Network security device and method
First Claim
1. A security mechanism for enabling a user to commence a session between a network peripheral device and a network, comprising:
- an immutable memory element that contains first information including application software that initiates and provides security services;
a persistent memory element that contains second information to enable the security mechanism to configure the network peripheral device to access different networks;
a volatile memory element that contains third information, including the critical data for authentication, said third information erased from the volatile memory at the completion of each connection session; and
a tamper-evident enclosure for enclosing the memory elements.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention describes a method for hardening a security mechanism against physical intrusion and substitution attacks. A user establishes a connection between a network peripheral device and a network via a security mechanism. The security mechanism includes read only memory (ROM) that contains code that initiates operation of the mechanism and performs authentication functions. A persistent memory contains configuration information. A volatile memory stores user and device identification information that remains valid only for a given session and is erased thereafter to prevent a future security breach. A tamper-evident enclosure surrounds the memory elements, which if breached, becomes readily apparent to the user.
64 Citations
11 Claims
-
1. A security mechanism for enabling a user to commence a session between a network peripheral device and a network, comprising:
-
an immutable memory element that contains first information including application software that initiates and provides security services; a persistent memory element that contains second information to enable the security mechanism to configure the network peripheral device to access different networks; a volatile memory element that contains third information, including the critical data for authentication, said third information erased from the volatile memory at the completion of each connection session; and a tamper-evident enclosure for enclosing the memory elements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for facilitating a secure connection session with a user between a network peripheral device and a network, comprising the steps of:
-
accessing an immutable memory element that contains first information that provides security services; accessing a persistent memory element that contains second information including configuration information to enable the security mechanism to configure the network peripheral device to access the network; accessing a volatile memory element that contains third information, including critical data for authentication; and erasing said third information not later than the end of the connection session so no third information remains in the volatile memory between sessions. - View Dependent Claims (11)
-
Specification