公开(公告)号：US20070203999A1

公开(公告)日：2007-08-30

申请号：US11362702

申请日：2006-02-25

申请人： William Townsley ,  Vincent Mammoliti ,  Ralph Droms ,  Wojciech Dec ,  Richard Pruss

发明人： William Townsley ,  Vincent Mammoliti ,  Ralph Droms ,  Wojciech Dec ,  Richard Pruss

IPC分类号： G06F15/16 ,  G06F15/177

CPC分类号： H04L29/1282 ,  H04L61/2015 ,  H04L61/6013 ,  H04L63/08 ,  H04L63/0892

摘要： Techniques for providing remote access to a service provider network include exchanging multiple Dynamic Host Configuration Protocol (DHCP) formatted messages instead of any Point to Point Protocol (PPP) message to provide all PPP functions for accessing a service provider network from a customer node. The service provider network is on provider premises and the customer node is on customer premises different from the provider premises. The DHCP format is used to exchange authentication messages, user profile data on Authentication, Authorization and Accounting (AAA) servers, or session keep-alive echo messages, alone or in some combination. When all are message types are combined, these techniques provide a remote access server (RAS) with the capability to perform all functions presently provided by PPP processes. In some combinations, these techniques allow a modified DHCP server to replace a legacy AAA server.

摘要翻译： 用于提供对服务提供商网络的远程访问的技术包括交换多个动态主机配置协议（DHCP）格式的消息而不是任何点对点协议（PPP）消息，以提供用于从客户节点访问服务提供商网络的所有PPP功能。 服务提供商网络在提供商场所，并且客户节点在与提供商场所不同的客户驻地上。 DHCP格式用于单独或以某种组合交换认证消息，认证，授权和计费（AAA）服务器上的用户配置文件数据或会话保持活动的回显消息。 当所有消息类型都被组合时，这些技术提供具有执行PPP进程目前提供的所有功能的能力的远程访问服务器（RAS）。 在某些组合中，这些技术允许修改的DHCP服务器来替代传统的AAA服务器。

公开(公告)号：US07853708B2

公开(公告)日：2010-12-14

申请号：US11362702

申请日：2006-02-25

申请人： William Mark Townsley ,  Vincent John Mammoliti ,  Ralph Droms ,  Wojciech Dec ,  Richard Pruss

发明人： William Mark Townsley ,  Vincent John Mammoliti ,  Ralph Droms ,  Wojciech Dec ,  Richard Pruss

IPC分类号： G06F15/16 ,  G06F15/177

CPC分类号： H04L29/1282 ,  H04L61/2015 ,  H04L61/6013 ,  H04L63/08 ,  H04L63/0892

摘要： Techniques for providing remote access to a service provider network include exchanging multiple Dynamic Host Configuration Protocol (DHCP) formatted messages instead of any Point to Point Protocol (PPP) message to provide all PPP functions for accessing a service provider network from a customer node. The service provider network is on provider premises and the customer node is on customer premises different from the provider premises. The DHCP format is used to exchange authentication messages, user profile data on Authentication, Authorization and Accounting (AAA) servers, or session keep-alive echo messages, alone or in some combination. When all are message types are combined, these techniques provide a remote access server (RAS) with the capability to perform all functions presently provided by PPP processes. In some combinations, these techniques allow a modified DHCP server to replace a legacy AAA server.

摘要翻译： 用于提供对服务提供商网络的远程访问的技术包括交换多个动态主机配置协议（DHCP）格式的消息而不是任何点对点协议（PPP）消息，以提供用于从客户节点访问服务提供商网络的所有PPP功能。 服务提供商网络在提供商场所，并且客户节点在与提供商场所不同的客户驻地上。 DHCP格式用于单独或以某种组合交换认证消息，认证，授权和计费（AAA）服务器上的用户配置文件数据或会话保持活动的回显消息。 当所有消息类型都被组合时，这些技术提供具有执行PPP进程目前提供的所有功能的能力的远程访问服务器（RAS）。 在某些组合中，这些技术允许修改的DHCP服务器来替代传统的AAA服务器。

