System and Method for Installing Authentication Credentials on a Remote Network Device

US 20090271851A1
Filed: 09/05/2008
Published: 10/29/2009
Est. Priority Date: 04/25/2008
Status: Active Grant

First Claim

Patent Images

1. A method for installing authentication credentials on a remote network device, comprising:

connecting the remote network device without valid authentication credentials to a port of an authenticating network switch, wherein authentication protocols of the port are enabled;

validating a first remote device identifier against a previously stored remote device identifier using a Network Access Control (NAC) credential service, wherein the first remote device identifier is received from the remote network device using a network;

disabling the authentication protocols of the port using the NAC credential service in response to validating the first remote device identifier; and

installing authentication credentials on the remote network device with the NAC credential service using encrypted data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for installing authentication credentials on a remote network device. A remote network device without valid authentication credentials may be connected to a port of an authenticating network switch, and the authentication protocols of the port may be enabled. A Network Access Control (NAC) credential service validates the remote network device comparing a received remote device identifier against a previously stored remote device identifier. The received remote device identifier may be received from the remote network device using a network when the remote network device attempts to access a private network. The NAC credential service disables the authentication protocols of the port in response to validating the received remote device identifier. The NAC credential service installs authentication credentials on the remote network device using encrypted data, so an untrusted entity cannot view the authentication credentials.

Citations

21 Claims

1. A method for installing authentication credentials on a remote network device, comprising:
- connecting the remote network device without valid authentication credentials to a port of an authenticating network switch, wherein authentication protocols of the port are enabled;
  
  validating a first remote device identifier against a previously stored remote device identifier using a Network Access Control (NAC) credential service, wherein the first remote device identifier is received from the remote network device using a network;
  
  disabling the authentication protocols of the port using the NAC credential service in response to validating the first remote device identifier; and
  
  installing authentication credentials on the remote network device with the NAC credential service using encrypted data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the remote network device is a video conferencing device.
  - 3. The method of claim 1, wherein the authentication protocols use an 802.1x authentication standard and the authenticating network switch is enabled to use 802.1x authentication.
  - 4. The method of claim 1, further comprising determining an authentication failure of the remote network device using a Remote Authentication Dial-In User Service (RADIUS) server after attempting to connect the remote network device to the port of the authenticating network switch.
  - 5. The method of claim 4, wherein determining the authentication failure of the remote network device using the RADIUS server further comprises logging the authentication failure and the first remote device identifier.
  - 6. The method of claim 4, wherein determining the authentication failure of the remote network device using the RADIUS server further comprises monitoring the authentication failure using the NAC credential service and receiving the first remote device identifier.
  - 7. The method of claim 1, wherein installing authentication credentials on the remote network device further comprises validating a second remote device identifier with the stored remote device identifier, wherein the second remote device identifier is received in response to a request from the NAC credential service.
  - 8. The method of claim 7, wherein the stored remote device identifier, the first remote device identifier, and the second remote device identifier are selected from the group consisting of a Media Access Control (MAC) address, an Internet Protocol (IP) address, a subnet mask, a gateway address, a serial number, a model number, a device type, and combination thereof.
  - 9. The method of claim 1, further comprising re-enabling the authentication protocols of the port using the NAC credential service after installing authentication credentials on the remote network device.
  - 10. The method of claim 9, wherein re-enabling the authentication protocols of the port occurs after a pre-determined time from disabling the authentication protocols.
  - 11. The method of claim 1, further comprising rebooting the remote network device after installing authentication credentials on the remote network device, wherein the remote network device is enabled to provide authentication credentials to a Remote Authentication Dial-In User Service (RADIUS) server using the port of the authenticating network switch.
  - 12. The method of claim 1, wherein installing authentication credentials on the remote network device further comprises verifying the installation of the authentication credentials on the remote network device using the NAC credential service.
  - 13. The method of claim 1, wherein the remote network device can use the installed authentication credentials stored on the remote network device to provide authentic credentials on a Remote Authentication Dial-In User Service (RADIUS) server using a port of the authenticating network switch.
  - 14. The method of claim 1, further comprising storing the previously stored remote device identifier into a NAC credential service database utilized by the NAC credential service prior to validating the first remote device identifier against the previously stored remote device identifier, wherein the stored remote device identifier is entered by a trusted entity.
  - 15. The method of claim 1, further comprising alerting the NAC credential service when a connection disruption occurs between the remote network device and the port after connecting a remote network device to the port of the authenticating network switch and before installing authentication credentials on the remote network device.

