Matching of radius request and response packets during high traffic volume

US 7,411,981 B1
Filed: 06/22/2004
Issued: 08/12/2008
Est. Priority Date: 08/31/2000
Status: Active Grant

First Claim

Patent Images

1. A method for matching a RADIUS response packet with a corresponding RADIUS request packet from one or more RADIUS request packets, the packets all having identifier fields and authenticator fields, including:

comparing the identifier field of the RADIUS response packet to the identifier field of one of the RADIUS request packets;

comparing the authenticator field of the RADIUS response packet to the authenticator field of said one of the RADIUS request packets, if the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets match; and

repeating said comparing the identifier field and said comparing the authenticator field with an uncompared RADIUS request packet, if either the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets don'"'"'t match, or the authenticator field of the RADIUS response packet and the authenticator field of said one of the RADIUS request packets don'"'"'t match.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A solution for matching RADIUS request packets with corresponding RADIUS response packets when the number of simultaneous outstanding requests is greater than 256 involves using a sixteen-octet authenticator field in each packet. For each response packet that arrives, the identifier of the packet is compared in turn with the identifier of each outstanding request packet. If the identifiers match, the authenticators are then compared. If the results of the comparison indicate a match, the packet is accepted and no further processing of the outstanding requests is required. Otherwise, a search of the outstanding request packets is continued. This solution allows for more than 256 simultaneous outstanding RADIUS requests and only encounters a mismatch or ambiguous match with a probability of one in 3.4×10³⁸packets.

40 Citations

View as Search Results

17 Claims

1. A method for matching a RADIUS response packet with a corresponding RADIUS request packet from one or more RADIUS request packets, the packets all having identifier fields and authenticator fields, including:
- comparing the identifier field of the RADIUS response packet to the identifier field of one of the RADIUS request packets;
  
  comparing the authenticator field of the RADIUS response packet to the authenticator field of said one of the RADIUS request packets, if the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets match; and
  
  repeating said comparing the identifier field and said comparing the authenticator field with an uncompared RADIUS request packet, if either the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets don'"'"'t match, or the authenticator field of the RADIUS response packet and the authenticator field of said one of the RADIUS request packets don'"'"'t match.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the authenticator field is a random number if the RADIUS request packet is an access request.
  - 3. The method of claim 1, wherein the authenticator field is an MD5 digest used as a seed for a random number if the RADIUS request packet is an accounting request.

4. A method for matching an access response packet with a corresponding access request packet from one or more access request packets, the packets all having identifier fields and authenticator fields, including:
- comparing the identifier field of the access response packet to the identifier field of one of the access request packets;
  
  comparing the authenticator field of the access response packet to the authenticator field of said one of the access request packets, if the identifier field of the access response packet and the identifier field of said one of the access request packets match; and
  
  repeating said comparing the identifier field and said comparing the authenticator field with an uncompared access request packet, if either the identifier field of the access response packet and the identifier field of said one of the access request packets don'"'"'t match, or the authenticator field of the access response packet and the authenticator field of said one of the access request packets don'"'"'t match.
- View Dependent Claims (5)
- - 5. The method of claim 4, wherein the authenticator field is a random number.

6. A method for matching an accounting response packet with a corresponding accounting request packet from one or more accounting request packets, the packets all having identifier fields and authenticator fields, including:
- comparing the identifier field of the accounting response packet to the identifier field of one of the accounting request packets;
  
  comparing the authenticator field of the accounting response packet to the authenticator field of said one of the accounting request packets, if the identifier field of the accounting response packet and the identifier field of said one of the accounting request packets match; and
  
  repeating said comparing the identifier field and said comparing the authenticator field with an uncompared accounting request packet, if either the identifier field of the accounting response packet and the identifier field of said one of the accounting request packets don'"'"'t match, or the authenticator field of the accounting response packet and the authenticator field of said one of the accounting request packets don'"'"'t match.
- View Dependent Claims (7)
- - 7. The method of claim 6, wherein the authenticator field is an MD5 digest used as a seed for a random number.

8. An apparatus for matching a RADIUS response packet with a corresponding RADIUS request packet from one or more RADIUS request packets, the packets all having identifier fields and authenticator fields, the apparatus including:
- means for comparing the identifier field of the RADIUS response packet to the identifier field of one of the RADIUS request packets;
  
  means for comparing the authenticator field of the RADIUS response packet to the authenticator field of said one of the RADIUS request packets, if the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets match; and
  
  means for repeating said comparing the identifier field and said comparing the authenticator field with an uncompared RADIUS request packet, if either the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets don'"'"'t match, or the authenticator field of the RADIUS response packet and the authenticator field of said one of the RADIUS request packets don'"'"'t match.
- View Dependent Claims (9, 10)
- - 9. The apparatus of claim 8, wherein the authenticator field is a random number if the RADIUS request packet is an access request.
  - 10. The apparatus of claim 8, wherein the authenticator field is an MD5 digest used as a seed for a random number if the RADIUS request packet is an accounting request.

