US Patent No: 6,339,830

Deterministic user authentication service for communication network

Stats

Jan 15, 2002
Issued date
Mar 15, 2000
filing date
09/525,506
serial no
In Force
status

Importance

Loading Importance Indicators... loading....

Abstract

A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network. Log-in attempts are recorded so that the identity and whereabouts of network users may be monitored from a network management station.

Loading the Abstract Image... loading....

First Claim

loading....

Related Publications

Loading Related Publications... loading....

Patent Owner(s)

Patent Owner	Address	Total Patents
ALCATEL USA SOURCING, L.P.	PLANO, TX	319

International Classification(s)

G06F:ELECTRIC DIGITAL DATA PROCESSING

[Classification Symbol]

[Patents Count]

Inventor(s)

Inventor Name	Address	# of filed Patents	Total Citations
Bailey, John W	Agoura Hills, CA	19	543
Panza, Charles L	Park City, UT	6	257
Pikover, Yuri	Malibu, CA	6	257
See, Michael E	Chapel Hill, NC	8	271
Stone, Geoffrey C	Minneapolis, MN	18	935

Cited Art

Patent Info	# Cites	Year
INTERNATIONAL BUSINESS MACHINES CORPORATION (6)
5,414,844 Method and system for controlling public access to a plurality of data objects within a data processing system	56	1990
5,469,576 Front end for file access controller	83	1993
5,774,650 Control of access to a networked system	60	1994
5,564,016 Method for controlling access to a computer resource based on a timing policy	34	1995
5,778,065 Method and system for changing an authorization password or key in a distributed communication network	99	1996
5,774,525 Method and apparatus utilizing dynamic questioning to provide secure access control	75	1997
LUCENT TECHNOLOGIES INC. (3)
4,922,486 User to network interface protocol for packet communications networks	288	1988
5,721,780 User-transparent security method and apparatus for authenticating user terminal access to a network	106	1995
5,696,898 System and method for database access control	231	1995
MCAFEE, INC. (2)
5,502,766 Data enclave and trusted path system	220	1993
5,499,297 System and method for trusted path communications	107	1994
ALCATEL USA SOURCING, L.P. (1)
6,070,243 Deterministic user authentication service for communication network	129	1997
BELL TELEPHONE LABORATORIES, INCORPORATED (1)
4,896,319 Identification and authentication of end user systems for packet communications network services	162	1988
COMPUTER ASSOCIATES THINK, INC. (1)
5,796,942 Method and apparatus for automated network-wide surveillance and security breach intervention	258	1996
ENSURE TECHNOLOGIES, INC. (1)
6,070,240 Computer access control	36	1997
ETEN INFORMATION SYSTEM CO., LTD. (1)
5,852,714 Real time broadcasting system on an internet	20	1997
HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. (1)
5,311,593 Security system for a network concentrator	134	1992
HITACHI, LTD. (1)
5,671,354 Method of assisting server access by use of user authentication information held in one of servers and a method of assisting management user account for use of servers	195	1996
INTELLISYNC CORPORATION (1)
6,061,790 Network computer system with remote user data encipher methodology	98	1997
KDDI CORPORATION (1)
5,761,309 Authentication system	123	1996
MOTOROLA, INC. (1)
5,249,230 Authentication system	132	1991
NEC CORPORATION OF AMERICA (1)
5,678,004 Authentication apparatus and process	38	1996
ORACLE INTERNATIONAL CORPORATION (1)
5,784,566 System and method for negotiating security services and algorithms for communication across a computer network	81	1996
SECURE COMPUTING CORPORATION (1)
5,272,754 Secure computer interface	105	1991
SECURITY DYNAMICS TECHNOLOGIES, INC. (1)
5,657,388 Method and apparatus for utilizing a token for resource access	226	1994
SUN MICROSYSTEMS, INC. (1)
5,774,551 Pluggable account management interface with unified login and logout and multiple user authentication services	277	1995
SYNOPSYS, INC. (1)
5,684,951 Method and system for user authorization over a multi-user computer system	181	1996
OTHER [CHECK PATENT PROFILE FOR ASSIGNMENT INFORMATION] (4)
4,962,449 Computer security system having remote location recognition and remote location lock-out	109	1988
5,191,613 Knowledge based system for document authentication	162	1991
5,343,529 Transaction authentication using a centrally generated transaction identifier	148	1993
6,055,638 Process and authentication device for secured authentication between two terminals	12	1997

Patent Citation Ranking

Forward Cites

Patent Info	# Cites	Year
CISCO TECHNOLOGY, INC. (50)
7,149,229 Mobile IP accounting	12	1999
6,760,444 Mobile IP authentication	85	1999
7,130,629 Enabling services for multiple sessions using a single mobile node	26	2000
6,765,892 Optimizing IP multicast data transmission in a mobile IP environment	29	2000
6,982,967 Methods and apparatus for implementing a proxy mobile node in a wireless local area network	46	2000
6,963,918 Voice over IP optimization for mobile IP	8	2000
6,959,341 Dynamic network allocation for mobile router	15	2000
7,295,551 Support mobile device in asymmetric link environment	4	2000
7,152,238 Enabling mobility for point to point protocol (PPP) users using a node that does not support mobility	23	2000
7,881,208 Gateway load balancing protocol	9	2001
7,036,143 Methods and apparatus for virtual private network based mobility	18	2001
7,227,863 Methods and apparatus for implementing home agent redundancy	20	2001
7,471,661 Methods and apparatus for supporting proxy mobile IP registration in a wireless local area network	5	2002
6,845,452 Providing security for external access to a protected computer network	52	2002
7,346,053 Methods and apparatus for supporting IP multicast for a mobile router	18	2002
7,447,162 Methods and apparatus for anchoring of mobile nodes using DNS	4	2002
6,795,857 Methods and apparatus for providing mobility of a node that does not support mobility	64	2002
8,090,828 Method and apparatus for reusing DHCP addresses in home addresses of mobile IP clients	1	2002
7,461,169 DHCP based home address management of mobile IP clients	4	2002
7,225,263 Method and apparatus for retrieving access control information	18	2002
7,457,289 Inter-proxy communication protocol for mobile IP	7	2002
7,870,389 Methods and apparatus for authenticating mobility entities using kerberos	5	2002
7,362,742 Methods and apparatus for synchronizing subnet mapping tables	8	2003
7,505,432 Methods and apparatus for securing proxy Mobile IP	8	2003
7,535,871 Mobile IP intra-agent mobility	0	2003
7,593,346 Distributing and balancing traffic flow in a virtual gateway	8	2003
7,417,961 Methods and apparatus for implementing a speed sensitive mobile router	6	2003
7,168,090 Mobile IP authentication	13	2004
7,447,188 Methods and apparatus for supporting mobile IP proxy registration in a system implementing mulitple VLANs	4	2004
7,079,504 Optimizing IP multicast data transmission in a mobile IP environment	7	2004
7,966,409 Routing protocol based redundancy design for shared-access networks	1	2004
7,639,802 Methods and apparatus for bootstrapping Mobile-Foreign and Foreign-Home authentication keys in Mobile IP	5	2004
7,043,753 Providing security for external access to a protected computer network	24	2004
7,502,331 Infrastructure-less bootstrapping: trustless bootstrapping to enable mobility for mobile devices	7	2004
8,059,661 Methods and apparatus for using DHCP for home address management of nodes attached to an edge device and for performing mobility and address management as a proxy home agent	0	2004
8,077,604 Load sharing and redundancy scheme	0	2005
7,746,874 Dynamic network allocation for mobile router	0	2005
7,580,391 Dynamic network allocation for mobile router	4	2005
7,626,963 EAP/SIM authentication for mobile IP to leverage GSM/SIM authentication infrastructure	6	2005
7,633,917 Mobile network device multi-link optimizations	2	2006
7,246,373 Methods and apparatus for virtual private network based mobility	10	2006
7,421,077 Mobile IP authentication	0	2006
7,817,664 Mobile IP accounting	0	2006
7,630,352 Support mobile device in asymmetric link environment	0	2006
7,433,959 Method and apparatus for retrieving access control information	0	2007
8,422,467 Methods and apparatus for supporting proxy mobile IP registration in a wireless local area network	0	2008
8,259,676 Methods and apparatus for securing proxy mobile IP	0	2009
7,818,004 Mobile network device multi-link optimizations	1	2009
8,165,290 Methods and apparatus for bootstrapping mobile-foreign and foreign-home authentication keys in mobile IP	1	2009
8,170,552 Mobile network device multi-link optimizations	0	2010
FOUNDRY NETWORKS, LLC (14)
7,587,485 System and method for supplicant based accounting and access	2	2002
7,562,390 System and method for ARP anti-spoofing security	8	2003
7,523,485 System and method for source IP anti-spoofing security	13	2003
