Internetwork authentication
First Claim
Patent Images
1. A method comprising:
- receiving a request for a policy-based identity routing service for a first network;
providing a local authoritative user datastore interface (LAUDI) to a network device of the first network;
obtaining a set of rules for identity routing to the first network;
establishing a secure persistent connection between the LAUDI on the network device of the first network and an online authentication proxy;
wherein a successful authentication result, from the LAUDI for a station associated with a second network, is indicative of the station being allowed access to services on the second network;
receiving an authentication request from the second network for the station;
routing the authentication request based on a rule of the set of rules to the LAUDI;
receiving an authentication result from the LAUDI; and
sending the authentication result to the second network;
wherein the successful authentication result is indicative of the station being allowed access to services on the second network.
4 Assignments
0 Petitions
Accused Products
Abstract
A technique for network authentication interoperability involves initiating an authentication procedure on a first network, authenticating on a second network, and allowing access at the first network. The technique can include filtering access to a network, thereby restricting access to users with acceptable credentials. Offering a service that incorporates these techniques can enable incorporation of the techniques into an existing system with minimal impact to network configuration.
-
Citations
17 Claims
-
1. A method comprising:
-
receiving a request for a policy-based identity routing service for a first network; providing a local authoritative user datastore interface (LAUDI) to a network device of the first network; obtaining a set of rules for identity routing to the first network; establishing a secure persistent connection between the LAUDI on the network device of the first network and an online authentication proxy; wherein a successful authentication result, from the LAUDI for a station associated with a second network, is indicative of the station being allowed access to services on the second network; receiving an authentication request from the second network for the station; routing the authentication request based on a rule of the set of rules to the LAUDI; receiving an authentication result from the LAUDI; and sending the authentication result to the second network; wherein the successful authentication result is indicative of the station being allowed access to services on the second network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
a means for receiving a request for a policy-based identity routing service for a first network; a means for providing a local authoritative user datastore interface (LAUDI) to a network device of the first network; a means for obtaining a set of rules for identity routing to the first network; a means for establishing a secure persistent connection between the LAUDI on the network device of the first network and an online authentication proxy; wherein a successful authentication result, from the LAUDI for a station associated with a second network, is indicative of the station being allowed access to services on the second network; a means for receiving an authentication request from the second network for the station; a means for routing the authentication request based on a rule of the set of rules to the LAUDI; a means for receiving an authentication result from the LAUDI; and a means for sending the authentication result to the second network; wherein the successful authentication result is indicative of the station being allowed access to services on the second network. - View Dependent Claims (13, 14)
-
-
15. A method comprising:
-
receiving at a network access point associated with a first network a first authentication request for a first station associated with a second network; making a local determination that the first authentication request is suitable for off-network authentication; sending the first authentication request off-network; receiving from off-network an off-network authentication result responsive to the first authentication request; providing services to the first station consistent with the off-network authentication result; establishing a persistent connection with an internetwork authentication service provider, wherein the first authentication request is sent to the internetwork authentication service provider and the off-network authentication result is received from the internetwork authentication service provider; receiving at the network access point a second authentication request for a second station; making a determination that the second authentication request is suitable for on-network authentication; initiating on-network authentication of the second station; obtaining an on-network authentication result responsive to the second authentication request; and providing services to the second station consistent with the on-network authentication result. - View Dependent Claims (16, 17)
-
Specification