Method and system for providing authorization, authentication, and accounting for a virtual private network
First Claim
Patent Images
1. A method for providing authorization, authentication, and accounting (AAA) in a virtual private network having a first AAA server, the method comprising:
- receiving a request from a remote user for connection with a virtual private network at a virtual home gateway, said virtual home gateway in communication with a second AAA server wherein the second AAA server is a service provider server and is not located within said virtual private network;
associating the remote user with the virtual private network at the virtual home gateway, wherein associating the remote user comprises receiving a virtual private network identification (ID) and address of the first AAA server;
performing a lookup of the address of the first AAA server at the virtual home gateway;
sending a request to authenticate the remote user with said virtual private network from the virtual home gateway to the first AAA server located within said virtual private network; and
sending a request to the second AAA server to authorize the remote user with said virtual private network from the virtual home gateway;
connecting the remote user to the virtual private network if the first AAA server successfully authenticates the remote user and the second AAA server successfully authorizes the remote user; and
sending accounting information directly to the first AAA server and the second AAA server from the virtual home gateway;
wherein authentication of the remote user is performed at the first AAA server without contacting the second AAA server associated with the virtual home gateway.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for providing authentication in a virtual private network having a private AAA server is disclosed. The method generally includes receiving a request from a remote user for connection with a virtual private network at a virtual home gateway and associating the remote user with the virtual private network The virtual home gateway sends a request to authenticate the remote user to the AAA server. The remote user is then connected to the virtual private network if the AAA server authenticates the user.
292 Citations
22 Claims
-
1. A method for providing authorization, authentication, and accounting (AAA) in a virtual private network having a first AAA server, the method comprising:
-
receiving a request from a remote user for connection with a virtual private network at a virtual home gateway, said virtual home gateway in communication with a second AAA server wherein the second AAA server is a service provider server and is not located within said virtual private network; associating the remote user with the virtual private network at the virtual home gateway, wherein associating the remote user comprises receiving a virtual private network identification (ID) and address of the first AAA server; performing a lookup of the address of the first AAA server at the virtual home gateway; sending a request to authenticate the remote user with said virtual private network from the virtual home gateway to the first AAA server located within said virtual private network; and sending a request to the second AAA server to authorize the remote user with said virtual private network from the virtual home gateway; connecting the remote user to the virtual private network if the first AAA server successfully authenticates the remote user and the second AAA server successfully authorizes the remote user; and sending accounting information directly to the first AAA server and the second AAA server from the virtual home gateway; wherein authentication of the remote user is performed at the first AAA server without contacting the second AAA server associated with the virtual home gateway. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-readable storage medium encoded with a computer program for providing authorization, authentication, and accounting (AAA) in a virtual private network having a first AAA server, the computer program comprising:
-
code that receives a request from a remote user for connection with a virtual private network at a virtual home gateway, said virtual home gateway in communication with a second AAA server wherein the second AAA server is a service provider server and is not located within said virtual private network; code that associates the remote user with the virtual private network, at the virtual home gateway, wherein code that associates the remote user comprises code that receives a virtual private network identification (ID) and address of the first AAA server; code that performs a lookup for an address of the first AAA server at the virtual home gateway; code that sends a request to authenticate the remote user with said virtual private network from the virtual home gateway to the first AAA server located within said virtual private network; code that sends a request to the second AAA server to authorize the remote user with said virtual private network from the virtual home gateway; code that connects the remote user to the virtual private network if the first AAA server successfully authenticates the remote user and the second AAA server successfully authorizes the remote user; code that sends accounting information directly to the first AAA server and the second AAA server from the virtual home gateway; and a computer-readable storage medium for storing the codes; wherein authentication of the remote user is preformed at the first AAA server without contacting the second AAA server associated with the virtual home gateway. - View Dependent Claims (13, 14)
-
-
15. A system for providing authorization, authentication, and accounting (AAA) in a virtual private network having a first AAA server, the system comprising:
-
a virtual home gateway configured to receive requests from a remote user for connection with one of a plurality of virtual private networks in communication with the virtual home gateway; associate the remote user with the virtual private network; perform a lookup of the address of the first AAA server; send a request to authenticate the remote user from the virtual home gateway to the first AAA server located within the virtual private network, and send a request to authorize the remote user from the virtual home gateway to the second AAA server located outside the virtual private network; connect the remote user to the virtual private network if the first AAA server successfully authenticates the remote user and the second AAA server successfully authorizes the remote user and; send accounting information from the virtual home gateway to the first AAA server and the second AAA server; a database for storing the address of the first AAA server; and a processor operable to look up the address of the virtual private network first AAA server based on information received from the remote user so that authentication is performed directly between the virtual home gateway and the first AAA server without contacting the second AAA server associated with the virtual home gateway; wherein a virtual private network identification (ID) and address of the first AAA server is used to associate the remote user with the virtual private network, and wherein the virtual home gateway is configured to route the request to authenticate the remote user using a customer routing table of the virtual private network, and the second AAA server is a service provider server and is not located within the virtual private network. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A system for providing authorization, authentication, and accounting (AAA) in a virtual private network having a first AAA server, the system comprising:
-
means for receiving a request from a remote user for connection with a virtual private network at a virtual home gateway, said virtual home gateway in communication with a second AAA server wherein the second AAA server is a service provider server and is not located within said virtual private network; means for associating the remote user with the virtual private network, at the virtual home gateway, wherein means for associating the remote user comprises means for receiving a virtual private network identification (ID) and address of the first AAA server; means for performing a lookup for an address of the first AAA server at the virtual home gateway; means for sending a request to authenticate the remote user with said virtual private network from the virtual home gateway to the first AAA server located within the virtual private network; means for sending a request to the second AAA server to authorize the remote user with the virtual private network from the virtual home gateway; means for connecting the remote user to the virtual private network if the first AAA server successfully authenticates the remote user and if the second AAA server successfully authorizes the remote user; and means for sending accounting information directly to the first AAA server and the second AAA server from the virtual home gateway; wherein authentication of said remote user is performed at the first AAA server without contacting the AAA server associated with the virtual home gateway. - View Dependent Claims (22)
-
Specification