System and method for optimizing authentication in a network environment
First Claim
1. An apparatus for executing authentication in a network environment, comprising:
- a packet gateway operable to retrieve a group profile from an authentication, authorization, and accounting (AAA) server in response to receiving a request from a first end user and to locally cache the group profile, wherein the packet gateway determines if the first end user is authenticated and if the first end user is unauthenticated, then the packet gateway searches a local cache for the group profile associated with network digits of the first end user'"'"'s mobile station identifier (MSID), whereby if the group profile is not in the local cache or has expired, then the packet gateway purges the expired group profile and requests the group profile from the AAA server, caches the group profile, and marks an expiry time that is provided within the group profile, once the group profile is in the cache, subsequent users that belong to a same group can be authorized with a realm and with authorization attributes and without involving the AAA server, the packet gateway being operable to provide a service to the first end user based on information included within the group profile and associated with the first end user, wherein the packet gateway is further operable to receive a request from a second end user and to determine if the second end user is included within the group profile such that in cases where the second end user is included in the group profile the packet gateway can locally cache the group profile in order to provide a service to the second end user without having to communicate with the AAA server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for executing authentication in a network environment is provided that includes retrieving a group profile from an authentication, authorization, and accounting (AAA) server in response to receiving a request from a first end user and locally caching the group profile. A service may be provided to the first end user based on information included within the group profile and associated with the first end user. A request may be received from a second end user. It is then determined if the second end user is included within the group profile such that in cases where the second end user is included in the group profile the group profile can be locally cached in order to provide a service to the second end user without having to communicate with the AAA server.
112 Citations
22 Claims
-
1. An apparatus for executing authentication in a network environment, comprising:
a packet gateway operable to retrieve a group profile from an authentication, authorization, and accounting (AAA) server in response to receiving a request from a first end user and to locally cache the group profile, wherein the packet gateway determines if the first end user is authenticated and if the first end user is unauthenticated, then the packet gateway searches a local cache for the group profile associated with network digits of the first end user'"'"'s mobile station identifier (MSID), whereby if the group profile is not in the local cache or has expired, then the packet gateway purges the expired group profile and requests the group profile from the AAA server, caches the group profile, and marks an expiry time that is provided within the group profile, once the group profile is in the cache, subsequent users that belong to a same group can be authorized with a realm and with authorization attributes and without involving the AAA server, the packet gateway being operable to provide a service to the first end user based on information included within the group profile and associated with the first end user, wherein the packet gateway is further operable to receive a request from a second end user and to determine if the second end user is included within the group profile such that in cases where the second end user is included in the group profile the packet gateway can locally cache the group profile in order to provide a service to the second end user without having to communicate with the AAA server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A method for executing authentication in a network environment, comprising:
-
retrieving a group profile from an authentication, authorization, and accounting (AAA) server in response to receiving a request from a first end user; locally caching the group profile; providing a service to the first end user based on information included within the group profile and associated with the first end user, wherein the packet gateway determines if the first end user is authenticated and if the first end user is unauthenticated, then the packet gateway searches a local cache for the group profile associated with network digits of the first end user'"'"'s mobile station identifier (MSID), whereby if the group profile is not in the local cache or has expired, then the packet gateway purges the expired group profile or requests the group profile from the AAA server, caches the group profile, and marks an expiry time that is provided within the group profile, once the group profile is in the cache, subsequent users that belong to a same group can be authorized with a realm and with authorization attributes and without involving the AAA server; receiving a request from a second end user; and determining if the second end user is included within the group profile such that in cases where the second end user is included in the group profile the group profile can be locally cached in order to provide a service to the second end user without having to communicate with the AAA server. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A system for executing authentication in a network environment, comprising:
-
means for retrieving a group profile from an authentication, authorization, and accounting (AAA) server in response to receiving a request from a first end user; means for locally caching the group profile; means for providing a service to the first end user based on information included within the group profile and associated with the first end user, wherein the packet gateway determines if the first end user is authenticated and if the first end user is unauthenticated, then the packet gateway searches a local cache for the group profile associated with network digits of the first end user'"'"'s mobile station identifier (MSID), whereby if the group profile is not in the local cache or has expired, then the packet gateway purges the expired group profile or requests the group profile from the AAA server, caches the group profile, and marks an expiry time that is provided within the group profile, once the group profile is in the cache, subsequent users that belong to a same group can be authorized with a realm and with authorization attributes and without involving the AAA server; means for receiving a request from a second end user; and means for determining if the second end user is included within the group profile such that in cases where the second end user is included in the group profile the group profile can be locally cached in order to provide a service to the second end user without having to communicate with the AAA server. - View Dependent Claims (14, 15, 16, 17)
-
-
18. Software for executing authentication in a network environment, the software being embodied in a computer readable medium and comprising computer code such that when executed is operable to:
-
retrieve a group profile from an authentication, authorization, and accounting (AAA) server in response to receiving a request from a first end user; locally cache the group profile; provide a service to the first end user based on information included within the group profile and associated with the first end user, wherein the packet gateway determines if the first end user is authenticated and if the first end user is unauthenticated, then the packet gateway searches a local cache for the group profile associated with network digits of the first end user'"'"'s mobile station identifier (MSID), whereby if the group profile is not in the local cache or has expired, then the packet gateway purges the expired group profile or requests the group profile from the AAA server, caches the group profile, and marks an expiry time that is provided within the group profile, once the group profile is in the cache, subsequent users that belong to a same group can be authorized with a realm and with authorization attributes and without involving the AAA server; receive a request from a second end user; and determine if the second end user is included within the group profile such that in cases where the second end user is included in the group profile the group profile can be locally cached in order to provide a service to the second end user without having to communicate with the AAA server. - View Dependent Claims (19, 20, 21, 22)
-
Specification