Method and system for providing authorization, authentication, and accounting for a virtual private network

US 7,469,294 B1
Filed: 01/15/2002
Issued: 12/23/2008
Est. Priority Date: 01/15/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing authorization, authentication, and accounting (AAA) in a virtual private network having a first AAA server, the method comprising:

receiving a request from a remote user for connection with a virtual private network at a virtual home gateway, said virtual home gateway in communication with a second AAA server wherein the second AAA server is a service provider server and is not located within said virtual private network;

associating the remote user with the virtual private network at the virtual home gateway, wherein associating the remote user comprises receiving a virtual private network identification (ID) and address of the first AAA server;

performing a lookup of the address of the first AAA server at the virtual home gateway;

sending a request to authenticate the remote user with said virtual private network from the virtual home gateway to the first AAA server located within said virtual private network; and

sending a request to the second AAA server to authorize the remote user with said virtual private network from the virtual home gateway;

connecting the remote user to the virtual private network if the first AAA server successfully authenticates the remote user and the second AAA server successfully authorizes the remote user; and

sending accounting information directly to the first AAA server and the second AAA server from the virtual home gateway;

wherein authentication of the remote user is performed at the first AAA server without contacting the second AAA server associated with the virtual home gateway.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for providing authentication in a virtual private network having a private AAA server is disclosed. The method generally includes receiving a request from a remote user for connection with a virtual private network at a virtual home gateway and associating the remote user with the virtual private network The virtual home gateway sends a request to authenticate the remote user to the AAA server. The remote user is then connected to the virtual private network if the AAA server authenticates the user.

292 Citations

22 Claims

1. A method for providing authorization, authentication, and accounting (AAA) in a virtual private network having a first AAA server, the method comprising:
- receiving a request from a remote user for connection with a virtual private network at a virtual home gateway, said virtual home gateway in communication with a second AAA server wherein the second AAA server is a service provider server and is not located within said virtual private network;
  
  associating the remote user with the virtual private network at the virtual home gateway, wherein associating the remote user comprises receiving a virtual private network identification (ID) and address of the first AAA server;
  
  performing a lookup of the address of the first AAA server at the virtual home gateway;
  
  sending a request to authenticate the remote user with said virtual private network from the virtual home gateway to the first AAA server located within said virtual private network; and
  
  sending a request to the second AAA server to authorize the remote user with said virtual private network from the virtual home gateway;
  
  connecting the remote user to the virtual private network if the first AAA server successfully authenticates the remote user and the second AAA server successfully authorizes the remote user; and
  
  sending accounting information directly to the first AAA server and the second AAA server from the virtual home gateway;
  
  wherein authentication of the remote user is performed at the first AAA server without contacting the second AAA server associated with the virtual home gateway.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein the virtual private network ID binds a profile of the virtual private network to a routing table of the virtual home gateway.
  - 3. The method of claim 1 wherein the second AAA server contains the address of the first AAA server.
  - 4. The method of claim 1 wherein sending a request to authenticate the remote user comprises routing the request using a customer routing table of the virtual private network.
  - 5. The method of claim 1 wherein connecting the remote user to the virtual private network comprises setting up a PPP session for the remote user.
  - 6. The method of claim 1 further comprising sending an accounting request to the first AAA server.
  - 7. The method of claim 6 further comprising sending an accounting request to the second AAA server.
  - 8. The method of claim 7 wherein accounting information sent to the first AAA server is different than accounting information sent to the second AAA server.
  - 9. The method of claim 1 wherein associating a remote user with the virtual private network comprises identifying the virtual private network based on a domain name.
  - 10. The method of claim 1 wherein associating a remote user with the virtual private network comprises identifying the virtual private network based on a dial-up phone number.
  - 11. The method of claim 1 wherein associating a remote user with the virtual private network comprises identifying the virtual private network based on a circuit ID.

12. A computer-readable storage medium encoded with a computer program for providing authorization, authentication, and accounting (AAA) in a virtual private network having a first AAA server, the computer program comprising:
- code that receives a request from a remote user for connection with a virtual private network at a virtual home gateway, said virtual home gateway in communication with a second AAA server wherein the second AAA server is a service provider server and is not located within said virtual private network;
  
  code that associates the remote user with the virtual private network, at the virtual home gateway, wherein code that associates the remote user comprises code that receives a virtual private network identification (ID) and address of the first AAA server;
  
  code that performs a lookup for an address of the first AAA server at the virtual home gateway;
  
