card identifiers and further comprising a digital signature generated with a private encryption key associated with the static certificate; and sending the first message to a first network service provider entity. - View Dependent Claims (30, 31, 32, 33, 34, 35)
-
-
36. A method for providing distributed, dynamic and secure network services to remote access users in a computer network, the method comprising:
-
receiving a first Internet X.509 digital certificate on a user network entity from a first network service provider entity, the first Internet X.509 digital certificate authorizing a user of the user network entity to request dynamic network services, the first Internet X.509 digital certificate comprising a digital signature of the first network service provider entity; generating a first message on the user network entity to request dynamic network services, the first message comprising the first Internet X.509 digital certificate and a digital signature generated on the user network entity using a private cryptographic key associated with the first X.509 digital certificate; sending the first message to a second network service provider entity; determining whether to provide dynamic network services to the user network entity using the digital signature of the first network service provider in the first X.509 digital certificate received in the first message; and
, if so,establishing a communication link between the user network entity and a data network based on the network service requested in the first message. - View Dependent Claims (37)
-
-
38. A system for providing distributed, dynamic and secure network services to remote access users in a computer network, the system comprising:
-
a first network device for providing digital certificates to a user network entity, the digital certificates for requesting dynamic network services and static network services; a first digital certificate for binding a first public encryption key for the user network entity, the first digital certificate for requesting dynamic network services and including a set of values defining a bandwidth that the user network entity may request dynamically; and a second digital certificate for binding a second public encryption key for the user network entity, the second digital certificate for requesting static network services, wherein the user network entity determines whether the static network services specified in the second digital certificate are adequate for a type of communication link that the user network entity desires to establish, and if not the user network entity uses the first digital certificate to dynamically request a set of network services. - View Dependent Claims (39, 40)
-
Specification