Network with secure communications sessions
First Claim
Patent Images
1. A bi-directional security system for a network, comprising:
- at least one client, the client further comprising;
client communication means to communicate with at least one server;
packet reception means to receive transmitted packet data from the server;
means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information;
means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission;
means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server;
means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information; and
means to encrypt at least a portion of the session information in the third packet header prior to transmission; and
the server further comprising;
server communication means to communicate with the client;
packet reception means to receive transmitted packet data from the client;
means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client;
means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information;
means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and
means to decrypt at least a portion of the session information in the third packet header;
whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another.
0 Assignments
0 Petitions
Accused Products
Abstract
A system which uses three way password authentication, encrypting different portions of a logon packet with different keys based on the nature of the communications link. Nodes attached to a particular LAN can have one level of security for data transfer within the LAN while data transfers between LANs on a private network can have a second level of security and LANs connected via public networks can have a third level of security. The level of security can optionally be selected by the user. Data transfers between nodes of a network are kept in separate queues to reduce queue search times and enhance performance.
-
Citations
20 Claims
-
1. A bi-directional security system for a network, comprising:
-
at least one client, the client further comprising; client communication means to communicate with at least one server; packet reception means to receive transmitted packet data from the server; means to generate and transmit a first packet to the server, at least a portion of the first packet having a first packet header containing client identifying information; means to encrypt at least a portion of the client identifying information in the first packet header prior to transmission; means to decrypt at least a portion of the client authenticating information in a second packet header and to determine if the second packet is from the server, the client further having means to terminate the communication if the second packet is from an invalid server; means to generate and transmit a third packet to the server, at least a portion the third packet having a third packet header containing session information; and means to encrypt at least a portion of the session information in the third packet header prior to transmission; and the server further comprising; server communication means to communicate with the client; packet reception means to receive transmitted packet data from the client; means to decrypt at least a portion of the client identifying information in the first packet header and to determine if the first packet is from a valid client, the server further having means to terminate the communication if the first packet is from an invalid client; means to generate and transmit a second packet to the client in response to the first packet, at least a portion the second packet having the second packet header containing client authenticating information; means to encrypt at least a portion of the client authenticating information in the second packet header prior to transmission; and means to decrypt at least a portion of the session information in the third packet header; whereby, the client and the server each verify the validity of the other by transmitting encrypted identifying information to one another. - View Dependent Claims (2, 3, 4)
-
-
5. A bidirectional security system for a network, comprising:
-
at least one client, the client further comprising; means to encrypt a first logon packet; means to transmit the first logon packet to the server; means to decrypt the second logon packet; means to encrypt a third logon packet with session information; a server, further comprising; means to decrypt the first logon packet; means to encrypt a second logon packet with client authenticating information; means to transmit the second logon packet to the client; means to decrypt the third logon packet; and a communication channel capable transmitting packets between the client machine and the server; whereby the client and server can establish secure communications by bi-directionally transmitting encrypted data. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of securely transmitting packet data between a client and a server with encrypted packets, including the steps of:
-
using at least one communication channel to transmit packets between at least one client machine and at least one server; encrypting in the client a first logon packet; transmitting the first logon packet to the server; decrypting the first logon packet in the server; encrypting a second logon packet in the server with client authenticating information; transmitting the second logon packet to the client; decrypting the second logon packet in the client; encrypting in the client a third logon packet with session information; decrypting the third logon packet in the server; whereby the client and server can establish secure communications by bi-directionally transmitting encrypted data. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification