Authentication and authorization for simple network management protocol (SNMP)

US 7,877,469 B2
Filed: 02/01/2006
Issued: 01/25/2011
Est. Priority Date: 02/01/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A system, comprising:

a manager device configured to execute a Simple Network Management Protocol (SNMP) manager; and

an agent device configured to execute a SNMP agent, the SNMP agent in communication with the SNMP manager and configured to selectively provide access including for the SNMP manager to managed data,wherein the SNMP manager is configured to issue an SNMP data packet comprising a login command, a community name, a user identifier and a password to the SNMP agent and wherein the SNMP agent is configured to processes the login command and, if the login command is authenticated, is configured to allow access to the managed data, andwherein the SNMP agent is configured to forward the user identifier and the password instead of the community name to an authentication server and wherein the authentication server is configured to attempt to authenticate a user based on the user identifier and the password instead of the community name.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided that includes a manager device that executes a Simple Network Management Protocol (SNMP) manager. The system also includes an agent device coupled to the manager device. The agent device executes a SNMP agent that selectively provides access to managed data. The SNMP manager enables a user to issue a login command. The SNMP agent processes the login command and, if the user is authenticated, allows the user to access the managed data using a session identifier.

Citations

20 Claims

1. A system, comprising:
- a manager device configured to execute a Simple Network Management Protocol (SNMP) manager; and
  
  an agent device configured to execute a SNMP agent, the SNMP agent in communication with the SNMP manager and configured to selectively provide access including for the SNMP manager to managed data,wherein the SNMP manager is configured to issue an SNMP data packet comprising a login command, a community name, a user identifier and a password to the SNMP agent and wherein the SNMP agent is configured to processes the login command and, if the login command is authenticated, is configured to allow access to the managed data, andwherein the SNMP agent is configured to forward the user identifier and the password instead of the community name to an authentication server and wherein the authentication server is configured to attempt to authenticate a user based on the user identifier and the password instead of the community name.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1 wherein the SNMP agent is configured to access the managed data based on a session identifier contained in an SNMP message sent by the SNMP manager.
  - 3. The system of claim 1 wherein the SNMP agent is configured to generate a table containing at least one user identifier and associated password, each user identifier and associated password being indexed by a separate session identifier.
  - 4. The system of claim 1 wherein, if the user is authenticated, the authentication server is configured to provide an authorization level for the user to the SNMP agent.
  - 5. The system of claim 4 wherein the SNMP agent is configured to track list of logged-in users and each user'"'"'s authorization level.
  - 6. The system of claim 4 wherein the authorization level provides non-global read-only (RO) access rights to the managed data.
  - 7. The system of claim 4 wherein the authorization level provides non-global read-write (RW) access rights to the managed data.
  - 8. The system of claim 4 wherein the authorization level restricts use of predetermined SNMP commands.
  - 9. The system of claim 1 wherein, after logging-in, a subsequent request is permitted by placing the session identifier in a community name data field of the request.

10. A memory device that stores a Simple Network Management Protocol (SNMP) data packet issued by a SNMP manager executing on a managing device, the SNMP data packet comprising:
- a community name data field;
  
  a login command data field;
  
  a user identifier data field; and
  
  a password data field,wherein a non-transitory login command contained in the login command data field causes a SNMP agent process values in the user identifier data field and the password data field for authentication instead of values in the community name data field.
- View Dependent Claims (11, 19, 20)
- - 11. The memory device of claim 10 wherein the SNMP data packet further comprises a session identifier data field and wherein, if the values in the user identifier data field and the password data field are authenticated, a valid session request is recognized by placing a value of the session identifier data field in the community name data field.
  - 19. The memory device of claim 10 wherein the SNMP agent is configured to generate a table containing at least one user identifier and associated password, each user identifier and associated password being indexed by a separate session identifier.
  - 20. The memory device of claim 10 wherein, if a user is authenticated, the authentication server is configured to provide an authorization level for the user to the SNMP agent.

12. A method, comprising:
- issuing, by a Simple Network Management Protocol (SNMP) manager, a command using a SNMP data packet, the SNMP data packet comprising;
  
  a community name data field,a login command data field,a user identifier data field, anda password data field; and
  
  authenticating, by an authentication server, a user associated with the command based on values in the user identifier data field and the password data field instead of values the community name data field.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12 further comprising, if a user is authenticated, providing an authorization level for the user.
  - 14. The method of claim 13 wherein providing an authorization level for the user comprises providing non-global access rights to managed data.
  - 15. The method of claim 13 wherein providing an authorization level for the user comprises restricting user of at least one SNMP command.
  - 16. The method of claim 12 further comprising updating a list of logged-in users and tracking an authorization level associated with each logged-in user.
  - 17. The method of claim 12 further comprising, after a successful login, issuing a subsequent SNMP request by placing a session identifier in a community name data field of the request.
  - 18. The method of claim 17 further comprising encrypting a value in the community name data field using a public key derived from object identifiers (OIDs) provided in a message packet protocol data unit (PDU).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Parks, Gary, Fang, Scott, Bhat, Kong Posh
Primary Examiner(s)
Chan; Wing F
Assistant Examiner(s)
PATEL, HITESHKUMAR R

Application Number

US11/345,547
Publication Number

US 20070180086A1
Time in Patent Office

1,819 Days
Field of Search

709/223, 709/221, 709/224
US Class Current

709/223
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/046   comprising network manageme...

H04L 41/28   Restricting access to netwo...

H04L 63/083   using passwords cryptograph...

H04L 63/105   Multiple levels of security

Authentication and authorization for simple network management protocol (SNMP)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication and authorization for simple network management protocol (SNMP)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links