Pervasive, user-centric network security enabled by dynamic datagram switch and an on-demand authentication and encryption scheme through mobile intelligent data carriers
First Claim
1. A system of secure network connectivity between one or more users and at least one network server, wherein said secure network connectivity is user-centric and supports pervasive security, wherein said user-centric refers to that the system secures the one or more users instead of one or more devices employed by the users to connect to the network server, and wherein said pervasive security is security on demand, using one or more connecting devices, said system comprising:
- at least one intelligent data carrier, issued to said one or more users, wherein said intelligent data carrier comprises at least (i) one memory, capable of storing digital information, (ii) one input-output apparatus, capable of inputting and outputting digital information, and (iii) one processor, capable of processing the digital information stored in said memory and connecting to a computer device thereby transmitting the digital information via said input-output apparatus, and wherein said intelligent data carrier is capable of establishing the identities of said one or more users through an authentication and encryption scheme; and
a dynamic datagram switch for dynamic allocation and swapping of datagrams for a multiplicity of applications in service to said one or more users.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for improving security, efficiency, access control, administrative monitoring, reliability as well as integrity of data transmission and remote application sharing over a network. Secure, stable network connections and efficient network transactions among multiple users are supported by an improved client-server architecture. A datagram schema is provided, which enables dynamic datagram switching in support of a multitude of applications and network services. Mobile intelligent data carriers are provided, allowing for the implementation of an authentication and encryption scheme. They may be used to target deliver applications to authorized user, thereby controlling the access to not only data but also applications. Biometrics and other suitable authentication methodologies may be employed in delivering the pervasive, user-centric network security solutions disclosed. The methods and systems of this disclosure maybe advantageously implemented in any enterprise network environment to support a wide spectrum of business, research, and administrative operations.
-
Citations
113 Claims
-
1. A system of secure network connectivity between one or more users and at least one network server, wherein said secure network connectivity is user-centric and supports pervasive security, wherein said user-centric refers to that the system secures the one or more users instead of one or more devices employed by the users to connect to the network server, and wherein said pervasive security is security on demand, using one or more connecting devices, said system comprising:
-
at least one intelligent data carrier, issued to said one or more users, wherein said intelligent data carrier comprises at least (i) one memory, capable of storing digital information, (ii) one input-output apparatus, capable of inputting and outputting digital information, and (iii) one processor, capable of processing the digital information stored in said memory and connecting to a computer device thereby transmitting the digital information via said input-output apparatus, and wherein said intelligent data carrier is capable of establishing the identities of said one or more users through an authentication and encryption scheme; and
a dynamic datagram switch for dynamic allocation and swapping of datagrams for a multiplicity of applications in service to said one or more users. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 110, 111)
-
-
44. A client-server communication system, comprising:
-
at least one server; and
at least one client, wherein each client is an intelligent data carrier, comprising at least (i) one memory, capable of storing digital information, (ii) one input-output apparatus, capable of inputting and outputting digital information, and (iii) one processor, capable of processing the digital information stored in said memory and connecting to a computer device thereby transmitting digital information via said input-output apparatus, wherein said intelligent data carrier is capable of establishing the identities of one or more users through an authentication and encryption scheme for secure data transmission between said server and said client. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
-
- 55. An intelligent data carrier, comprising at least (i) one memory, capable of storing digital information, (ii) one input-output apparatus, capable of inputting and outputting digital information, and (iii) one processor, capable of processing the digital information stored in said memory and connecting to a computer device thereby transmitting digital information via said input-output apparatus, wherein said intelligent data carrier is capable of establishing the identities of one or more users through an authentication and encryption scheme for secure data transmission in a network.
