Internetwork authentication
First Claim
Patent Images
1. A method comprising:
- receiving a request for a policy-based identity routing service for a first network;
providing a first local authoritative user datastore interface (LAUDI) to a first network device of the first network;
obtaining a set of rules for identity routing to the first network;
establishing a connection between the first LAUDI and an authentication proxy;
receiving, at the first LAUDI, an authentication request for a station;
determining, based on the set of rules, whether to analyze the authentication request at the first LAUDI or to route the authentication request to a second LAUDI of a second network device of a second network;
in response to determining that the authentication request matches a characteristic defined by the set of rules, analyzing the authentication request at the first LAUDI; and
in response to determining that the authentication request does not match the characteristic defined by the set of rules, routing the authentication request to the second LAUDI, wherein an authentication result from the second LAUDI indicates whether the station is approved to access services on the second network.
3 Assignments
0 Petitions
Accused Products
Abstract
A technique for network authentication interoperability involves initiating an authentication procedure on a first network, authenticating on a second network, and allowing access at the first network. The technique can include filtering access to a network, thereby restricting access to users with acceptable credentials. Offering a service that incorporates these techniques can enable incorporation of the techniques into an existing system with minimal impact to network configuration.
76 Citations
20 Claims
-
1. A method comprising:
-
receiving a request for a policy-based identity routing service for a first network; providing a first local authoritative user datastore interface (LAUDI) to a first network device of the first network; obtaining a set of rules for identity routing to the first network; establishing a connection between the first LAUDI and an authentication proxy; receiving, at the first LAUDI, an authentication request for a station; determining, based on the set of rules, whether to analyze the authentication request at the first LAUDI or to route the authentication request to a second LAUDI of a second network device of a second network; in response to determining that the authentication request matches a characteristic defined by the set of rules, analyzing the authentication request at the first LAUDI; and in response to determining that the authentication request does not match the characteristic defined by the set of rules, routing the authentication request to the second LAUDI, wherein an authentication result from the second LAUDI indicates whether the station is approved to access services on the second network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory, tangible computer-readable device having instructions stored thereon for a policy-based identity routing service that, when executed by at least one computing device, causes the at least one computing device to perform operations comprising:
-
receiving a request for the policy-based identity routing service for a first network; providing a first local authoritative user datastore interface (LAUDI) to a first network device of the first network; obtaining a set of rules for identity routing to the first network; establishing a connection between the first LAUDI and an authentication proxy; receiving, at the first LAUDI, an authentication request for a station; determining, based on the set of rules, whether to locally analyze the authentication request or to route the authentication request to a second LAUDI of a second network device of a second network; in response to determining that the authentication request matches a characteristic defined by the set of rules, analyzing the authentication request at the first LAUDI; and in response to determining that the authentication request does not match the characteristic defined by the set of rules, routing the authentication request to the second LAUDI, wherein an authentication result from the second LAUDI indicates whether the station is approved to access services on the second network. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a memory for storing instructions for a policy-based identity routing service; and a processor configured to execute the instructions, the instructions causing the processor to; receive a request for the policy-based identity routing service for a first network; provide a first local authoritative user datastore interface (LAUDI) to a first network device of the first network; obtain a set of rules for identity routing to the first network; establish a connection between the first LAUDI and an authentication proxy receive, at the first LAUDI, an authentication request for a station; determine, based on the set of rules, whether to locally analyze the authentication request or to route the authentication request to a second LAUDI of a second network device of a second network; in response to determining that the authentication request matches a characteristic defined by the set of rules, analyze the authentication request at the first LAUDI; and in response to determining that the authentication request does not match the characteristic defined by the set of rules, route the authentication request to the second LAUDI, wherein an authentication result from the second LAUDI indicates whether the station is approved to access services on the second network. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification