Method and apparatus for securely disseminating security server contact information in a network
First Claim
1. A method comprising:
- receiving a server list as part of a first security exchange, whereinthe server list is received by a first network device,the first network device acts as a supplicant in the first security exchange,the server list comprises network addresses of two or more security servers, including a first network address of a first security server and a second network address of a second security server, andthe server list identifies the first security server as having a higher priority than the second security server; and
communicating with the first security server of the two or more security servers as part of a second security exchange, using information in the server list, whereinthe first network device acts as an authenticator to a second network device in the second security exchange,the communicating comprises sending a packet to the first network address of the first security server, andthe communicating is performed by the first network device; and
sending the server list during the second security exchange, wherein the first network device performs the sending to the second network device.
1 Assignment
0 Petitions
Accused Products
Abstract
Various systems and method are disclosed for disseminating security server contact information in a network. For example, one method (e.g., performed by a security server) involves determining that a network device is a secure network device, in response to participating in a security exchange with the network device; and then sending a server list to the network device. The server list includes the network address of at least one security server. Another method (e.g., performed by a network device) involves initiating an authentication exchange; receiving a server list, which includes the network address of a security server, as part of the authentication exchange; and communicating with the security server by sending a packet to the network address included in the server list.
10 Citations
25 Claims
-
1. A method comprising:
-
receiving a server list as part of a first security exchange, wherein the server list is received by a first network device, the first network device acts as a supplicant in the first security exchange, the server list comprises network addresses of two or more security servers, including a first network address of a first security server and a second network address of a second security server, and the server list identifies the first security server as having a higher priority than the second security server; and communicating with the first security server of the two or more security servers as part of a second security exchange, using information in the server list, wherein the first network device acts as an authenticator to a second network device in the second security exchange, the communicating comprises sending a packet to the first network address of the first security server, and the communicating is performed by the first network device; and sending the server list during the second security exchange, wherein the first network device performs the sending to the second network device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
determining that a first network device is a secure network device as part of a security exchange, wherein the determining is performed in response to the first network device providing proper credentials to a first security server, and the first security server performs the determining while participating in the security exchange; sending a server list to the first network device during the security exchange, in response to the determining, wherein the security server performs the sending, the server list comprises network addresses of two or more security servers, including a first network address of the first security server and a second network address of a second security server, and the server list identifies the first security server as having a higher priority than the second security server; and participating in a subsequent security exchange with a second network device, wherein the first security server performs the participating, and the first network device contacts the first security server during the subsequent security exchange using the first network address of the first security server in the server list. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system comprising:
a network device comprising a security module and a memory device coupled to the security module, wherein the security module is configured to participate as a supplicant in a security exchange, the security module is configured to receive a server list during the security exchange, the server list comprises network addresses of two or more security servers, including a first network address of a first security server and a second network address of a second security server, the server list identifies the first security server as having a higher priority than the second security server, and the security module is configured to store the server list in the memory device, and the security module is configured to use the first network address of the first security server of the two or more security servers to contact the first security server during a subsequent security exchange, wherein the security module is configured to act as an authenticator to a second network device in the subsequent security exchange, and the security module is configured to send the server list to the second network device during the subsequent security exchange. - View Dependent Claims (12, 13, 14, 15)
-
16. A system, comprising:
a first security server comprising a security module and a memory device coupled to the security module, wherein the security module is configured to participate in a security exchange with a first network device, the memory device is configured to store a server list, the server list comprising network addresses of two or more security servers, including a first network address of the first security server and a second network address of a second security server, the server list identifies the first security server as having a higher priority than the second security server, and the security module is configured to send the server list to the first network device, in response to detecting that the first network device is a secure network device, in response to the first network device providing proper credentials to the security module while participating in the security exchange, and the security module is configured to participate in a subsequent security exchange with a second network device, wherein the first network device is configured to contact the first security server during the subsequent security exchange using the first network address of the first security server in the server list. - View Dependent Claims (17, 18, 19)
-
20. A system comprising:
-
a first security server; and a first network device coupled to the first security server, wherein the first security server is configured to participate in a security exchange with the first network device, the first security server is configured to provide a server list to the first network device, in response to detecting that the first network device is a secure network device, in response to the first network device presenting proper credentials to the first security server while participating in the security exchange, the server list comprises addresses of two or more security servers, including a first network address of the first security server and a second network address of a second security server, the server list identifies the first security server as having a higher priority than the second security server; and the first security server is configured to participate in a subsequent security exchange with a second network device, wherein the first network device contacts the first security server during the subsequent security exchange using the first network address of the first security server in the server list. - View Dependent Claims (21, 22, 23)
-
-
24. A system comprising:
-
non-transitory computer readable storage means for storing a server list, wherein the server list comprises network addresses of two or more security servers, including a first network address of a first security server and a second network address of a second security server, and wherein the server list identifies the first security server as having a higher priority than the second security server; and security module means for; participating as a supplicant in a security exchange, wherein the security module means receive the server list during the security exchange, and wherein the security module means store the server list in the non-transitory computer readable storage means in response to receipt of the server list, participating as an authenticator in a subsequent security exchange, wherein the security module means act as an authenticator to a network device, the security module means use the first network address of the first security server of the two or more security servers to contact the first security server during the subsequent security exchange and the security module means send the server list to the network device during the subsequent security exchange.
-
-
25. A system comprising:
-
non-transitory computer readable storage means for storing a server list, wherein the server list comprises network addresses of two or more security servers, including a first network address of a first security server and a second network address of a second security server, and wherein the server list identifies the first security server as having a higher priority than the second security server; and security module means for; participating in a security exchange with a first network device, wherein the participating in the security exchange comprises sending the server list to the first network device, in response to detecting that the first network device is a secure network device, in response to the first network device providing proper credentials to the security module while participating in the security exchange, and participating in a subsequent security exchange with a second network device, wherein the first network device contacts the first security server during the subsequent security exchange using the first network address of the first security server in the server list.
-
Specification