Dynamic radius

US 9,391,969 B2
Filed: 01/06/2014
Issued: 07/12/2016
Est. Priority Date: 12/19/2007
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a remote authentication dial in user service (RADIUS) server having a memory and a processor configured to execute computer executable instructions stored on the memory to;

receive an authentication request from a network access server (NAS) of a plurality of NASs, the NAS having a processor, the authentication request including a device identifier of the NAS and a user identifier;

access a user account from a plurality of user accounts based on the user identifier, the user account including at least a first user profile and a second user profile, each including a profile identifier that is a combination of the user identifier and a device identifier of one of the plurality of NASs;

access one of the at least a first user profile and a second user profile for which the device identifier matches the received device identifier, from the user account to determine an NAS authorization format, wherein access of the user profile is based on the authentication request;

identify an NAS authorization type indicator from the accessed user profile, wherein the NAS authorization type indicator includes the NAS authorization format;

identify a manner in which the authorization request should be processed into a processed authorization request based on the NAS authorization type indicator; and

provide an authorization response to the NAS, wherein the authorization response is formatted according to the NAS authorization format.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes a remote authentication dial in user service (RADIUS) server in communication with a network access server. The network access server provides an authentication request to the RADIUS server. The authentication request includes at least a user identifier and a device identifier. The RADIUS server determines an authentication format utilized by the network access server based on the received authentication request. The system may also determine an authorization level to provide with an authentication response.

Citations

19 Claims

1. A system comprising:
- a remote authentication dial in user service (RADIUS) server having a memory and a processor configured to execute computer executable instructions stored on the memory to;
  
  receive an authentication request from a network access server (NAS) of a plurality of NASs, the NAS having a processor, the authentication request including a device identifier of the NAS and a user identifier;
  
  access a user account from a plurality of user accounts based on the user identifier, the user account including at least a first user profile and a second user profile, each including a profile identifier that is a combination of the user identifier and a device identifier of one of the plurality of NASs;
  
  access one of the at least a first user profile and a second user profile for which the device identifier matches the received device identifier, from the user account to determine an NAS authorization format, wherein access of the user profile is based on the authentication request;
  
  identify an NAS authorization type indicator from the accessed user profile, wherein the NAS authorization type indicator includes the NAS authorization format;
  
  identify a manner in which the authorization request should be processed into a processed authorization request based on the NAS authorization type indicator; and
  
  provide an authorization response to the NAS, wherein the authorization response is formatted according to the NAS authorization format.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the user profile includes an authentication mechanism having the NAS authorization format and authentication parameters, the RADIUS server further configured to:
    - select a first authentication module capable of properly processing the authorization request, the first authentication module being selected from a plurality of authentication modules, and wherein selection of the first authentication module is based on the authentication mechanism;
      
      provide the authorization request to the first authentication module; and
      
      receive the processed authorization request from the first authorization module.
  - 3. The system of claim 1, wherein the authentication request further includes a password, and wherein access of the user account is further based on the password.
  - 4. The system of claim 1, wherein the RADIUS server is further configured to:
    - receive a second authentication request from a second NAS of the plurality of NASs, the second authentication request including a second device identifier of the second NAS and the user identifier;
      
      access a second user profile from the user account to determine a second authentication mechanism, wherein access of the second user profile is based on the second authentication request; and
      
      select a second authentication module different from the first authentication module and capable of properly processing the second authorization request, wherein selection of the second authentication module is based on the second authentication mechanism.
  - 5. The system of claim 1, wherein the RADIUS server is further configured to:
    - receive the device identifier prior to reception of the authorization request; and
      
      match the device identifier with a corresponding device identifier from a plurality of device identifiers; and
      
      request the authorization request from the NAS after the device identifier is matched with the corresponding device identifier.
  - 6. The system of claim 1, wherein the device identifier is an internet protocol (IP) address of the NAS.
  - 7. The system of claim 1, wherein the authorization response includes a connection attribute, the connection attribute determining a level of access to at least one of a network and a network device.

