EXCHANGE OF NETWORK ACCESS CONTROL INFORMATION USING TIGHTLY-CONSTRAINED NETWORK ACCESS CONTROL PROTOCOLS

US 20090041252A1
Filed: 09/18/2007
Published: 02/12/2009
Est. Priority Date: 08/10/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, with an access control device, a digital signature through a tightly-constrained handshake sequence of a network protocol, wherein an endpoint device initiates the tightly-constrained handshake sequence when the endpoint device is requesting access rights, wherein the digital signature is based on a trusted platform module (“

TPM”

) value and a nonce value, and wherein, due to constraints of the tightly-constrained handshake sequence, the access control device and the endpoint device are unable to negotiate a set of nonce information during the tightly-constrained handshake sequence;

determining whether the access control device has previously negotiated the set of nonce information with the endpoint device;

determining whether the TPM value is associated with an acceptable configuration;

determining whether the nonce value is acceptable;

determining whether the digital signature is valid; and

granting the access rights to the endpoint device when the access control device has previously negotiated the set of nonce information, when the TPM value is associated with the acceptable configuration, when the nonce value is acceptable, and when the digital signature is valid.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, techniques are described for securely exchanging network access control information. The techniques may be useful in situations where an endpoint device and an access control device perform a tightly-constrained handshake sequence of a network protocol when the endpoint device requests access to a network. The handshake sequence may be constrained in a variety of ways. Due to the constraints of the handshake sequence, the endpoint device and the access control device may be unable to negotiate a set of nonce information during the handshake sequence. For this reason, the access control device uses a previously negotiated set of nonce information and other configuration information associated with the endpoint device as part of a process to determine whether the endpoint device should be allowed to access the protected networks.

Citations

25 Claims

1. A method comprising:
- receiving, with an access control device, a digital signature through a tightly-constrained handshake sequence of a network protocol, wherein an endpoint device initiates the tightly-constrained handshake sequence when the endpoint device is requesting access rights, wherein the digital signature is based on a trusted platform module (“
  
  TPM”
  
  ) value and a nonce value, and wherein, due to constraints of the tightly-constrained handshake sequence, the access control device and the endpoint device are unable to negotiate a set of nonce information during the tightly-constrained handshake sequence;
  
  determining whether the access control device has previously negotiated the set of nonce information with the endpoint device;
  
  determining whether the TPM value is associated with an acceptable configuration;
  
  determining whether the nonce value is acceptable;
  
  determining whether the digital signature is valid; and
  
  granting the access rights to the endpoint device when the access control device has previously negotiated the set of nonce information, when the TPM value is associated with the acceptable configuration, when the nonce value is acceptable, and when the digital signature is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1,wherein the access right comprise rights to communicate on a first network;
    - andwherein the method further comprises;
      
      allowing the endpoint device to communicate on a second network when the access control device has not previously negotiated the set of nonce information, when the TPM value is not associated with the acceptable configuration, when the nonce value is not acceptable, or when the digital signature is not valid; and
      
      using the second network to negotiate the set of nonce information with the endpoint device.
  - 3. The method of claim 1,wherein the access right comprise rights to communicate on a first network;
    - wherein the network protocol is the Dynamic Host Configuration Protocol (“
      
      DHCP”
      
      ); and
      
      wherein allowing the endpoint device to communicate on the first network comprises causing an Internet Protocol (“
      
      IP”
      
      ) address to be leased to the endpoint device, wherein an access point forwards IP packets that specify the IP address as a source address to the first network.
  - 4. The method of claim 1,wherein, due to constraints of the tightly-constrained handshake sequence, the endpoint device is unable to send the TPM value and the nonce value to the access control device during the tightly-constrained handshake sequence of the network protocol;
    - wherein determining whether the TPM value is associated with the acceptable configuration comprises determining whether the TPM value is associated with the acceptable configuration when the access control device has previously received the TPM value;
      
      wherein the method further comprises calculating, in response to receiving the digital signature, a set of one or more candidate nonce values;
      
      wherein determining whether the digital signature is valid comprises determining whether the digital signature is valid given the TPM value and a candidate nonce value in the set of candidate nonce values; and
      
      wherein determining whether the nonce value is acceptable comprises determining whether the candidate nonce value is acceptable.
  - 5. The method of claim 1,wherein the digital signature is encrypted using a private encryption key of a TPM chip in the endpoint device;
    - andwherein determining whether the digital signature is valid comprises using a public key certificate associated with the private encryption key to determine whether the digital signature is valid.
  - 6. The method of claim 5, further comprising:
    - allowing the endpoint device to communicate on a second network when the public key certificate is not stored in the storage medium;
      
