Method for secure single-packet remote authorization
First Claim
1. A method for secure remote authorization using a single packet authorization (SPA) server on a host system, a SPA client on a client system, and a formatted SPA packet sent from the client in order to gain access to services on the host, comprising the steps of:
- constructing a packet of access code comprising a plurality of bytes of random data and a hash function of the random data;
sending said packet to a server configured to allow certain predetermined packets;
allowing access to said server if said packet matches a predetermined packet;
storing the hash function of every allowed packet at the server and preventing access for any subsequently sent duplicate packets.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for secure single-packet remote authorization using a single packet authorization (SPA) server on a host system that passively monitors the network for connection attempts and anonymously accept or rejects said attempts depending on whether a valid SPA packet is detected, an SPA client on a client system that is responsible for generating the appropriately encrypted SPA packet in order to gain access to services on the host, and a particular packet format sent from the client to the host to gain access. The packet format is encrypted and non-replayable by virtue of 16 bytes of random data in every message, and an MD5 sum that is a hash function of the random data (made via any known hashing function). The SPA server stores the MD5 sum of every valid SPA packet that it monitors and flags any duplicate access attempts using the same MD5 hash as a previously monitored packet, in which case the SPA server treats the packet as being generated by a malicious attempt to replay the original packet.
-
Citations
19 Claims
-
1. A method for secure remote authorization using a single packet authorization (SPA) server on a host system, a SPA client on a client system, and a formatted SPA packet sent from the client in order to gain access to services on the host, comprising the steps of:
-
constructing a packet of access code comprising a plurality of bytes of random data and a hash function of the random data;
sending said packet to a server configured to allow certain predetermined packets;
allowing access to said server if said packet matches a predetermined packet;
storing the hash function of every allowed packet at the server and preventing access for any subsequently sent duplicate packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for secure single-packet remote authorization, comprising:
-
a single packet authorization (SPA) server in communication with a network and configured to passively monitor said network for a valid SPA packet having a predetermined format while maintaining a gateway packet filter in a default deny state;
an SPA client on a client system configured to generate formatted SPA packets in order to gain access to services on the network;
wherein said predetermined SPA format is encrypted and non-replayable. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification
-
- Resources
-
Current AssigneeMichael Rash
-
Original AssigneeMichael Rash
-
InventorsRash, Michael
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/25
-
CPC Class CodesG06F 21/552 involving long-term monitor...G06F 2221/2101 Auditing as a secondary aspectG06F 2221/2107 File encryptionG06F 2221/2119 Authenticating web pages, e...G06F 2221/2151 Time stampH04L 63/02 for separating internal fro...H04L 63/10 for controlling access to d...H04L 63/12 Applying verification of th...
