Method and apparatus for restricting outbound access to remote equipment

US 6,161,182 A
Filed: 03/06/1998
Issued: 12/12/2000
Est. Priority Date: 03/06/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of accessing a remote device on a communications network, said method comprising the steps of:

receiving a first challenge from the remote device;

transmitting the first challenge to a centralized token generator;

receiving a second challenge from the centralized token generator for access control;

transmitting a response to the second challenge to the centralized token generator;

obtaining a token for accessing the remote device if the response to the second challenge is correct;

transmitting the token to the remote device as a response to the first challenge; and

obtaining access to the remote device if the response to the first challenge is correct.

View all claims

19 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A centralized token generating server is disclosed for limiting access to remote equipment. The token generating server provides outgoing authentication of a user, before permitting the user to leave the network environment to access remote equipment. The token generating server generates responses (tokens) for authorized users to satisfy challenges posed by remote equipment and maintains a log of all processed transactions. The token generating server provides an initial outbound access control, whenever a user desires to leave the network environment to access remote equipment, and the remote equipment performs a secondary authorization to ensure that a given user can access the given remote equipment. Each attempt by a user to obtain token-regulated access to remote equipment requires two token management sessions. During a token acquisition process, the user establishes a first session with the token generating server to obtain an access token to obtain access to a given piece of remote equipment. The initial session terminates once the token is acquired and the user accesses the remote equipment. Once the user has completed accessing the remote equipment, a second session is established between the user and the token generating server to terminate the session. An access transaction is complete when the active session is terminated and the token generating server is notified.

351 Citations

36 Claims

1. A method of accessing a remote device on a communications network, said method comprising the steps of:
- receiving a first challenge from the remote device;
  
  transmitting the first challenge to a centralized token generator;
  
  receiving a second challenge from the centralized token generator for access control;
  
  transmitting a response to the second challenge to the centralized token generator;
  
  obtaining a token for accessing the remote device if the response to the second challenge is correct;
  
  transmitting the token to the remote device as a response to the first challenge; and
  
  obtaining access to the remote device if the response to the first challenge is correct.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The access control method according to claim 1, wherein the first challenge is a random number, the remote device has an associated secret key, and the response to the first challenge is calculated by encrypting said first challenge with the key of said remote device.
  - 3. The access control method according to claim 1, wherein the second challenge is a random number, the user has an associated secret key, and the response to the second challenge is calculated by encrypting said second challenge with the key of said user.
  - 4. The access control method according to claim 1, wherein said token generator is a centralized outbound device.
  - 5. The access control method according to claim 1, further comprising the step of creating a log entry identifying said access to said remote device.
  - 6. The access control method according to claim 1, further comprising the step of notifying said token generator when said access to said remote device has terminated.
  - 7. The access control method according to claim 6, further comprising the step of authenticating said user upon notifying said token generator of said termination.
  - 8. The access control method according to claim 5, wherein said log entry identifies said user and said remote device.
  - 9. The access control method according to claim 5, wherein said log entry identifies the reason for said access to said remote device.
  - 10. The access control method according to claim 5, wherein said log entry identifies the duration of said access to said remote device.

11. A method of restricting access to a remote device on a communications network, said method comprising the steps of:
- receiving a first challenge issued by the remote device from a remote user attempting to access said remote device;
  
  transmitting a second challenge to the remote user for access control;
  
  receiving a response to the second challenge from the remote user; and
  
  transmitting a token to the remote user if the response to the second challenge is correct, said token being used as a response to the first challenge to obtain access to the remote device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The access control method according to claim 11, wherein the first challenge is a random number, the remote device has an associated secret key, and the response to the first challenge is calculated by encrypting said first challenge with the key of said remote device.
  - 13. The access control method according to claim 11, wherein the second challenge is a random number, the user has an associated secret key, and the response to the second challenge is calculated by encrypting said second challenge with the key of said user.
  - 14. The access control method according to claim 11, wherein said method is performed by a centralized outbound token generator.
  - 15. The access control method according to claim 11, further comprising the step of creating a log entry identifying said access to said remote device.
  - 16. The access control method according to claim 15, wherein said log entry identifies said user and said remote device.
  - 17. The access control method according to claim 15, wherein said log entry identifies the reason for said access to said remote device.
  - 18. The access control method according to claim 15, wherein said log entry identifies the duration of said access to said remote device.
  - 19. The access control method according to claim 11, further comprising the step of receiving a notification when said access to said remote device has terminated.
  - 20. The access control method according to claim 19, further comprising the step of authenticating said user upon receiving said notification of said termination.

21. A user method for accessing a remote device on a communications network, said method comprising the steps of:
- receiving a challenge from the remote device;
  
  transmitting the challenge to a centralized token generator;
  
  obtaining a token for accessing the remote device from the centralized token generator if the centralized token generator authenticates said user;
  
  transmitting the token to the remote device as a response to the challenge; and
  
  obtaining access to the remote device if the response to the challenge is correct.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The access control method according to claim 21, wherein the challenge is a random number, the remote device has an associated secret key, and the response to the challenge is calculated by encrypting said challenge with the key of said remote device.
  - 23. The access control method according to claim 21, further comprising the step of creating a log entry identifying said access to said remote device.
  - 24. The access control method according to claim 21, further comprising the step of notifying said token generator when said access to said remote device has terminated.
  - 25. The access control method according to claim 24, further comprising the step of authenticating said user upon notifying said token generator of said termination.

26. A centralized token generator for restricting access to a remote device on a communications network, comprising:
- an input for receiving a challenge issued by the remote device from a remote user attempting to access said remote device;
  
  a processor for calculating a token if said remote user is authorized to access said remote device; and
  
  an output for transmitting said token to the remote user, said token being used by said remote user as a response to the challenge to obtain access to the remote device.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 27. The token generator according to claim 26, wherein the challenge is a random number, the remote device has an associated secret key, and the token is calculated by encrypting said first challenge with the key of said remote device.
  - 28. The token generator according to claim 26, wherein said token generator is centralized.
  - 29. The token generator according to claim 26, wherein said processor creates a log entry identifying said access to said remote device.
  - 30. The token generator according to claim 29, wherein said log entry identifies said user and said remote device.
  - 31. The token generator according to claim 29, wherein said log entry identifies the reason for said access to said remote device.
  - 32. The token generator according to claim 29, wherein said log entry identifies the duration of said access to said remote device.
  - 33. The token generator according to claim 26, further comprising an input for receiving a notification when said access to said remote device has terminated.
  - 34. The token generator according to claim 33, wherein said processor authenticates said user upon receiving said notification of said termination.
  - 35. The token generator according to claim 26, wherein said processor determines that user is authorized to access said remote device by transmitting a second challenge to said user and receiving a response to said second challenge.
  - 36. The token generator according to claim 35, wherein the second challenge is a random number, the user has an associated secret key, and the response to the second challenge is calculated by encrypting said second challenge with the key of said user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Inventors
Nadooshan, Mehrdad Jamei
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/036,332
Time in Patent Office

1,012 Days
Field of Search

380/255, 713/201, 713/168, 713/172, 713/182, 713/185
US Class Current

713/172
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06F 2221/2115   Third party

H04L 63/0807   using tickets, e.g. Kerbero...

Method and apparatus for restricting outbound access to remote equipment

First Claim

19 Assignments

0 Petitions

Accused Products

Abstract

351 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for restricting outbound access to remote equipment

First Claim

19 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

351 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links