Dynamic Host Configuration Protocol

US 20090070474A1
Filed: 09/12/2007
Published: 03/12/2009
Est. Priority Date: 09/12/2007
Status: Active Grant

First Claim

Patent Images

1. A method at a dynamic host configuration protocol (DHCP) client comprising:

receiving a signed DHCP response message from a DHCP server of a communications network, the signed message comprising at least a freshness indicator, a signature and a public key.validating the freshness indicator;

verifying the signature of the signed message using the public key; and

if the validation and the verification processes are successful, accessing stored settings for use with the network, that access being made on the basis of information at least about the public key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Dynamic host configuration protocol (DHCP) is extended in order to assist with secure network location awareness. In an embodiment a DHCP client receives a signed DHCP response message from a DHCP server, the signed message comprising at least a certificate chain having a public key. In that embodiment the DHCP client validates the certificate chain and verifies the signature of the signed message. If this is successful the DHCP client accesses stored settings for use with the server. The stored settings are accessed at least using information about the public key. In some embodiments signed DHCPOFFER messages and signed DHCPACK messages are used. In another embodiment the signed DHCP message comprises a location identifier which is, for example, a domain name system (DNS) suffix of a DHCP server.

Citations

20 Claims

1. A method at a dynamic host configuration protocol (DHCP) client comprising:
- receiving a signed DHCP response message from a DHCP server of a communications network, the signed message comprising at least a freshness indicator, a signature and a public key.validating the freshness indicator;
  
  verifying the signature of the signed message using the public key; and
  
  if the validation and the verification processes are successful, accessing stored settings for use with the network, that access being made on the basis of information at least about the public key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method as claimed in claim 1 wherein the signed DHCP response message is a DHCPOFFER message.
  - 3. A method as claimed in claim 1 wherein the signed DHCP response message is a DHCPACK message.
  - 4. A method as claimed in claim 1 wherein the signed message further comprises a location identifier provided using a DHCP option in the signed message, that DHCP option being any of a domain name option and a network name option.
  - 5. A method as claimed in claim 4 wherein the location identifier is any of a network name and a domain name system (DNS) suffix of the server.
  - 6. A method as claimed in claim 1 which further comprises sending any of a DHCPDISCOVER message, a DHCPREQUEST message, a DHCPINFORM message, a SOLICIT message, a REQUEST message, a RENEW message, a REBIND message and an INFORMATION-REQUEST message to the server and receiving any of a DHCPOFFER message, a DHCPACK message, an ADVERTISE message and a REPLY message in response, that received message being signed by the server and comprising a certificate chain comprising one or more certificates.
  - 7. A method as claimed in claim 5 wherein the location identifier is a DNS suffix and which further comprises checking that location identifier is a suffix of a fully-qualified domain name of the server, that fully-qualified domain name being provided in a certificate chain.
  - 8. A method as claimed in claim 1 which further comprises broadcasting a DHCPDISCOVER message comprising a freshness indicator value.
  - 9. A method as claimed in claim 8 wherein the freshness indicator comprises any of a random number, a pseudo-random number, a time stamp, and a number from a number sequence.
  - 10. A method as claimed in claim 8 wherein the freshness indicator has a value being one of a random number and a pseudo-random number and wherein the method further comprises checking that the signed message comprises the same freshness indicator value as the DHCPDISCOVER message.
  - 11. A method as claimed in claim 5 wherein the stored settings are accessed using a hash of at least the public key and the location identifier.
  - 12. A method as claimed in claim 1 which further comprises making an earlier connection to the server, selecting settings for use with the server and storing information about those selected settings together with information about a public key advertised by the server.
  - 13. A method as claimed in claim 12 which further comprises storing information about the selected settings together with information about the public key and information about a location identifier provided by the server.
  - 14. A method as claimed in claim 1 wherein the stored network settings have been stored using information from a different DHCP server, that different DHCP server having been certified by a common, trusted root certification authority between the DHCP servers.

15. A method at a DHCP server of a communications network comprising:
- receiving a DHCP request message from a DHCP client requiring a response from the DHCP server;
  
  sending a signed DHCP response message to the client, the signed message comprising at least a freshness indicator, location identifier, signature, and a certificate chain comprising one or more certificates, the certificate chain having a public key;
  
  wherein the sending is arranged such that the signed DHCP response message can be received only in a specified region of the communications network; and
  
  wherein the public key is suitable for verifying the signature and the location identifier matches a name in a certificate chain.
- View Dependent Claims (16, 17, 18)
- - 16. A method as claimed in claim 15 wherein the DHCP request message is selected from any of any of a DHCPDISCOVER message, a DHCPREQUEST message, a DHCPINFORM message, a SOLICIT message, a REQUEST message, a RENEW message, a REBIND message and an INFORMATION-REQUEST message.
  - 17. A method as claimed in claim 15 wherein the location identifier is any of a network name and a domain name system (DNS) suffix of the access node.
  - 18. A method as claimed in claim 15 wherein the received DHCP request message comprises a freshness indicator value wherein the method comprises copying that value into the signed DHCP response message.

19. A dynamic host configuration protocol (DHCP) signal comprising:
- a signed DHCP response message which comprises;
  
  a location identifier stored in a network name option; and
  
  a certificate chain comprising one or more certificates having a public key wherein the location identifier is present in a certificate of the certificate chain.
- View Dependent Claims (20)
- - 20. A signal as claimed in claim 19 wherein the location identifier comprises any of a network name and a DNS suffix of an access node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Aura, Tuomas, Murdoch, Steven, Roe, Michael

Granted Patent

US 8,239,549 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/228
CPC Class Codes

H04L 61/5014   using dynamic host configur...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

Dynamic Host Configuration Protocol

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic Host Configuration Protocol

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links