Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network access regulating
Reexamination Certificate
2000-09-29
2003-02-25
Dinh, Dung C. (Department: 2153)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network access regulating
C709S224000, C709S229000, C709S217000, C713S152000
Reexamination Certificate
active
06526444
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the field of computer networking. More particularly, the present invention relates to using an authentication server to obtain dial-out information on a network, the dial-out information being used to dial another network for the purpose of forwarding a data packet.
2. The Background Art
There are two general types of dial operations that may be performed by a network. These are dial-in and dial-out. A dial-in operation is performed when a user, or even another network, wishes to gain access to a network. The remote user or network dials the network to connect to it. This dial operation may comprise using a modem and dialing a phone number through the phone company, or it may comprise any other type of network communication, including gaining access through a publicly switched network or similar high speed design. The remote user or network is therefore initiating contact, and the destination network simply performs a passive dial-in operation, which allows it to receive the call.
Many consumers are remote users, wherein they dial an Internet Service Provider (ISP) on their modem and log in to the remote user. There are other types of remote users as well, including users who dial directly into a server, but ISP access is the most popular. The process by which a network authenticates such a user is as follows. During this dial-in operation, when a connection is made, a device known as an access server prompts the user for a username and a password. This username and password is then passed to an authentication server. The authentication server looks up the username in a database which has been indexed by usernames. When it finds the username in the database it retrieves the appropriate password and other relevant information about the user. If either the username or the password is not correct, the user is denied access to the network, otherwise access is granted.
A remote network is most commonly used in telecommuting applications, where the user requires faster access to a network. The network inside the user's house is connected to a publicly switched network. Rather than using a modem, a router or bridge is initiating the connection process. Authentication of a user is accomplished in a similar manner to that of remote users. An authentication server verifies that the remote network should have access using the username and a password.
A dial-out operation provides for the opposite effect of a dial-in operation. Here, the network is initiating connection to a remote network. It is also possible for the network to attempt to connect to a remote user. This connection may be made in an effort to provide access for an extended period of time, such as a first network connecting to a second network for the purpose of performing a search in a database residing on the second network.
Many networks, however, such as the Internet, also use networks simply to forward information to another network. An example of this is depicted in FIG.
1
. In
FIG. 1
, node A
2
on network X
4
passes information to node B
6
on network Z
8
. In order to perform this, router
10
must pass the information to router
12
. However, network X
4
and network Z
8
are not directly connected, but are instead separated by network Y
14
having router
16
. Thus, router
10
must pass the information through router
16
to router
12
. Router
16
is called a hop. Router
16
is expected to forward the information to another hop on the network or to the final destination of the information (if possible). Thus, in this example, the IP packet takes one hop to get to its destination.
In order to properly forward the information, a router must examine the intended address of the information, extract the information as to which network it must be forwarded, then look up the network in a database in order to determine how to connect to that network. Generally, this database will contain the phone number or other dial-out information on the appropriate network. In the Internet example depicted in
FIG. 1
, an access server on network Y
10
extracts the destination IP address from the IP packet that is being sent. It then looks up the address information in the database and retrieves a phone number for network Z
8
, which it dials and then forwards the IP packet to that network.
The drawback of this method is that the steps are generally performed by the access server of the network. The access server is intended simply to be a device which connects devices to a network through network and terminal emulation software, not to perform searches on a database. The access server is not scalable and therefore the memory and speed of the access server is limited. Using the access server to look up the dial-out information in a database wastes valuable resources which could be used for network connection. It would be preferable to offload this process to another device. Currently, however, there are no network devices designed to perform this task other than an access server.
BRIEF DESCRIPTION OF THE INVENTION
A method for using an authentication server to obtain dial-out information about a network including the steps of receiving a destination network address; obtaining a network number and a corresponding network mask from a database; applying said network mask to said destination network address and comparing the result to said network number; retrieving a profile corresponding to said network number and network mask from a database if said network number matches the result of applying said network mask to said destination network address; and repeating said obtaining, applying, and retrieving steps if said network number does not match the result of applying said network mask to said destination network address.
REFERENCES:
patent: 5241594 (1993-08-01), Kung
patent: 5655077 (1997-08-01), Jones et al.
patent: 5684950 (1997-11-01), Dare et al.
patent: 5752242 (1998-05-01), Havens
patent: 5835720 (1998-11-01), Nelson et al.
patent: 5898780 (1999-04-01), Liu et al.
patent: 5918016 (1999-06-01), Brewer et al.
patent: 5944824 (1999-08-01), He
patent: 5974453 (1999-10-01), Anderson et al.
patent: 5991828 (1999-11-01), Horie et al.
patent: 6009103 (1999-12-01), Woundy
patent: 6026441 (2000-02-01), Ronen
patent: 6091951 (2000-07-01), Sturniolo et al.
patent: 6092196 (2000-07-01), Reiche
patent: 6141687 (2000-10-01), Blair
patent: 6286039 (2001-04-01), Van Horne et al.
patent: 6253327 (2001-06-01), Zhang et al.
patent: 6298383 (2001-10-01), Gutman et al.
patent: 6301618 (2001-10-01), Sitaraman et al.
patent: 6311275 (2001-10-01), Jin et al.
patent: 6324585 (2001-11-01), Zhang et al.
Carrel, D. et al. The TACACS+ Protocol, Version 1.78, Cisco Systems, Inc., printed from ftp://ftp-eng.cisco.com/gdweber/tac-rfc.1.78.txt on Oct. 23, 2000.
Dinh Dung C.
Salad Abdullahi E.
Thelen Reid & Priest LLP
LandOfFree
Using an authentication server to obtain dial-out... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Using an authentication server to obtain dial-out..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Using an authentication server to obtain dial-out... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3150246