Method and apparatus for LAN authentication on switch

US 20030217148A1
Filed: 05/16/2002
Published: 11/20/2003
Est. Priority Date: 05/16/2002
Status: Abandoned Application

First Claim

Patent Images

1. A network system comprising:

a corporate network resource;

a default network isolated from the corporate network resource;

a client computer initially connected to the default network; and

a switch comprising software to dynamically connect the client computer to the corporate network resource if an authentication response obtained from the client computer is valid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network system includes a corporate network resource, a default network isolated from the corporate network resource, a client computer initially connected to the default network, and a switch comprising software to dynamically connect the client computer to the corporate network resource if an authentication response obtained from the client computer is valid.

Citations

41 Claims

1. A network system comprising:
- a corporate network resource;
  
  a default network isolated from the corporate network resource;
  
  a client computer initially connected to the default network; and
  
  a switch comprising software to dynamically connect the client computer to the corporate network resource if an authentication response obtained from the client computer is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The network system of claim 1, the software comprising an access control server.
  - 3. The network system of claim 1, the client computer comprising a cryptographic function.
  - 4. The network system of claim 1, the network system comprising a virtual local area network.
  - 5. The network system of claim 1, wherein the switch is configured to disconnect the client computer from the corporate network resource using a re-configuration signal from the software.
  - 6. The network system of claim 5, the switch further comprising:
    - a switching fabric manipulated by the re-configuration signal in order to connect the client computer to the corporate network resource.
  - 7. The network system of claim 1, wherein the switch is a local area network switch.
  - 8. The network system of claim 1, wherein the switch provides simple network management protocol support.
  - 9. The network system of claim 1, the switch further comprising a simple network management protocol agent.
  - 10. The network system of claim 1, the software further comprising a simple network management protocol manager.
  - 11. The network system of claim 1, further comprising:
    - a directory service operatively connected to the software.
  - 12. The network system of claim 11, wherein the directory service is lightweight directory access protocol compliant.
  - 13. The network system of claim 1, further comprising:
    - a security device read by a security device reader operatively connected to the client computer.
  - 14. The network system of claim 13, wherein the security device holds identity credentials.
  - 15. The network system of claim 13, wherein the security device is a smart card.
  - 16. The network system of claim 1, further comprising:
    - a log server storing session information.
  - 17. The network system of claim 16, further comprising:
    - an administrative interface accessing the session information.
  - 18. The network system of claim 17, wherein the administrative interface generates a display using the session information.

19. A network system comprising:
- a corporate network resource;
  
  a default network isolated from the corporate network resource;
  
  a client computer initially connected to the default network;
  
  a switch comprising software to connect the client computer to the corporate network resource if an authentication response obtained from the client computer is valid; and
  
  a security device, read by a security device reader, operatively connected to the client computer.

20. A method for connecting a client computer to a corporate network resource, comprising:
- obtaining a connection to a default network;
  
  triggering a request for an authentication response from the default network;
  
  generating the authentication response using a security device reader;
  
  sending the authentication response in response to the request;
  
  sending a reconfiguration signal to a switch if the response is correct; and
  
  re-configuring the switch using the re-configuration signal to connect the client computer to the corporate network resource.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 21. The method of claim 20, triggering the request comprising a simple network management protocol trap.
  - 22. The method of claim 20, wherein the default network is a virtual local area network.
  - 23. The method of claim 20, generating the authentication response comprising obtaining identity credentials via the security device reader.
  - 24. The method of claim 23, further comprising:
    - caching the identity credentials on a data store accessible to the client computer.
  - 25. The method of claim 20, generating the authentication response comprising using a private key from a security device.
  - 26. The method of claim 20, further comprising:
    - verifying user identity using the authentication response and an authentication server.
  - 27. The method of claim 20, further comprising:
    - storing session information on a log server.
  - 28. The method of claim 27, further comprising:
    - using the session information to generate a display.
  - 29. The method of claim 27, the session information comprising a media access control address of the client computer.
  - 30. The method of claim 27, the session information comprising a port number of the switch to which the client computer is attached.
  - 31. The method of claim 27, the session information comprising an Internet protocol address of the switch.

32. A method for connecting a client computer to a corporate network resource, comprising:
- obtaining a connection to a default network;
  
  triggering a request for an authentication response from the default network;
  
  generating the authentication response using a security device reader;
  
  sending the authentication response in response to the request;
  
  verifying user identity using the authentication response and an authentication server;
  
  sending a reconfiguration signal to a switch if the authentication response is valid; and
  
  re-configuring the switch using the re-configuration signal to connect the client computer to the corporate network resource.

33. A method for maintaining a connection to a corporate network resource, comprising:
- sending a challenge to a client computer connected to the corporate network resource;
  
  returning a response to the challenge;
  
  verifying whether the response to the challenge is correct;
  
  re-configuring a switch to terminate the connection to the corporate network resource, if the response to the challenge is not correct; and
  
  maintaining the connection to the connection to the corporate network resource, if the response to the challenge is correct;
  
  wherein a security device reader is used to generate an authentication response to initially connect the client computer to the corporate network resource.
- View Dependent Claims (34, 35, 36, 37)
- - 34. The method of claim 33, wherein the challenge is generated using a symmetric key.
  - 35. The method of claim 33, wherein the challenge is generated periodically.
  - 36. The method of claim 33, re-configuring the switch comprising:
    - sending a reconfiguration signal to the switch if the response to the challenge is not correct.
  - 37. The method of claim 33, further comprising:
    - placing the client computer in a default network if the response to the challenge is not correct. sending a challenge to a client computer connected to the corporate network resource;
      
      returning a response to the challenge;
      
      verifying whether the response to the challenge is correct;
      
      re-configuring a switch to terminate the connection to the corporate network resource, if the response to the challenge is not correct;
      
      placing the client computer in a default network if the response to the challenge is not correct; and
      
      maintaining the connection to the connection to the corporate network resource, if the response to the challenge is correct;
      
      wherein a security device reader is used to generate an authentication response to initially connect the client computer to the corporate network resource.

38. A computer system for connecting a client computer to a corporate network resource, comprising:
- a processor;
  
  a memory;
  
  a storage device; and
  
  software instructions stored in the memory for enabling the computer system to perform;
  
  obtaining a connection to a default network;
  
  triggering a request for an authentication response from the default network;
  
  generating the authentication response using a security device reader;
  
  sending the authentication response in response to the request;
  
  sending a reconfiguration signal to a switch if the response is correct; and
  
  re-configuring the switch using the re-configuration signal to connect the client computer to the corporate network resource.

39. A computer system for maintaining a connection to a corporate network resource, comprising:
- a processor;
  
  a memory;
  
  a storage device; and
  
  software instructions stored in the memory for enabling the computer system to perform;
  
  sending a challenge to a client computer connected to the corporate network resource;
  
  returning a response to the challenge;
  
  verifying whether the response to the challenge is correct;
  
  re-configuring a switch to terminate the connection to the corporate network resource, if the response to the challenge is not correct; and
  
  maintaining the connection to the connection to the corporate network resource, if the response to the challenge is correct;
  
  wherein a security device reader is used to generate an authentication response to initially connect the client computer to the corporate network resource.

40. An apparatus for connecting a client computer to a corporate network resource, comprising:
- means for obtaining a connection to a default network;
  
  means for triggering a request for an authentication response from the default network;
  
  means for generating the authentication response using a security device reader;
  
  means for sending the authentication response in response to the request;
  
  means for sending a reconfiguration signal to a switch if the response is correct; and
  
  means for re-configuring the switch using the re-configuration signal to connect the client computer to the corporate network resource.

41. An apparatus for maintaining a connection to a corporate network resource, comprising:
- means for sending a challenge to a client computer connected to the corporate network resource;
  
  means for returning a response to the challenge;
  
  means for verifying whether the response to the challenge is correct;
  
  means for re-configuring a switch to terminate the connection to the corporate network resource, if the response to the challenge is not correct; and
  
  means for maintaining the connection to the connection to the corporate network resource, if the response to the challenge is correct;
  
  wherein a security device reader is used to generate an authentication response to initially connect the client computer to the corporate network resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DEXA Systems Incorporated
Original Assignee
DEXA Systems Incorporated
Inventors
Novi, Matthew T., Noblot, Yan A., Mullen, Glen H.

Application Number

US10/146,983
Publication Number

US 20030217148A1
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

Method and apparatus for LAN authentication on switch

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for LAN authentication on switch

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links