公开(公告)号：US06219790B1

公开(公告)日：2001-04-17

申请号：US09100092

申请日：1998-06-19

Applicant: Brian Lloyd ,  Glenn McGregor

Inventor： Brian Lloyd ,  Glenn McGregor

IPC: C06F1100

CPC classification number: H04L63/0442 ,  G06F21/31 ,  G06F21/6236 ,  G06F2221/2101 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/0892 ,  H04L63/10

Abstract: A system and method for authenticating and authorizing user access to a computer network. An AAA server comprises a plurality of Authentication transport protocol modules that interface with one or more clients using a native authentication transport protocol. The AAA server is coupled with a DBMS system that stores user authentication, authorization and accounting information in a standard format. Authentication and authorization are performed using a five phase process comprising the phases: Augmentation; Selection; Authentication; Authorization and Confirmation. During the Augmentation phase, client requests are translated into a standard internal format. The requests are parsed into a set of attribute/value pairs according to a parse rules table. In the Selection phase, the AAA server determines the details of the access request and identifies the permit required to authorize access. A rules table is used, wherein a particular row in the rules table is selected according to the attribute/value pairs from the Augmentation phase. The rules table provides the necessary details for the AAA server to formulate a proper response to the client. In the Authentication phase, the AAA server determines if the log in information provided by the user matches information stored in the user record. In the Authorization phase, the AAA server determines if the user is authorized to access the requested service by determining if the permit retrieved in the Selection phase matches the permit stored in the user database. In the Confirmation phase, the AAA server determines if a port limit has been exceeded and checks the client request for inconsistencies.

Abstract translation: 用于认证和授权用户访问计算机网络的系统和方法。 AAA服务器包括使用本地认证传输协议与一个或多个客户端接口的多个认证传输协议模块。 AAA服务器与以标准格式存储用户认证，授权和记帐信息的DBMS系统相结合。 使用包括以下阶段的五阶段过程来执行认证和授权：增强; 选择; 认证; 授权和确认。 在增量阶段，客户端请求被转换为标准的内部格式。 根据解析规则表，将请求解析为一组属性/值对。 在选择阶段，AAA服务器确定访问请求的详细信息，并标识授权访问所需的许可证。 使用规则表，其中根据增量阶段的属性/值对来选择规则表中的特定行。 规则表提供了AAA服务器为客户端制定适当响应的必要细节。 在认证阶段，AAA服务器确定用户提供的登录信息是否匹配用户记录中存储的信息。 在授权阶段，AAA服务器通过确定在选择阶段检索的许可证是否与存储在用户数据库中的许可证相匹配来确定用户是否被授权访问所请求的服务。 在确认阶段，AAA服务器确定是否已超出端口限制，并检查客户机请求是否有不一致。