11. An apparatus for matching an access response packet with a corresponding access request packet from one or more access request packets, the packets all having identifier fields and authenticator fields, the apparatus including:
- means for comparing the identifier field of the access response packet to the identifier field of one of the access request packets;
  
  means for comparing the authenticator field of the access response packet to the authenticator field of said one of the access request packets, if the identifier field of the access response packet and the identifier field of said one of the access request packets match; and
  
  means for repeating said comparing the identifier field and said comparing the authenticator field with an uncompared access request packet, if either the identifier field of the access response packet and the identifier field of said one of the access request packets don'"'"'t match, or the authenticator field of the access response packet and the authenticator field of said one of the access request packets don'"'"'t match.
- View Dependent Claims (12)
- - 12. The apparatus of claim 11, wherein the authenticator field is a random number.

13. An apparatus for matching an accounting response packet with a corresponding accounting request packet from one or more accounting request packets, the packets all having identifier fields and authenticator fields, the apparatus including:
- means for comparing the identifier field of the accounting response packet to the identifier field of one of the accounting request packets;
  
  means for comparing the authenticator field of the accounting response packet to the authenticator field of said one of the accounting request packets, if the identifier field of the accounting response packet and the identifier field of said one of the accounting request packets match; and
  
  means for repeating said comparing the identifier field and said comparing the authenticator field with an uncompared accounting request packet, if either the identifier field of the accounting response packet and the identifier field of said one of the accounting request packets don'"'"'t match, or the authenticator field of the accounting response packet and the authenticator field of said one of the accounting request packets don'"'"'t match.
- View Dependent Claims (14)
- - 14. The apparatus of claim 13, wherein the authenticator field is an MD15 digest used as a seed for a random number.

15. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine for matching a RADIUS response packet with a corresponding RADIUS request packet from one or more RADIUS request packets, the packets all having identifier fields and authenticator fields, the method including:
- comparing the identifier field of the RADIUS response packet to the identifier field of one of the RADIUS request packets;
  
  comparing the authenticator field of the RADIUS response packet to the authenticator field of said one of the RADIUS request packets, if the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets match; and
  
  repeating said comparing the identifier field and said comparing the authenticator field with an uncompared RADIUS request packet, if either the identifier field of the RADIUS response packet and the identifier field of said one of the RADIUS request packets don'"'"'t match, or the authenticator field of the RADIUS response packet and the authenticator field of said one of the RADIUS request packets don'"'"'t match.

16. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine for matching an access response packet with a corresponding access request packet from one or more access request packets, the packets all having identifier fields and authenticator fields, and a variable n initially set to 1, the method including:
- comparing the identifier field of the access response packet to the identifier field of one of the access request packets;
  
  comparing the authenticator field of the access response packet to the authenticator field of said one of the access request packets, if the identifier field of the access response packet and the identifier field of said one of the access request packets match; and
  
  repeating said comparing the identifier field and said comparing the authenticator field with an uncompared access request packet, if either the identifier field of the access response packet and the identifier field of said one of the access request packets don'"'"'t match, or the authenticator field of the access response packet and the authenticator field of said one of the access request packets don'"'"'t match.

17. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine for matching an accounting response packet with a corresponding accounting request packet from one or more accounting request packets, the packets all having identifier fields and authenticator fields, the method including:
- comparing the identifier field of the accounting response packet to the identifier field of one of the accounting request packets;
  
  comparing the authenticator field of the accounting response packet to the authenticator field of said one of the accounting request packets, if the identifier field of the accounting response packet and the identifier field of said one of the accounting request packets match; and
  
  repeating said comparing the identifier field and said comparing the authenticator field with an uncompared accounting request packet, if either the identifier field of the accounting response packet and the identifier field of said one of the accounting request packets don'"'"'t match, or the authenticator field of the accounting response packet and the authenticator field of said one of the accounting request packets don'"'"'t match.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Sargent, Robert, Weber, Gregory, Eklund, Mark, Reed, Scott K., Rich, Steven J.
Primary Examiner(s)
MARCELO, MELVIN C

Application Number

US10/874,734
Time in Patent Office

1,512 Days
Field of Search

370/475, 708/217
US Class Current

370/475
CPC Class Codes

H04L 63/08 for authentication of entit...

Matching of radius request and response packets during high traffic volume

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Matching of radius request and response packets during high traffic volume

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links