Local authentication of a client at a network device
The present invention generally relates to management of computer networks, and relates more specifically to authentication and authorization mechanisms for network devices such as routers and firewalls. A method and apparatus that provide network access control are disclosed. In one embodiment, a n...
Saved in:
| Main Authors | , , |
|---|---|
| Format | Patent |
| Language | English |
| Published |
19.08.2003
|
| Online Access | Get full text |
Cover
Loading…
| Abstract | The present invention generally relates to management of computer networks, and relates more specifically to authentication and authorization mechanisms for network devices such as routers and firewalls.
A method and apparatus that provide network access control are disclosed. In one embodiment, a network device is configured to intercept network traffic initiated from a client and directed toward a network resource, and to locally authenticate the client. Authentication is carried out by comparing information identifying the client to authentication information stored in the network device. In one embodiment, an authentication cache in the network device stores the authentication information. If the client identifying information is authenticated successfully against the stored authentication information, the network device is dynamically re-configured to allow network traffic initiated by the client to reach the network resource. If local authentication fails, new stored authentication is created for the client, and the network device attempts to authenticate the client using a remote authentication server. If remote authentication is successful, the local authentication information is updated so that subsequent requests can authenticate locally. As a result, a client may be authenticated locally at a router or similar device, reducing network traffic to the authentication server. |
|---|---|
| AbstractList | The present invention generally relates to management of computer networks, and relates more specifically to authentication and authorization mechanisms for network devices such as routers and firewalls.
A method and apparatus that provide network access control are disclosed. In one embodiment, a network device is configured to intercept network traffic initiated from a client and directed toward a network resource, and to locally authenticate the client. Authentication is carried out by comparing information identifying the client to authentication information stored in the network device. In one embodiment, an authentication cache in the network device stores the authentication information. If the client identifying information is authenticated successfully against the stored authentication information, the network device is dynamically re-configured to allow network traffic initiated by the client to reach the network resource. If local authentication fails, new stored authentication is created for the client, and the network device attempts to authenticate the client using a remote authentication server. If remote authentication is successful, the local authentication information is updated so that subsequent requests can authenticate locally. As a result, a client may be authenticated locally at a router or similar device, reducing network traffic to the authentication server. |
| Author | Qu, Diheng Fuh, Tzong-Fen Fan, Serene H |
| Author_xml | – sequence: 1 fullname: Fuh, Tzong-Fen – sequence: 2 fullname: Fan, Serene H – sequence: 3 fullname: Qu, Diheng |
| BookMark | eNrjYmDJy89L5WQw8clPTsxRSCwtyUjNK8lMTizJzM9TyE9TSFRIzskECikkApFCXmpJeX5RtkJKallmcioPA2taYk5xKi-U5mZQcHMNcfbQLS0uSCwBaiqOTy9KBFEGZmYGloamJsZEKAEAzAAu9Q |
| ContentType | Patent |
| CorporateAuthor | Cisco Technology, Inc |
| CorporateAuthor_xml | – name: Cisco Technology, Inc |
| DBID | EFH |
| DatabaseName | USPTO Issued Patents |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: EFH name: USPTO Issued Patents url: http://www.uspto.gov/patft/index.html sourceTypes: Open Access Repository |
| DeliveryMethod | fulltext_linktorsrc |
| ExternalDocumentID | 06609154 |
| GroupedDBID | EFH |
| ID | FETCH-uspatents_grants_066091543 |
| IEDL.DBID | EFH |
| IngestDate | Sun Mar 05 22:31:21 EST 2023 |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-uspatents_grants_066091543 |
| OpenAccessLink | https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/6609154 |
| ParticipantIDs | uspatents_grants_06609154 |
| PatentNumber | 6609154 |
| PublicationCentury | 2000 |
| PublicationDate | 20030819 |
| PublicationDateYYYYMMDD | 2003-08-19 |
| PublicationDate_xml | – month: 08 year: 2003 text: 20030819 day: 19 |
| PublicationDecade | 2000 |
| PublicationYear | 2003 |
| References | Lewis (6233576) 20010500 Win et al. (6182142) 20010100 Dockter et al. (6292798) 20010900 Shannon (6233618) 20010500 Fan et al. (6219706) 20010400 Broomhall et al. (6292904) 20010900 Schmidt et al. (5991807) 19991100 |
| References_xml | – year: 20010500 ident: 6233618 contributor: fullname: Shannon – year: 20010900 ident: 6292904 contributor: fullname: Broomhall et al. – year: 20010500 ident: 6233576 contributor: fullname: Lewis – year: 20010100 ident: 6182142 contributor: fullname: Win et al. – year: 19991100 ident: 5991807 contributor: fullname: Schmidt et al. – year: 20010400 ident: 6219706 contributor: fullname: Fan et al. – year: 20010900 ident: 6292798 contributor: fullname: Dockter et al. |
| Score | 2.5719714 |
| Snippet | The present invention generally relates to management of computer networks, and relates more specifically to authentication and authorization mechanisms for... |
| SourceID | uspatents |
| SourceType | Open Access Repository |
| Title | Local authentication of a client at a network device |
| URI | https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/6609154 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfVxLSwMxEB7aIqgnRcX6Igev0d3NY3fP0mURlR4Ueit5rZeaLd0U_76T3VK8KOSUwGRImHwz4ZsP4J6xnKVZwqnFZIhyk5ZUFTajlkvtilyXhYkNzq9vsv7gzwuxGEG974X5wjCia_Sle9h269D25Ep83oeLp4P4c9QI9FF94NuvWmXntnmUEpFP8DGMiyRSu2ZVfQyHaAJTNh-6X6BRncDBvJ89hZHzZ8BfImwQFSnlPuy-ykjbEEXMKnYlEoWD-IGXTayLMXwOpJq9P9V0v8XycxOpK8tk5wq7gAmW8O4SiMgzabG6ZyJXPDVO56wRTGfGSCe0Tqcw_dPM1T9r13DUk8uiRGt5A5Ow2bpbBMmg7_oT-AH4qHH0 |
| link.rule.ids | 230,309,786,808,891,64396 |
| linkProvider | USPTO |
| linkToPdf | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfVw7T8MwED6VgnhMIEAtTw-shiZ-JJlLowClygBSt8ivsBSnalLx97GTquoCkidbOp9sn7-z9d0H8EBIRIJwRLF2yRCmKkiwiHWINeXSxJFMYuULnN9nPPukr3M270G2rYX5dmGEl86X-nFdL5uqJVe6673beNyJP3uNQOvVB37sohI61-UT5w75GN2DfY-x_qxP0uwEjpwRl7TZpt6BjfQUDvK29wx6xp4DnXrgQMKTym2z-SxDVYkEUgtfl4iEa8h2zGykjY_iC0Dp5GOc4e0UxdfKk1eK0cYZcgl994g3A0AsCrl273vCIkEDZWRESkZkqBQ3TMpgCMM_zVz9M3YPh_lzWkxfZm_XcNwyzbxea3ID_Wa1NrcOMRt51y7GL7y2dPA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Apatent&rft.title=Local+authentication+of+a+client+at+a+network+device&rft.inventor=Fuh%2C+Tzong-Fen&rft.inventor=Fan%2C+Serene+H&rft.inventor=Qu%2C+Diheng&rft.number=6609154&rft.date=2003-08-19&rft.externalDBID=n%2Fa&rft.externalDocID=06609154 |