Virtual dial-up protocol for network communication

US 6,308,213 B1
Filed: 05/10/1999
Issued: 10/23/2001
Est. Priority Date: 07/29/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for creating a secure dial-up session from a remote client to a local network through an internet service provider, comprising:

establishing a first communication link between the remote client and the internet service provider;

sending a random number from the internet service provider to the remote client;

encrypting the random number according to a remote client password to obtain a first keyed random number with the remote client;

transmitting a remote client name and the first keyed random number from the remote client to the internet service provider;

transmitting the remote client name, the random number, and the first keyed random number from the internet service provider to a local network;

mapping the remote client name with a corresponding prestored client password at the local network;

encrypting the random number according to the prestored client password to obtain a second keyed random number;

comparing the first keyed random number with the second keyed random number to authenticate the remote client; and

establishing a second communication link between the internet service provider and the local network when the first keyed random number is authenticated with the second keyed random number.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A layer two forwarding protocol (L2F) provides virtual direct dial-up service into private networks through public internet service providers. An authorized remote client appears as a direct dial-up client to the home gateway, even through the client is accessing the home gateway remotely through the ISP. The new forwarding protocol allows the remote client to conduct point-to-point link protocols, such as point-to-point protocol (PPP) and serial line interface protocol (SLIP) directly with the local network home gateway. The network access server changes from a routing mode where a communication protocol is conducted with the client to a switching mode where the POP simply sends data from one port to a tunnel. The tunnel then transmits the data to another port, regardless of the header information on transmitted data packets. The remote client can then be managed through databases controlled by the local network and gain access to resources not typically accessible through the internet. The layer two forwarding protocol conducts an independent authorization session to prevent unauthorized access to the private network and provides point-to-point protocol transport over the internet independently of internet transport protocols.

177 Citations

21 Claims

1. A method for creating a secure dial-up session from a remote client to a local network through an internet service provider, comprising:
- establishing a first communication link between the remote client and the internet service provider;
  
  sending a random number from the internet service provider to the remote client;
  
  encrypting the random number according to a remote client password to obtain a first keyed random number with the remote client;
  
  transmitting a remote client name and the first keyed random number from the remote client to the internet service provider;
  
  transmitting the remote client name, the random number, and the first keyed random number from the internet service provider to a local network;
  
  mapping the remote client name with a corresponding prestored client password at the local network;
  
  encrypting the random number according to the prestored client password to obtain a second keyed random number;
  
  comparing the first keyed random number with the second keyed random number to authenticate the remote client; and
  
  establishing a second communication link between the internet service provider and the local network when the first keyed random number is authenticated with the second keyed random number.
- View Dependent Claims (2, 3, 4)
- - 2. A method according to claim 1 including conducting a layer-2 forwarding protocol between the internet service provider and the local network that projects the first communication link from the remote client to the local network.
  - 3. A method according to claim 1 wherein the remote client:
4. A method according to claim 1 including encrypting the random number according to the remote client password at both the remote client and at the local network while the remote client password remains unknown to the internet service provider.

5. A method for establishing a secure virtual dial-up link with a network access server, comprising:
- conducting a point-to-point protocol session with a remote client;
  
  identifying when the remote client has a virtual dial-up address authorized to access a local network;
  
  sending a random number to the identified remote client enabling the remote client to conduct a first encryption of the random number according to a remote client password;
  
  forwarding a remote client name, the random number and the first encrypted random number to the local network enabling a second independent encryption of the random number at the local network using a prestored password corresponding with the remote client;
  
  establishing a virtual direct dial-up link from the remote client to the local network when the first encrypted random number matches the second encrypted random number.
- View Dependent Claims (6, 7, 8, 9, 10)
- - 6. A method according to claim 5 wherein establishing the virtual direct dial-up link comprises encapsulating the point-to-point protocol session in an internet protocol and projecting the encapsulated point-to-point protocol session through a tunnel.
  - 7. A method according to claim 6 including identifying packets transmitted from multiple remote clients having a multiplex identification field and attaching headers to the identified packets for multiplexing the multiple remote clients through the same tunnel at the same time.
  - 8. A method according to claim 7 wherein the header includes a client ID field for demultiplexing the multiple remote clients in the same tunnel.
  - 9. A method according to claim 8 wherein the header includes a packet key for conducting the second independent encryption of the random number at the local network.
  - 10. A method according to claim 5 including initiating the point to point protocol session between the remote client and the local network by sending a set-up notification packet to the local network, the set-up notification packet having LCP parameters for a completed LCP negotiation between the remote client and the network access server.

11. A network access server, comprising:
- a first interface receiving a point-to-point protocol session with a remote client;
  
  a second interface connected to an internet infrastructure for transferring information using an internet protocol; and
  
  a processor and memory connected between the first interface and the second interface, the processor attaching forwarding protocol headers to packets transferred during the point-to-point protocol session for projecting the point-to-point protocol session through the internet infrastructure to a local network independently of the internet protocol.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. A network access server according to claim 11 wherein the processor negotiates a tunnel through the internet infrastructure to the local network and transmits the packets having the forwarding protocol headers and the point-to-point protocol session over the tunnel.
  - 13. A network access server according to claim 12 wherein the tunnel is established independently of a dial-up phone number used by the remote client for dialing up the network access server.
  - 14. A network access server according to claim 11 wherein the forwarding protocol headers include a multiplex ID field for multiplexing the packets from different point-to-point link sessions in a common tunnel.
  - 15. A network access server according to claim 14 wherein the forwarding protocol headers include a client ID field for identifying and demultiplexing the packets in the common tunnel at the local network.
  - 16. A network access server according to claim 11 wherein the forwarding protocol headers include a packet key field for authenticating the packets.
  - 17. A network access server according to claim 11 wherein the forwarding protocol headers include the following:

18. A gateway for securing a dial-up session between a remote client and a local network, comprising:
- a first interface connected to the remote client for receiving a remote client name, a random number and a first encrypted random number;
  
  a second interface connected to the local network; and
  
  a processor and memory connected between the first and second interface independently generating a second encrypted random number according to a prestored password in the memory corresponding with the remote client name, the processor establishing a virtual direct dial-up link between the remote client and the local network when the second encrypted random number matches the first encrypted random number.
- View Dependent Claims (19, 20, 21)
- - 19. A gateway according to claim 18 wherein the virtual direct dial-up link includes conducting a layer-2 forwarding protocol that projects a point-to-point link from the remote client to the local network.
  - 20. A gateway according to claim 19 wherein the layer-2 forwarding protocol includes establishing a tunnel connection between the remote client and the local network.
  - 21. A gateway according to claim 18 wherein a slot in the tunnel assigned to the remote client is disconnected by the processor if the remote client name is not prestored in the memory or the second random number does not match the first random number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Valencia, Andrew J.
Primary Examiner(s)
BAROT, BHARAT

Application Number

US09/309,166
Time in Patent Office

897 Days
Field of Search

709/200-203, 709/227-232, 709/236, 709/246, 713/151-153, 713/155, 713/166, 713/171-172, 713/200-201
US Class Current

709/229
CPC Class Codes

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/2859   Point-to-point connection b...

H04L 12/2872   Termination of subscriber c...

H04L 12/2898   Subscriber equipments DSL m...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/162   at the data link layer

H04L 69/14   Multichannel or multilink p...

H04L 69/24   Negotiation of communicatio...

H04L 9/40   Network security protocols

Virtual dial-up protocol for network communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

177 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual dial-up protocol for network communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

177 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links