Method and system for performing authentication and traffic control in a certificate-capable session

US 20070180225A1
Filed: 02/24/2006
Published: 08/02/2007
Est. Priority Date: 02/24/2005
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus for authenticating a remote host, said apparatus comprising:

monitor means for monitoring a network connection between a client and said remote host;

detection means for detecting initiation of a certificate-capable session between said client and said remote host;

analysis means for analyzing information in a digital certificate of said remote host provided in response to said initiation of said certificate-capable session; and

authentication means for authenticating an identity of said remote host based on said information in said digital certificate of said remote host.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus performs authentication of a remote host and traffic control by analyzing the contents of a digital certificate of the remote host. A switch may be used to control operation of the apparatus.

73 Citations

View as Search Results

33 Claims

1. An apparatus for authenticating a remote host, said apparatus comprising:
- monitor means for monitoring a network connection between a client and said remote host;
  
  detection means for detecting initiation of a certificate-capable session between said client and said remote host;
  
  analysis means for analyzing information in a digital certificate of said remote host provided in response to said initiation of said certificate-capable session; and
  
  authentication means for authenticating an identity of said remote host based on said information in said digital certificate of said remote host.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus of claim 1, further comprising identification means for associating a unique identifier with said apparatus, said unique identifier operable to be cryptographically authenticated.
  - 3. The apparatus of claim 1, wherein said apparatus is external to and in communication with said client.
  - 4. The apparatus of claim 1, further comprising notification means for notifying a user of said client of said initiation of said certificate-capable session.
  - 5. The apparatus of claim 1, wherein said authentication means authenticates said identity of said remote host at an application layer.
  - 6. The apparatus of claim 1, wherein said authentication means determines if said digital certificate is valid.
  - 7. The apparatus of claim 1, wherein said authentication means determines if said digital certificate is listed in one of a whitelist and a blacklist.
  - 8. The apparatus of claim 1, further comprising session means for performing one of accepting and rejecting said certificate-capable session based on said information in said digital certificate.
  - 9. The apparatus of claim 1, further comprising log means for logging a status of at least one of said digital certificate and said certificate-capable session.
  - 10. The apparatus of claim 1, wherein said apparatus uses software installed on said client to provide real-time feedback to a user of said client.
  - 11. The apparatus of claim 1, wherein said apparatus is embedded in a network interface card which is configured for installation in said client.
  - 12. The apparatus of claim 1, wherein said apparatus is embedded in a network device.

13. An apparatus for controlling a traffic flow across a network connection between a client and a remote host, said apparatus comprising:
- monitor means for monitoring said network connection;
  
  detection means for detecting initiation of a certificate-capable session between said client and said remote host; and
  
  filter means for using a digital certificate of said remote host provided in response to said initiation of said certificate-capable session to determine an operation to be performed on data in said traffic flow.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 14. The apparatus of claim 13, further comprising redirection means for redirecting said data in said traffic flow.
  - 15. The apparatus of claim 13, wherein said apparatus is external to and in communication with said client.
  - 16. The apparatus of claim 13, wherein said filter means analyzes information in said digital certificate.
  - 17. The apparatus of claim 16, wherein said information in said digital certificate includes at least one of validity information, an issuer, a signer, and a subject.
  - 18. The apparatus of claim 13, wherein said filter means determines said operation to be performed on said data in said traffic flow based on a revocation status of said digital certificate.
  - 19. The apparatus of claim 13, wherein said filter means determines said operation to be performed on said data in said traffic flow based on whether said digital certificate is listed in one of a whitelist and a blacklist.
  - 20. The apparatus of claim 13, wherein said operation is one of allowing said traffic flow to pass without modification, allowing said traffic flow to pass with modification, allowing said traffic to pass after redirection of said traffic flow and blocking said traffic flow from passing.
  - 21. The apparatus of claim 13, wherein said operation is one of allowing said certificate-capable session and blocking said certificate-capable session.
  - 22. The apparatus of claim 13, wherein said operation is notifying a user of said client of a status of at least one of said digital certificate and said certificate-capable session.
  - 23. The apparatus of claim 13, wherein said operation is logging a status of at least one of said digital certificate and said certificate-capable session.
  - 24. The apparatus of claim 13, wherein said operation is using software installed on said client to provide real-time feedback to a user of said client.
  - 25. The apparatus of claim 13, wherein said filter means uses at least one predefined rule to determine said operation to be performed on said data in said traffic flow.
  - 26. The apparatus of claim 13, wherein said apparatus is embedded in a network interface card.
  - 27. The apparatus of claim 13, wherein said apparatus is embedded in a network device.
  - 28. The apparatus of claim 13, further comprising a switch, said switch operable to control said filter means.
  - 29. The apparatus of claim 28, wherein said switch includes a plurality of settings, each setting corresponding to a different security policy.
  - 30. The apparatus of claim 28, wherein said switch is a physical switch, and wherein said switch includes a plurality of positions, each position corresponding to a different security policy.
  - 31. The apparatus of claim 28, wherein said switch is implemented in software.
  - 32. The apparatus of claim 28, wherein said apparatus is embedded in a network interface card, and wherein said switch is connected to said network interface card.
  - 33. The apparatus of claim 32, wherein said switch is in wireless communication with said network interface card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jeffrey Schmidt
Original Assignee
Jeffrey Schmidt
Inventors
Schmidt, Jeffrey

Application Number

US11/361,554
Publication Number

US 20070180225A1
Time in Patent Office

Days
Field of Search
US Class Current

713/152
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0823   using certificates cryptogr...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

Method and system for performing authentication and traffic control in a certificate-capable session

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for performing authentication and traffic control in a certificate-capable session

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links