公开(公告)号：US20070204330A1

公开(公告)日：2007-08-30

申请号：US11362296

申请日：2006-02-24

申请人： William Townsley ,  Ralph Droms ,  Wojciech Dec

发明人： William Townsley ,  Ralph Droms ,  Wojciech Dec

IPC分类号： H04L9/32

CPC分类号： H04L61/2015 ,  H04L9/321 ,  H04L9/3226 ,  H04L9/3271 ,  H04L63/083 ,  H04L63/0892 ,  H04L63/162 ,  H04L2209/56

摘要： Techniques for authenticating a user for access to an IP network include receiving from the user's host a DHCP request which includes user identifier data. A random challenge value is determined and sent to the user's host in a DHCP message format. A response message that includes a response value is received from the user's host in DHCP format. A verification value is determined based on a password value associated with the user identifier value in an AAA server and the current challenge value using a secure process that renders impractical an attempt to derive the password. If it is determined that the response value does not match the verification value, then a DHCP offer is prevented from being sent to the user's host in response to the DHCP request. Thus, a user is authenticated using DHCP instead of PPP.

摘要翻译： 用于验证用户访问IP网络的技术包括从用户的主机接收包括用户标识符数据的DHCP请求。 确定随机挑战值，并以DHCP消息格式发送给用户的主机。 包含响应值的响应消息以DHCP格式从用户主机接收。 基于与AAA服务器中的用户标识符值相关联的密码值和使用不切实际的尝试导出密码的安全过程来确定当前挑战值的验证值。 如果确定响应值与验证值不匹配，则可以防止响应于DHCP请求向DHCP用户的主机发送DHCP报文。 因此，使用DHCP而不是PPP进行身份验证。

公开(公告)号：US20070203990A1

公开(公告)日：2007-08-30

申请号：US11362703

申请日：2006-02-25

申请人： William Townsley ,  Richard Pruss ,  Ralph Droms

发明人： William Townsley ,  Richard Pruss ,  Ralph Droms

IPC分类号： G06F15/16

CPC分类号： H04L61/2015 ,  H04L9/321 ,  H04L9/3226 ,  H04L9/3271 ,  H04L63/083 ,  H04L63/0892 ,  H04L63/162 ,  H04L2209/56

摘要： Techniques for supporting subscriber sessions for access to an IP network include receiving from a first node at a different second node, a Dynamic Host Configuration Protocol (DHCP) formatted echo-request message. The echo-request message includes a DHCP option field that holds data that indicates an echo-request type. In response to receiving the echo-request message, the second node sends to the first node a DHCP formatted echo-reply message that corresponds to the echo-request message. The echo-reply message includes a DHCP option field that holds data that indicates an echo-reply type. When received by the first node, the echo-response message causes the first node to determine a connected state with the second node. Point to Point Protocol (PPP) keep-alive messages between a customer premises node and a remote access server gateway to an IP network may be replaced by these DHCP echo-request and echo-reply messages.

摘要翻译： 用于支持用户会话以访问IP网络的技术包括从不同的第二节点的第一节点接收动态主机配置协议（DHCP）格式的回送请求消息。 回应请求消息包括保存指示回显请求类型的数据的DHCP选项字段。 响应于接收到回波请求消息，第二节点向第一节点发送对应于回显请求消息的DHCP格式的回应应答消息。 回应应答消息包括保存指示回显应答类型的数据的DHCP选项字段。 当由第一节点接收时，回波响应消息使得第一节点确定与第二节点的连接状态。 客户端节点和到IP网络的远程访问服务器网关之间的点对点协议（PPP）保持活动消息可以被这些DHCP回显请求和回应回复消息所取代。

公开(公告)号：US09246809B2

公开(公告)日：2016-01-26

申请号：US13489800

申请日：2012-06-06

申请人： Rajiv Asati ,  Wojciech Dec ,  Daniel G. Wing ,  Ralph Droms

发明人： Rajiv Asati ,  Wojciech Dec ,  Daniel G. Wing ,  Ralph Droms

IPC分类号： H04L12/56 ,  H04L12/64 ,  H04L12/715 ,  H04L29/12

CPC分类号： H04L45/741 ,  H04L12/6418 ,  H04L45/04 ,  H04L61/106 ,  H04L61/251

摘要： In one embodiment, an edge router of a local computer network snoops client-server protocol configuration information of a customer-premises equipment (CPE) device. From the snooping, the edge router may identify an Internet Protocol version 6 (IPv6) transition option in place at the CPE device along with associated configuration parameters for the IPv6 transition option. As such, the edge router may then advertise the IPv6 transition option along with associated configuration parameters to one or more border/relay routers of the local computer network to cause the one or more border/relay routers to provision themselves with the IPv6 transition option and associated configuration parameters.

