System and Method for Distributing Enduring Credentials in an Untrusted Network Environment

US 20090271852A1
Filed: 09/23/2008
Published: 10/29/2009
Est. Priority Date: 04/25/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for distributing enduring credentials for a secure network in an untrusted network environment, comprising:

providing temporary credentials to an untrusted user;

communicating the temporary credentials to a computing device connected to a network switch configured to receive the temporary credentials from the untrusted user through the computing device;

relaying the temporary credentials from the network switch to an authentication server within the secure network;

authenticating the computing device connected to the network switch; and

transmitting the enduring credentials to the computing device in an encrypted format to enable the computing device to communicate within the secure network through the network switch without providing access to the enduring credentials to the untrusted user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for distributing enduring credentials for a secure network in an untrusted network environment is disclosed. The method includes providing temporary credentials to an untrusted user. The temporary credentials can be communicated to a computing device connected to a network switch. The network switch can relay the temporary credentials to an authentication server within the secure network. The computing device can be authenticated to verify it is authorized to be connected to the secure network. Enduring credentials can be transmitted from the secure network to the computing device in an encrypted format to enable the computing device to communicate within the secure network through the network switch without providing access to the enduring credentials to the untrusted user.

44 Citations

View as Search Results

20 Claims

1. A method for distributing enduring credentials for a secure network in an untrusted network environment, comprising:
- providing temporary credentials to an untrusted user;
  
  communicating the temporary credentials to a computing device connected to a network switch configured to receive the temporary credentials from the untrusted user through the computing device;
  
  relaying the temporary credentials from the network switch to an authentication server within the secure network;
  
  authenticating the computing device connected to the network switch; and
  
  transmitting the enduring credentials to the computing device in an encrypted format to enable the computing device to communicate within the secure network through the network switch without providing access to the enduring credentials to the untrusted user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as in claim 1, wherein providing temporary credentials further comprises providing at least one of a user name and a password that provides temporary access to the secure network through the network switch.
  - 3. A method as in claim 1, wherein providing temporary credentials further comprises providing physical identification information related to at least one of the computing device and the network switch to the authentication server.
  - 4. A method as in claim 1, further comprising providing temporary credentials to the untrusted user using a web server located outside the secure network.
  - 5. A method as in claim 4, further comprising replicating the temporary credentials from the web server to the at least one server within the secure network.
  - 6. A method as in claim 1, communicating the temporary credentials further comprises communicating the temporary credentials to the network switch based on the Institute of Electrical and Electronics Engineers (IEEE) standard 802.1x.
  - 7. A method as in claim 1, wherein authenticating the computing device further comprises communicating at least one feature of the computing device to the authentication server to verify that the computing device is approved to connect with the secure network.
  - 8. A method as in claim 1, wherein transmitting enduring credentials further comprises transmitting enduring 802.1x credentials to the computing device in the encrypted format to enable the computing device to continue to communicate within the secure network through the network switch for a predetermined period of time.
  - 9. A method as in claim 1, wherein transmitting enduring credentials further comprises transmitting permanent 802.1x credentials to the computing device in the encrypted format to enable the computing device to continue to communicate within the secure network through the network switch indefinitely.
  - 10. A method as in claim 1, wherein the untrusted user is an untrusted client that is an automated device.

11. A system for distributing enduring credentials to a computing device in an untrusted environment, comprising:
- a network switch configured to communicate with the computing device and at least one server within a secure network;
  
  an authentication server within the secure network configured to receive temporary credentials from the computing device and verify that the computing device is allowed to communicate with the secure network, wherein the temporary credentials are configured to enable an untrusted user temporary access to the secure network using the computing device connected to the secure network through the network switch; and
  
  computer readable storage accessible by the authentication server and organized to contain enduring credentials provided by the authentication server to the computing device upon verification of the computing device, wherein the enduring credentials are encrypted such that the untrusted user does not have access to the enduring credentials.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. A system as in claim 11, further comprising a server located within the secure network, the server being operable to reconfigure the computing device to enable the computing device receive the encrypted enduring credentials over a secure connection with the secure network.
  - 13. A system as in claim 11, further comprising a temporary credentials source configured to provide temporary credentials to the untrusted user, wherein the temporary credentials source is selected from the group consisting of a web server, a fax machine, and a telephone connection.
  - 14. A system as in claim 13, wherein the authentication server within the secure network is configured to receive the temporary credentials from the web server.
  - 15. A system as in claim 11, wherein the enduring credentials of the computing device to communicate within the secure network through the network switch are revoked at the network switch by the authentication server when an unexpected event occurs.
  - 16. A system as in claim 15, wherein the unexpected event is selected from the group consisting of a change in location of the computing device, a disconnection of the computing device from the network switch, a change in hardware in the computing device, a change in software in the computing device, a change in firmware in the computing device, a change in a media access control address of the computing device, and a change in an internet protocol address of the network switch.
  - 17. A system as in claim 11, wherein the authentication server is configured to authenticate the temporary credentials and the enduring credentials based on the Institute of Electrical and Electronics Engineers (IEEE) 802.1x standard for port based network access control to provide authentication to the computing device connected to the secure network through the network switch.
  - 18. A system as in claim 11, wherein the network switch is an 802.1x standardized network switch.
  - 19. A system as in claim 11, wherein the enduring credentials authorize access for the computing device to be connected to the secure network through the network switch for a predetermined period of time.

20. A computer usable medium having computer readable program code embodied therein for distributing enduring credentials for a secure network in an untrusted network environment, the computer readable program code in a computer program product comprising:
- providing temporary credentials to an untrusted user;
  
  communicating the temporary credentials to a computing device connected to a network switch configured to receive the temporary credentials from the untrusted user through the computing device;
  
  relaying the temporary credentials from the network switch to an authentication server within the secure network;
  
  authenticating the computing device connected to the network switch; and
  
  transmitting the enduring credentials to the computing device in an encrypted format to enable the computing device to communicate within the secure network through the network switch without providing access to the enduring credentials to the untrusted user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Hoppe, Sally Blue, Torres, Matt, Harritt, Jim

Application Number

US12/236,186
Publication Number

US 20090271852A1
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/31   User authentication

H04L 63/0846   using time-dependent-passwo...

H04L 9/3226   using a predetermined code,...

System and Method for Distributing Enduring Credentials in an Untrusted Network Environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Distributing Enduring Credentials in an Untrusted Network Environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links