8. A method comprisingreceiving, at a remote authentication dial in user service (RADIUS) server, an authorization request from a network access server (NAS), the authorization request including a user identification and an NAS identification;
- access a user account from a plurality of user accounts based on the user identifier, the user account including at least a first user profile and a second user profile, each including a profile identifier that is a combination of the user identifier and a device identifier of one of the plurality of NASs;
  
  identifying one of the at least a first user profile and a second user profile for which the device identifier matches the NAS identification received with the authorization request;
  
  determining an authentication mechanism of the NAS from the user profile, wherein the authentication mechanism includes an authorization format;
  
  identifying a proper processing module to process the authorization request from a plurality of processing modules, wherein identifying the proper processing module is based on the authentication mechanism;
  
  creating an authorization response in a format corresponding to the authorization format, wherein creating the authorization response is based on a processed authorization request received from the proper processing module; and
  
  providing the authorization response to the NAS, wherein the authorization response is formatted according to the NAS authorization format.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8 further comprising:
    - identifying a first user account from a plurality of user accounts based on at least the user identification, wherein the user profile is one of a plurality of user profiles from the user account; and
      
      providing the authorization response to the NAS.
  - 10. The method of claim 8, wherein the authorization response includes a connection attribute selected from the user profile, and wherein the connection attribute determines a level of access for a user associated with the NAS.
  - 11. The method of claim 8, wherein the authorization request further includes a password.
  - 12. The method of claim 8 further comprising:
    - receiving the NAS identification prior to receiving the authorization request, wherein the NAS identification includes an internet protocol (IP) address;
      
      comparing the NAS identification to a plurality of NAS identifications in a database; and
      
      approving acceptance of the authorization request if the NAS identification is found the database.
  - 13. The method of claim 8 further comprising providing the first authorization request to the proper processing module to create the processed authorization request.

14. A remote authentication dial in user service (RADIUS) server comprising a memory and a processor configured to execute computer executable instructions stored on the memory to:
- receive an authentication request from a network access server (NAS) associated with a user, wherein the authentication request includes a user identifier and an internet protocol (IP) address of the NAS;
  
  access a user account from a plurality of user accounts based on the user identifier, the user account including a plurality of user profiles, each including a profile identifier that is a combination of the user identifier and a device identifier of one of a plurality of NASs;
  
  access one of the plurality of user profiles for which the device identifier matches the IP address of the NAS received with the authentication request, wherein the user profile includes NAS authentication format information;
  
  identify an NAS authorization type indicator from the accessed user profile, wherein the NAS authorization type indicator includes the NAS authorization format;
  
  identify a manner in which the authorization request should be processed into a processed authorization request based on the NAS authorization type indicator;
  
  determine that the NAS is to be given access to at least one of a network device and a network based on the authentication request;
  
  format the authentication request according to the NAS authentication format information to create a formatted authentication response in proper format for the NAS; and
  
  provide the formatted authentication response to the NAS.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The RADIUS server of claim 14 further configured to identify a user account from a plurality of user accounts based on the user identifier, wherein the user account includes a plurality of profiles associated with the user, and wherein each profile of the plurality of profiles associated with the user is associated with a different IP address.
  - 16. The RADIUS server of claim 14 further configured to:
    - receive the IP address in a communication prior to the reception of the authentication request;
      
      compare the IP address to a plurality of IP address; and
      
      receive the authentication request based on the comparison of the IP address to the plurality of IP addresses.
  - 17. The RADIUS server of claim 14 further configured to:
    - select a single authentication module from a plurality of authentication modules to process the authorization request, wherein selection of the authentication module is based on the NAS authentication format information;
      
      provide the authentication request to the single authentication module; and
      
      receive notification from the single authentication module that the NAS may be given access to at least one of the network device and the network, wherein reception of the notification occurs after the authentication request is provided to the single authentication module.
  - 18. The RADIUS server of claim 17, wherein each authentication module of the plurality of authentication modules is configured for authentication processing in a different format.
  - 19. The RADIUS server of claim 17, wherein the RADIUS server comprises the plurality authentication modules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Hughes, Jeffrey W., Bates, Andrew L., Allison, Jared M.
Primary Examiner(s)
Tolentino, Roderick

Application Number

US14/148,276
Publication Number

US 20140130130A1
Time in Patent Office

918 Days
Field of Search

726 2- 5, 726 26- 30
US Class Current

1/1
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/0892 by using authentication-aut...

Dynamic radius

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic radius

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links