公开(公告)号：US11212292B2

公开(公告)日：2021-12-28

申请号：US16458805

申请日：2019-07-01

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Bhagya Prasad Nittur ,  Anoop Kumaran Nair ,  Antoni Milton

IPC: H04L29/06

Abstract: Systems and methods are provided for chaining network access control authorization processes. A method includes executing a first authorization process to generate a first authorization result for a user according to first authorization data obtained from a first authorization source corresponding to the first authorization process; executing a second authorization process to generate a second authorization result for the user according to second authorization data obtained from a second authorization source corresponding to the second authorization process and the first authorization data obtained by the first authorization process; and authorizing the user to access a network resource according to the first authorization result generated by the first authorization process and the second authorization result generated by the second authorization process.

公开(公告)号：US11201864B2

公开(公告)日：2021-12-14

申请号：US16429462

申请日：2019-06-03

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Rajesh Kumar Ganapathy Achari ,  Anoop Kumaran Nair ,  Venkatesh Ramachandran ,  Pattabhi Attaluri ,  Bhagya Prasad Nittur ,  Antoni Milton

IPC: G06F21/44 ,  G06F21/45 ,  H04L29/06 ,  G06F21/71

Abstract: Methods and systems for providing vendor agnostic captive portal authentication in a network that includes a plurality of network access devices are provided. For instance, one method includes receiving a redirect request for a communication between a first user-terminal and a first network access device, the redirect request including at least one of a vendor-specific item of information of the first network access device and an Internet Protocol (IP) address of the first network access device. The method further includes comparing the at least one of the vendor-specific item of information of the first network access device and the IP address of the first network access device against each of a plurality of entries of a network access device database, and providing the first user-terminal access to a captive portal page in response to an appropriate match.

公开(公告)号：US20210051182A1

公开(公告)日：2021-02-18

申请号：US16539549

申请日：2019-08-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Antoni Milton ,  Mohit Goyal ,  Pattabhi Attaluri

IPC: H04L29/06

Abstract: A method may include receiving a digital certificate through a secure connection from a network access server, the secure connection passing through a network address translation device, validating the digital certificate with a policy management system, and establishing a secure tunnel between the network access server and the policy management system when the digital certificate is validated. Also, receiving, through the secure tunnel and from the network access server, a remote authentication dial-in user service access request having a network access server internet protocol address, validating the network access server with the network access server internet protocol address by the policy management system, and allowing a remote authentication dial-in user service traffic when the internet protocol address of the network access server is validated and closing the secure tunnel when the validating the network access server fails.

公开(公告)号：US11924195B2

公开(公告)日：2024-03-05

申请号：US17675685

申请日：2022-02-18

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Antoni Milton ,  Timothy Cappalli

IPC: H04L9/40

CPC classification number: H04L63/0823 ,  H04L63/102 ,  H04L63/166 ,  H04L63/20

Abstract: Example method includes: establishing a secure tunnel with an unauthenticated client device associated with a user of a restricted network; receiving user credentials associated with the user and transmitted from the unauthenticated client device within the secure tunnel; validating the received user credentials; and transmitting at least a client certificate and device configuration information to the unauthenticated client device within the secure tunnel such that the unauthenticated client device is able to access the restricted network after installing the client certificate and applying the device configurations based on the received device configuration information.

公开(公告)号：US11553007B2

公开(公告)日：2023-01-10

申请号：US16539549

申请日：2019-08-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Antoni Milton ,  Mohit Goyal ,  Pattabhi Attaluri

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  H04L9/40

Abstract: A method may include receiving a digital certificate through a secure connection from a network access server, the secure connection passing through a network address translation device, validating the digital certificate with a policy management system, and establishing a secure tunnel between the network access server and the policy management system when the digital certificate is validated. Also, receiving, through the secure tunnel and from the network access server, a remote authentication dial-in user service access request having a network access server internet protocol address, validating the network access server with the network access server internet protocol address by the policy management system, and allowing a remote authentication dial-in user service traffic when the internet protocol address of the network access server is validated and closing the secure tunnel when the validating the network access server fails.

公开(公告)号：US11477186B2

公开(公告)日：2022-10-18

申请号：US16426420

申请日：2019-05-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Antoni Milton ,  Rajesh Kumar Ganapathy Achari ,  Bhagya Prasad Nittur

IPC: H04L9/40 ,  G06F16/245

Abstract: An authentication server associated with a network authenticates a primary user credential responsive to a request from a client device to access the network. The authentication server queries a database server for contact information for obtaining a secondary user credential. The contact information is provided to a third-party authentication server to obtain and authenticate the secondary user credential. In response to both the third-party authentication server obtaining and authenticating the secondary user credential successfully and the authentication server authenticating the primary user credential successfully, the client device is granted access to the network.

公开(公告)号：US11277399B2

公开(公告)日：2022-03-15

申请号：US16399301

申请日：2019-04-30

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Antoni Milton ,  Timothy Cappalli

IPC: H04L29/06

Abstract: Example method includes: establishing a secure tunnel with an unauthenticated client device associated with a user of a restricted network; receiving user credentials associated with the user and transmitted from the unauthenticated client device within the secure tunnel; validating the received user credentials; and transmitting at least a client certificate and device configuration information to the unauthenticated client device within the secure tunnel such that the unauthenticated client device is able to access the restricted network after installing the client certificate and applying the device configurations based on the received device configuration information.

公开(公告)号：US20200382497A1

公开(公告)日：2020-12-03

申请号：US16429462

申请日：2019-06-03

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Rajesh Kumar Ganapathy Achari ,  Anoop Kumaran Nair ,  Venkatesh Ramachandran ,  Pattabhi Attaluri ,  Bhagya Prasad Nittur ,  Antoni Milton

IPC: H04L29/06

Abstract: Methods and systems for providing vendor agnostic captive portal authentication in a network that includes a plurality of network access devices are provided. For instance, one method includes receiving a redirect request for a communication between a first user-terminal and a first network access device, the redirect request including at least one of a vendor-specific item of information of the first network access device and an Internet Protocol (IP) address of the first network access device. The method further includes comparing the at least one of the vendor-specific item of information of the first network access device and the IP address of the first network access device against each of a plurality of entries of a network access device database, and providing the first user-terminal access to a captive portal page in response to an appropriate match.

公开(公告)号：US20200382485A1

公开(公告)日：2020-12-03

申请号：US16426420

申请日：2019-05-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Antoni Milton ,  Rajesh Kumar Ganapathy Achari ,  Bhagya Prasad Nittur

IPC: H04L29/06 ,  G06F16/245

Abstract: An authentication server associated with a network authenticates a primary user credential responsive to a request from a client device to access the network. The authentication server queries a database server for contact information for obtaining a secondary user credential. The contact information is provided to a third-party authentication server to obtain and authenticate the secondary user credential. In response to both the third-party authentication server obtaining and authenticating the secondary user credential successfully and the authentication server authenticating the primary user credential successfully, the client device is granted access to the network.