The present invention relates in general to user authentication in computer networks, and, more specifically, to handling user authentication when there is a temporary failure of a gateway serving the authenticated user.
Computer network service providers operate local or wide area networks to which their customers connect by dial-up, digital subscriber line (DSL) service, or cable modem, for example. The service provider's network includes a hub or gateway that functions as a concentrator or aggregator connected to a plurality of remote users. The gateway routes user traffic to destinations in the local network or to an external network, such as the Internet. The gateway often functions as a service selection gateway (SSG) which allows users to connect to various subscribed, on-demand network services. These subscription services may include a walled garden having various content servers, video on-demand servers, and voice services, or may include a firewall for handling all traffic between the user and the Internet, for example.
To ensure that only paying subscribers gain access to the network, an authentication of the user is performed. Normally, a user ID and password must be supplied by the user in the authentication process. Depending upon configuration of the network, a single entry of the user ID and password can be sufficient to both authenticate the network connection itself and to gain access to individual subscribed services within the network.
Once a user is authenticated, the gateway is configured to interact with the user according to their user profile of subscribed services. The authentication information (e.g., user ID and password) and the subscription information are kept separately from the gateway itself in a centralized authentication, authorization, and accounting (AAA) server. Once a user establishes an authenticated connection session, some of this information is cached on the gateway to facilitate gateway operation without repeated access to the AAA server. Thus, the gateway can operate at a higher throughput and the AAA server (which typically handles many gateways simultaneously and which also has the task of recording the length of time a user is logged-on to any pay for use service) is not overburdened.
Integrity of the authentication and subscription information in the AAA server is very critical for proper network operation. Therefore, the AAA server typically includes backup power systems and redundant hardware to ensure that it provides uninterrupted AAA functions. The gateways, on the other hand, are not as critical and since there are a greater number of gateways than there are AAA servers, there is much less motivation to invest in backup supplies or redundant systems for the gateways. Thus, the gateways are much more likely to experience a failure (such as a power outage).
When a gateway fails and is subsequently restarted, the memory cache of user information stored in the gateway is lost. Since the authentication and user information is no longer available within the gateway when operation of the gateway is re-established, the user is required to re-authenticate by providing their user ID and password. This is undesirable due to the inconvenience to the user. In addition, billing and subscription systems may suffer complications in order to avoid accidentally subscribing a second time to a service during the re-authentication, for example.