Enhanced network access-control credentials

US 9,275,204 B1
Filed: 09/25/2012
Issued: 03/01/2016
Est. Priority Date: 09/28/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A network access device, comprising:

a network interface configured for data communication with network connected devices via a network;

a memory and processor system to execute stored computer instructions that when executed implement an access control manager configured to;

receive a network access request from a requesting device to access the network, the requesting device separate from, external to, and communicating via the network with the network access device, the network access request including a key-value pair;

modify the network access request to generate a modified network access request by modifying the key-value pair and adding information into the modified network access request about the network access request;

replace the network access request with the modified network access request; and

communicate the modified network access request to an authentication server that is configured to authenticate the requesting device to the network based on the modified key-value pair and the information about the network access request that is included in the modified network access request, the authentication server separate from, external to, and communicating via the network with the network access device;

wherein the access control manager is further configured to communicate the modified network access request to the authentication server in parallel with an additional communication of the modified network access request to a different authentication server; and

wherein the access control manager is further configured to receive responses from the authentication server and the different authentication server and combine the received responses into a logical action plan for allowing the requesting device access to the network.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In aspects of enhanced network access-control credentials, a network access device includes a network interface for data communication with network-connected devices via a network. The network access device implements an access control manager that receives a network access request from a requesting device to access the network, where the network access request includes authentication credentials. The access control manager can then modify the network access request to generate a modified network access request, and initiate communication of the modified network access request to an authentication server that authenticates the requesting device to the network based on the modified network access request.

26 Citations

View as Search Results

14 Claims

1. A network access device, comprising:
- a network interface configured for data communication with network connected devices via a network;
  
  a memory and processor system to execute stored computer instructions that when executed implement an access control manager configured to;
  
  receive a network access request from a requesting device to access the network, the requesting device separate from, external to, and communicating via the network with the network access device, the network access request including a key-value pair;
  
  modify the network access request to generate a modified network access request by modifying the key-value pair and adding information into the modified network access request about the network access request;
  
  replace the network access request with the modified network access request; and
  
  communicate the modified network access request to an authentication server that is configured to authenticate the requesting device to the network based on the modified key-value pair and the information about the network access request that is included in the modified network access request, the authentication server separate from, external to, and communicating via the network with the network access device;
  
  wherein the access control manager is further configured to communicate the modified network access request to the authentication server in parallel with an additional communication of the modified network access request to a different authentication server; and
  
  wherein the access control manager is further configured to receive responses from the authentication server and the different authentication server and combine the received responses into a logical action plan for allowing the requesting device access to the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The network access device as recited in claim 1, wherein the access control manager is further configured to:
    - initiate a query from the network access device, the query formatted as a query key-value pair;
      
      communicate the query key-value pair to the authentication server that is configured to confirm the query key-value pair and reply with an authentication response; and
      
      receive the authentication response from the authentication server, the authentication response formatted as a response to the query and including an operating parameter defining an attribute of how the network access device is to handle the requesting device that is attempting to access the network.
  - 3. The network access device as recited in claim 1, wherein the memory and processor system are embodied on a system-on-chip (SoC) to implement the access control manager.
  - 4. The network access device as recited in claim 2, wherein the authentication response that is formatted as the response to the query includes a configuration update for the network access device.
  - 5. The network access device as recited in claim 1, wherein the access control manager for modifying the key-value pair replaces the key-value pair with a different key-value pair.
  - 6. The network access device as recited in claim 1, wherein the access control manager for modifying the key-value pair modifies a key or a value of the key-value pair.
  - 7. The network access device as recited in claim 1, wherein the access control manager is configured to modify the key-value pair by adding an additional key-value pair generated by the network access device.
  - 8. The network access device as recited in claim 1, wherein the access control manager for adding information about the network access request includes instructions for formatting the added information as an additional key-value pair.
  - 9. The network access device as recited in claim 1, wherein the access control manager for adding information about the network access request includes instructions for adding information that indicates a physical location of the network access device through which the requesting device is attempting to access the network.
  - 10. The network access device as recited in claim 1, wherein the access control manager for adding information about the network access request adds information that indicates a time period during which the requesting device is allowed to access the network.

11. A method implemented by at least hardware of a network access device, the method comprising:
- receiving, via a network interface, a network access request from a requesting device to access a network, the network access request including a key-value pair, the network access request received at the network access device that communicates with network-connected devices via the network, the network access device including a network control manager, the network access device separate from, external to, and communicating via the network with the requesting device;
  
  modifying the network access request at the network access device to generate a modified network access request that is stored in a memory of the network access device, the modifying comprising modifying the key-value pair and adding information about the network access request;
  
  replacing the network access request with the modified network access request in the memory; and
  
  communicating the modified network access request in electronic form via the network interface to an authentication server that authenticates the requesting device to the network based on the modified key-value pair and the information about the network access request that is included in the modified network access request, the authentication server separate from, external to, and communicating via the network with the network access device;
  
  wherein communicating the modified network access request to the authentication server includes additionally communicating the modified network access request in parallel to a different authentication server; and
  
  in response to receiving responses, by the network access device, from the authentication server and the different authentication server, combining the received responses into a logical action plan for allowing the requesting device access to the network.
- View Dependent Claims (12)
- - 12. The method as recited in claim 11, wherein modifying the key-value pair adds an additional key-value pair, the additional key-value pair provided by the requesting device.

13. A method, comprising:
- receiving, by a network access device, a network access request from a requesting device to access a network, and determining from the network access request a username and a password, wherein the username and password are associated with a first access right for accessing the network;
  
  modifying, by the network access device, the network access request to generate a modified network access request by modifying the username and the password, wherein the modified username and password are associated with a second access right that is different than the first access right;
  
  replacing the network access request with the modified network access request; and
  
  communicating the modified network access request to an authentication server that authenticates the requesting device to the network based on the modified username and password that is included in the modified network access request;
  
  wherein communicating the modified network access request to the authentication server includes additionally communicating the modified network access request in parallel to a different authentication server in order to receive responses for controlling access to the network based at least on the modified network access request.
- View Dependent Claims (14)
- - 14. The method of claim 13 further comprising:
    - in response to receiving responses from the authentication server and the different authentication server from network communications, combining the received responses into a logical action plan in electronic form for allowing the requesting device access to the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marvell Asia Pte Limited (Marvell Technology Group Limited)
Original Assignee
Marvell International Limited (Marvell Technology Group Limited)
Inventors
Orr, Michael
Primary Examiner(s)
Gelagay, Shewaye
Assistant Examiner(s)
Le, Khoi

Application Number

US13/626,598
Time in Patent Office

1,253 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

H04L 63/083   using passwords cryptograph...

H04W 12/04   Key management, e.g. using ...

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

H04W 88/08   Access point devices

Enhanced network access-control credentials

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced network access-control credentials

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links