Method and apparatus for determining authentication capabilities
First Claim
1. A method, comprising the computer-implemented steps of:
- sending, to a supplicant that is requesting access to a computer network subject to authentication of a user of the supplicant, a list of first authentication methods that are supported by an authentication server;
receiving, from the supplicant, a counter-list of second authentication methods that are supported by the supplicant;
determining how many second authentication methods in the counter-list match the first authentication methods; and
performing an authentication policy action based on how many of the second authentication methods match the first authentication methods.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is disclosed for determining the authentication capabilities of a supplicant before initiating an authentication conversation with a client, for example, using Extensible Authentication Protocol (EAP). In one aspect, the method provides for sending, to a supplicant that is requesting access to a computer network subject to authentication of a user of the supplicant, a list of first authentication methods that are supported by an authentication server; receiving, from the supplicant, a counter-list of second authentication methods that are supported by the supplicant; determining how many second authentication methods in the counter-list match the first authentication methods; and performing an authentication policy action based on how many of the second authentication methods match the first authentication methods. Policy actions can include blocking access, re-directing to sources of acceptable authentication methods, granting one of several levels of network access, etc.
-
Citations
37 Claims
-
1. A method, comprising the computer-implemented steps of:
-
sending, to a supplicant that is requesting access to a computer network subject to authentication of a user of the supplicant, a list of first authentication methods that are supported by an authentication server; receiving, from the supplicant, a counter-list of second authentication methods that are supported by the supplicant; determining how many second authentication methods in the counter-list match the first authentication methods; and performing an authentication policy action based on how many of the second authentication methods match the first authentication methods. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 22, 23, 24)
-
-
14. A method of determining capabilities of a supplicant under Extensible Authentication Protocol (EAP), the method comprising the computer-implemented steps of:
-
sending, to a supplicant that is requesting access to a computer network subject to authentication of a user of the supplicant, a list of first EAP methods that are supported by an authentication server, in a Capability Assertion Request comprising one or more EAP type-length-value objects; receiving, from the supplicant, a counter-list of second authentication methods that are supported by the supplicant, in a Capability Assertion Response comprising one or more EAP TLV objects; determining how many second authentication methods in the counter-list match the first authentication methods; and performing an authentication policy action based on how many of the second authentication methods match the first authentication methods. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
25. An apparatus, comprising:
-
means for sending, to a supplicant that is requesting access to a computer network subject to authentication of a user of the supplicant, a list of first authentication methods that are supported by an authentication server; means for receiving, from the supplicant, a counter-list of second authentication methods that are supported by the supplicant; means for determining how many second authentication methods in the counter-list match the first authentication methods; and means for performing an authentication policy action based on how many of the second authentication methods match the first authentication methods. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification