System and method of user authentication for network communication through a policy agent
First Claim
1. A computer-readable medium having computer-executable instructions for operating a policy agent of a network for performing steps comprising:
- detecting a network connection from a client computer on the network;
composing a challenge for authenticating a user of the client computer associated with said network connection, the challenge being encrypted with a private key of the policy agent;
transmitting the challenge to the client computer;
receiving a response from the client computer;
decrypting the response using a public key of the user to obtain a first message digest value;
receiving network data in a form of packets, through the network connection with the client computer;
calculating a second message digest value based on the challenge and a pre-selected number of packets of the received network data;
comparing the first and second message digest values to determine whether a match is found;
if a match is found, then forwarding the network data to their specified recipient, else not forwarding the network data to their specified recipient.
2 Assignments
0 Petitions
Accused Products
Abstract
A policy agent of a network performs an out-of-band user authentication process to verify the identity of a user of a client computer and associates the network data received from the client computer with the user. When the client computer initiates a network data connection to or through the policy agent, the policy agent sends an encrypted challenge to the client computer. The challenge is encrypted with a private key of the policy agent. When the client computer receives the challenge, it decrypts the challenge and prepares a message digest value based on the challenge and the network data sent by the user. The message digest value is then encrypted with the private key of the user to form a response, and the response is sent to the policy agent. The policy agent decrypts the response with the public key of the user to obtain the message digest value and calculates a digest value based on the challenge and the received network data. The policy agent then compares the calculated digest value with the decrypted digest value. A match between the two digest values indicates that the user is successfully authenticated and that the received network data are associated with the user. The policy agent may then apply network policies based on the credentials of the authenticated user.
295 Citations
13 Claims
-
1. A computer-readable medium having computer-executable instructions for operating a policy agent of a network for performing steps comprising:
-
detecting a network connection from a client computer on the network; composing a challenge for authenticating a user of the client computer associated with said network connection, the challenge being encrypted with a private key of the policy agent; transmitting the challenge to the client computer; receiving a response from the client computer; decrypting the response using a public key of the user to obtain a first message digest value; receiving network data in a form of packets, through the network connection with the client computer; calculating a second message digest value based on the challenge and a pre-selected number of packets of the received network data; comparing the first and second message digest values to determine whether a match is found; if a match is found, then forwarding the network data to their specified recipient, else not forwarding the network data to their specified recipient. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of authenticating a user using a client computer on a network to transmit network data through a policy agent of the network, comprising the steps of:
-
detecting by the policy agent a network connection from the client computer for transmitting network data of the user; receiving by the policy agent network data in a form of packets, transmitted through the network connection from the client computer; obtaining, by the policy agent, an identity of the user and a public key of the user; composing, by the policy agent, a challenge encrypted with a private key of the policy agent; sending the challenge to the client computer; decrypting, by the client computer, the challenge; generating, by the client computer, a first message digest value based on the challenge and a pre-selected number of packets of the network data of the user; encrypting, by the client computer, the first message digest value with a private key of the user to create a response; sending the response to the policy agent; decrypting, by the policy agent, the response to obtain the first message digest value; calculating a second message digest value based on the challenge and the network data received through network connections from the client computer; comparing the first and second message digest values to determine whether there is a match there between, and if a match is found, then forwarding, by the policy agent, the network data to their specified recipient, else not forwarding the network data to their specified recipient. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
Specification