Electrical computers and digital processing systems: support – System access control based on user identification by...
Reexamination Certificate
2001-04-23
2001-12-25
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
C713S168000, C713S170000, C713S171000, C380S283000
Reexamination Certificate
active
06334188
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention is directed to a method an apparatus for limiting access to network elements. More particularly, the present invention is directed to a method and apparatus for limiting access to network elements having disparate operating systems to only those users being authorized to access the respective elements.
Various communication network configurations are known in the art. Typically such communication network configurations include a plurality of different network elements. The network elements can be supplied by various vendors and therefore implement different types of interfaces. Similarly, the different types of network elements, which may be intelligent devices that include some processing capabilities, operate with different operating systems, for example different versions of Unix or DOS or Windows.
One example of an arrangement of network elements is illustrated in FIG.
1
. In this particular arrangement a user may have access to various network elements via personal computer (PC)
101
. The PC may be coupled to a router
102
via a wide area network (WAN) or local area network (LAN) connection. It would be possible to use TCP/IP transport protocols for initiating communications from the PC. The router can be coupled to different network elements such as a signal control point (SCP)
103
, a signal transfer point (STP)
104
and a terminal server
105
which constitutes an additional intelligent device that interfaces to yet additional network elements. Examples of such additional network elements include a voice mail server (VMS)
107
, a switch
108
which could be a Lucent Technologies
5
ESS switch, and a Signal Access Cross Connect System (DACS)
109
. It should be understood that this is merely an example of an arrangement of network elements and is not the sole representation of a configuration in which problems arise that can be addressed by the present invention.
In such network configurations employing a plurality of different network elements, it is difficult to provide a unified solution for limiting access by the user to each and every one of a plurality of the network elements. The problem arises because the different network elements operate with different operating systems and, as indicated before may be supplied by different vendors with different communication specifications. Therefore, typically each individual network element would have to operate some sort of authentication process to determine whether an individual user has access to that particular element. This requires different implementations of authentication processes depending upon the design of the respective network elements.
Another network where this problem arises is in a wireless cellular network where access is needed to a variety of network elements. Again, since the various network elements may have different operating systems with different degrees of authentication capability, it can be difficult to implement a universal solution that will force authentications.
It would be beneficial to have an arrangement by which access could be limited to the disparate network elements using a unified solution that is independent of the operating systems of the respective elements.
SUMMARY OF THE INVENTION
In accordance with an embodiment of the present invention, access to network elements is limited such that one authentication arrangement can service a plurality of network elements. In one specific embodiment, a network authentication key server generates a key of a predetermined length and transmits it to various network authentication nodes, each node being associated with at least one network element. When a user requests access to a given network element, the network authentication key server can detect whether the user is authorized to access the requested network element. If the user is permitted to access the element, then the server can modify the user's request to include the most current network authentication key. The modified request is then forwarded to the network element in question. A network authentication node associated with the requested network element intercepts the modified request and examines it. If the network authentication node determines that the modified request reflects the most current key that the node has received from the key server, then access to the network element is granted. If the authentication node determines that the request does not reflect the appropriate authentication key, then access will be denied. The network authentication nodes can therefore act as gates to the network elements which may be traversed only after a user has been authenticated by the network authentication key server.
In accordance with this arrangement, the network authentication node can operate in a mode that is transparent to both the user and to the network elements. In one embodiment of the invention, the network authentication key server includes a database which is examined to determine which network elements, if any, a given user is permitted to access.
Further advantages and details regarding the present invention will be described below.
REFERENCES:
patent: 5615266 (1997-03-01), Altschuler et al.
patent: 5649099 (1997-07-01), Theimer et al.
patent: 5661806 (1997-08-01), Nevoux et al.
patent: 5689565 (1997-11-01), Spies et al.
AT&T Wireless Services Inc.
Kenyon & Kenyon
Peeso Thomas R.
LandOfFree
Method and apparatus for limiting access to network elements does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for limiting access to network elements, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for limiting access to network elements will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2569798