Information security – Access control or authentication – Stand-alone
Reexamination Certificate
2006-05-16
2006-05-16
Sheikh, Ayza (Department: 2131)
Information security
Access control or authentication
Stand-alone
Reexamination Certificate
active
07047563
ABSTRACT:
Command authorization may be accomplished using the RADIUS protocol by providing a user profile on the server for each user. This user profile may be transferred to a network device, such as a NAS, when the user initiates a NAS session. It may be stored in a local cache and accessed each time the user attempts to execute a command. The user profile may contain a command set defined by regular expressions which can then be used to determine whether or not the command should be authorized. The command may then be authorized or rejected based on the results of this determination. After the session is completed, the user profile may be purged from the cache. The present invention allows for a dramatic savings in the traffic associated with command authorization and allows command authorization to be accomplished using the RADIUS protocol, which increases flexibility and NAS security.
REFERENCES:
patent: 5241594 (1993-08-01), Kung
patent: 5555376 (1996-09-01), Theimer et al.
patent: 5655077 (1997-08-01), Jones et al.
patent: 5671354 (1997-09-01), Ito et al.
patent: 5684950 (1997-11-01), Dare et al.
patent: 5708780 (1998-01-01), Levergood et al.
patent: 5715394 (1998-02-01), Jabs
patent: 5812529 (1998-09-01), Czarnik et al.
patent: 5815665 (1998-09-01), Teper et al.
patent: 5835727 (1998-11-01), Wong et al.
patent: 5845070 (1998-12-01), Ikudome
patent: 5881225 (1999-03-01), Worth
patent: 5897635 (1999-04-01), Torres et al.
patent: 5898780 (1999-04-01), Liu et al.
patent: 5933625 (1999-08-01), Sugiyama
patent: 5944824 (1999-08-01), He
patent: 5968116 (1999-10-01), Day, II et al.
patent: 5974453 (1999-10-01), Andersen et al.
patent: 5987232 (1999-11-01), Tabuki
patent: 5991810 (1999-11-01), Shapiro et al.
patent: 5991828 (1999-11-01), Horie et al.
patent: 6006334 (1999-12-01), Nguyen et al.
patent: 6009103 (1999-12-01), Woundy
patent: 6011910 (2000-01-01), Chau et al.
patent: 6021429 (2000-02-01), Danknick
patent: 6021496 (2000-02-01), Dutcher et al.
patent: 6026441 (2000-02-01), Ronen
patent: 6044155 (2000-03-01), Thomlinson et al.
patent: 6047376 (2000-04-01), Hosoe
patent: 6061650 (2000-05-01), Malkin et al.
patent: 6065980 (2000-05-01), Leung et al.
patent: 6081419 (2000-06-01), Pham
patent: 6091951 (2000-07-01), Sturniolo et al.
patent: 6092196 (2000-07-01), Reiche
patent: 6119160 (2000-09-01), Zhang et al.
patent: 6141687 (2000-10-01), Blair
patent: 6182142 (2001-01-01), Win et al.
patent: 6301618 (2001-10-01), Sitaraman et al.
patent: 6324648 (2001-11-01), Grantges, Jr.
patent: 6463474 (2002-10-01), Fuh et al.
patent: 6466977 (2002-10-01), Sitaraman et al.
patent: 6587433 (2003-07-01), Borella et al.
patent: 6741853 (2004-05-01), Jiang et al.
patent: WO 99/53408 (1999-10-01), None
Bellovin, Steven M., “Problem Areas for the IP Security Protocols”, Jul. 22-25, 1996, Proceedings of the Sixth Usenix UNIX Security Symposium, San Jose, CA.
Cisco 6400 Access Concentrators, printed from http://www.cisco.com/warp.public/cc/pd/as6400/index.shtml on Sep. 27, 2000.
Cisco 6400 Universal Access Concentrator, Data Sheet, printed from http://www.cisco.com/warp.public.cc.pd.as.6400.prodlit/6400—ds.htm on Sep. 27, 20000.
Cisco 6400 Universal Access Concentrator, Product Bulletin—No. 1120, printed from http://www.cisco.com/warp.public.cc.pd.as.6400.prodlit/1120—pp.htm on Oct. 4, 2000.
Cisco Asymmetric Digital Subscriber Line Services Architecture, White Paper, printed from http://www.cisco.com.warp.public/cc/so
eso/dsso/global/ads1—wp.htm on Sep. 27, 2000.
“Cisco User Control Point”, pp. 1-4, printed from http://www.cisco.com/warp/public/728/ucp ds.htm on Sep. 10, 1998.
“IBM Introduces New Subscriber Management System for Internet Service Provider”, Dec. 2, 1998, IBM Corporation, printed from http://www.cisco.com/univered/cc/td/doc/products/software/ios113ed/113t/113t3/ispec.
“IPsec Network Security”, pp. 1-69, printed from http://www.cisco.com/univercd/cc/td/doc/products/software/ios113ed/113t/113t3/ipsec.
Layer 2 Tunnel Protocol, Release 12.0(iI)T and 11.3(5)AA.
“L2TP”, 1998, Mecklemedia Corporation, printed from http://www/webopedia.internet.com/TERM/L/L2TP/html.
“MultiVPN from Ascend Communications: Breaking Down the Barriers to VPNs”, Ascend Communications, Inc., White Paper, 1998.
Patel, B., et al., “Securing L2TP using IPSEC”, May 1998, PPPEXT Working Group, pp. 1-10, printed from http://www.masinter.net/˜12tp/ ftp/draft-ietf-pppext-12tp-security-02.txt.on Sep. 21, 1998.
“Remote Access Network Security”, Ascend Communications, Inc., printed from http://www.ascend.com/1103.html, on Jul. 24, 1998, pp. 1-8.
Rigney, et al., “Remote Authentication Dial In User Service (RADIUS) ”, Network Working Group, RFC 2138, Apr. 1997, pp.1-57.
Rosen, et al., “Multiprotocol Label Switching Architecture”, Apr. 1999, Network Working Group, Internet-Draft, pp. 1-62.
Tunneling, 1998, Meckermedia Corporation, printed from http://webopedia.internet.com/TERM/t/tunneling.html.
Carrel, D. et al., The TACACS+Protocol, Version 1.78, Cisco Systems, Inc., printed from ftp://ftp-eng.cisco.com/edweber/tac-rfc.1.78.txt on Oct. 23, 2000.
Grant Laurence
Weber Gregory
Cisco Technology Inc.
Hanish Marc S.
Sheikh Ayza
Sherkat Arezoo
Thelen Reid & Priest
LandOfFree
Command authorization via RADIUS does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Command authorization via RADIUS, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Command authorization via RADIUS will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3548777