Distributed authentication, authorization and accounting
First Claim
1. A first computer system, residing on a first computer network of a plurality of computer networks, for controlling access to the plurality of computer networks, the first computer system configured to:
- receive a first credential from a network access controller on the first computer network, the first credential being associated with a first connecting device requesting access to the plurality of computer networks at the network access controller;
select, using a criterion, at least one authentication routing policy from a plurality of authentication routing policies, each authentication routing policy of the plurality of authentication routing policies comprising;
address information associated with at least two authentication databases against which the first credential associated with the first connecting device may be authenticated, wherein at least one of the at least two authentication databases is contained on a second computer system residing on a second computer network;
select a first authentication database of the at least two authentication databases of the selected at least one authentication routing policy against which the first credential is to be authenticated;
communicate the first credential to the first authentication database using the address information;
receive an authentication response from the first authentication database; and
communicate the authentication response to the network access controller.
9 Assignments
0 Petitions
Accused Products
Abstract
In some embodiments, computer systems, storage mediums, and methods are provided for controlling a connecting device'"'"'s access to a plurality of computer networks. In other embodiments, the provided computer systems, storage mediums, and methods may provide for authentication, authorization, and accounting of connecting devices connecting to a plurality of computer networks. In other embodiments, the provided computer systems, storage mediums, and methods may provide for the distribution of authentication routing data and authorization policies among a plurality of computer networks. In yet other embodiments, the provided computer systems, storage mediums, and methods may provide for the distribution of accounting among a plurality of computer networks.
32 Citations
20 Claims
-
1. A first computer system, residing on a first computer network of a plurality of computer networks, for controlling access to the plurality of computer networks, the first computer system configured to:
-
receive a first credential from a network access controller on the first computer network, the first credential being associated with a first connecting device requesting access to the plurality of computer networks at the network access controller; select, using a criterion, at least one authentication routing policy from a plurality of authentication routing policies, each authentication routing policy of the plurality of authentication routing policies comprising; address information associated with at least two authentication databases against which the first credential associated with the first connecting device may be authenticated, wherein at least one of the at least two authentication databases is contained on a second computer system residing on a second computer network; select a first authentication database of the at least two authentication databases of the selected at least one authentication routing policy against which the first credential is to be authenticated; communicate the first credential to the first authentication database using the address information; receive an authentication response from the first authentication database; and communicate the authentication response to the network access controller. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory storage medium, readable by a first processor of a first computer system residing on a first computer network of a plurality of computer networks, having embodied therein a program of commands executable by the first processor, the program being adapted to be executed to:
-
receive a first credential from a network access device on the first computer network, the first credential being relatable to a first connecting device requesting access to the plurality of computer networks at the network access device; select, using a criterion, at least one authentication routing policy from a plurality of authentication routing policies, each authentication routing policy of the plurality of authentication routing policies comprising; address information associated with at least two authentication databases against which the first credential related to the first connecting device may be authenticated, wherein at least one of the at least two authentication databases is contained on a second computer system residing on a second computer network; and select a first authentication database of the at least two authentication databases of the at least one authentication routing policy against which the first credential is to be authenticated; communicate the first credential to the first authentication database using the address information; receive an authentication response from the first authentication database; communicate the authentication response to the network access device; receive at least a portion of an authorization policy comprising one or more rules for controlling a connecting device'"'"'s access to the plurality of computer networks from a third computer system residing on a computer network different than the first computer network; store the authorization policy; receive first authorization information related to the first connecting device; compare the first authorization information to the authorization policy; and control the first connecting device'"'"'s access to the plurality of computer networks based on a result of the comparison.
-
Specification