16. A system for installing authentication credentials on a remote network device, comprising:
- an authenticating network switch with a port, wherein an authentication protocols of the port are enabled by default;
  
  a remote network device in communication with the port of the authenticating network switch; and
  
  a Network Access Control (NAC) credential service in communication with the authenticating network switch using a network, wherein the NAC credential service is enabled to validate a first remote device identifier received from the remote network device against a previously stored remote device identifier, disable the authentication protocols of the port, and install authentication credentials on the remote network device using encrypted data.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16, further comprising a Remote Authentication Dial-In User Service (RADIUS) server in communication with the authenticating network switch using the network and the NAC credential service, wherein the RADIUS server is enabled to authenticate the remote network device using authentication credentials on the remote network device and to receive a first remote device identifier and an authentication failure of the remote network device.
  - 18. The system of claim 16, wherein the Network Access Control (NAC) credential service further comprises the functionality of:
    - validating an second remote device identifier received in response to a request against the stored remote device identifier,re-enabling the authentication protocols of the port after a pre-determined time from disabling the authentication protocols, andrebooting the remote network device after installing authentication credentials on the remote network device.
  - 19. The system of claim 16, further comprising a NAC credential service database enabled to store the previously stored remote device identifier.

20. A computer readable medium having executable code embodied on the medium for providing instructions for installing Network Access Control (NAC) credentials on a remote network device, comprising:
- computer readable program code configured to determine an authentication failure of the remote network device without valid authentication credentials connected to a port of an authenticating network switch and to receive an authentication failure and a first remote device identifier;
  
  computer readable program code configured to validate the first remote device identifier against a previously stored remote device identifier;
  
  computer readable program code configured to disable the authentication protocols of the port in response to validating the first remote device identifier;
  
  computer readable program code configured to install authentication credentials on the remote network device using encrypted data; and
  
  computer readable program code configured to re-enable the authentication protocols of the port.

21. A method for installing authentication credentials on a remote network device, comprising:
- storing a stored remote device identifier into a Network Access Control (NAC) credential service database, wherein the stored remote device identifier is entered by a trusted entity;
  
  connecting the remote network device without valid authentication credentials to a port of an authenticating network switch, wherein authentication protocols are enabled;
  
  authenticating the remote network device with a Remote Authentication Dial-In User Service (RADIUS) server in communication with the authenticating network switch using a network and storing an authentication failure and a first remote device identifier associated with the remote network devicevalidating the first remote device identifier against the stored remote device identifier using the NAC credential service;
  
  disabling the authentication protocols of the port using the NAC credential service in response to validating the first remote device identifier;
  
  validating a second remote device identifier with the stored remote device identifier using the NAC credential service, wherein the second remote device identifier is received in response to a request from the NAC credential service;
  
  installing authentication credentials and verifying the authentication credentials on the remote network device with the NAC credential service using encrypted data, wherein an untrusted entity cannot view the authentication credentials on the remote network device;
  
  rebooting the remote network device, wherein the remote network device is enabled to provide authentication credentials to the RADIUS server using the port of the authenticating network switch; and
  
  re-enabling the authentication protocols of the port using the NAC credential service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Hoppe, Sally Blue, Torres, Matt, Harritt, Jim

Granted Patent

US 8,484,705 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/31 User authentication

System and Method for Installing Authentication Credentials on a Remote Network Device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Installing Authentication Credentials on a Remote Network Device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links