-
59. A method for establishing user-centric, pervasive network security, wherein said user-centric refers to securing one or more users instead of one or more devices employed by the users to connect to a network server, and wherein the pervasive security is security on demand, using one or more connecting devices, said method comprising:
-
issuing to each of said one or more users an intelligent data carrier, wherein said intelligent data carrier comprises at least (i) one memory, capable of storing digital information, (ii) one input-output apparatus, capable of inputting and outputting digital information, and (iii) one processor, capable of processing the digital information stored in said memory and connecting to a computer device thereby transmitting the digital information via said input-output apparatus, and wherein said intelligent data carrier is capable of establishing the identities of said one or more users through an authentication and encryption scheme; and
providing a dynamic datagram switch for dynamic allocation and swapping of datagrams for a multiplicity of applications in service to said one or more users. - View Dependent Claims (60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 112, 113)
-
-
96. A method for targeted delivering of one or more applications to an authorized user, comprising:
-
issuing to said user an intelligent data carrier, wherein said intelligent data carrier comprises at least (i) one memory, capable of storing digital information, (ii) one input-output apparatus, capable of inputting and outputting digital information, and (iii) one processor, capable of processing the digital information stored in said memory and connecting to a computer device thereby transmitting the digital information via said input-output apparatus, wherein said intelligent data carrier is capable of establishing the identity of said user through an authentication and encryption scheme; and
providing a computer device connecting to a network on which a network server sits, wherein the intelligent data carrier is capable of docking to said connecting device and being authenticated by said network server based on said authentication and encryption scheme, wherein said one or more applications are capable of being launched off said intelligent data carrier once the user is successfully authenticated. - View Dependent Claims (97, 98, 99, 100, 101, 102, 103, 104, 105, 106)
-
-
107. A system of secure network connectivity between one or more users and at least one network server, wherein said secure network connectivity is user-centric and supports pervasive security, wherein said user-centric refers to that the system secures the one or more users instead of one or more devices employed by the users to connect to the network server, and wherein said pervasive security is security on demand, using one or more connecting devices, said system comprising at least one intelligent data carrier, issued to said one or more users
wherein said intelligent data carrier comprises at least (i) one memory, capable of storing digital information, (ii) one input-output apparatus, capable of inputting and outputting digital information, and (iii) one processor, capable of processing the digital information stored in said memory and connecting to a computer device thereby transmitting the digital information via said input-output apparatus, wherein said intelligent data carrier is capable of establishing the identities of said one or more users through an authentication and encryption scheme and supporting a multiplicity of applications in service to said one or more users, and wherein said authentication and encryption scheme comprises the following sequential steps: - (a) a request being caused to forward from the intelligent data carrier to the network server that the intelligent data carrier be authenticated, (b) the network server presenting to the intelligent data carrier a plurality of authentication methods, (c) the intelligent data carrier selecting one authentication method from said plurality through an event, (d) the network server sending the intelligent data carrier a demand, based on said selected method, for authentication data from the intelligent data carrier, (e) the network server transforming said authentication data received from the intelligent data carrier into one or more data authentication object, wherein each said data authentication object is a data vector object, capable of being analyzed using one or more classifiers, (f) the network server analyzing said data authentication object, according to said one or more classifiers, thereby determining the result of the authentication, and (g) the network server sending said result to the intelligent data carrier, indicating a successful or failed authentication attempt.
-
108. A method for establishing user-centric, pervasive network security, wherein said user-centric refers to securing one or more users instead of one or more devices employed by the users to connect to a network server, and wherein the pervasive security is security on demand, using one or more connecting devices, said method comprising issuing to each of said one or more users an intelligent data carrier,
wherein said intelligent data carrier comprises at least (i) one memory, capable of storing digital information, (ii) one input-output apparatus, capable of inputting and outputting digital information, and (iii) one processor, capable of processing the digital information stored in said memory and connecting to a computer device thereby transmitting the digital information via said input-output apparatus, wherein said intelligent data carrier is capable of establishing the identities of said one or more users through an authentication and encryption scheme and supporting a multiplicity of applications in service to said one or more users, and wherein said authentication and encryption scheme comprises the following sequential steps: - (a) a request being caused to forward from the intelligent data carrier to the network server that the intelligent data carrier be authenticated, (b) the network server presenting to the intelligent data carrier a plurality of authentication methods, (c) the intelligent data carrier selecting one authentication method from said plurality of authentication methods through an event, (d) the network server sending the intelligent data carrier a demand, based on said selected method, for authentication data from the intelligent data carrier, (e) the network server transforming said authentication data received from the intelligent data carrier into one or more data authentication objects, wherein each of said one or more data authentication objects is a data vector object, capable of being analyzed using one or more classifiers, (f) the network server analyzing said data authentication object, according to said one or more classifiers, thereby determining the result of the authentication, and (g) the network server sending said result to the intelligent data carrier, indicating a successful or failed authentication attempt.
-
109. A client-server communication system, comprising:
at least one server; and
at least one client, wherein each client is an intelligent data carrier, comprising at least (i) one memory, capable of storing digital information, (ii) one input-output apparatus, capable of inputting and outputting digital information, and (iii) one processor, capable of processing the digital information stored in said memory and connecting to a computer device thereby transmitting digital information via said input-output apparatus, wherein said intelligent data carrier is capable of establishing identities of one or more users through an authentication and encryption scheme for secure data transmission between said server and said client, and wherein said authentication and encryption scheme comprises the following sequential steps;
(a) a request being caused to forward from the intelligent data carrier to the network server that the intelligent data carrier be authenticated, (b) the network server presenting to the intelligent data carrier a plurality of authentication methods, (c) the intelligent data carrier selecting one authentication method from said plurality through an event, (d) the network server sending the intelligent data carrier a demand, based on said selected method, for authentication data from the intelligent data carrier, (e) the network server transforming said authentication data received from the intelligent data carrier into one or more data authentication objects, wherein each of said one or more data authentication objects is a data vector object, capable of being analyzed using one or more classifiers, (f) the network server analyzing at least one of said data authentication objects, according to said one or more classifiers, thereby determining a result of the authentication, and (g) the network server sending said result to the intelligent data carrier, indicating a successful or failed authentication attempt.
Specification