摘要翻译： 在一个实施例中，本地计算机网络的边缘路由器窥探客户端设备（CPE）设备的客户端 - 服务器协议配置信息。 从窥探中，边缘路由器可以在CPE设备上找到适当的互联网协议版本6（IPv6）转换选项，以及IPv6转换选项的关联配置参数。 因此，边缘路由器然后可以将IPv6转换选项连同关联的配置参数一起发布到本地计算机网络的一个或多个边界/中继路由器，以使一个或多个边界/中继路由器向IPv6过渡选项提供自己， 相关的配置参数。

公开(公告)号：US20130329750A1

公开(公告)日：2013-12-12

申请号：US13489800

申请日：2012-06-06

申请人： Rajiv Asati ,  Wojciech Dec ,  Daniel G. Wing ,  Ralph Droms

发明人： Rajiv Asati ,  Wojciech Dec ,  Daniel G. Wing ,  Ralph Droms

IPC分类号： H04L12/56

CPC分类号： H04L45/741 ,  H04L12/6418 ,  H04L45/04 ,  H04L61/106 ,  H04L61/251

摘要： In one embodiment, an edge router of a local computer network snoops client-server protocol configuration information of a customer-premises equipment (CPE) device. From the snooping, the edge router may identify an Internet Protocol version 6 (IPv6) transition option in place at the CPE device along with associated configuration parameters for the IPv6 transition option. As such, the edge router may then advertise the IPv6 transition option along with associated configuration parameters to one or more border/relay routers of the local computer network to cause the one or more border/relay routers to provision themselves with the IPv6 transition option and associated configuration parameters.

摘要翻译： 在一个实施例中，本地计算机网络的边缘路由器窥探客户端设备（CPE）设备的客户端 - 服务器协议配置信息。 从窥探中，边缘路由器可以在CPE设备上找到适当的互联网协议版本6（IPv6）转换选项，以及IPv6转换选项的相关配置参数。 因此，边缘路由器然后可以将IPv6转换选项连同关联的配置参数一起发布到本地计算机网络的一个或多个边界/中继路由器，以使一个或多个边界/中继路由器向IPv6过渡选项提供自己， 相关的配置参数。

公开(公告)号：US07624181B2

公开(公告)日：2009-11-24

申请号：US11362296

申请日：2006-02-24

申请人： William Mark Townsley ,  Ralph Droms ,  Wojciech Dec

发明人： William Mark Townsley ,  Ralph Droms ,  Wojciech Dec

IPC分类号： G06F15/173 ,  G06F15/16

CPC分类号： H04L61/2015 ,  H04L9/321 ,  H04L9/3226 ,  H04L9/3271 ,  H04L63/083 ,  H04L63/0892 ,  H04L63/162 ,  H04L2209/56

摘要： Techniques for authenticating a user for access to an IP network include receiving from the user's host a DHCP request which includes user identifier data. A random challenge value is determined and sent to the user's host in a DHCP message format. A response message that includes a response value is received from the user's host in DHCP format. A verification value is determined based on a password value associated with the user identifier value in an AAA server and the current challenge value using a secure process that renders impractical an attempt to derive the password. If it is determined that the response value does not match the verification value, then a DHCP offer is prevented from being sent to the user's host in response to the DHCP request. Thus, a user is authenticated using DHCP instead of PPP.

摘要翻译： 用于验证用户访问IP网络的技术包括从用户的主机接收包括用户标识符数据的DHCP请求。 确定随机挑战值，并以DHCP消息格式发送给用户的主机。 包含响应值的响应消息以DHCP格式从用户主机接收。 基于与AAA服务器中的用户标识符值相关联的密码值和使用不切实际的尝试导出密码的安全过程来确定当前挑战值的验证值。 如果确定响应值与验证值不匹配，则可以防止响应于DHCP请求向DHCP用户的主机发送DHCP报文。 因此，使用DHCP而不是PPP进行身份验证。

公开(公告)号：US07568040B2

公开(公告)日：2009-07-28

申请号：US11362703

申请日：2006-02-25

申请人： William Mark Townsley ,  Richard Pruss ,  Ralph Droms

发明人： William Mark Townsley ,  Richard Pruss ,  Ralph Droms

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： H04L61/2015 ,  H04L9/321 ,  H04L9/3226 ,  H04L9/3271 ,  H04L63/083 ,  H04L63/0892 ,  H04L63/162 ,  H04L2209/56

摘要： Techniques for supporting subscriber sessions for access to an IP network include receiving from a first node at a different second node, a Dynamic Host Configuration Protocol (DHCP) formatted echo-request message. The echo-request message includes a DHCP option field that holds data that indicates an echo-request type. In response to receiving the echo-request message, the second node sends to the first node a DHCP formatted echo-reply message that corresponds to the echo-request message. The echo-reply message includes a DHCP option field that holds data that indicates an echo-reply type. When received by the first node, the echo-response message causes the first node to determine a connected state with the second node. Point to Point Protocol (PPP) keep-alive messages between a customer premises node and a remote access server gateway to an IP network may be replaced by these DHCP echo-request and echo-reply messages.

