Secure communication network user mobility apparatus and methods
First Claim
Patent Images
1. A method comprising:
- receiving an authentication request, from a first secure intranet network in which a network service is provided, for an independently controlled second secure intranet network, with which a mobile user is associated, to authenticate the mobile user for local access to the network service from within the first secure intranet network, the authentication request being received at the second secure intranet network and comprising a request by the first secure intranet network for the second secure intranet network to authenticate the mobile user for local access to the network service from within the first secure intranet network;
the second secure intranet network authenticating the mobile user according to user identity records at the second secure intranet network; and
the second secure intranet network providing to the first secure intranet network an indication of a result of the authentication,the method further comprising;
creating at the second secure intranet network a digital user identity to be used by the mobile user in the first secure intranet network, where the mobile user is successfully authenticated,wherein the providing comprises providing the user identity to the first secure intranet network.
4 Assignments
0 Petitions
Accused Products
Abstract
Secure communication network user mobility apparatus and methods are disclosed. A mobile user that is locally connected to a first communication network in which a service is provided, but is associated with an independently controlled second secure communication network, may be authenticated for access to the service by the second communication network. This allows seamless user mobility between networks in a partner extranet or other collection of trusted networks based on existing inter-network user mobility relationships. Access control, monitoring, and reporting, for example, and possibly other functions, may also be provided.
-
Citations
21 Claims
-
1. A method comprising:
-
receiving an authentication request, from a first secure intranet network in which a network service is provided, for an independently controlled second secure intranet network, with which a mobile user is associated, to authenticate the mobile user for local access to the network service from within the first secure intranet network, the authentication request being received at the second secure intranet network and comprising a request by the first secure intranet network for the second secure intranet network to authenticate the mobile user for local access to the network service from within the first secure intranet network; the second secure intranet network authenticating the mobile user according to user identity records at the second secure intranet network; and the second secure intranet network providing to the first secure intranet network an indication of a result of the authentication, the method further comprising; creating at the second secure intranet network a digital user identity to be used by the mobile user in the first secure intranet network, where the mobile user is successfully authenticated, wherein the providing comprises providing the user identity to the first secure intranet network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus comprising:
-
an interface for exchanging information between a first secure intranet network and an independently controlled second secure intranet network; and an authentication module operatively coupled to the interface and operable; to receive through the interface, at the second secure intranet network, an authentication request from the first secure intranet network for the second secure intranet network to authenticate a mobile user associated with the second secure intranet network for local access from within the first secure intranet network to a network service provided in the first secure intranet network, the authentication request comprising a request by the first secure intranet network for the second secure intranet network to authenticate the mobile user for local access to the network service from within the first secure intranet network; to authenticate the mobile user, at the second secure intranet network, according to user identity records at the second secure intranet network; and to provide an indication of a result of the authentication from the second secure intranet network to the first secure intranet network through the interface, at least one of the interface and the authentication module being implemented using hardware, wherein the authentication module is further configured to create, at the second secure intranet network, a digital user identity to be used by the mobile user in the first secure intranet network, where the mobile user is successfully authenticated, and to provide an indication of a result of the authentication by providing the user identity to the first secure intranet network. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification