| 发明名称 | Rule based extensible authentication | ||
| 摘要 | A system, apparatus, and method are directed to managing access to a resource using rule-based deep packet extractions of a credential. A network device, such as a traffic management device, is situated between a client device and a server device. When the client device sends a request for a resource, the request is intercepted by the network device. The network device may employ a multi-layer deep packet extraction of the credential from the request. The network device may then use the credential to determine whether the request enabled to access the resource. Based, in part, on a variety of rules, the network device may deny access, enable access, route the request to a different server, or the like. In one embodiment, the network device may receive a rule from another device that directs the network device to request a different credential. | ||
| 申请公布号 | US9210177(B1) | 申请公布日期 | 2015.12.08 |
| 申请号 | US201113174237 | 申请日期 | 2011.06.30 |
| 申请人 | F5 Networks, Inc. | 发明人 | Hughes John R. |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Lowe Graham Jones PLLC | 代理人 | Branch John W.;Lowe Graham Jones PLLC |
| 主权项 | 1. A network device for managing a communication between a client and a server, comprising: a transceiver that receives packets from the client; and a processor programmed to perform actions including: receiving from the client a request for a resource;dynamically changing criteria that indicates what credential information is to be extracted from a packet flow using deep packet inspection rules and what credential information is to be evaluated to determine whether the request is authorized;extracting the credential information based on the dynamically changed criteria from at least one packet in the packet flow associated with the request;determining that the extracted credential information is insufficient to determine whether the request is authorized and based on the determination, automatically sending a query to the client for additional information to be received in one or more subsequent packets from the client in response to the query;when the additional information and the extracted credential information are affirmatively authenticated, requesting different credential information based on the dynamically changing criteria; andselectively allowing access to the requested resource based on authorization of the different credential information. | ||
| 地址 | Seattle WA US | ||