What technology area does this patent fall under?

Primary CPC classification H04L63/0876. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Nov 11 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Access management method, authenticator, and authentication server

US12470553B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12470553-B2
Application number	US-202318170806-A
Country	US
Kind code	B2
Filing date	Feb 17, 2023
Priority date	Aug 20, 2020
Publication date	Nov 11, 2025
Grant date	Nov 11, 2025

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

This application discloses an access management method, an authenticator, and an authentication server, applied to a scenario in which a terminal device accesses a network. After completing authentication, a terminal device sends a first packet to an authenticator, where the first packet carries a first IPV6 address of the terminal device and a MAC address of the terminal device. When determining that the first IPV6 address is a new IPV6 address, the authenticator sends, to an authentication server, a second packet carrying the first IPV6 address and the MAC address, so as to indicate the authentication server to send a first authorization policy to a policy enforcement point based on the first IPV6 address.

First claim

Opening claim text (preview).

What is claimed is: 1 . A method of access management, the method comprising: at an authenticator: in response to a terminal device completing access authentication, receiving a first packet sent by the terminal device, wherein the first packet comprises a first Internet Protocol version 6 (IPv6) address of the terminal device and a Media Access Control (MAC) address of the terminal device, the first IPV6 address is a new temporary IPV6 address of the terminal device, the authenticator stores the MAC address, and the first IPV6 address does not exist in one or more temporary IPv6 addresses corresponding to the MAC address; and in response to determining that the first IPV6 address is a new IPV6 address, sending a second packet to an authentication server, wherein the second packet comprises the first IPV6 address and the MAC address, and wherein the second packet further comprises instructions for the authentication server to determine a first authorization policy based on the first IPV6 address, and the first authorization policy comprises an access permission of the terminal device corresponding to the first IPV6 address. 2 . The method according to claim 1 , wherein the authenticator does not store a correspondence between the MAC address and the first IPV6 address before receiving the first packet. 3 . The method according to claim 1 , wherein before receiving the first packet, the method further comprises the authenticator storing a correspondence between the MAC address and at least one IPV6 address, and wherein the at least one IPV6 address is an IPV6 address that is being used, or has been used, by the terminal device before the terminal device sends the first packet. 4 . The method according to claim 1 , wherein before sending the second packet, the method further comprises: determining that a user corresponding to the first IPv6 address is online. 5 . The method according to claim 1 , wherein the second packet indicates that the first IPv6 address is a new IPV6 address. 6 . The method according to claim 5 , wherein the second packet comprises first indication information, and the first indication information indicates that the first IPV6 address is a new IPV6 address. 7 . The method according to claim 1 , wherein the second packet is not an authentication request packet. 8 . The method according to claim 1 , wherein the method further comprises: in response to a second IPV6 address in a plurality of IPV6 addresses of the terminal device being invalid, sending a third packet to the authentication server, wherein the third packet comprises the second IPv6 address and second indication information, and the second indication information indicating that the second IPV6 address is an invalid IPV6 address, or the second indication information including instructions for the authentication server to revoke an authorization policy corresponding to the second IPV6 address. 9 . An apparatus for implementing access management, the apparatus comprising: at least one processor, at an authenticator; and a memory, coupled to the at least one processor and having executable instructions stored thereon that when executed by the at least one processor cause the apparatus to: in response to a terminal device completing access authentication, receive a first packet sent by the terminal device, wherein the first packet comprises a first IPv6 address of the terminal device and a MAC address of the terminal device, the first IPv6 address is a new temporary IPV6 address of the terminal device, the authenticator stores the MAC address, and the first IPv6 address does not exist in one or more temporary IPV6 addresses corresponding to the MAC address; and in response to determining that the first IPV6 address is a new IPV6 address, send a second packet to an authentication server, wherein the second packet comprises the first IPV6 address and the MAC address, and wherein the second packet further comprises instructions for the authentication server to determine a first authorization policy based on the first IPV6 address, and the first authorization policy comprises an access permission of the terminal device corresponding to the first IPV6 address. 10 . The apparatus according to claim 9 , wherein a correspondence between the MAC address and the first IPV6 address is not stored in the authenticator before receiving the first packet. 11 . The apparatus according to claim 9 , wherein a correspondence between the MAC address and at least one IPV6 address is stored in the authenticator before receiving the first packet, and the at least one IPV6 address is an IPV6 address that is being used or has been used by the terminal device before the terminal device sends the first packet. 12 . The apparatus according to claim 9 , wherein the second packet indicates that the first IPV6 address is a new IPV6 address. 13 . The apparatus according to claim 9 , wherein the second packet is not an authentication request packet. 14 . The apparatus according to claim 9 , wherein the apparatus is further caused to: in response to a second IPV6 address in a plurality of IPV6 addresses of the terminal device being invalid, send a third packet to the authentication server, wherein the third packet comprises the second IPV6 address and second indication information, and the second indication information indicates that the second IPv6 address is an invalid IPV6 address or the second indication information includes instructions for the authentication server to revoke an authorization policy corresponding to the second IPV6 address. 15 . A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to: in response to a terminal device completing access authentication, receive a first packet sent by the terminal device, wherein the first packet comprises a first IPV6 address of the terminal device and a MAC address of the terminal device, the first IPV6 address is a new temporary IPV6 address of the terminal device, the authenticator stores the MAC address, and the first IPV6 address does not exist in one or more temporary IPV6 addresses corresponding to the MAC address; and in response to determining that the first IPV6 address is a new IPV6 address, send a second packet to an authentication server, wherein the second packet comprises the first IPV6 address and the MAC address, and wherein the second packet further comprises instructions for the authentication server to determine a first authorization policy based on the first IPV6 address, and the first authorization policy comprises an access permission of the terminal device corresponding to the first IPV6 address. 16 . The non-transitory machine-readable medium according to claim 15 , wherein a correspondence between the MAC address and the first IPV6 address is not stored in an authenticator before receiving the first packet. 17 . The non-transitory machine-readable medium according to claim 15 , wherein a correspondence between the MAC address and at least one IPV6 address is stored in the authenticator before receiving the first packet, and the at least one IPV6 address is an IPV6 address that is being used or has been used by the terminal device before the terminal device sends the first packet. 18 . The non-transitory machine-readable medium according to claim 15 , wherein the second packet indicates that the first IPV6 address is a new IPV6 address.

Assignees

Huawei Tech Co Ltd

Inventors

Classifications

H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
H04L63/102
Entity profiles · CPC title
H04L61/5092
by self-assignment, e.g. picking addresses at random and testing if they are already in use · CPC title
H04L61/503
using an authentication, authorisation and accounting [AAA] protocol, e.g. remote authentication dial-in user service [RADIUS] or Diameter · CPC title
H04W12/088
using filters or firewalls · CPC title

Patent family

Related publications grouped by family.

View patent family 80322421

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12470553B2 cover?: This application discloses an access management method, an authenticator, and an authentication server, applied to a scenario in which a terminal device accesses a network. After completing authentication, a terminal device sends a first packet to an authenticator, where the first packet carries a first IPV6 address of the terminal device and a MAC address of the terminal device. When determini…
Who is the assignee on this patent?: Huawei Tech Co Ltd
What technology area does this patent fall under?: Primary CPC classification H04L63/0876. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Nov 11 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).