Method for providing single step log-on access to a differentiated computer network
First Claim
1. An apparatus for providing a single step log-on access for a subscriber of a computer network having a first area and a second area, said computer network including at least one Network Access Server (NAS) and at least one Authentication Authorization and Accounting (AAA) Server, said NAS providing access for the subscriber to said first area, said apparatus comprising:
- a Service Selection Gateway (SSG) Server providing access for the subscriber to the second area, said SSG Server connected between the NAS and the AAA Server, said SSG Server configured to;
(1) receive an access-request packet from the NAS when the subscriber connects the NAS, (2) forward said access-request packet to the AAA Server, (3) receive an access-reply packet from the AAA Server in response to said access-request packet, (4) forward said access-reply packet to the NAS, and (5) process information in said access-reply packet for enabling said SSG Server to automatically log the subscriber onto said SSG Server when the subscriber logs onto the NAS.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for providing single step log-on access for a subscriber to a computer network. The computer network is differentiated into public and private areas. Secure access to the private areas is provided by a Service Selection Gateway (SSG) Server, introduced between a conventional Network Access Server (NAS) and an Authentication Authorization and Accounting (AAA) Server. The SSG Server intercepts and manipulates packets of data exchanged between the NAS and the AAA Server to obtain all the information it needs to automatically log the user on when the user logs on to the NAS. An authorized user is thus spared the task of having to re-enter username and password data or launch a separate application in order to gain secure access to private areas of the network.
62 Citations
15 Claims
-
1. An apparatus for providing a single step log-on access for a subscriber of a computer network having a first area and a second area, said computer network including at least one Network Access Server (NAS) and at least one Authentication Authorization and Accounting (AAA) Server, said NAS providing access for the subscriber to said first area, said apparatus comprising:
a Service Selection Gateway (SSG) Server providing access for the subscriber to the second area, said SSG Server connected between the NAS and the AAA Server, said SSG Server configured to;
(1) receive an access-request packet from the NAS when the subscriber connects the NAS, (2) forward said access-request packet to the AAA Server, (3) receive an access-reply packet from the AAA Server in response to said access-request packet, (4) forward said access-reply packet to the NAS, and (5) process information in said access-reply packet for enabling said SSG Server to automatically log the subscriber onto said SSG Server when the subscriber logs onto the NAS.- View Dependent Claims (2, 3)
-
4. An apparatus for providing a subscriber with single step log-on access to computer network having a first area and a second area, the apparatus comprising:
a Service Selection Gateway (SSG) Server configured to;
(1) intercept a log-on request packet from a Network Access Server (NAS), said log-on-request packet initiated by a user seeking to gain access to the first area, access to which is controlled by the NAS, and to the second area, access to which is controlled by the SSG Server, (2) send an authorization request packet derived from said log-on request packet to an Authentication, Authorization and Accounting (AAA) Server, (3) receive an authorization packet from the AAA Server and responsive to the authorization request packet, and (4) process said log-on request packet and said authorization packet to enable said SSG Server to automatically log the subscriber on to the SSG Server for access to the second area when the subscriber logs on to the NAS.- View Dependent Claims (5, 6)
-
7. An apparatus for providing a subscriber with single step log-on access to a computer network having a first area and a second area, the apparatus comprising:
a Service Selection Gateway (SSG) Server configured to;
(1) intercept a log-on request initiated by the subscriber, (2) route the log-on request to an Authentication, Authorization and Accounting (AAA) Server to initiate log-on for the subscriber to the first area, (3) process an access-reply received from the AAA Server, (4) provide log-on access for the subscriber to the second area based on the access-reply, and (5) route the access-reply to a Network Access Server (NAS) to complete log-on for the subscriber to the first area.- View Dependent Claims (8, 9)
-
10. An apparatus for providing a subscriber with single step log-on to a computer network differentiated into a plurality of areas, the apparatus comprising:
a Service Selection Gateway (SSG) Server configured to;
(1) receive an access-reply from an Authentication, Authorization and Accounting (AAA) server, (2) check the access-reply to determine if it contains a network address assigned by the AAA server to the subscriber, (3) log the subscriber on to the SSG with the assigned network address if the access-reply contains authorization to do so from the AAA server and if it contains a network address assigned by the AAA server to the subscriber, and (4) forward the access-reply to a Network Access Server (NAS) so that the subscriber may log-on to the NAS with the assigned network address if the access-reply contains authorization to do so from the AAA server and if it contains a network address assigned by the AAA server to the subscriber.- View Dependent Claims (11, 12, 13, 14, 15)
Specification