Methods and apparatus for implementing authentication
First Claim
1. A method for authenticating communications in a network environment, the method comprising:
- engaging, with a proxy device, in a first set of communications to establish a first communication link with a client, the first set of communications comprising sending to the client a first challenge, obtaining from the client a first challenge response, sending the first challenge response to a resource independent of the client, and receiving a notification from the resource that the client has been authenticated, the notification generated using security information associated with the client;
engaging, with the proxy device, in a second set of communications to establish a set of second communication links with multiple servers on behalf of the client, the second set of communications comprising receiving a second challenge from each of the servers, sending the second challenges to the resource, receiving a second challenge response for each of the servers from the resource, each of the second challenge responses generated using a respective one of the second challenges and the security information, and forwarding a respective one of the second challenge responses to each of the servers; and
facilitating, with the proxy device, a flow of traffic between the first communication link and the set of second communication links to enable the client to access information from the multiple servers.
1 Assignment
0 Petitions
Accused Products
Abstract
A proxy (e.g., a switch) resides in a respective network environment between one or more clients and multiple servers. One purpose of the proxy is to provide the clients a unified view of a distributed file system having respective data stored amongst multiple remote and disparate storage locations over a network. Another purpose of the proxy is to enable the clients to retrieve data stored at the multiple servers. To establish a first connection between the proxy and a respective client, the proxy communicates with an authentication agent (residing at a location other than at the client) to verify a challenge response received from the client. When establishing a set of second connections with the multiple servers, the proxy communicates with the authentication agent to generate challenge responses on behalf of the client. The proxy facilitates a flow of data on the first connection and the set of second connections.
-
Citations
32 Claims
-
1. A method for authenticating communications in a network environment, the method comprising:
-
engaging, with a proxy device, in a first set of communications to establish a first communication link with a client, the first set of communications comprising sending to the client a first challenge, obtaining from the client a first challenge response, sending the first challenge response to a resource independent of the client, and receiving a notification from the resource that the client has been authenticated, the notification generated using security information associated with the client; engaging, with the proxy device, in a second set of communications to establish a set of second communication links with multiple servers on behalf of the client, the second set of communications comprising receiving a second challenge from each of the servers, sending the second challenges to the resource, receiving a second challenge response for each of the servers from the resource, each of the second challenge responses generated using a respective one of the second challenges and the security information, and forwarding a respective one of the second challenge responses to each of the servers; and facilitating, with the proxy device, a flow of traffic between the first communication link and the set of second communication links to enable the client to access information from the multiple servers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A proxy device, comprising:
one or more processors, a network interface controller, and a memory, at least one of the processors or the network interface controller configured to be capable of executing instructions to implement; engaging in a first set of communications to establish a first communication link with a client, the first set of communications comprising sending to the client a first challenge, obtaining from the client a first challenge response, sending the first challenge response to a resource independent of the client, and receiving a notification from the resource that the client has been authenticated, the notification generated using security information associated with the client; engaging in a second set of communications to establish a set of second communication links with multiple servers on behalf of the client, the second set of communications comprising receiving a second challenge from each of the servers, sending the second challenges to the resource, receiving a second challenge response for each of the servers from the resource, each of the second challenge responses generated using a respective one of the second challenges and the security information, and forwarding a respective one of the second challenge responses to each of the servers; and facilitating a flow of traffic between the first communication link and the set of second communication links to enable the client to access information from the multiple servers. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. A non-transitory computer readable medium having instructions stored thereon for authenticating communications in a network environment comprising machine executable code which when executed by a processing device, causes the processing device to perform steps comprising:
-
engaging in a first set of communications to establish a first communication link with a client, the first set of communications comprising sending to the client a first challenge, obtaining from the client a first challenge response, sending the first challenge response to a resource independent of the client, and receiving a notification from the resource that the client has been authenticated, the notification generated using security information associated with the client; engaging in a second set of communications to establish a set of second communication links with multiple servers on behalf of the client, the second set of communications comprising receiving a second challenge from each of the servers, sending the second challenges to the resource, receiving a second challenge response for each of the servers from the resource, each of the second challenge responses generated using a respective one of the second challenges and the security information, forwarding a respective one of the challenge responses to each of the servers; facilitating a flow of traffic between the first communication link and the set of second communication links to enable the client to access information from the multiple servers. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A system for authenticating communications in a network environment, the system comprising:
-
a plurality of servers, a resource device, and a proxy device, the proxy device comprises one or more processors, a network interface controller configured to communicate with the plurality of servers and the resource device, and a memory, at least one of the processors or the network interface controller configured to implement; engaging in a first set of communications to establish a first communication link with a client, the first set of communications comprising sending to the client a first challenge, obtaining from the client a first challenge response, sending the first challenge response to the resource device, the resource device independent of the client, and receiving a notification from the resource device that the client has been authenticated, the notification generated using security information associated with the client; engaging in a second set of communications to establish a set of second communication links with the servers on behalf of the client, the second set of communications comprising receiving a second challenge from each of the servers, sending the second challenges to the resource device, receiving a second challenge response for each of the servers from the resource device, each of the second challenge responses generated using a respective one of the second challenges and the security information, and forwarding a respective one of the second challenge responses to each of the servers; and facilitating a flow of traffic between the first communication link and the set of second communication links to enable the client to access information from the servers. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
Specification