7,876,772 System, method and apparatus for providing multiple access modes in a data communications network	4	2003
7,735,114 Multiple tiered network security system, method and apparatus using dynamic user policy assignment	5	2003
7,516,487 System and method for source IP anti-spoofing security	16	2004
7,831,996 Authentication techniques	2	2006
7,979,903 System and method for source IP anti-spoofing security	3	2009
8,245,300 System and method for ARP anti-spoofing security	0	2009
8,006,304 System and method for ARP anti-spoofing security	3	2009
8,041,812 System and method for supplicant based accounting and access	0	2009
8,239,929 Multiple tiered network security system, method and apparatus using dynamic user policy assignment	1	2010
8,249,096 System, method and apparatus for providing multiple access modes in a data communications network	0	2010
8,122,485 Authentication techniques	0	2010
MICROSOFT CORPORATION (11)
6,941,465 Method of enforcing a policy on a computer network	24	1999
7,353,381 Supplicant and authenticator intercommunication mechanism independent of underlying data link and physical layer protocols	1	2003
7,986,937 Public access point	0	2004
7,636,935 Method of enforcing a policy on a computer network	0	2005
7,818,796 Bridged cryptographic VLAN	3	2006
7,644,437 Method and apparatus for local area networks	0	2006
7,886,354 Method and apparatus for local area networks	0	2007
7,877,080 Public access point	0	2007
7,703,132 Bridged cryptographic VLAN	3	2007
8,316,442 Preventing secure data from leaving the network perimeter	0	2008
8,347,377 Bridged cryptographic VLAN	0	2010
IBM INTERNATIONAL GROUP BV (3)
8,286,237 Method and apparatus to detect unauthorized information disclosure via content anomaly detection	0	2004
7,673,147 Real-time mitigation of data access insider intrusions	1	2004
7,415,719 Policy specification framework for insider intrusions	4	2004
SBC TECHNOLOGY RESOURCES, INC. (3)
6,757,278 Secure ATM-based distributed virtual tandem switching system and method	22	2000
7,136,378 Secure ATM-based distributed virtual tandem switching system and method	1	2004
7,095,734 Distributed virtual tandem switch	1	2004
AMERICAN TELEPHONE AND TELEGRAPH COMPANY, AT&T BELL LABORATORIES (2)
7,304,986 ATM-based distributed network switching system	2	2006
7,843,932 Secure ATM-based distributed virtual tandem switching system and method	0	2006
ERICSSON AB (2)
7,895,304 Subscriber service selection over non-channelized media	0	2002
8,321,550 Media access control address based service selection		2009
MYMAIL, LTD. (2)
8,275,863 Method of modifying a toolbar	0	2003
7,975,056 Method for providing a network address	0	2003
ALCATEL LUCENT (1)
7,580,372 System and method for implementing multiple spanning tree protocol automatic 802.1Q trunking	0	2005
BROCADE COMMUNICATIONS SYSTEMS, INC. (1)
7,774,833 System and method for protecting CPU against remote access attacks	5	2003
EMC CORPORATION (1)
8,417,788 File system for virtual local area network	0	2001
ENTRUST TECHNOLOGIES LIMITED (1)
6,718,470 System and method for granting security privilege in a communication system	20	1998
ENTRUST, INC. (1)
7,765,580 Method and apparatus for providing user authentication using a back channel	2	2001
MCAFEE, INC. (1)
6,757,822 System, method and computer program product for secure communications using a security service provider manager	31	2000
NOKIA CORPORATION (1)
6,704,789 SIM based authentication mechanism for DHCPv4/v6 messages	30	2000
ORACLE INTERNATIONAL CORPORATION (1)
7,032,026 Method and apparatus to facilitate individual and global lockouts to network applications	12	2002
ROSKIND, JAMES A. (1)
8,146,143 Fraud detection	0	2006
SYMBOL TECHNOLOGIES, INC. (1)
7,305,546 Splicing of TCP/UDP sessions in a firewalled network environment	10	2002
WEBMD, INC. (1)
7,877,492 System and method for delegating a user authentication process for a networked application to an authentication agent	0	2004

Maintenance Fees

Fee	Large entity fee	small entity fee	micro entity fee	due date
11.5 Year Payment	$7400.00	$3700.00	$1850.00	Jul 15, 2013

Fee	Large entity fee	small entity fee	micro entity fee
Surcharge - 11.5 year - Late payment within 6 months	$160.00	$80.00	$40.00
Surcharge after expiration - Late payment is unavoidable	$700.00	$350.00	$175.00
Surcharge after expiration - Late payment is unintentional	$1,640.00	$820.00	$410.00

US Family Size	International Coverage
Patent Longevity	Forward Citations