Biometric authentication of a client network connection
First Claim
1. A method of authenticating a connection for a client to a network access device wherein said client is coupled to a biometric sensor, said method comprising the steps of:
- said client signaling a request to said network access device;
said network access device initiating a point-to-point LAN authentication protocol between said network access device and said client, wherein said point-to-point LAN authentication protocol is comprised of extensible authentication protocol (EAP);
said network access device requesting biometric data from said client via said LAN authentication protocol;
said client capturing biometric data of an attendant user of said client;
said client transmitting said captured biometric data to said network access device via said LAN authentication protocol;
said network access device encapsulating said biometric data in said LAN authentication protocol into an authentication server protocol and forwarding said encapsulated biometric data to an authentication server, wherein said authentication server protocol is comprised of remote authentication dial-in user service (RADIUS);
said authentication server comparing said biometric data to a biometric template stored in conjunction with said authentication server for making a determination whether said attendant user should be granted access to said network access device;
said authentication server sending either an access-accept message or an access-deny message in said authentication server protocol to said network access device in response to said determination; and
said network access device granting access to said client only after receiving an access-accept message.
1 Assignment
0 Petitions
Accused Products
Abstract
A client is authenticated to a network resource wherein the client is coupled to a biometric sensor. The client signals a request to the network resource (e.g., by connecting to an access point). The network resource initiates a point-to-point LAN authentication protocol between the network resource and the client. The network resource requests biometric data from the client via the LAN authentication protocol (optionally either before or after authenticating with other credentials). The client captures biometric data of an attendant user of the client. The client transmits the captured biometric data to the network resource via the LAN authentication protocol. The network resource encapsulates the biometric data in the LAN authentication protocol into an authentication server protocol and forwards the encapsulated biometric data to an authentication server. The authentication server compares the biometric data to a biometric template stored in conjunction with the authentication server for making a determination whether the attendant user should be granted access to the network resource. The authentication server sends either an access-accept message or an access-deny message in the authentication server protocol to the network resource in response to the determination. The network resource grants access to the client only after receiving an access-accept message.
-
Citations
21 Claims
-
1. A method of authenticating a connection for a client to a network access device wherein said client is coupled to a biometric sensor, said method comprising the steps of:
-
said client signaling a request to said network access device; said network access device initiating a point-to-point LAN authentication protocol between said network access device and said client, wherein said point-to-point LAN authentication protocol is comprised of extensible authentication protocol (EAP); said network access device requesting biometric data from said client via said LAN authentication protocol; said client capturing biometric data of an attendant user of said client; said client transmitting said captured biometric data to said network access device via said LAN authentication protocol; said network access device encapsulating said biometric data in said LAN authentication protocol into an authentication server protocol and forwarding said encapsulated biometric data to an authentication server, wherein said authentication server protocol is comprised of remote authentication dial-in user service (RADIUS); said authentication server comparing said biometric data to a biometric template stored in conjunction with said authentication server for making a determination whether said attendant user should be granted access to said network access device; said authentication server sending either an access-accept message or an access-deny message in said authentication server protocol to said network access device in response to said determination; and said network access device granting access to said client only after receiving an access-accept message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A network architecture for authenticating a client using biometrics, comprising:
-
an authenticator located in a local area network (LAN) at an access point interfacing said client to desired network resources, said authenticator exchanging authentication messages with said client via a LAN authentication protocol, wherein an EAP protocol is used to transmit authentication messages between said client and said authenticator, said authentication messages including biometric data of an attendant user of said client, wherein network communication between said authenticator and said client is limited to said authentication messages until said authenticator receives an access-accept message; an authentication server located remotely from said LAN for processing authentication messages; a local proxy server located in said LAN for relaying authentication messages between said authenticator and said authentication server; a biometric verification server coupled to said authentication server for comparing said biometric data with biometric templates in a biometric template database of authorized users to determine whether said attendant user should be granted access to said desired network resources; wherein said authentication server sends said access-accept message to said authenticator if said biometric verification server determines that said attendant user should be granted access; and wherein a RADIUS protocol is used to relay authentication messages between said authenticator, said local proxy server, and said authentication server. - View Dependent Claims (19, 20, 21)
-
Specification