Internetwork authentication
First Claim
Patent Images
1. A method comprising:
- receiving a request for a policy-based identity routing service for a first network;
providing a local authoritative user datastore interface (LAUDI) to a network device of the first network;
obtaining a set of rules for identity routing to the first network;
establishing a connection with the LAUDI on the network device of the first network;
filtering authentication requests received from at least one other network, including a second network, to resolve the authentication requests with either on-network or off-network authentication;
wherein a successful authentication result, from the LAUDI, for a station associated with the second network, is indicative of the station being allowed access to services on the second network including services provided by the first network and the set of rules for identity routing to the first network are used, at least in part, in providing the services on the second network.
4 Assignments
0 Petitions
Accused Products
Abstract
A technique for network authentication interoperability involves initiating an authentication procedure on a first network, authenticating on a second network, and allowing access at the first network. The technique can include filtering access to a network, thereby restricting access to users with acceptable credentials. Offering a service that incorporates these techniques can enable incorporation of the techniques into an existing system with minimal impact to network configuration.
41 Citations
18 Claims
-
1. A method comprising:
-
receiving a request for a policy-based identity routing service for a first network; providing a local authoritative user datastore interface (LAUDI) to a network device of the first network; obtaining a set of rules for identity routing to the first network; establishing a connection with the LAUDI on the network device of the first network; filtering authentication requests received from at least one other network, including a second network, to resolve the authentication requests with either on-network or off-network authentication; wherein a successful authentication result, from the LAUDI, for a station associated with the second network, is indicative of the station being allowed access to services on the second network including services provided by the first network and the set of rules for identity routing to the first network are used, at least in part, in providing the services on the second network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
a local authoritative user datastore interface (LAUDI) provided to a network device of a first network; an online authentication proxy comprising a processor and memory storing instructions configured to; receive a request for a policy-based identity routing service for the first network; obtain a set of rules for identity routing to the first network; establish a connection with the LAUDI on the network device of the first network; filter authentication requests received from at least one other network, including a second network, to resolve the authentication requests with either on-network or off-network authentication; wherein a successful authentication result, from the LAUDI, for a station associated with the second network, is indicative of the station being allowed access to services on the second network including services provided by the first network and the set of rules for identity routing to the first network are used, at least in part, in providing the services on the second network. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification