Method for processing a request for access to a data network

US 7,647,403 B2
Filed: 11/29/2000
Issued: 01/12/2010
Est. Priority Date: 11/29/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method of processing requests at an access server arrangement for a data terminal operated by an end user to access a data network, said method comprising:

receiving requests from data terminals at the access server arrangement for access to the data network;

comparing each request with a table comprising a plurality of different rules and identifying a matching rule comprising a primary choice procedure and a default procedure, the primary choice procedure specifying a remote authentication server;

in the event that a predetermined criterion, which is indicative of a possibility of a failure relating to the authentication server specified in the primary choice procedure of the matched rule, is not satisfied;

(i) attempting to forward the access request to the authentication server specified in the matched rule;

(ii) if a response is received from the authentication server, dealing with the access request in accordance with the response; and

(iii) if a response is not received from the authentication server, dealing with the access request in accordance with the default procedure specified in the matched rule; and

in the event that the predetermined criterion, which is indicative of a possibility of a failure relating to the authentication server specified in the primary choice procedure of the matched rule, is satisfied, dealing with each access request matching the matched rule in accordance with said default procedure, as specified in the matched rule, for a predetermined number of times and then attempting to forward a subsequently received access request, matching the same rule, to the authentication server specified in the primary choice procedure of the matched rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network access arrangement for connecting an end user'"'"'s computer to the Internet includes a network access server and a proxy server. When an end user requests to be connected to the Internet, the network access server forwards the access request to the proxy server. The proxy server authenticates some requests itself but forwards other requests to authentication servers for authentication. After receiving a response from one of the servers, the proxy server forwards the response to the network access server. If the proxy server does not receive a response from one of the authentication servers, it follows a default procedure. This can be to authenticate the request in the proxy server or simply to accept the request. The proxy server has a counter associated with each of the servers. Each time the proxy server receives a response from one of the servers, it decrements the appropriate counter. Each time it does not receive a response, it increments the appropriate counter. When one of the counters reaches a threshold value, the proxy server then follows the default procedure for a pre-set number of requests which would normally be forwarded to the appropriate server. After following the default procedure for this predetermined number of access requests, the proxy server forwards the next access requests, which would normally be forwarded to the relevant server, to that server.

36 Citations

View as Search Results

10 Claims

1. A method of processing requests at an access server arrangement for a data terminal operated by an end user to access a data network, said method comprising:
- receiving requests from data terminals at the access server arrangement for access to the data network;
  
  comparing each request with a table comprising a plurality of different rules and identifying a matching rule comprising a primary choice procedure and a default procedure, the primary choice procedure specifying a remote authentication server;
  
  in the event that a predetermined criterion, which is indicative of a possibility of a failure relating to the authentication server specified in the primary choice procedure of the matched rule, is not satisfied;
  
  (i) attempting to forward the access request to the authentication server specified in the matched rule;
  
  (ii) if a response is received from the authentication server, dealing with the access request in accordance with the response; and
  
  (iii) if a response is not received from the authentication server, dealing with the access request in accordance with the default procedure specified in the matched rule; and
  
  in the event that the predetermined criterion, which is indicative of a possibility of a failure relating to the authentication server specified in the primary choice procedure of the matched rule, is satisfied, dealing with each access request matching the matched rule in accordance with said default procedure, as specified in the matched rule, for a predetermined number of times and then attempting to forward a subsequently received access request, matching the same rule, to the authentication server specified in the primary choice procedure of the matched rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as in claim 1, wherein the table comprises a plurality of rules specifying a plurality of authentication servers and wherein a request is matched to a rule in accordance with the value of at least one attribute contained in the access request and further including:
    - selecting an authentication server from a plurality of authentication servers in accordance with the value of at least one attribute contained in the access request; and
      
      in said step of attempting to forward the access request, making an attempt to forward the access request to the selected authentication server.
  - 3. A method as in claim 1, in which the network access arrangement includes a proxy server, the proxy server being responsible for forwarding an access request to an authentication server, receiving any response from the authentication server, and, if appropriate, handling an access request in accordance with the default procedure.
  - 4. A method as in claim 1, in which the predetermined criterion is satisfied if there are repetitive failures to receive a response from an authentication server.
  - 5. A method as in claim 1, which further includes:
    - if a response is not received from an authentication server, changing the value held in a counter by one unit in one direction; and
      
      if a response is received from an authentication server, changing the value held in the counter by one unit in the other direction; and
      
      the predetermined criterion is reached when the value held in the counter has progressed in said one direction to a predetermined threshold.
  - 6. A method as in claim 5, in which, in the event that the counter has reached said predetermined threshold, the method further includes performing the default procedure for a predetermined number of times, then changing the value held in the counter by one unit in the other direction, then making an attempt to forward the next access request to the authentication server.
  - 7. A network access server configured to operate according to the method of claim 1.
  - 8. A network including at least one network access server according to claim 7 and at least one of said authentication servers.

9. An access server arrangement for controlling access by a data terminal operated by an end user to access a data network, said access server arrangement comprising:
- receiving means for receiving requests from data terminals at the access server arrangement for access to the data network; and
  
  processing and transmitting means for comparing each request with a table comprising a plurality of different rules and identifying a matching rule, comprising a primary choice procedure and a default procedure, the primary choice procedure specifying a remote authentication server and,in the event that a predetermined criterion, which is indicative of a possibility of a failure relating to the authentication server specified in the primary choice procedure of the matched rule, is not satisfied;
  
  (i) attempting to forward the access request to an authentication server specified in the matching rule;
  
  (ii) if a response is received from the authentication server dealing with the access request in accordance with the response; and
  
  (iii) if a response is not received from the authentication server dealing with the access request in accordance with a default procedure specified in the matched rule; and
  
  in the event that the predetermined criterion is satisfied, dealing with each access request matching a particular rule in accordance with the default procedure specified in the matched rule for a predetermined number of times and then attempting to forward a subsequently received access request matching the same rule to the authentication server specified in the matched rule wherein the table comprises a plurality of different rules.
- View Dependent Claims (10)
- - 10. A network including at least one access server arrangement as in claim 9 and one or more authentication servers operable to receive forwarded access requests from the access server arrangement.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
British Telecommunications PLC (BT Group PLC)
Original Assignee
British Telecommunications PLC (BT Group PLC)
Inventors
Gray, Robert H M
Primary Examiner(s)
Caldwell; Andrew
Assistant Examiner(s)
AILES, BENJAMIN A

Application Number

US10/130,425
Publication Number

US 20020188738A1
Time in Patent Office

3,331 Days
Field of Search

709/218, 709/225, 709/229, 709/224, 713/169, 713/201, 380/30, 380/247, 726/2, 726/4, 726/21, 370/394, 714/4
US Class Current

709/225
CPC Class Codes

H04L 12/2876   Handling of subscriber poli...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0838   using one-time-passwords

Method for processing a request for access to a data network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Method for processing a request for access to a data network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links