Deterministic user authentication service for communication network

Assignee

• Xylan Corporation · US

Inventors

• Michael See · Chapel Hill, US
• John W. Bailey · Craydon Court, US
• Charles L. Panza · Park City, US
• Yuri Pikover · Malibu, US
• Geoffrey C. Stone · Malibu, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/101
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network. Log-in attempts are recorded so that the identity and whereabouts of network users may be monitored from a network management station.