  code that sends a request to authenticate the remote user with said virtual private network from the virtual home gateway to the first AAA server located within said virtual private network;
  
  code that sends a request to the second AAA server to authorize the remote user with said virtual private network from the virtual home gateway;
  
  code that connects the remote user to the virtual private network if the first AAA server successfully authenticates the remote user and the second AAA server successfully authorizes the remote user;
  
  code that sends accounting information directly to the first AAA server and the second AAA server from the virtual home gateway; and
  
  a computer-readable storage medium for storing the codes;
  
  wherein authentication of the remote user is preformed at the first AAA server without contacting the second AAA server associated with the virtual home gateway.
- View Dependent Claims (13, 14)
- - 13. The computer-readable storage medium of claim 12 further comprising code that sends accounting requests to the first AAA server.
  - 14. The computer-readable storage medium of claim 12 further comprising code that binds a profile of the virtual private network to a routing table of the virtual home gateway.

15. A system for providing authorization, authentication, and accounting (AAA) in a virtual private network having a first AAA server, the system comprising:
- a virtual home gateway configured to receive requests from a remote user for connection with one of a plurality of virtual private networks in communication with the virtual home gateway;
  
  associate the remote user with the virtual private network;
  
  perform a lookup of the address of the first AAA server;
  
  send a request to authenticate the remote user from the virtual home gateway to the first AAA server located within the virtual private network, and send a request to authorize the remote user from the virtual home gateway to the second AAA server located outside the virtual private network;
  
  connect the remote user to the virtual private networkif the first AAA server successfully authenticates the remote user and the second AAA server successfully authorizes the remote user and;
  
  send accounting information from the virtual home gateway to the first AAA server and the second AAA server;
  
  a database for storing the address of the first AAA server; and
  
  a processor operable to look up the address of the virtual private network first AAA server based on information received from the remote user so that authentication is performed directly between the virtual home gateway and the first AAA server without contacting the second AAA server associated with the virtual home gateway;
  
  wherein a virtual private network identification (ID) and address of the first AAA server is used to associate the remote user with the virtual private network, and wherein the virtual home gateway is configured to route the request to authenticate the remote user using a customer routing table of the virtual private network, and the second AAA server is a service provider server and is not located within the virtual private network.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15 wherein the information received from the remote user is a circuit ID.
  - 17. The system of claim 15 wherein the information received from the remote user is domain name.
  - 18. The system of claim 15 wherein the information received from the remote user is a dial-up phone number.
  - 19. The system of claim 15 wherein the database includes the virtual private network IDs used to bind virtual private network profiles to a routing table of the virtual home gateway.
  - 20. The system of claim 19 wherein the virtual home gateway comprises a plurality of routing tables corresponding to different virtual private networks.

21. A system for providing authorization, authentication, and accounting (AAA) in a virtual private network having a first AAA server, the system comprising:
- means for receiving a request from a remote user for connection with a virtual private network at a virtual home gateway, said virtual home gateway in communication with a second AAA server wherein the second AAA server is a service provider server and is not located within said virtual private network;
  
  means for associating the remote user with the virtual private network, at the virtual home gateway, wherein means for associating the remote user comprises means for receiving a virtual private network identification (ID) and address of the first AAA server;
  
  means for performing a lookup for an address of the first AAA server at the virtual home gateway;
  
  means for sending a request to authenticate the remote user with said virtual private network from the virtual home gateway to the first AAA server located within the virtual private network;
  
  means for sending a request to the second AAA server to authorize the remote user with the virtual private network from the virtual home gateway;
  
  means for connecting the remote user to the virtual private network if the first AAA server successfully authenticates the remote user and if the second AAA server successfully authorizes the remote user; and
  
  means for sending accounting information directly to the first AAA server and the second AAA server from the virtual home gateway;
  
  wherein authentication of said remote user is performed at the first AAA server without contacting the AAA server associated with the virtual home gateway.
- View Dependent Claims (22)
- - 22. The system of claim 21 wherein the second AAA server contains the address of the virtual private network'"'"'s AAA server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Luo, Wei, Rosen, Eric
Primary Examiner(s)
Follansbee; John
Assistant Examiner(s)
Tang; Karen C

Application Number

US10/051,861
Time in Patent Office

2,534 Days
Field of Search

709/229, 709/225, 709/226, 709/224, 709/228, 709/227, 709/220, 370/351, 370/469, 370/406, 455/411
US Class Current

709/229
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

Method and system for providing authorization, authentication, and accounting for a virtual private network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

292 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing authorization, authentication, and accounting for a virtual private network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

292 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links