Virtual dial-up protocol for network communication
First Claim
1. A method for creating a secure dial-up session from a remote client to a local network through an internet service provider, comprising:
- establishing a first communication link between the remote client and the internet service provider;
sending a random number from the internet service provider to the remote client;
encrypting the random number according to a remote client password to obtain a first keyed random number with the remote client;
transmitting a remote client name and the first keyed random number from the remote client to the internet service provider;
transmitting the remote client name, the random number, and the first keyed random number from the internet service provider to a local network;
mapping the remote client name with a corresponding prestored client password at the local network;
encrypting the random number according to the prestored client password to obtain a second keyed random number;
comparing the first keyed random number with the second keyed random number to authenticate the remote client; and
establishing a second communication link between the internet service provider and the local network when the first keyed random number is authenticated with the second keyed random number.
1 Assignment
0 Petitions
Accused Products
Abstract
A layer two forwarding protocol (L2F) provides virtual direct dial-up service into private networks through public internet service providers. An authorized remote client appears as a direct dial-up client to the home gateway, even through the client is accessing the home gateway remotely through the ISP. The new forwarding protocol allows the remote client to conduct point-to-point link protocols, such as point-to-point protocol (PPP) and serial line interface protocol (SLIP) directly with the local network home gateway. The network access server changes from a routing mode where a communication protocol is conducted with the client to a switching mode where the POP simply sends data from one port to a tunnel. The tunnel then transmits the data to another port, regardless of the header information on transmitted data packets. The remote client can then be managed through databases controlled by the local network and gain access to resources not typically accessible through the internet. The layer two forwarding protocol conducts an independent authorization session to prevent unauthorized access to the private network and provides point-to-point protocol transport over the internet independently of internet transport protocols.
177 Citations
21 Claims
-
1. A method for creating a secure dial-up session from a remote client to a local network through an internet service provider, comprising:
-
establishing a first communication link between the remote client and the internet service provider;
sending a random number from the internet service provider to the remote client;
encrypting the random number according to a remote client password to obtain a first keyed random number with the remote client;
transmitting a remote client name and the first keyed random number from the remote client to the internet service provider;
transmitting the remote client name, the random number, and the first keyed random number from the internet service provider to a local network;
mapping the remote client name with a corresponding prestored client password at the local network;
encrypting the random number according to the prestored client password to obtain a second keyed random number;
comparing the first keyed random number with the second keyed random number to authenticate the remote client; and
establishing a second communication link between the internet service provider and the local network when the first keyed random number is authenticated with the second keyed random number. - View Dependent Claims (2, 3, 4)
generates the random number;
encrypts the random number according to the remote client password to obtain the first keyed random number; and
transmits the remote client name, the random number, and the first keyed random number directly to the local network.
-
-
4. A method according to claim 1 including encrypting the random number according to the remote client password at both the remote client and at the local network while the remote client password remains unknown to the internet service provider.
-
5. A method for establishing a secure virtual dial-up link with a network access server, comprising:
-
conducting a point-to-point protocol session with a remote client;
identifying when the remote client has a virtual dial-up address authorized to access a local network;
sending a random number to the identified remote client enabling the remote client to conduct a first encryption of the random number according to a remote client password;
forwarding a remote client name, the random number and the first encrypted random number to the local network enabling a second independent encryption of the random number at the local network using a prestored password corresponding with the remote client;
establishing a virtual direct dial-up link from the remote client to the local network when the first encrypted random number matches the second encrypted random number. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A network access server, comprising:
-
a first interface receiving a point-to-point protocol session with a remote client;
a second interface connected to an internet infrastructure for transferring information using an internet protocol; and
a processor and memory connected between the first interface and the second interface, the processor attaching forwarding protocol headers to packets transferred during the point-to-point protocol session for projecting the point-to-point protocol session through the internet infrastructure to a local network independently of the internet protocol. - View Dependent Claims (12, 13, 14, 15, 16, 17)
a client name;
a random number challenge; and
a management message for communicating the status of the transported point-to-point protocol session.
-
-
18. A gateway for securing a dial-up session between a remote client and a local network, comprising:
-
a first interface connected to the remote client for receiving a remote client name, a random number and a first encrypted random number;
a second interface connected to the local network; and
a processor and memory connected between the first and second interface independently generating a second encrypted random number according to a prestored password in the memory corresponding with the remote client name, the processor establishing a virtual direct dial-up link between the remote client and the local network when the second encrypted random number matches the first encrypted random number. - View Dependent Claims (19, 20, 21)
-
Specification