Firewall providing enhanced network security and user transparency

US 20040088586A1
Filed: 11/06/2003
Published: 05/06/2004
Est. Priority Date: 02/26/1996
Status: Abandoned Application

First Claim

Patent Images

1. A method for performing out-of-band authentication, the method comprising:

establishing communication over a public computer network between a user and a server;

receiving an out-of-band authentication request;

querying the server to determine whether the out-of-band authentication request is valid;

receiving a response from the server, the response indicating validity of the out-of-band authentication request;

enabling out-of-band authentication on a target computer that a user wishes to access; and

granting the user access to the target computer.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a firewall that achieves maximum network security and maximum user convenience. The firewall employs “envoys” that exhibit the security robustness of prior-art proxies and the transparency and ease-of-use of prior-art packet filters, combining the best of both worlds. No traffic can pass through the firewall unless the firewall has established an envoy for that traffic. Both connection-oriented (e.g., TCP) and connectionless (e.g., UDP-based) services may be handled using envoys. Establishment of an envoy may be subjected to a myriad of tests to “qualify” the user, the requested communication, or both. Therefore, a high level of security may be achieved. The usual added burden of prior-art proxy systems is avoided in such a way as to achieve fall transparency-the user can use standard applications and need not even know of the existence of the firewall. To achieve full transparency, the firewall is configured as two or more sets of virtual hosts. The firewall is, therefore, “multi-homed,” each home being independently configurable. One set of hosts responds to addresses on a first network interface of the firewall. Another set of hosts responds to addresses on a second network interface of the firewall. In one aspect, programmable transparency is achieved by establishing DNS mappings between remote hosts to be accessed through one of the network interfaces and respective virtual hosts on that interface. In another aspect, automatic transparency may be achieved using code for dynamically mapping remote hosts to virtual hosts in accordance with a technique referred to herein as dynamic DNS, or DDNS.

29 Citations

View as Search Results

39 Claims

1. A method for performing out-of-band authentication, the method comprising:
- establishing communication over a public computer network between a user and a server;
  
  receiving an out-of-band authentication request;
  
  querying the server to determine whether the out-of-band authentication request is valid;
  
  receiving a response from the server, the response indicating validity of the out-of-band authentication request;
  
  enabling out-of-band authentication on a target computer that a user wishes to access; and
  
  granting the user access to the target computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the target computer comprises the server.
  - 3. The method of claim 1, wherein the target computer comprises a user'"'"'s computer.
  - 4. The method of claim 1, wherein the target computer comprises a third party'"'"'s computer.
  - 5. The method of claim 1, wherein establishing communication includes identifying the user.
  - 6. The method of claim 1, wherein querying the server and receiving a response from the server is performed over a telephonic communication medium and enabling out of band authentication is performed over a computer network.
  - 7. The method of claim 1, wherein enabling out-of-band authentication comprises sending a dynamically changing attribute to the user.
  - 8. The method of claim 1, further comprising enabling a single sign-on process by sharing authentication data across multiple applications requiring authentication during a common session.
  - 9. The method of claim 8, further comprising transmitting authentication data in audio form.
  - 10. The method of claim 8, further comprising transmitting authentication data in encrypted form.
  - 11. The method of claim 8, further comprising transmitting authentication data in binary form.
  - 12. The method of claim 8, further comprising transmitting authentication data in binary form.
  - 13. The method of claim 8, further comprising transmitting authentication data in the form of a one-time-use token.
  - 14. The method of claim 8, further comprising transmitting authentication data in the form of a one-time-use audio token.
  - 15. The method of claim 1, further comprising generation of an out-of-band signal, the out-of-band signal generated by an electronic device.

16. A method for performing out-of-band authentication, the method comprising:
- establishing communication over a out-of-band channel between a user and a computer;
  
  receiving an out-of-band authentication request;
  
  querying the server to determine whether the out-of-band authentication request is valid;
  
  receiving a response from the server, the response indicating validity of the out-of-band authentication request; and
  
  conveying an access key for use in an out-of-band authentication, the access key useful in providing access to the computer.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 17. The method of claim 16, wherein establishing communication includes identifying the user.
  - 18. The method of claim 16, wherein establishing communication over an out-of-band channel, querying the server, and receiving a response is performed over a telephonic communication medium and conveying an access key is performed over a computer network.
  - 19. The method of claim 16 further comprising enabling a single sign-on process by sharing authentication data across multiple applications requiring user authentication during a common session.
  - 20. The method of claim 19, wherein conveying an access key comprises sending a dynamically changing attribute to the user.
  - 21. The method of claim 19, further comprising transmitting authentication data in audio form.
  - 22. The method of claim 19, further comprising transmitting authentication data in encrypted form.
  - 23. The method of claim 19, further comprising transmitting authentication data in binary form.
  - 24. The method of claim 19, further comprising transmitting authentication data in binary form.
  - 25. The method of claim 19, further comprising transmitting authentication data in the form of a one-time-use token.
  - 26. The method of claim 19, further comprising transmitting authentication data in the form of a one-time-use audio token.
  - 27. The method of claim 16, further comprising generation of an out-of-band signal, the out-of-band signal generated by an electronic device.
  - 28. The method of claim 16, wherein receiving the response from the server comprises receiving a predefined control code via an out-of-band channel.

29. A method for configuring out-of-band authentication, the method comprising:
- configuring a server to communicate over a out-of-band channel between a user and a computer;
  
  configuring the server to validate a received out-of-band authentication request; and
  
  configuring the server to convey an access key for use in out-of-band authentication for computer access.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 30. The method of claim 29, wherein configuring the server to communicate includes identifying the user.
  - 31. The method of claim 29, wherein configuring a server to communicate and validate an out-of-band authentication request is performed over a telephonic communication medium and enabling out of band authentication is performed over a computer network.
  - 32. The method of claim 29 further comprising enabling a single sign-on process by sharing authentication data across multiple applications requiring authentication during a common session.
  - 33. The method of claim 32, further comprising transmitting authentication data in audio form.
  - 34. The method of claim 32, further comprising transmitting authentication data in encrypted form.
  - 35. The method of claim 32, further comprising transmitting authentication data in binary form.
  - 36. The method of claim 32, further comprising transmitting authentication data in binary form.
  - 37. The method of claim 32, further comprising transmitting authentication data in the form of a one-time-use token.
  - 38. The method of claim 32, further comprising transmitting authentication data in the form of a one-time-use audio token.
  - 39. The method of claim 32, further comprising generation of an out-of-band signal, the out-of-band signal generated by an electronic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Christopher D. Coley, Ralph E. Wesinger Jr
Original Assignee
Christopher D. Coley, Ralph E. Wesinger Jr
Inventors
Coley, Christopher D., Wesinger, Ralph E. Jr.

Application Number

US10/704,399
Publication Number

US 20040088586A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

B65B 11/004   in blanks, e.g. sheets prec...

G06F 16/958   Organisation or management ...

G06F 21/42   using separate channels for...

G06Q 20/027   involving a payment switch ...

H04L 2101/677   Multiple interfaces, e.g. m...

H04L 61/25   of the same type

H04L 61/2514   between local and global IP...

H04L 61/2521   Translation architectures o...

H04L 61/256   NAT traversal

H04L 61/35   involving non-standard use ...

H04L 61/4511   using domain name system [DNS]

H04L 61/4552   Lookup mechanisms between a...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/0281   Proxies

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/18   using different networks or...

H04L 69/16   Implementation or adaptatio...

H04L 69/164   Adaptation or special uses ...

H04L 9/40 : Network security protocols

View All

Firewall providing enhanced network security and user transparency

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall providing enhanced network security and user transparency

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links