Security system and method for network element access

US 6,088,451 A
Filed: 06/28/1996
Issued: 07/11/2000
Est. Priority Date: 06/28/1996
Status: Expired due to Term

First Claim

Patent Images

1. A system for securing access to network elements by user elements, wherein the network elements and the user elements are coupled to a network, the system comprising:

a network security server coupled to the network, wherein said network security server provides security mechanisms to control access to the network elements and protect network resources and information, wherein said security mechanisms comprise;

an authentication server that prepares a response message responsible for authentication of the network users to network elements;

a credential server responsible for controlling the network user credentials or privileges;

a network element access server responsible for controlling of access to the network elements by the user elements, wherein access to the network by the user is based upon verification of a combination of the credentials; and

a registration database to facilitate administration and management of access to the network by the user elements, wherein said registration database stores user identifiers, a list of user credentials, user passwords and administrative information to enhance effectiveness of said security mechanisms;

wherein each of the user elements and the network elements includes a separate local access control means operating in conjunction with said security mechanisms to facilitate secure communication of data over the network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for securing access to network elements by user elements, wherein the network elements and the user elements are coupled to a network. A network security server coupled to the network, wherein the network security server provides network security mechanisms to control access to the network elements and protect network resources and information. The network security mechanisms include: an authentication server responsible for authentication of the network users to network elements, a credential server responsible for controlling the network user credentials or privileges, and a network element access server responsible for controlling of access to the network elements by the user elements. A registration database facilitates administration and management of access to the network by the user elements. The registration database stores user profiles and administrative information to enhance effectiveness of the network security mechanisms. Each of the user elements and the network elements includes a separate local access control means as an interface that is provided at each user element and operates in conjunction with the authentication server, the credential server, and the network element access server to facilitate secure communication of data over the network.

716 Citations

21 Claims

1. A system for securing access to network elements by user elements, wherein the network elements and the user elements are coupled to a network, the system comprising:
- a network security server coupled to the network, wherein said network security server provides security mechanisms to control access to the network elements and protect network resources and information, wherein said security mechanisms comprise;
  
  an authentication server that prepares a response message responsible for authentication of the network users to network elements;
  
  a credential server responsible for controlling the network user credentials or privileges;
  
  a network element access server responsible for controlling of access to the network elements by the user elements, wherein access to the network by the user is based upon verification of a combination of the credentials; and
  
  a registration database to facilitate administration and management of access to the network by the user elements, wherein said registration database stores user identifiers, a list of user credentials, user passwords and administrative information to enhance effectiveness of said security mechanisms;
  
  wherein each of the user elements and the network elements includes a separate local access control means operating in conjunction with said security mechanisms to facilitate secure communication of data over the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the network security server issues a general ticket to each user element at log in, wherein said general ticket is used by the network security server for authentication of access requests by the user elements.
  - 3. The system of claim 2, wherein one of said security mechanisms includes first means for providing a session ticket to a requesting element in response to a network element access request to access any resource or information in a selected element, wherein said requesting element and said selected element can be one of the user or network elements, and said session ticket includes information that has to be present for all communication between said requesting element and said selected element.
  - 4. The system of claim 2, wherein one of said security mechanisms includes second means for providing a unique session key to a requesting element in response to a network element access request to access any resource or information in a selected element, wherein said requesting element and said selected element can be one of the user or network elements, and said unique session key is used by said local access control means associated with said requesting element and said selected element for encryption and decryption of communications between said requesting element and said selected element.
  - 5. The system of claim 3, wherein one of said security mechanisms includes second means for providing a unique session key to a requesting element in response to a network element access requests to access any resource or information in a selected element, wherein said requesting element and said selected element can be one of the user or network elements, and said unique session key is used by said local access control means associated with each of said requesting element and said selected element for encryption and decryption of communications between said requesting element and said selected element.
  - 6. The system of claim 4, wherein said local access control means associated with each of said requesting element and said selected element uses integrity checksums to ensure integrity of data communicated between said requesting element and said selected element.
  - 7. The system of claim 2, whereinthe network includes at least one logical partition creating a plurality of realms, each of said plurality of realms includes its own network security server, andsaid network security servers associated with said plurality of realms include inter-realm authentication means for communication between said plurality of realms.
  - 8. The system of claim 7, wherein said security servers associated with said plurality of realms share said registration database.
  - 9. The system of claim 2, further comprising a dial-up server to permit dial-up users access to the network elements through the network, wherein said dial-up server supports a network communication protocol to connect the dial-up users to the network and a dial-up access protocol to connect the dial-up users to a dial-up access network.

