METHOD FOR CREATING SECURE SUBNETWORKS ON A GENERAL PURPOSE NETWORK

US 20160072787A1
Filed: 09/11/2015
Published: 03/10/2016
Est. Priority Date: 08/19/2002
Status: Abandoned Application

First Claim

Patent Images

1-99. -99. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques used in a network that includes non-trusted devices, in which packets of information communicated across the network include network address information for a source device and a destination device of the packets of information are described herein. According to one embodiment, a process of establishing a more secure subnetwork includes inserting at least one credential into at least one packet of information issued by the source device, the credential assessable by a plurality of devices on the network, enabling transmission of the at least one packet of information from the source device to at least one destination device on the subnetwork, assessing the credential by at least one of the devices, and permitting the source device to communicate with the destination device conditioned upon the results of the assessing step. Other methods and apparatuses are also described.

Citations

118 Claims

1-99. -99. (canceled)

100. In a computer network of a plurality of network devices that is comprised of at least one source device, at least one destination device and at least one intermediate device, in which packets of information are communicable across said network in accordance with an industry standard communication protocol, a method of improving the security of at least a portion of the network, comprising the steps of:
- receiving a packet of information by a first intermediate device;
  
  introducing, modifying or replacing at least one credential in said packet of information, said at least one introduced, modified or replacement credential residing in a header portion of the packet formed in accordance with said industry standard communication protocol and containing information pertaining to said at least one source device that is supplemental to information required by said industry standard communication protocol;
  
  enabling assessment of said at least one introduced, modified or replacement credential by a plurality of devices on said network downstream of said intermediate device; and
  
  permitting said at least one source device to communicate with said at least one destination device conditioned upon the results of an assessment of said at least one introduced, modified or replacement credential by one or more of said plurality of devices.
- View Dependent Claims (101, 102, 103, 104, 105, 106, 107, 108, 116, 117)
- - 101. The method as set forth in claim 117, wherein said assessing step comprises:
    - performing a security procedure to determine if said at least one introduced, modified or replacement credential is satisfactory for authentication or authorization in accordance with an authentication or authorization policy.
  - 102. The method as set forth in claim 101, wherein said security procedure comprises an authentication procedure.
  - 103. The method as set forth in claim 101, wherein said security procedure comprises an authorization procedure.
  - 104. The method as set forth in claim 101, wherein said security procedure is performed by said a second intermediate device downstream from said first intermediate device.
  - 105. The method as set forth in claim 101, wherein said security procedure comprises forwarding said packet of information if said at least one introduced, modified or replacement credential is satisfactory in accordance with said authentication or authorization policy and not permitting communication with respect to said packet to continue if said at least one credential is not satisfactory in accordance with said authentication or authorization policy.
  - 106. The method as set forth in claim 101, wherein said at least one introduced, modified or replacement credential is in plain text.
  - 107. The method as set forth in claim 101, wherein said at least one introduced, modified or replacement credential includes information that is relevant to the application of said authentication or authorization policy.
  - 108. The method as set forth in claim 101, wherein said at least one introduced, modified or replacement credential is introduced or modified by said first intermediate device into multiple packets of information transmitted during a communication session.
  - 116. The method as set forth in claim 117, wherein said at least one introduced, modified or replacement credential is replaced with a substitute credential introduced by said first intermediate device into multiple packets of information transmitted during a communication session.
  - 117. The method as set forth in claim 100, wherein said at least one introduced, modified or replacement credential resides in an optional portion of said header portion of the packet formed in accordance with said industry standard communication protocol.

109. An intermediate network device that is capable of improving the security of communication between a plurality of devices on a computer network that comprises a source device, a destination device, and said intermediate network device, comprising:
- computer memory configured to store instructions for causing said intermediate network device to receive a packet of information over the network in accordance with an industry standard communication protocol that specifies that said packet of information comprise a header portion comprising required information comprising a network address of said source device and said destination device for said packet of information, and optional information supplemental to said required information;
  
  computer memory configured to store instructions to enable said intermediate network device to introduce, modify or replace a credential in said header portion of said packet of information, said introduced, modified or replacement credential containing information pertaining to said source device that is supplemental to information required by said industry standard communication protocol and in a form assessable by a plurality of devices downstream of said intermediate device on said network;
  
  computer memory configured to store instructions for assessing said introduced, modified or replacement credential in said packet; and
  
  computer memory configured to store instructions for performing a security procedure concerning the authentication or authorization of said source device based upon said introduced, modified or replacement credential.
- View Dependent Claims (110, 111, 112, 113, 114, 115, 118)
- - 110. The network device as in claim 118, wherein said introduced, modified or replacement credential is in plain text.
  - 111. The network device as in claim 118, wherein said introduced, modified or replacement credential includes information that is relevant to the application of at least one authentication or authorization policy.
  - 112. The network device as set forth in claim 118, wherein said security procedure is an authentication procedure.
  - 113. The network device as set forth in claim 118, wherein said security procedure is an authorization procedure.
  - 114. The network device as in claim 118, wherein said introduced, modified or replacement credential is introduced or modified by said first intermediate network device in multiple packets of information transmitted during a communication session.
  - 115. The network device as set forth in claim 118, wherein said at least one credential is replaced with a substitute credential introduced by said intermediate device into multiple packets of information transmitted during a communication session.
  - 118. The network device as in claim 109, wherein said at least one introduced, modified or replacement credential resides in an optional portion of said header portion of said packet formed in accordance with said industry standard communication protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Igor V. Balabine, Ilya G. Minkin, William G. Friedman
Original Assignee
Igor V. Balabine, Ilya G. Minkin, William G. Friedman
Inventors
Balabine, Igor V., Friedman, William G., Minkin, Ilya G.

Application Number

US14/852,473
Publication Number

US 20160072787A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/12 Applying verification of th...

METHOD FOR CREATING SECURE SUBNETWORKS ON A GENERAL PURPOSE NETWORK

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

118 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR CREATING SECURE SUBNETWORKS ON A GENERAL PURPOSE NETWORK

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

118 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links