Methods for authenticating and authorizing a mobile device using tunneled extensible authentication protocol
First Claim
1. In a communications network using an Extensible Authentication Protocol (EAP), a method for a routing a client access request to a home Authentication, Authorization, and Accounting (AAA) server for inner user authentication, comprising:
- (a) establishing a transport layer security (TLS) tunnel between a visited AAA server in a foreign network and the client;
(b) receiving an access request from the client at the visited AAA server within the TLS tunnel;
(c) evaluating attributes received in the access request at the TLS AAA server against a local policy; and
(d) routing said access request to a home authentication server based at least in part on the evaluation of attributes received in said access request against said local policy.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods for authenticating and authorizing a mobile device using tunneled extensible authentication protocol are provided. The methods include evaluating an inner user identifier against a policy engine to determine a home AAA server to route an access request for inner user authentication. Instead of having a static route configured based on an outer identifier/roaming identity, the policy engine can have multiple rules and actions for routing the request. The evaluation can be based on the conditions of the inner user identifier and or other AAA attributes received in the request. The request is transmitted within a secure communication tunnel. There are several embodiments of evaluating an inner user identifier against a policy engine.
64 Citations
14 Claims
-
1. In a communications network using an Extensible Authentication Protocol (EAP), a method for a routing a client access request to a home Authentication, Authorization, and Accounting (AAA) server for inner user authentication, comprising:
-
(a) establishing a transport layer security (TLS) tunnel between a visited AAA server in a foreign network and the client; (b) receiving an access request from the client at the visited AAA server within the TLS tunnel; (c) evaluating attributes received in the access request at the TLS AAA server against a local policy; and (d) routing said access request to a home authentication server based at least in part on the evaluation of attributes received in said access request against said local policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 13)
-
-
10. In a communications network using an authentication protocol, a method for a routing a client access request to a home authentication server for inner user authentication, comprising:
-
(a) establishing a secure communication tunnel between a visited server and the client; (b) receiving an access request from the client at the visited server within said secure communication tunnel; (c) evaluating attributes received in said access request at said visited server against a local policy; and (d) routing said access request to a home authentication server based at least in part on the evaluation of attributes received in said access request against said local policy. - View Dependent Claims (11, 12)
-
-
14. In a communications network using an authentication protocol, a method for a routing a client access request to a home authentication server for inner user authentication, comprising:
-
(a) establishing a secure communication tunnel between a visited server and the client using a roaming identifier for the client; (b) receiving an access request from the client at the visited server within said secure communication tunnel; (c) routing the access request to a first home authentication server based on said roaming identifier; (d) receiving the access request said first home authentication server; (c) evaluating attributes received in said access request, including an inner user identifier, at said first home authentication server against a local policy; and (d) routing said access request to a second home authentication server based at least in part on the evaluation of attributes received in said access request against said local policy.
-
Specification