10. A method for providing security of access to network elements by user elements and protect network resources and information, wherein the network and user elements are coupled to a network including a network security server, the method comprising the steps of:
- providing authentication of users to the network elements using an authentication server that prepares a response message associated with the network security server;
  
  managing network user credentials or privileges using a credential server associated with the authentication server;
  
  controlling access to the network elements by the user elements using a network element access server associated with the authentication server and the credential server, wherein access to the network by the user is based upon verification of a combination of the credentials;
  
  storing user identifiers, a list of user credentials, user passwords and administrative information in a registration database associated with the network security server, to facilitate administration and management of access to the network elements by the user elements; and
  
  providing a separate local access control means for each user element and each network element, wherein each local access control means operates in conjunction with the network security server to facilitate secure communication of data over the network.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 11. The method of claim 10, further comprising the step of issuing a general ticket to each user element at log in, wherein said general ticket is used by the network security server for authentication of access requests by the user elements.
  - 12. The method of claim 11, further comprising the step of:
    - providing a session ticket to a requesting element in response to a network element access request to access any resource or information in a selected element,wherein said requesting element and said selected element can be one of the user or network elements, and said session ticket includes information that has to be present for all communication between said requesting element and said selected element.
  - 13. The method of claim 12, wherein said step of providing a session ticket is performed by the network security server.
  - 14. The method of claim 11, further comprising the step ofproviding a unique session key to a requesting element in response to a network element access request to access any resource or information in a selected element,wherein said requesting element and said selected element can be one of the user or network elements.
  - 15. The method of claim 14, further comprising the step of using said unique session key for encryption and decryption of communications between said requesting element and said selected element.
  - 16. The method of claim 15, further comprising the step of performing said encryption and decryption using said local access control means associated with said requesting element and said selected element.
  - 17. The method of claim 16, further comprising the step of using integrity checksums to ensure integrity of data communicated between said requesting element and said selected element.
  - 18. The method of claim 16, further comprising the step of using integrity checksums to verify communications between said requesting element and said selected element.
  - 19. The method of claim 11, further comprising the step oflogically partitioning the network to create at least two separate realms,providing each realm with its own network security server and an inter-realm authentication means for communication with another of said at least two separate realms.
  - 20. The method of claim 19, further comprising the step of permitting said at least two separate realms to share said registration database.
  - 21. The method of claim 11, further comprising the step of:
    - including a dial-up server a dial-up server to permit dial-up users access to the network elements through the network,wherein said dial-up server supports a network communication protocol to connect the dial-up users to the network and a dial-up access protocol to connect the dial-up users to a dial-up access network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
MCI Communications Corporation (Verizon Communications Inc.)
Inventors
Hall, Randle D., He, Jingsha
Primary Examiner(s)
Oen, William
Assistant Examiner(s)
CLARK, ROBIN C

Application Number

US08/674,638
Time in Patent Office

1,474 Days
Field of Search

380/28, 380/25, 380/9, 380/23, 395/200.47, 395/200.49, 395/200.55, 395/200.59, 395/187.01, 395/200.57, 395/739
US Class Current

726/8
CPC Class Codes

H04L 63/0807 using tickets, e.g. Kerbero...

H04L 63/20 for managing network securi...

Security system and method for network element access

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

716 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Security system and method for network element access

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

716 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others