System and method for password authentication for non-LDAP regions

US 7,099,475 B2
Filed: 12/07/2000
Issued: 08/29/2006
Est. Priority Date: 12/07/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for dial roaming outside of a home service region comprising:

dialing into a local dial access provider;

creating an access request comprising user identifying information and home region identifying information;

forwarding the access request from a network access server (NAS) to a corporate remote authentication dial-in user service (RADIUS) server;

determining from the home region identifying information whether the home region supports Lightweight Directory Access Protocol (LDAP) authentication;

if the home region does not offer LDAP authentication, then;

proxying the access request to a regional RADIUS server associated with the user'"'"'s home region;

comparing the user identifying information in the access request with user identifying information stored in a regional user database accessible to the regional RADIUS server; and

if the user identifying information in the access request matches the stored user identifying information, then;

authenticating the user; and

providing configuration information to the NAS to allow access to a network of the home region.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for allowing roaming of a subscriber and password authentication a non-LDAP region. A user signs onto a network access server which in turn connects to the regional LDAP RADIUS server. Password authentication occurs by hashing a transmitted password and comparing it to a clear text password from an LDAP database that has been hashed in the same manner as the transmitted password. When the subscriber is in a non-LDAP region, The password proceeds trough a proxy server to a regional RADIUS server which connects to a non-LDAP server. The non-LDAP server connects to and SMS database and retrieve the clear text password associated with the non-LDFSAP user, hashes it according the same method as the transmitted hashed password and formats the password for comparison in the regional RADIUS server. If the hashed passwords compare, the access is permitted.

Citations

19 Claims

1. A method for dial roaming outside of a home service region comprising:
- dialing into a local dial access provider;
  
  creating an access request comprising user identifying information and home region identifying information;
  
  forwarding the access request from a network access server (NAS) to a corporate remote authentication dial-in user service (RADIUS) server;
  
  determining from the home region identifying information whether the home region supports Lightweight Directory Access Protocol (LDAP) authentication;
  
  if the home region does not offer LDAP authentication, then;
  
  proxying the access request to a regional RADIUS server associated with the user'"'"'s home region;
  
  comparing the user identifying information in the access request with user identifying information stored in a regional user database accessible to the regional RADIUS server; and
  
  if the user identifying information in the access request matches the stored user identifying information, then;
  
  authenticating the user; and
  
  providing configuration information to the NAS to allow access to a network of the home region.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method for dial roaming outside of a home service region of claim 1, wherein the NAS functions as a client of the corporate RADIUS server.
  - 3. The method for dial roaming outside of a home service region of claim 1 further comprising:
    - if the home region offers LDAP authentication, then forwarding the access request to a regional LDAP database.
  - 4. The method for dial roaming outside of a home service region of claim 3 further comprising comparing the user identifying information in the access request with user identifying information stored in a regional user database accessible to the regional LDAP database.
  - 5. The method for dial roaming outside of a home service region of claim 4 further comprising the regional LDAP database sending an “
    - accept”
      
      message if the user is in the regional LDAP database and a “
      
      deny”
      
      message if the user is not in the regional LDAP database.
  - 6. The method for dial roaming outside of a home service region of claim 1, wherein the user identifying information comprises a user name and password.
  - 7. The method for dial roaming outside of a home service region of claim 1, wherein the home region identifying information comprises a component of the user name.
  - 8. The method for dial roaming outside of a home service region of claim 7, wherein the user name compnses an email address of the user.
  - 9. The method for dial roaming outside of a home service region of claim 7, wherein comparing the user identifying information in the access request with user identifying information stored in a regional user database accessible to the regional RADIUS server comprises comparing the user password in the access request with a user password stored in a regional user database accessible to the regional RADIUS server.
  - 10. The method for dial roaming outside of a home service region of claim 9, wherein the user password comprises a first hashed value and wherein comparing the user password in the access request with a user password stored in a regional user database accessible to the regional RADIUS server comprises:
    - determining at the regional RADIUS server a hashing algorithm used to create the first hashed value;
      
      obtaining the stored password in clear text format;
      
      applying the hashing algorithm to the clear text stored password to produce a second hashed value; and
      
      comparing the first hashed value to the second hash value.
  - 11. The method for dial roaming outside of a home service region of claim 10 wherein the hashing algorithm is CHAP.

12. A system for dial roaming outside of a home Internet service region comprising:
- a user computer having a home service region;
  
  a network access server (NAS), wherein the NAS is adapted to;
  
  connect to the user computer via a dial-up connection;
  
  receive user identifying information and home region identifying information from the user computer;
  
  create an access request comprising the user identifying information and the home region identifying information; and
  
  direct the access request to a corporate authentication dial-in user service (RADIUS) server; and
  
  the corporate RADTUS server, wherein the RADRJS server is adapted to;
  
  receive the access request;
  
  determine from the home region identifying information whether the home service region supports Lightweight Directory Access Protocol (LDAP) authentication; and
  
  if the home service region does not offer LDAP authentication, then proxy the access request to a regional RADIUS server associated with the user'"'"'s home region; and
  
  the regional RADIUS server, wherein the regional RADIUS server is adapted to;
  
  compare the user identifying information in the access request with user identifying information stored in a regional user database accessible to the regional RADIUS server; and
  
  if the user identifying information in the access request matches the stored user identifying information, then authenticate the user and provide configuration information to the NAS to allow the user computer access to a network of the home region.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the system further comprises a regional LDAP server and a regional LDAP user database accessible to the regional LDAP server, and wherein the corporate RADIUS server is further adapted to:
    - if the home region offers LDAP authentication, then forward the access request to a regional LDAP server.
  - 14. The system of claim 13, wherein the regional LDAP server if adapted to:
    - receive the access request; and
      
      compare the user identifying information in the access request with user identifying information stored in the regional LDAP user database.
  - 15. The method of claim 14, wherein the regional LDAP server is further adapted to send an “
    - accept”
      
      message if the user is in the regional LDAP user database and a “
      
      deny”
      
      message if the user is not in the regional user LDAP database.
  - 16. The system of claim 12, wherein the user identifying information comprises a user name and password.
  - 17. The system of claim 16, wherein the NAS is further adapted to hash the user name and password using a hashing algorithm.
  - 18. The system of claim 17, wherein the regional RADIUS server is further adapted to;
    - determine the hashing algorithm used by the NAS;
      
      apply the hashing algorithm to a name and password stored in the regional database;
      
      and determined if the value of the hash of the user name and password provided in the access request matches the hash value of the name and password stored in the regional database.
  - 19. The system of claim 18, wherein the hashing algorithm is CHAP.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Time Warner Cable Internet LLC (Charter Communications Incorporated)
Original Assignee
Road Runner Holdco, LLC (Charter Communications Incorporated)
Inventors
Pfeffer, Howard, Cashman, Jack, Gazillo, Michael, Huff, Barbara
Primary Examiner(s)
Louis-Jacques, Jacques H.
Assistant Examiner(s)
Tran, Ellen C

Application Number

US09/731,571
Publication Number

US 20030131264A1
Time in Patent Office

2,091 Days
Field of Search

370/329, 370/401, 370/464, 310/25, 310/329, 705/18, 709/225, 709/229, 713/201, 713/200, 713/202, 713/168, 380/270, 726/3
US Class Current

380/270
CPC Class Codes

H04L 63/0281 Proxies

H04L 63/083 using passwords cryptograph...

System and method for password authentication for non-LDAP regions

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for password authentication for non-LDAP regions

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links