      receiving the public key certificate via the second network; and
      
      storing, in the storage medium, the public key certificate after receiving the public key certificate via the second network.
  - 7. The method of claim 1,wherein the set of nonce information comprises a set of values;
    - andwherein determining whether the nonce value is acceptable comprises;
      
      determining that the nonce value is acceptable when the nonce value is in the set of values; and
      
      removing the nonce value from the set of values when the nonce value is in the set of values.
  - 8. The method of claim 1,wherein the set of nonce information comprises a time indicator that indicates a time;
    - andwherein determining whether the nonce value is acceptable comprises determining whether the nonce value is acceptable based on the time indicated by the time indicator.
  - 9. The method of claim 1,wherein the set of nonce information comprises a sequence number;
    - andwherein determining whether the nonce value is acceptable comprises determining that the nonce value is acceptable when the nonce value is equal to a number that follows the sequence number.

10. An access control device comprising:
- a request reception module that receives a digital signature through a tightly-constrained handshake sequence of a network protocol, wherein an endpoint device initiates the tightly-constrained handshake sequence when the endpoint device is requesting access rights, wherein the digital signature is based on a trusted platform module (“
  
  TPM”
  
  ) value and a nonce value, and wherein, due to constraints of the tightly-constrained handshake sequence, the access control device and the endpoint device are unable to negotiate a set of nonce information during the tightly-constrained handshake sequence;
  
  a cache management module that determines whether the access control device has previously negotiated the set of nonce information with the endpoint device;
  
  a TPM evaluation module that determines whether the TPM value is associated with an acceptable configuration;
  
  a nonce evaluation module that determines whether the nonce value is acceptable;
  
  a signature verification module that determines whether the digital signature is valid; and
  
  an access instruction module that grants the access rights to the endpoint device when the access control device has previously negotiated the set of nonce information, when the TPM value is associated with the acceptable configuration, when the nonce value is acceptable, and when the digital signature is valid.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The access control device of claim 10,wherein the access right comprise rights to communicate on a first network;
    - wherein the access instruction module allows the endpoint device to communicate on a second network when the access control device has not previously negotiated the set of nonce information, when the TPM value is not associated with the acceptable configuration, when the nonce value is not acceptable, or when the digital signature is not valid; and
      
      wherein the access control device uses the second network to negotiate the set of nonce information with the endpoint device.
  - 12. The access control device of claim 10,wherein the access right comprise rights to communicate on a first network;
    - wherein the network protocol is the Dynamic Host Configuration Protocol (“
      
      DHCP”
      
      ); and
      
      wherein the access instruction module causes the endpoint device to be able to communicate on the first network by causing an Internet Protocol (“
      
      IP”
      
      ) address to be leased to the endpoint device, wherein an access point forwards IP packets that specify the IP address as a source address to the first network.
  - 13. The access control device of claim 10,wherein, due to constraints of the tightly-constrained handshake sequence, the endpoint device is unable to send the TPM value and the nonce value to the access control device during the tightly-constrained handshake sequence of the network protocol;
    - andwherein the cache management module determines whether the TPM value is associated with the acceptable configuration when the access control device has previously received the TPM value;
      
      wherein the access control device further comprises a nonce calculation module that calculates a set of one or more candidate nonce values;
      
      wherein the signature verification module determines whether the digital signature is valid given the TPM value and a candidate nonce value in the set of candidate nonce values; and
      
      wherein the nonce evaluation module determines whether the nonce value is acceptable at least in part by determining whether the candidate nonce value is acceptable.
  - 14. The access control device of claim 10,wherein the digital signature is encrypted using a private encryption key of a TPM chip in the endpoint device;
    - andwherein the signature verification module uses a public key certificate associated with the private encryption key to determine whether the digital signature is valid.
  - 15. The access control device of claim 14,wherein the access instruction module allows the endpoint device to be able to communicate on a second network when the public key certificate is not stored in the storage medium;
    - andwherein the cache management module stores, in the storage medium, the public key certificate after receiving the public key certificate via the second network.
  - 16. The access control device of claim 10,wherein the set of nonce information comprises a set of values;
    - wherein the nonce evaluation module determines that the nonce value is acceptable when the nonce value is in the set of values; and
      
      wherein the nonce evaluation module removes the nonce value from the set of values when the nonce value is in the set of values.
  - 17. The access control device of claim 10,wherein the set of nonce information comprises a time indicator that indicates a time;
    - andwherein the nonce evaluation module determines that the nonce value is acceptable based on the time indicated by the time indicator.
  - 18. The access control device of claim 10,wherein the set of nonce information comprises a sequence number;
    - andwherein the nonce evaluation module determines that the nonce value is acceptable when the nonce value is equal to a number that follows the sequence number.

19. A computer-readable medium comprising instructions, wherein the instructions cause one or more programmable processors of an access control device to:
- receive a digital signature through a tightly-constrained handshake sequence of a network protocol, wherein an endpoint device initiates the tightly-constrained handshake sequence when the endpoint device is requesting access rights, wherein the digital signature is based on a trusted platform module (“
  
  TPM”
  
  ) value and a nonce value, and wherein, due to constraints of the tightly-constrained handshake sequence, the access control device and the endpoint device are unable to negotiate a set of nonce information during the tightly-constrained handshake sequence;
  
  determine whether the access control device has previously negotiated the set of nonce information with the endpoint device;
  
  determine whether the TPM value is associated with an acceptable configuration;
  
  determine whether the nonce value is acceptable;
  
  determine whether the digital signature is valid; and
  
  grant the access rights to the endpoint device when the access control device has previously negotiated the set of nonce information with the endpoint device, when the TPM value is associated with the acceptable configuration, when the nonce value is acceptable, and when the digital signature is valid.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The computer-readable medium of claim 19,wherein, due to constraints of the tightly-constrained handshake sequence, the endpoint device is unable to send the TPM value and the nonce value to the access control device during the tightly-constrained handshake sequence;
    - wherein the instructions cause the one or more programmable processors to determine whether the TPM value is associated with the acceptable configuration at least in part by causing the one or more programmable processors to determine whether the TPM value is associated with the acceptable configuration when the access control device has previously received the TPM value;
      
      wherein the instructions further cause the one or more programmable processors to calculate, in response to receiving the digital signature, a set of one or more candidate nonce values; and
      
      wherein the instructions cause the one or more programmable processors to determine whether the digital signature is valid at least in part by causing the one or more processors to determine whether the digital signature is valid given the TPM value and a candidate nonce value in the set of candidate nonce values; and
      
      wherein the instructions cause the one or more programmable processors to determine whether the nonce value is acceptable at least in part by causing the one or more programmable processors to determine whether the candidate nonce value is acceptable.
  - 21. The computer-readable medium of claim 19,wherein the access right comprise rights to communicate on a first network;
    - wherein the network protocol is the Dynamic Host Configuration Protocol (“
      
      DHCP”
      
      ); and
      
      wherein the instructions cause the one or more programmable processors to allow the endpoint device to communicate on the first network at least in part by causing the one or more programmable processors to cause an Internet Protocol (“
      
      IP”
      
      ) address to be leased to the endpoint device, wherein an access point forwards IP packets that specify the IP address as a source address to the first network.
  - 22. The computer-readable medium of claim 19,wherein the digital signature is encrypted using a private encryption key of a TPM chip in the endpoint device;
    - andwherein the instructions cause the one or more programmable processors to determine whether the digital certificate is valid at least in part by causing the one or more programmable processors to use a public key certificate associated with the private encryption key to determine whether the digital signature is valid.
  - 23. The computer-readable medium of claim 22, wherein the instructions further cause the one or more programmable processors to:
    - allow the endpoint device to communicate on a second network when the public key certificate is not stored in the storage medium;
      
      receive the public key certificate via the second network; and
      
      store, in the storage medium, the public key certificate after receiving the public key certificate via the second network.
  - 24. The computer-readable medium of claim 19,wherein the set of nonce information comprises a set of values;
    - andwherein the instructions cause the one or more programmable processors to determine whether the nonce value is acceptable at least in part by causing the one or more programmable processors to;
      
      determine that the nonce value is acceptable when the nonce value is in the set of values; and
      
      remove the nonce value from the set of values when the nonce value is in the set of values.
  - 25. The computer-readable medium of claim 19,wherein the set of nonce information comprises a time indicator that indicates a time;
    - andwherein the instructions cause the one or more programmable processors to determine whether the nonce value is acceptable at least in part by causing the one or more programmable processors to determine whether the nonce value is acceptable based on the time indicated by the time indicator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Original Assignee
Juniper Networks Incorporated
Inventors
Hanna, Stephen R.

Granted Patent

US 8,104,073 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/12 Applying verification of th...

EXCHANGE OF NETWORK ACCESS CONTROL INFORMATION USING TIGHTLY-CONSTRAINED NETWORK ACCESS CONTROL PROTOCOLS

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

EXCHANGE OF NETWORK ACCESS CONTROL INFORMATION USING TIGHTLY-CONSTRAINED NETWORK ACCESS CONTROL PROTOCOLS

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links