1. Technical Field
This application is the US national phase of international application PCT/GB00/04551 filed 29 Nov. 2000 which designated the U.S.
This invention relates to a method of processing a request at an access server arrangement from a data terminal operated by an end user for access to a data network, and to a network access server and networks including such servers.
2. Related Art
The function of such an access server arrangement is to connect a data terminal, for example a personal computer, operated by an end user to a data network, for example the public Internet. Typically, such an access server arrangement comprises a network access server which receives access requests and provides connections to a data network and an authentication server which can be accessed by the network access server.
In a simple set up, when a network access server receives an access request, it obtains details from the end user relating to the end user such as a user identifier and a password. It then sends these details to the authentication server which authenticates the request by checking these details against expected details which have been previously registered by the end user. If the details received from the end user correspond to the expected details, then the request is accepted and the end user's data terminal is connected to the data network. If the details are not as expected, then the access request is rejected.
In a modification of the simple set up, for some or all services, the authentication server acts as a proxy server. For each of these services, when the proxy server receives an access request from the network access server, it forwards the request to the relevant authentication server. This authentication server then checks the details. If the details received correspond to the expected details, then the authentication server sends an access accept message to the proxy server. If the details are not as expected, then the authentication servers sends an access reject message back to the proxy server. The proxy server then forwards the access accept or access reject message to the network access server. If the network access server receives an access accept message, then it connects the data terminal operated by the end user to the data network. If it receives an access reject message, then access to the data terminal is refused.
However, if an authentication server fails to respond to an access request message with either an access accept message or an access reject message, the consequence can be that the access request message from the data terminal operated by the end user is not dealt with in a satisfactory manner.