公开(公告)号：US08898757B2

公开(公告)日：2014-11-25

申请号：US13706963

申请日：2012-12-06

Applicant: Cisco Technology, Inc.

Inventor： Pok Sze Wong ,  Thomas Alan Parker

IPC: H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  H04W84/12

CPC classification number: H04L63/0892 ,  H04L9/32 ,  H04L63/08 ,  H04W12/06 ,  H04W84/12

Abstract: An example embodiment of the present invention provides processes relating to the authentication, by an authentication server, of a supplicant/user for access to a network. In one particular implementation, an authentication server receives a request for access from a supplicant, which request is forwarded to the authentication server by an authenticator that controls a port to the network. The authentication server scores various authentication methods, based on configured preferences, currently cached credentials, and the availability of a networked credential store as measured by a link-state monitor. The authentication server then negotiates an agreed authentication method with the supplicant, using a preferred order resulting from the scores. The authentication server receives forwarded credentials for the agreed authentication method from the supplicant and instructs the authenticator to give the supplicant access to the port, if the authentication server can verify the credentials against a credential store or a credential cache.

Abstract translation: 本发明的示例性实施例提供了一种与验证服务器认证用于访问网络的请求者/用户有关的过程。 在一个特定实现中，认证服务器从请求方接收到访问请求，该请求由控制到网络的端口的认证器转发给认证服务器。 认证服务器基于配置的偏好，当前缓存的凭证以及由链路状态监视器测量的联网凭证存储的可用性来分类各种认证方法。 然后，认证服务器使用由分数得到的优选顺序与请求者协商一致的认证方法。 验证服务器从请求方接收所约定的认证方法的转发凭证，并且指示认证者给认证方访问该端口，如果认证服务器可以根据证书存储或证书缓存来验证凭证。