Subnet box

US 20050091483A1
Filed: 09/08/2004
Published: 04/28/2005
Est. Priority Date: 09/08/2003
Status: Active Grant

First Claim

Patent Images

1. A method of facilitating authentication and security at an edge of a network comprising the steps of:

receiving a data packet;

determining whether a source identifier exists in said data packet; and

if said source identifier exists, retrieving a cryptographic key from local storage associated with said source identifier, decrypting a portion of said data packet using said identified cryptographic key, and directing said data packet toward its recipient.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides an external in-line device (“Subnet Box”) placed between a network and an access point to achieve secure Wi-Fi communications without needing to modify the access point. The Subnet Box comprises an embedded token and will authenticate users based on pre-stored access rights. In at least one embodiment of the invention, the Subnet Box comprises: a first communications port for intercepting data packets communicated to and from a wired communications network; a second communications port for intercepting data packets communicated to and from a wireless access point, wherein the wireless access point is an edge device of the wired communications network; a database comprising a number of serial numbers each associated with a client token and a secret cryptographic key; and a processor for determining whether a computing device having a client token can access the wired communications network via the wireless access point. The processor establishes a secure tunnel between the computing device and the first communications port.

Citations

11 Claims

1. A method of facilitating authentication and security at an edge of a network comprising the steps of:
- receiving a data packet;
  
  determining whether a source identifier exists in said data packet; and
  
  if said source identifier exists, retrieving a cryptographic key from local storage associated with said source identifier, decrypting a portion of said data packet using said identified cryptographic key, and directing said data packet toward its recipient.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein said step of retrieving comprises the steps of:
    - identifying a match to said source identifier within a pre-stored list of source identifiers; and
      
      loading a cryptographic key associated with a matching source identifier from said pre-stored list of source identifiers.
  - 3. The method of claim 1, wherein said source identifier is a MAC address.
  - 4. The method of claim 1, further comprising the steps of:
    - if said source identifier doesn'"'"'t exist, identifying whether said data packet is a pass-through data packet, and then either directing said data packet toward its recipient if said data packet is identified as a pass-through data packet, or dropping said data packet if said data packet is not identified as a pass-through data packet.
  - 5. The method of claim 1, wherein said local storage is a token.

6. An apparatus comprising:
- a first communications port for intercepting data packets communicated to and from a wired communications network;
  
  a second communications port for intercepting data packets communicated to and from a wireless access point, wherein said wireless access point is an edge device of said wired communications network;
  
  a database comprising a number of serial numbers each associated with a client token and a secret cryptographic key; and
  
  a processor for determining whether a computing device having a client token can access said wired communications network via said wireless access point.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The apparatus of claim 6, wherein said processor establishes a secure tunnel between said computing device and said first communications port.
  - 8. The apparatus of claim 6, wherein said first and second communication ports are Ethernet ports.
  - 9. The apparatus of claim 6, wherein said database is stored in a Smart card.
  - 10. The apparatus of claim 6, wherein said wireless access point is an IEEE 802.11 access point.
  - 11. The apparatus of claim 6, wherein said wired network is LAN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
KoolSpan, Inc.
Original Assignee
KoolSpan, Inc.
Inventors
Fascenda, Anthony C.

Granted Patent

US 7,934,005 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 2209/80   Wireless

H04L 2463/061   applying further key deriva...

H04L 63/0236   Filtering by address, proto...

H04L 63/0272   Virtual private networks

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/101   Access control lists [ACL]

H04L 9/3234   involving additional secure...

H04W 12/041   Key generation or derivation

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 84/12   WLAN [Wireless Local Area N...

Subnet box

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Subnet box

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links