IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0290914
(2014-05-29)
|
등록번호 |
US-9344421
(2016-05-17)
|
발명자
/ 주소 |
- Chen, Lee
- Chiong, John
- Yu, Yang
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
7 인용 특허 :
47 |
초록
▼
Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user
Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user identity, each network access point with a network access point identity. The user uses a user device to send an access request, requesting access to the secure data network, to the network access point, which then sends an authentication request to an identity server. The identity server processes the authentication request, by validating the combination of the user identity and the network access point identity, and responds with an authentication response, granting or denying access, as communicated to the user device via an access response.
대표청구항
▼
1. A method of user access authentication, the method comprising: receiving a first authentication request at an identity server from a second network access point, based on a user device access request for accessing a secure data network through a first network access point;obtaining from the first
1. A method of user access authentication, the method comprising: receiving a first authentication request at an identity server from a second network access point, based on a user device access request for accessing a secure data network through a first network access point;obtaining from the first authentication request a first network access point identity of the first network access point and a second network access point identity of the second network access point;determining at the identity server whether to grant a user device access to the secure data network by comparing a user identity and the first network access point identity to a stored plurality of user identities and corresponding validated pairs of network access point identities; andgranting access to the secure data network when the user identity and the first network access point identity obtained match with one of the stored plurality of user identities and corresponding validated pairs of network access point identities. 2. The method of claim 1 further comprising maintaining a log of communication paths which tracks at least one of the first and second network access point identities. 3. The method of claim 2 wherein the first authentication request logs at least a portion of the communication paths. 4. The method of claim 2 comprising logging the first network access point identity and the second network access point identity. 5. The method of claim 1 wherein the secure data network comprises an application level secure data network. 6. The method of claim 5 wherein the access request seeks access to a network application, and the access request comprises a Transport Control Protocol (TCP) access request. 7. The method of claim 6 further comprising determining that access to the network application is sought, wherein the first network access point determines that access to the network application is sought. 8. The method of claim 6 wherein the network application comprises one or more of an enterprise application, an employee benefit application, a human resources application, an inventory information application, a library system, a conference workshop application, a live concert webcast, a hotel television over IP application, or a web application. 9. A system for user access authentication, the system comprising: a secure data network comprising at least a first network access point and a second network access point, the first network access point transmits a first authentication request from the second network access point to an identity server, based on a user device access request for accessing the secure data network through the first network access point;the identity server in communication with the secure data network via one of the network access points; whereinthe identity server obtains from the first authentication request a first network access point identity of the first network access point and a second network access point identity of the second network access point;determines whether to grant a user device access to the secure data network by comparing a user identity and the first network access point identity to a stored plurality of user identities and corresponding validated pairs of network access point identities; andgrants access to the secure data network when the user identity and the first network access point identity obtained match with one of the stored plurality of user identities and corresponding validated pairs of network access point identities. 10. The system of claim 9 further comprising a log of communication paths which tracks at least one of the first and second network access point identities. 11. The system of claim 10 wherein the first authentication request logs at least a portion of the communication paths. 12. The system of claim 10 wherein the log comprises at least the first network access point identity and second network access point identity. 13. The system of claim 9 wherein the secure data network comprises an application level secure data network. 14. The system of claim 13 wherein the access request comprises a Transport Control Protocol (TCP) and seeks access to a network application. 15. The system of claim 14 wherein the first network access point determines that access to the network application is being sought. 16. The system of claim 14 wherein the network application comprises one or more of an enterprise application, an employee benefit application, a human resources application, an inventory information application, a library system, a conference workshop application, a live concert web cast, a hotel television over IP application, and a web application. 17. A method of user access authentication, the method comprising: receiving at a first network access point an access request to a secure data network from a user device;generating an authentication request in response to receiving the access request, wherein the authentication request comprises a log of a communication path;sending the authentication request from the first network access point via a second network access point to an identity server for processing;obtaining from the authentication request a first network access point identity of the first network access point and a second network access point identity of the second network access point;determining at the identity server whether to grant the user device access to the secure data network by comparing a user identity and the first and second access network point identities to a stored plurality of user identities and corresponding validated pairs of network access point identities; andgranting access to the secure data network when the user identity and the network access point identities obtained match with one of the stored plurality of user identities and its corresponding validated pairs of network access point identities. 18. The method of claim 17 wherein the log of the communication path comprises the second network access point when the authentication request passes through the second network access point. 19. The method of claim 17 comprising sending an access response to the user device. 20. The method of claim 17 wherein the access request comprises the user identity and the authentication request comprises the user identity. 21. The method of claim 17 comprising the identity server determining whether to grant the access request based on the user identity, first network access point identity of the first network access point, and the second network access point identity of the second network access point. 22. The method of claim 17 wherein the secure data network comprises an application level secure data network. 23. The method of claim 22 wherein the access request seeks access to a network application, and the access request comprises a Transport Control Protocol (TCP) access request. 24. The method of claim 23 further comprising determining that access to the network application is sought, wherein the first network access point determines that access to the network application is sought. 25. The method of claim 23 wherein the network application comprises one or more of an enterprise application, an employee benefit application, a human resources application, an inventory information application, a library system, a conference workshop application, a live concert web cast, a hotel television over IP application, or a web application. 26. The method of claim 17 wherein the secure data network comprises at least one of an Internet Protocol (IP) network, a Local Area Network (LAN), a Wide Area Network (WAN), a wireless network, a WiFi network, a General Packet Radio Service (GPRS) network, a public IP network, and a private IP network; wherein the user device comprises at least one of a desktop personal computer, a laptop personal computer, a personal data assistance (PDA), a cellular phone, a smart-phone, and a device having a computing unit connectable to a network;wherein the first network access point and/or the second network access point comprises at least one of a firewall, a wireless access point, a Dynamic Host Configuration Protocol (DHCP) server, a Remote Access Server (RAS), a Broadband Remote Access Server (BRAS), a web server, a secure web server, a virtual private network (VPN) server, a termination point of an access tunnel, a termination point of a virtual private network (VPN) tunnel, a termination point of a Generic Routing Encapsulation (GRE) tunnel, and a termination point of a Layer-2 Tunnel Protocol (L2TP) tunnel; andwherein the first network access point identity and/or the second network access point identity comprises at least one of a network access point name, an IP address, a port number, security information, a password, a security code, a device name, a machine identity, a serial number, an identity of an access tunnel termination point, and an Access Point Name (APN). 27. The method of claim 20 wherein the user identity comprises at least one of a user name, an identity of the user device, a Media Access Control (MAC) address, an Internet Protocol (IP) address and port number, a device serial number, subscriber information in a subscriber identity module (SIM) card, subscriber information in a Universal Subscriber Identity Module (USIM) card, a telephone number, security information, a password, a security code, a secret answer to a security question, biometric characteristics, fingerprint data, eye retinal data, eye iris data voice pattern recognition data and signature recognition data. 28. A system for user access authentication comprising: a secure data network comprising at least a first network access point and a second network access point, and an identity server, wherein the first network access point receives an access request to the secure data network from a user device;wherein the system generates an authentication request in response to receiving the access request, the authentication request comprising a log of a communication path;sends the authentication request from the first network access point via the second network access point to the identity server for processing;obtains from the authentication request a first network access point identity of the first network access point and a second network access point identity of the second network access point;determines at the identity server whether to grant the user device access to the secure data network by comparing a user identity and the first and second network access point identities to a stored plurality of user identities and corresponding validated pairs of network access point identities; andgrants access to the secure data network when the user identity and the network access point identities obtained match with one of the stored plurality of user identities and its corresponding validated pair of network access point identities. 29. The system of claim 28 wherein the log of the communication path comprises the second network access point when the authentication request passes through the second network access point. 30. The system of claim 28 wherein the identity server determines whether to grant the access request based on the user identity, the first network access point identity of the first network access point, and the second network access point identity of the second network access point. 31. The system of claim 28 wherein the secure data network comprises at least one of an Internet Protocol (IP) network, a Local Area Network (LAN), a Wide Area Network (WAN), a wireless network, a WiFi network, a General Packet Radio Service (GPRS) network, a public IP network, and a private IP network; wherein the user device comprises at least one of a desktop personal computer, a laptop personal computer, a personal data assistance (PDA), a cellular phone, a smart-phone, and a device having a computing unit connectable to a network;wherein the first network access point and/or the second network access point comprises at least one of a firewall, a wireless access point, a Dynamic Host Configuration Protocol (DHCP) server, a Remote Access Server (RAS), a Broadband Remote Access Server (BRAS), a web server, a secure web server, a virtual private network (VPN) server, a termination point of an access tunnel, a termination point of a virtual private network (VPN) tunnel, a termination point of a Generic Routing Encapsulation (GRE) tunnel, and a termination point of a Layer-2 Tunnel Protocol (L2TP) tunnel; andwherein the first network access point identity and/or the second network access point identity comprises at least one of a network access point name, an IP address, a port number, security information, a password, a security code, a device name, a machine identity, a serial number, an identity of an access tunnel termination point, and an Access Point Name (APN). 32. The system of claim 28 wherein the access request comprises the user identity which comprises at least one of a user name, an identity of the user device, a Media Access Control (MAC) address, an Internet Protocol (IP) address and port number, a device serial number, subscriber information in a subscriber identity module (SIM) card, subscriber information in a Universal Subscriber Identity Module (USIM) card, a telephone number, security information, a password, a security code, a secret answer to a security question, biometric characteristics, fingerprint data, eye retinal data, eye iris data, voice pattern recognition data, and signature recognition data.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.