摘要翻译： 用于支持用户会话以访问IP网络的技术包括从不同的第二节点的第一节点接收动态主机配置协议（DHCP）格式的回送请求消息。 回应请求消息包括保存指示回显请求类型的数据的DHCP选项字段。 响应于接收到回波请求消息，第二节点向第一节点发送对应于回显请求消息的DHCP格式的回应应答消息。 回应应答消息包括保存指示回显应答类型的数据的DHCP选项字段。 当由第一节点接收时，回波响应消息使得第一节点确定与第二节点的连接状态。 客户端节点和到IP网络的远程访问服务器网关之间的点对点协议（PPP）保持活动消息可以被这些DHCP回显请求和回应回复消息所取代。

公开(公告)号：US07937494B2

公开(公告)日：2011-05-03

申请号：US11218128

申请日：2005-09-01

申请人： Ralph Droms ,  Richard Johnson ,  Matthew King ,  Richard Pruss

发明人： Ralph Droms ,  Richard Johnson ,  Matthew King ,  Richard Pruss

IPC分类号： H04L12/56

CPC分类号： H04L61/2015

摘要： An improved technique for processing a DHCP request from a DHCP client device is performed in a data communications device of a network (e.g., performed in a router). The technique involves receiving the DHCP request from the DHCP client device, evaluating a set of rules in response to the DHCP request to obtain a rule-based classification result, and outputting a DHCP response in response to the rule-based classification result. In some arrangements, a policy manager which is external to the data communications device plays a role in the classification process (e.g., dynamic updating of the set of rules, responding to individual queries from the data communications device when generating the rule-based classification result, etc.). Such improvements over conventional DHCP approaches enables improved flexibility and coordination of the DHCP process.

摘要翻译： 在网络的数据通信设备（例如，在路由器中执行）中执行用于处理来自DHCP客户端设备的DHCP请求的改进技术。 该技术涉及从DHCP客户端设备接收DHCP请求，响应于DHCP请求，对基于规则的分类结果进行评估的一组规则，并响应于基于规则的分类结果输出DHCP响应。 在一些安排中，在数据通信设备外部的策略管理器在分类过程中起作用（例如，在生成基于规则的分类结果时响应来自数据通信设备的各个查询的一组规则的动态更新 等）。 与传统的DHCP方法相比，这种改进能够提高DHCP进程的灵活性和协调性。

公开(公告)号：US20070061484A1

公开(公告)日：2007-03-15

申请号：US11218128

申请日：2005-09-01

申请人： Ralph Droms ,  Richard Johnson ,  Matthew King ,  Richard Pruss

发明人： Ralph Droms ,  Richard Johnson ,  Matthew King ,  Richard Pruss

IPC分类号： G06F15/16

CPC分类号： H04L61/2015

摘要： An improved technique for processing a DHCP request from a DHCP client device is performed in a data communications device of a network (e.g., performed in a router). The technique involves receiving the DHCP request from the DHCP client device, evaluating a set of rules in response to the DHCP request to obtain a rule-based classification result, and outputting a DHCP response in response to the rule-based classification result. In some arrangements, a policy manager which is external to the data communications device plays a role in the classification process (e.g., dynamic updating of the set of rules, responding to individual queries from the data communications device when generating the rule-based classification result, etc.). Such improvements over conventional DHCP approaches enables improved flexibility and coordination of the DHCP process.

摘要翻译： 在网络的数据通信设备（例如，在路由器中执行）中执行用于处理来自DHCP客户端设备的DHCP请求的改进技术。 该技术涉及从DHCP客户端设备接收DHCP请求，响应于DHCP请求，对基于规则的分类结果进行评估的一组规则，并响应于基于规则的分类结果输出DHCP响应。 在一些布置中，在数据通信设备外部的策略管理器在分类过程中起作用（例如，在生成基于规则的分类结果时响应来自数据通信设备的各个查询的规则集的动态更新 等）。 与传统的DHCP方法相比，这种改进能够提高DHCP进程的灵活性和协调性。