Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network access regulating
Reexamination Certificate
1998-10-30
2001-07-17
Najjar, Saleh (Department: 2154)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network access regulating
C709S201000, C709S217000, C709S219000
Reexamination Certificate
active
06263369
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to providing network access to a communications system. More particularly, the present invention relates to providing network access to a communications system by locally authenticating and authorizing access requests.
2. The Background
Turning to
FIG. 1
, one approach for providing network access to a communications system
8
over an access point (such as access point
10
a
, access point
10
b
, or access point
10
c
) using a communications network
12
is shown. An access point is associated with a set of service components and at least one client, enabling a subscriber
14
using a host machine
16
, such as a personal computer having a modem, to obtain access to system
8
. As known to those of ordinary skill in the art, when referred to in the context of the Internet or other large computer networks, each client coupled to an access point provides connectivity to hosts within an area commonly referred to as a PoP or “Point of Presence.” A PoP is a geographical area that is serviced by an access point, which is typically managed by an ISP (“Internet Services Provider”). For dial-up access methods using a public switched telephone network (PSTN), the geographical area may be defined by an area code.
For example, if network
12
is implemented using the Internet, access point
10
a
may be configured to support subscribers within a geographical area defined by a first area code, such as that covering San Jose, Calif., while access point
10
b
may be configured to support subscribers within another geographical area defined by a second area code, such as that covering San Francisco, Calif. and/or its surrounding cities and towns. Similarly, access point
10
c
may be configured to support subscribers within a geographical area defined by a third area code, such as that covering New York City, N.Y.
For dial-up access to network
12
, each access point includes a network access server (commonly referred to as a NAS), such as network access server
18
. Network access server
18
functions as an interface between host machine
16
(via the modem) and the necessary services which must be provided when subscriber
14
seeks to obtain network access using a dial access method. Responding to a dial-up access request typically includes the process steps (sometimes referred to as “states”) of authentication, authorization, and accounting. These states may be provided by an AAA server, such as AAA server
20
. AAA server
20
uses the RADIUS protocol to communicate with devices, such as network access server
18
, which request authentication, authorization, and accounting services.
To provide authentication, authorization, and accounting services properly, AAA server requires access to a database
21
having a set of user records. For a communications system that has more than one access point, such as communications system
8
, database
21
may be maintained as a central database that contains all of the user records required by all of the access points in communications system
8
. This provides the advantages of maintaining only one database for more than one access point, reducing the complexity of the system, while permitting a subscriber to obtain network access at an access point other than his originating access point (commonly referred to as “roaming”).
For example, if access point
10
a
is the home access point for subscriber
14
, subscriber
14
may still dial-up a different access point, even if the access point is at a different geographical area, such as access point
10
c
. This is possible because access point
10
c
has access to the user record corresponding to subscriber
14
by virtue of database
21
.
However, centrally locating a database is expensive with respect to network bandwidth consumption because each database transaction generated for every access request that requires AAA services from an access point in communications system
8
must be sent to database
21
(sometimes referred to as “back-hauling”). Moreover, this problem of bandwidth consumption increases and becomes more acute during peak use hours.
One solution includes implementing a local database at each access point. However, this solution offers the challenges of having to maintain synchronicity with other local databases, such as for the purposes of offering roaming as a service.
Accordingly, a need exists for a network access point that can be configured to have at least one local database or cache that holds user records which may be used for authentication, authorization, and accounting purposes.
Further, a need exists for a network access point that can be configured to have at least one local database or cache which can be easily synchronized with other local databases or caches within the access point or within other access points.
Furthermore, a need exists for a communications system having network access points that can be configured to have at least one local database or cache which can be easily synchronized with a central database or cache without consuming network bandwidth used for transporting subscriber data.
BRIEF DESCRIPTION OF THE INVENTION
In a first aspect of the present invention, a network access point for locally processing an access request is configured to include an information bus, an access event publisher, and at least one local cache having at least one user record. The access event publisher publishes at least one network access event on the information bus during the processing of the access request. The first local cache is coupled to and is responsive to the network access event by updating the user record according to information contained by the network access event if the information includes a home access point ID that corresponds to the first local cache.
In a second aspect of the present invention, the network access point is part of a communications system having a mother cache. The mother cache is coupled to the first local cache and contains user records of subscribers supported by the communications system. The first local cache obtains a user record associated with one of the subscribers from the mother cache, if the user record is not stored in the first local cache, in response to a log-on attempt to the network access point by the subscriber.
REFERENCES:
patent: 4763191 (1988-08-01), Gordon et al.
patent: 4922486 (1990-05-01), Lidinsky et al.
patent: 4962497 (1990-10-01), Ferenc et al.
patent: 5003595 (1991-03-01), Collins et al.
patent: 5241594 (1993-08-01), Kung
patent: 5241599 (1993-08-01), Bellovin et al.
patent: 5416842 (1995-05-01), Aziz
patent: 5423002 (1995-06-01), Hart
patent: 5621721 (1997-04-01), Vatuone
patent: 5655077 (1997-08-01), Jones et al.
patent: 5668857 (1997-09-01), McHale
patent: 5671354 (1997-09-01), Ito et al.
patent: 5684950 (1997-11-01), Dare et al.
patent: 5708780 (1998-01-01), Levergood et al.
patent: 5809422 (1998-09-01), Raleigh et al.
patent: 5815665 (1998-09-01), Teper et al.
patent: 5835727 (1998-11-01), Wong et al.
patent: 5845070 (1998-12-01), Ikudome
patent: 5898780 (1999-04-01), Liu et al.
patent: 5933625 (1999-08-01), Sugiyama
patent: 5944824 (1999-08-01), He
patent: 5987232 (1999-11-01), Tabuki
patent: 5991810 (1999-11-01), Shapiro et al.
patent: 6006334 (1999-12-01), Nguyen et al.
patent: 6011910 (2000-01-01), Chau et al.
patent: 6021496 (2000-02-01), Dutcher et al.
patent: 6047376 (2000-04-01), Hosoe
patent: 6092196 (2000-07-01), Reiche et al.
patent: 6141687 (2000-10-01), Blair
patent: 0 567 217 (1993-10-01), None
patent: 99/53408 (1999-10-01), None
patent: WO 99/53408 (1999-10-01), None
Bellovin, Steven M., “Problem Areas for the IP Security Protocols”, Jul. 22-25, 1996, Proceedings of the Sixth Usenix UNIX Security Symposium, San Jose, CA.
Active Software, Inc., “Active Software's Integration System”, printed from http://www.activesw.com/products/products.html, on Jul. 24, 1998.
Ascend Communications, Inc., “Access Control Product Information”, 4 pages.
Ascend Communications, Inc., “Remote Access Networ
Chu Jie
Hosseini Houshang Nayeb
Sitaraman Aravind
Thomas Leslie Alan
Zhang Shujin
Cisco Technology Inc.
Najjar Saleh
Ritchie David B.
Thelen Reid & Priest LLP
LandOfFree
Distributed architecture allowing local user authentication... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Distributed architecture allowing local user authentication..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Distributed architecture allowing local user authentication... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2485716