Method and system for network security management

US 20060021036A1
Filed: 12/23/2004
Published: 01/26/2006
Est. Priority Date: 07/26/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for network security management, comprising:

establishing a user database at a server, wherein the user database comprises a plurality of first usernames and a plurality of corresponding first passwords;

embedding a second username and a corresponding second password into a shared key;

deriving a client key value from the shared key and a secret key algorithm;

adding the client key value into a first message and transferring the first message to the server; and

the server comparing the client key value with key values corresponding to the first user names and the corresponding first passwords, when the client key value matches one key value, calculating the second username and corresponding password according to a hash function algorithm to generate a server key value, and when none is matched, the connection of the second user and the server is denied.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for network security management using an Internet key exchange mechanism. A user database is established at a server comprising a plurality of first usernames and a plurality of corresponding first passwords. A second username and corresponding password are embedded into a shared key. A client key value is derived according to the shared key and Internet key exchange mechanism. The first user-names and corresponding first passwords are calculated and obtained for generating a plurality of user key values. The client key value is added into a first message and transferring the first message to the server. The client key value is compared with the user key values, and, when the client key value matches one user key value, the second username and corresponding password are calculated to generate a server key value

Citations

15 Claims

1. A method for network security management, comprising:
- establishing a user database at a server, wherein the user database comprises a plurality of first usernames and a plurality of corresponding first passwords;
  
  embedding a second username and a corresponding second password into a shared key;
  
  deriving a client key value from the shared key and a secret key algorithm;
  
  adding the client key value into a first message and transferring the first message to the server; and
  
  the server comparing the client key value with key values corresponding to the first user names and the corresponding first passwords, when the client key value matches one key value, calculating the second username and corresponding password according to a hash function algorithm to generate a server key value, and when none is matched, the connection of the second user and the server is denied.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as claimed in claim 1, further comprising step that the server calculates and obtains the first usernames and corresponding first passwords for generating the user key values before the comparing step.
  - 3. The method as claimed in claim 1, after deriving the client key value, further comprising step that the server calculates the first user names and corresponding first passwords for generating the user key values, and restores the calculating result to the user database.
  - 4. The method as claimed in claim 1, before deriving a client key value, further comprising step that the server calculates the first usernames and corresponds first passwords for generating the user key values, and restoring the calculating result to the user database.
  - 5. The method as claimed in claim 1, after the comparing step, further comprising step of adding the server key value to a second message, and returning the second message to a client.
  - 6. The method as claimed in claim 1, wherein the secret key algorithm is IKE mechanism.
  - 7. The method as claimed in claim 1, wherein the first key is expressed as SKEYID=HMAC-MD5[(UN|PW), (N_I|N_R)] for calculating the client key value, wherein the HMAC-MD5 indicates a hash function identification authorization algorithm, the UN indicates the second username, the PW indicates the second passwords, the N_Iindicates a random number of the client, and the N_Rindicates a random number of the server.

8. A method for network security management using an Internet key exchange mechanism, comprising steps:
- establishing a user database at a server comprising a plurality of first usernames and a plurality of corresponding first passwords;
  
  embedding a second username and corresponding password into a shared key;
  
  deriving a client key value according to the shared key and Internet key exchange mechanism;
  
  the server calculating and obtaining the first user-names and corresponding first passwords for generating a plurality of user key values;
  
  the server adding the client key value into a first message and transferring the first message to the server; and
  
  the server comparing the client key value with the user key values, and, when the client key value matches one user key value, calculating the second username and corresponding password to generate a server key value.
- View Dependent Claims (9, 10, 11)
- - 9. The method as claimed in claim 8, wherein when the client key value matches none user key value, the second user is denied to connect to the server.
  - 10. The method as claimed in claim 8, after the comparing step, further comprising step of adding the server key value to a second message, and returning the second message to a client.
  - 11. The method as claimed in claim 8, wherein the first key is expressed as SKEYID=HMAC-MD5[(UN|PW), (N_I|N_R)] for calculating the client key value, wherein the HMAC-MD5 indicates—
    - a hash function identification authorization algorithm, the UN indicates the second username, the PW indicates the second password, the N_Iindicates a random number of the client, and the N_Rindicates a random number of the server.

12. A system for network security management, comprising:
- an analysis unit, embedding a verified name and corresponding verified password into a shared key, deriving a client key value corresponding to the verified name and verified password according to the shared key and a secret key algorithm, and adding the client key value to a first message; and
  
  a server, coupled to the analysis unit, receiving the first message, wherein a user database located at the server comprises a plurality of verification names and corresponding verification passwords, the server comprising;
  
  a calculation unit, coupled to the user database, calculating the verification names and corresponding verification passwords by using a hash function algorithm to generate a plurality of user key values; and
  
  a comparison unit, coupled to the user database and the calculation unit, comparing the client key value with the user key values, and, when the client key value matches one user key value, calculating the verified name and corresponding verified password by using the hash function algorithm to generate a server key value, adding the server key value to a second message by the server, and returning the second message to the analysis unit.
- View Dependent Claims (13, 14, 15)
- - 13. The system as claimed in claim 12, wherein the secret key algorithm is IKE mechanism.
  - 14. The system as claimed in claim 12, wherein the analysis unit is located at the client, enabling the verification names to be transferred to the server.
  - 15. The system as claimed in claim 12, wherein the first key is expressed as SKEYID=HMAC-MD5[(UN|PW), (N_I|N_R)] for calculating the client key value, wherein the HMAC-MD5 indicates a hash function identification authorization algorithm, the UN indicates the second username, the PW indicates the second password, the N_Iindicates a random number of the client, and the N_Rindicates a random number of the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IEI Integration Corp.
Original Assignee
IEI Integration Corp.
Inventors
Chang, Shao-Ning, Tzeng, Hong-Wei

Application Number

US11/020,715
Publication Number

US 20060021036A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/31   User authentication

H04L 63/083   using passwords cryptograph...

H04L 63/164   at the network layer

H04L 9/0844   with user authentication or...

Method and system for network security management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for network security management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links