Network security device and method

US 7,346,783 B1
Filed: 12/05/2001
Issued: 03/18/2008
Est. Priority Date: 10/19/2001
Status: Expired due to Term

First Claim

Patent Images

1. A security mechanism for enabling a user to commence a session between a network peripheral device and a network, comprising:

an immutable memory element that contains first information including application software that initiates and provides security services;

a persistent memory element that contains second information to enable the security mechanism to configure the network peripheral device to access different networks;

a volatile memory element that contains third information, including the critical data for authentication, said third information erased from the volatile memory at the completion of each connection session; and

a tamper-evident enclosure for enclosing the memory elements.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention describes a method for hardening a security mechanism against physical intrusion and substitution attacks. A user establishes a connection between a network peripheral device and a network via a security mechanism. The security mechanism includes read only memory (ROM) that contains code that initiates operation of the mechanism and performs authentication functions. A persistent memory contains configuration information. A volatile memory stores user and device identification information that remains valid only for a given session and is erased thereafter to prevent a future security breach. A tamper-evident enclosure surrounds the memory elements, which if breached, becomes readily apparent to the user.

64 Citations

View as Search Results

11 Claims

1. A security mechanism for enabling a user to commence a session between a network peripheral device and a network, comprising:
- an immutable memory element that contains first information including application software that initiates and provides security services;
  
  a persistent memory element that contains second information to enable the security mechanism to configure the network peripheral device to access different networks;
  
  a volatile memory element that contains third information, including the critical data for authentication, said third information erased from the volatile memory at the completion of each connection session; and
  
  a tamper-evident enclosure for enclosing the memory elements.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The security mechanism according to claim 1 wherein the security services include authentication of the security mechanism itself and authentication of the user to the network upon receipt of identification information from the security mechanism and the user, respectively.
  - 3. The security mechanism according to claim 1 wherein the immutable memory contains a private key for encrypting the user and security mechanism identification information.
  - 4. The security mechanism according to claim 1 wherein the immutable memory comprises a Read-Only Memory (ROM).
  - 5. The security mechanism according to claim 4 wherein the immutable memory further includes a Write-once ROM.
  - 6. The security mechanism according to claim 1 wherein the persistent memory comprises at least one of one of a Complementary Metal Oxide Semiconductor Random Access Memory (CMOSRAM) and a Programmable Read Only Memory (PROM).
  - 7. The security mechanism according to claim 1 wherein the volatile memory comprises a random access memory.
  - 8. The security mechanism according to claim 1 wherein the tamper evident enclosure readily exhibits any attempt to gain access there through to the memory elements enclosed therein.
  - 9. The security mechanism according to claim 1 wherein the physical security of the security mechanism depends on the degree of tamper resistance of the enclosure.

10. A method for facilitating a secure connection session with a user between a network peripheral device and a network, comprising the steps of:
- accessing an immutable memory element that contains first information that provides security services;
  
  accessing a persistent memory element that contains second information including configuration information to enable the security mechanism to configure the network peripheral device to access the network;
  
  accessing a volatile memory element that contains third information, including critical data for authentication; and
  
  erasing said third information not later than the end of the connection session so no third information remains in the volatile memory between sessions.
- View Dependent Claims (11)
- - 11. The method according to claim 10 wherein the security services include authentication of the security mechanism itself and authentication of the user to the network upon receipt of identification information from the security mechanism and the user, respectively.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Corporation (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Hebrais, Philippe, Carrico, Sandra Lynn
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Cervetti; David Garcia

Application Number

US10/005,113
Time in Patent Office

2,295 Days
Field of Search

713/194
US Class Current

713/194
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 63/04   for providing a confidentia...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

Network security device and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Network security device and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links