System and method for integrating an authentication service within a network architecture
First Claim
1. A system comprising:
- a gateway configured to restrict access to an internal network;
an authentication server communicatively coupled to the gateway;
a client device with an authentication client having a plurality of authentication devices coupled thereto for authenticating a user, the authentication client configured to establish a communication channel with the authentication server and to register one or more of the authentication devices with the authentication server, the authentication devices usable for performing online authentication with the authentication server following registration;
the authentication client to authenticate the user with the authentication server using one or more of the registered authentication devices in response to an attempt to gain access to the internal network via the gateway;
the authentication server to provide the client device with a cryptographic data structure in response to a successful authentication;
the client device to provide the cryptographic data structure to the gateway as proof of the successful authentication; and
the gateway to validate the cryptographic data structure with the authentication server, wherein upon receiving an indication from the authentication server that the cryptographic data structure is valid, the gateway to provide access by the client device to the internal network.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method are described for integrating an authentication service within an existing network infrastructure. One embodiment of a method comprises: configuring a gateway to restrict access to an internal network; configuring an authentication client of a client device to establish a communication channel with the authentication server and to register one or more authentication devices with the authentication server; authenticating the user with the authentication server using one or more of the registered authentication devices in response to an attempt to gain access to the internal network via the gateway; providing the client device with a cryptographic data structure in response to a successful authentication; providing the cryptographic data structure to the gateway as proof of the successful authentication; validating the cryptographic data structure with the authentication server; providing access to the gateway upon receiving an indication from the authentication server that the cryptographic data structure is valid.
286 Citations
24 Claims
-
1. A system comprising:
-
a gateway configured to restrict access to an internal network; an authentication server communicatively coupled to the gateway; a client device with an authentication client having a plurality of authentication devices coupled thereto for authenticating a user, the authentication client configured to establish a communication channel with the authentication server and to register one or more of the authentication devices with the authentication server, the authentication devices usable for performing online authentication with the authentication server following registration; the authentication client to authenticate the user with the authentication server using one or more of the registered authentication devices in response to an attempt to gain access to the internal network via the gateway; the authentication server to provide the client device with a cryptographic data structure in response to a successful authentication; the client device to provide the cryptographic data structure to the gateway as proof of the successful authentication; and the gateway to validate the cryptographic data structure with the authentication server, wherein upon receiving an indication from the authentication server that the cryptographic data structure is valid, the gateway to provide access by the client device to the internal network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a network security infrastructure to provide network security services for an internal network; an authentication server communicatively coupled to the existing network security infrastructure; a client device with an authentication client having a plurality of authentication devices coupled thereto for authenticating a user, the authentication client configured to establish a communication channel with the authentication server and to register one or more of the authentication devices with the authentication server, the authentication devices usable for performing online authentication with the authentication server following registration; the authentication client to authenticate the user with the authentication server using one or more of the registered authentication devices in response to an attempt to gain access to the internal network; the authentication server to provide the client device with a cryptographic data structure in response to a successful authentication; the client device to use the cryptographic data structure to authenticate with the network security infrastructure; and the network security infrastructure to validate the cryptographic data structure based on a trust relationship established with the authentication server, the network security infrastructure to provide access by the client device to the internal network upon validation of the cryptographic data structure. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
configuring a gateway to restrict access to an internal network; communicatively coupling an authentication server to the gateway; configuring an authentication client of a client device to establish a communication channel with the authentication server and to register one or more authentication devices with the authentication server, the authentication devices usable for performing online authentication with the authentication server following registration; the authentication client to authenticate the user with the authentication server using one or more of the registered authentication devices in response to an attempt to gain access to the internal network via the gateway; the authentication server to provide the client device with a cryptographic data structure in response to a successful authentication; the client device to provide the cryptographic data structure to the gateway as proof of the successful authentication; and the gateway to validate the cryptographic data structure with the authentication server, wherein upon receiving an indication from the authentication server that the cryptographic data structure is valid, the gateway to provide access by the client device to the internal network. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification