Method and apparatus for network security using a router based authentication system
First Claim
1. A router based authentication system comprising:
- a. a router, as part of a computer network, capable of routing Internet protocol data packets;
b. an authentication system integrated with the router that authenticates the source of the data packets.
0 Assignments
0 Petitions
Accused Products
Abstract
A router based authentication system provides packet level authentication of incoming data packets and eliminates the risk of having data packets come in to the network whose source cannot be authenticated. In Router Based Authentication System (RBAS), a prior art router is adapted with an authentication function that works in conjunction with a security function in the client. Alternatively, a new router can be built that embeds an authentication function. The router based authentication function includes: (i) an ability to receive a telephone call and verify the caller by comparing with pre-stored caller id, (ii) generate a random alphanumeric code, deliver to the caller, and save in the system, (iii) reject all packets from the client that do not have a passkey embedded in the header of the packet. The security function in the client includes (i) display of an authentication screen that may display a telephone number to a border or internal router of a computer network of a business and enables entry of the passkey made up of the telephone number of the user and the alphanumeric code, and (ii) a function that encrypts the passkey and inserts the passkey in the header of each outgoing data packet to the business.
-
Citations
16 Claims
-
1. A router based authentication system comprising:
-
a. a router, as part of a computer network, capable of routing Internet protocol data packets;
b. an authentication system integrated with the router that authenticates the source of the data packets.
-
-
2. The claim as in 1, the authentication system comprising:
-
a. a means to receive a telephone call from a user desiring access to the computer network;
b. a means to verify the user by caller id with a pre-stored database of caller ids;
c. a means to generate a random alphanumeric and save it in the database; and
d. a means to voice deliver the alphanumeric to the user.
-
-
3. The claim as in 2, further comprising:
-
a. a client, of the user, equipped with a security function and a network connection capable of connecting to the computer network;
b. the security function capable of receiving the data entry of a passkey, the passkey made up of a combination of the user telephone number and the alphanumeric;
c. the security function having a means to encrypt the passkey and embed in the header of each outgoing data packet from the client to the router.
-
-
4. The claim as in 3, the router further comprising:
a. a packet authentication function that decrypts the passkey in the packet header and verifies that the caller id and the alphanumeric match with the database entry before routing the packet.
-
5. The claim as in 3, the client security function when invoked in the client comprising:
a screen display with (i) a telephone number of the authentication system;
(ii) data entry fields for entry of passkey comprised of cell telephone number and the alphanumeric; and
(iii) a connect button that activates an altering function that encrypts the passkey and embeds in each of the outgoing data packets to the computer network.
-
6. The claim as in 5, the altering function comprising:
- a means to encrypt the telephone number with an encryption scheme that is different than the alteration scheme for the alphanumeric code.
-
7. The claim as in 6, the altering means comprising:
using a plurality of digits of the alphanumeric as input to an altering function that alters the alphanumeric to another alphanumeric having the same format and attributes as the original.
-
8. The claim as in 3, the security function means that embeds the passkey within header of each Internet protocol packet comprising:
- a means to embed the passkey that appends extra data bytes within the option data fields in the packet header.
-
9. The claim as in 2, where the pre-stored database of caller id'"'"'s comprising:
- cellular telephone number of authorized users of the computer network.
-
10. The claim as in 2, the means to verify the user includes a means to verify by telephone caller id and a personal identification number.
-
11. A system for continuous authenticated communication from an authorized user on a client to a server on a computer network, wherein a router routing data packets between the client and the server comprising:
-
a. the router adapted with an authentication system;
b. the system having (i) a means to receive a telephone call from the authorized user, (ii) means to verify user by caller id features of a public telephone infrastructure and a personal identification number and (iii) means to voice responds with a randomly generated alphanumeric, (iv) a means that verifies each packet of communication from the client for the presence of a passkey embedded with the alphanumeric in the packet header.
-
-
12. The claim as in 11, further comprising:
- a function that encrypts the passkey before embedding it in the header of the packet.
-
13. The claim as in 11, the users being authenticated by pre-storing their cellular telephone numbers and a user selected PIN the authentication subsystem.
-
14. A method of identifying a caller to a server for the purpose of granting access to the caller into a computer network, comprising the steps of:
-
a. receiving a telephone call by the server and verifying caller to the server, by caller id and an entry of first personal identification number wherein the server is adapted with a telephone interface equipped with an interactive voice response system and the server having pre-stored data of the caller id and the first number;
b. calling back by the server on a pre-stored caller id number and receiving entry of a second personal identification number; and
c. verifying the second number with a pre-stored data in the server, before granting access to the server. - View Dependent Claims (15, 16)
-
Specification