1. Field of Invention
Embodiments of the invention relate in general to AAA servers. More specifically, embodiments of the invention relate to methods and systems for continuous authentication services provided by the AAA servers.
2. Description of the Background Art
Network computers often access resources from their own networks and from other networks. Point-to-Point Protocol (PPP) can be used to connect the networked computers to other networks. An extension to the PPP, which is known as Extensible Authentication Protocol (EAP), provides authentication service to those computers, which require access to the network resources. EAP supports multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, public key authentication and smart cards. Moreover, EAP provides layer-2 authentication functionality to network computers. In layer-2 authentication, the networked computers have to pass through a process of authentication before connecting to other networks. The mechanism of authentication prevents unauthorized networked computers from gaining access to confidential information, and also reduces a possibility of network threats. These network threats can be in the form of worms and viruses. 802.1x is an IEEE (Institute of Electrical & Electronic Engineers) standard, which provides authentication and resource access control capability to the networked computers for accessing resources or data from protected networks.
AAA servers are used for authentication, authorization, and accounting services in networks. An AAA server authenticates a computer, based on its unique identity information. This unique identity information can be in the form of a user name and a password. The AAA server grants or denies the information and services of the network to a computer, depending on the authentication, authorization, and accounting rule defined for the computer.
A typical AAA server can authenticate hundreds of computers per second. The problem arises in a situation wherein all the computers are disconnected from the network as a result of temporary loss in network connectivity. In such cases, the computers can try to regain authentication as soon as network connection is re-established. The AAA server may stop responding as a result of the bulk of requests. This situation is commonly known as a friendly DOS attack.
According to the conventional method, static AAA servers are used to enhance the quality of authentication service to network computers that are its clients. However, the quality of authentication service can be hampered since the static servers may stop responding as a result of DOS attacks.