Authentication mark-up data of multiple local area networks

US 8,074,259 B1
Filed: 04/28/2005
Issued: 12/06/2011
Est. Priority Date: 04/28/2005
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

an update device coupled to a wide area network and having stored therein authentication markup data; and

a plurality of network access devices (NADs) coupled to the wide area network, each of the NADs associated with a separate local area network (LAN), and each of the NADs to redirect clients attempting access through the NAD to an authentication page constructed using authentication markup data in the update device, wherein at least a portion of the authentication markup data stored in the update device is shared to construct authentication pages of at least two of the NADs, wherein the authentication markup data used to construct the authentication page is selected based on predetermined criteria of a respective LAN and a respective NAD, and wherein a first NAD of the plurality of NADs periodically requests operational status of the device and informs said operational status to other NADs of the plurality of NADs.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication mark-up data of multiple local area networks is disclosed. In one embodiment of a system, the system includes a wide area network, an update device coupled to the wide area network, and any number of gateway devices coupled to the wide area network. Each of the gateway devices is associated with a separate local area network. Each of the plurality of gateway devices automatically provide an authentication page stored in the update device based upon a data provided to the update device. In addition, the authentication page is the same for at least some of the plurality of gateway devices, according to the one embodiment.

Citations

24 Claims

1. A system, comprising:
- an update device coupled to a wide area network and having stored therein authentication markup data; and
  
  a plurality of network access devices (NADs) coupled to the wide area network, each of the NADs associated with a separate local area network (LAN), and each of the NADs to redirect clients attempting access through the NAD to an authentication page constructed using authentication markup data in the update device, wherein at least a portion of the authentication markup data stored in the update device is shared to construct authentication pages of at least two of the NADs, wherein the authentication markup data used to construct the authentication page is selected based on predetermined criteria of a respective LAN and a respective NAD, and wherein a first NAD of the plurality of NADs periodically requests operational status of the device and informs said operational status to other NADs of the plurality of NADs.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the authentication page is the same for at least some of the plurality of NADs.
  - 3. The system of claim 1, wherein an authentication page of a NAD is generated using at least a portion of the authentication markup data stored in the update device and is cached within the NAD when presented to the client over the respective LAN.
  - 4. The system of claim 1, wherein at least one of the NADs performs at least a portion of the authentication.
  - 5. The system of claim 1, wherein authentication is performed in at least one of an external authentication server and an internal authentication server.
  - 6. The system of claim 1, wherein the authentication page is transmitted to each of the NADs from the update device, and stored locally in each of the plurality of NADs.
  - 7. The system of claim 1, wherein a secure connection is formed between at least one of the NADs and the update device using at least one of a virtual private network protocol (VPN), a hypertext transport protocol secure socket layer protocol (HTTPS), an encryption method over a communications channel, a fully qualified domain name protocol (FQDN), and at least one internet protocol (IP) address.
  - 8. The system of claim 1, wherein a list of at least one defined internet protocol (IP) address and at least one port name is maintained on each of the plurality of NADs to specify permitted communication channels between the plurality of NADs and the update device.

9. A machine implemented method, comprising:
- in response to a request for accessing a destination received from a client over a first local area network (LAN), a first network access device (NAD) establishing a first authentication page, which is constructed using authentication markup data stored in an update device communicatively coupled to the first NAD over a wide area network (WAN), wherein the authentication markup data used to construct the first authentication page is selected based on predetermined criteria of the first LAN and the first NAD, and wherein first NAD of the plurality of NADs periodically requests operational status of the update device and informs said operational status to other NADs of the plurality of NADs; and
  
  the first NAD redirecting the request of the client to the established first authentication page for authenticating the client, wherein at least a portion of the authentication markup data used in the first authentication page is shared with another authentication page established by a second NAD for authenticating a client of another LAN.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 10. The method of claim 9, wherein at least a portion of the first authentication page is cached within the first NAD.
  - 11. The method of claim 9, wherein the first NAD performs a portion of the authentication of the client using a user database maintained within the first NAD.
  - 12. The method of claim 9, wherein the authentication is performed via at least one of an external authentication server and an internal authentication server with respect to at least one of the first NAD and the update device.
  - 13. The method of claim 9, further comprising forming a secure connection between the update device and the first NAD using at least one of a virtual private network protocol (VPN), a hypertext transport protocol secure socket layer protocol (HTTPS), an encryption method over a communications channel, a fully qualified domain name protocol (FQDN), and at least one internet protocol (IP) address.
  - 14. The method of claim 9, further comprising maintaining a list of at least one defined Internet protocol (IP) address and at least one port identity within the first NAD to specify permitted communications channels between the first NAD and the update device.
  - 15. The method of claim 9, further comprising the update device transmitting the first authentication page to the first NAD to authenticate the client.
  - 16. The method of claim 15, further comprising the first authentication page invoking an authentication facility to authenticate the client in response to a user input received via the first authentication page.
  - 17. The method of claim 16, further comprising:
    - determining status of the authentication facility while presenting the first authentication page to the client; and
      
      presenting a second authentication page to the client indicating authentication service unavailable if the authentication facility is unavailable based on the status of the authentication facility, wherein the second authentication page is constructed using at least a portion of the authentication markup data stored in the update device.
  - 18. The method of claim 16, further comprising:
    - in response to authentication information received from the client, the authentication facility authenticating the client; and
      
      presenting a third authentication page to the client indicating a failure of the authentication if the authentication fails and redirecting the client back to the first authentication page, wherein the third authentication page is constructed using at least a portion of the authentication markup data stored in the update device.
  - 19. The method of claim 18 further comprising the first NAD directing the client to the requested destination if the authentication facility successfully authenticates the client.

20. A machine implemented method, comprising:
- centralizing control of markup data for generating authentication pages by, storing the markup data in an update device accessible over a wide area network (WAN); and
  
  operating a plurality of gateway in different local area networks (LANs) coupled to the WAN to cause redirection of clients attempting access through the plurality of gateway devices to authentication pages constructed using the markup data in the update device, wherein the authentication markup data used to construct the authentication pages is selected based on predetermined criteria of respective LANs and respective plurality of gateway devices, and wherein a first gateway device of the plurality of gateway devices periodically requests operational status of the update device and informs said operational status to other gateway devices of the plurality of gateway devices.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The method of claim 20, wherein the markup data is stored in storage accessible by the update device, and wherein the markup data is configured by an administrator by accessing the update device.
  - 22. The method of claim 20, further comprising invoking an authentication server to authenticate the clients in response to user inputs received via the authentication pages.
  - 23. The method of claim 22, wherein the authentication pages are constructed by the update device using the markup data stored therein, wherein at least one of the authentication pages is transmitted to each of the plurality of gateway devices and hosted by a respective gateway device, and wherein the respective gateway device invokes the authentication server to authenticate the clients.
  - 24. The method of claim 20, wherein the authentication pages are constructed by the update device using the markup data stored therein and hosted by the update device, and wherein the update device invokes the authentication server to authenticate the clients.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
SonicWALL, Inc. (SonicWall Holdings Ltd.)
Inventors
Levy, Joseph H., Telehowski, David M., Chen, Zhong, Johnson, Shannon L.
Primary Examiner(s)
Tran, Ellen

Application Number

US11/118,506
Time in Patent Office

2,413 Days
Field of Search

726/2, 726/4, 713/153
US Class Current

726/2
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/168   above the transport layer

Authentication mark-up data of multiple local area networks

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication mark-up data of multiple local area networks

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links