Establishing authenticated network connections
First Claim
1. A method comprising:
- authenticating a prospective peer on the network prior to establishing a network connection.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for establishing authenticated network (e.g., TCP/IP) connections augments the network (e.g., TCP/IP) protocol and enables concealment of the presence of network (e.g., TCP/IP) servers on the network. One methodology uses one or more cryptographic techniques, and/or combinations of such techniques, to achieve the goal. A network (e.g., TCP/IP) connection establishment could be authenticated using both shared secret cryptographic and public key cryptographic methods. The trust between peers could be established either directly or via a trusted third party. One methodology allows network (e.g., TCP/IP) server concealment against Internet based eavesdroppers and eavesdroppers staging man-in-the-middle attacks on the local network or in the close proximity to the server. The techniques described herein may be used to protect a network (e.g., TCP/IP) server from establishing unsanctioned connections from both local and remote networks.
-
Citations
126 Claims
-
1. A method comprising:
authenticating a prospective peer on the network prior to establishing a network connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
44. An apparatus comprising:
-
means for receiving one or more packets; and
means for authenticating a prospective peer on the network prior to establishing a network connection.
-
-
45. An article of manufacture having one or more recordable media with executable instructions stored thereon which, when executed by a system, cause the system to authenticate a prospective peer on the network prior to establishing a network connection.
-
46. A method comprising:
-
a first peer receiving a SYN packet from a second peer over a network prior to a network connection being established between the first and second peers; and
using information in the SYN packet to attempt to authenticate the second peer prior to the network connection being established. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
-
-
60. An article of manufacture having one or more recordable media with executable instructions stored thereon which, when executed by a system, cause the system to:
-
receive a SYN packet from a second peer over a network prior to a network connection being established between a first peer and a second peer; and
use information in the SYN packet to attempt to authenticate the second peer prior to the network connection being established. - View Dependent Claims (61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73)
-
-
74. An apparatus comprising:
-
means in a first peer for receiving a SYN packet from a second peer over a network prior to a network connection being established between the first and second peers; and
means for using information in the SYN packet to attempt to authenticate the second peer prior to the network connection being established. - View Dependent Claims (75, 76, 77, 78)
-
-
79. A method comprising:
-
a first peer creating a SYN packet that includes information to be used by a second peer to attempt to authenticate the first peer prior to the network connection being established between the first and second peers; and
the first peer sending the SYN packet to the second peer over a network prior to a network connection being established between the first and second peers. - View Dependent Claims (80, 81, 82, 83, 84, 85, 86, 87, 88)
-
-
89. An article of manufacture having one or more recordable media with executable instructions stored thereon which, when executed by a system, cause the system to:
-
create a SYN packet that includes information to be used by a second peer to attempt to authenticate the first peer prior to the network connection being established between a first peer and a second peer; and
send the SYN packet to the second peer over a network prior to a network connection being established between the first and second peers. - View Dependent Claims (90, 91, 92)
-
-
93. An apparatus comprising:
-
means in a first peer for creating a SYN packet that includes information to be used by a second peer to attempt to authenticate the first peer prior to the network connection being established between the first and second peers; and
means for sending the SYN packet to the second peer over a network prior to a network connection being established between the first and second peers. - View Dependent Claims (94, 95, 96)
-
-
97. A method comprising:
preventing an unauthorized party from identifying available services on a network while being available for authorized parties. - View Dependent Claims (98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110)
-
111. An article of manufacture having one or more recordable media with executable instructions stored thereon which, when executed by a system, cause the system to:
prevent an unauthorized party from identifying available services on a network while being available for authorized parties.
-
112. An apparatus comprising:
means for preventing an unauthorized party from identifying available services on a network while being available for authorized parties.
-
113. A method comprising:
-
a first peer receiving a SYN packet from a second peer over a network prior to a network connection being established between the first and second peers, the SYN packet including authentication information;
the first peer sending an SYN/ACK packet to the second peer, the SYN/ACK packet including first peer authentication information and/or a request for additional authentication information from the second peer;
the first peer receiving an ACK packet from the second peer, the ACK packet including second peer additional authentication information if such second peer additional authentication information was requested; and
the first peer authenticating the second peer via the second peer additional authentication information. - View Dependent Claims (114, 115, 116, 117, 118, 119, 120, 121, 122, 123)
-
-
124. An article of manufacture having one or more recordable media with executable instructions stored thereon which, when executed by a system, cause the system to:
-
receive a SYN packet from a second peer over a network prior to a network connection being established between the first and second peers, the SYN packet including authentication information;
send an SYN/ACK packet to the second peer, the SYN/ACK packet including first peer authentication information and/or a request for additional authentication information from the second peer;
receive an ACK packet from the second peer, the ACK packet including second peer additional authentication information if such second peer additional authentication information was requested; and
authenticate the second peer via the second peer authentication information.
-
-
125. An apparatus comprising:
-
means for receiving a SYN packet from a second peer over a network prior to a network connection being established between the first and second peers, the SYN packet including authentication information;
means for sending an SYN/ACK packet to the second peer, the SYN/ACK packet including first peer authentication information and/or a request for additional authentication information from second peer;
means for receiving an ACK packet from the second peer, the ACK packet including second peer additional authentication information if such second peer additional authentication information was requested; and
means for authenticating the second peer via the second peer authentication information.
-
-
126. A method comprising:
-
a first peer sending a SYN packet to a first peer over a network prior to a network connection being established between the first and second peers, the SYN packet including authentication information;
the first peer receiving an SYN/ACK packet from the second peer, the SYN/ACK packet including first peer authentication information; and
the first peer sending an ACK packet to the second peer, the ACK packet including second peer authentication information by which the second peer completes authenticating the first peer.
-
Specification