Authenticated dynamic address assignment

US 7,451,312 B2
Filed: 03/05/2001
Issued: 11/11/2008
Est. Priority Date: 03/07/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of providing configuration parameters to an uninitialized client in a client-server broadcast network, said method comprising:

receiving at a proxy connected to said broadcast network a local broadcast communication initiated by said uninitialized client and intended for reception at a trusted key source, wherein said local broadcast communication includes the hardware address for said uninitialized client and wherein said proxy operates as a security intermediary between said uninitialized client and said trusted key source;

recording said hardware address for said uninitialized client at said proxy;

adding at said proxy authorization data to said received local broadcast communication when said received local broadcast communication does not include said authorization data;

forwarding said received local broadcast communication from said proxy to said trusted key source;

utilizing said trusted key source to perform a mutual authentication with said unitialized client;

generating at said trusted key source a ticket which includes said hardware address for said uninitialized client to said proxy;

forwarding said ticket, upon successful completion of the mutual authentication, from said trusted key source to said uninitialized client via said client-server broadcast network; and

employing said ticket to obtain a network address from said server via an authenticated address assignment protocol.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for an uninitialized client to obtain credentials from a server which are then used to provide authenticated exchange for network configuration parameter assignment. The obtained credentials can be applied to an authentication option when a dynamic host configuration protocol (DHCP) is being used for address assignment.

60 Citations

View as Search Results

12 Claims

1. A method of providing configuration parameters to an uninitialized client in a client-server broadcast network, said method comprising:
- receiving at a proxy connected to said broadcast network a local broadcast communication initiated by said uninitialized client and intended for reception at a trusted key source, wherein said local broadcast communication includes the hardware address for said uninitialized client and wherein said proxy operates as a security intermediary between said uninitialized client and said trusted key source;
  
  recording said hardware address for said uninitialized client at said proxy;
  
  adding at said proxy authorization data to said received local broadcast communication when said received local broadcast communication does not include said authorization data;
  
  forwarding said received local broadcast communication from said proxy to said trusted key source;
  
  utilizing said trusted key source to perform a mutual authentication with said unitialized client;
  
  generating at said trusted key source a ticket which includes said hardware address for said uninitialized client to said proxy;
  
  forwarding said ticket, upon successful completion of the mutual authentication, from said trusted key source to said uninitialized client via said client-server broadcast network; and
  
  employing said ticket to obtain a network address from said server via an authenticated address assignment protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as described in claim 1 and wherein said employing said ticket to obtain a network address comprises:
    - sending an authenticated first message in said authenticated address assignment protocol from said uninitialized client to said server.
  - 3. The method as described in claim 2 wherein said authenticated first message is authenticated with said ticket.
  - 4. The method as described in claim 1 wherein said utilizing a trusted key source to provide ticket to said proxy comprises:
    - utilizing a Kerberos key management protocol.
  - 5. The method as described in claim 1 wherein said employing said ticket to obtain a network address from said server via an authenticated address assignment protocol comprises:
    - utilizing Dynamic Host Configuration Protocol.
  - 6. The method as described in claim 1 wherein said employing said ticket to obtain a network address from said server via an authenticated address assignment protocol comprises:
    - utilizing said authenticated address assignment protocol selected from a set of a plurality of address assignment protocols.
  - 7. The method as described in claim 6 wherein said plurality of authenticated address assignment protocols comprises:
    - Dynamic Host Configuration Protocol; and
      
      RSIP.
  - 8. The method as described in claim 1 wherein said employing said ticket to obtain a network address from said server via an authenticated address assignment protocol comprises:
    - obtaining an IP address.
  - 9. The method as described in claim 1 wherein said act of employing a trusted key source to provide ticket to said uninitialized client is not embedded in said authenticated address assignment protocol.
  - 10. The method as described in claim 1, wherein said authorization data identifies a realm.
  - 11. The method as described in claim 10, wherein said realm is a Kerberos administrative domain that represents a group of principals registered at a Kerberos key distribution center.
  - 12. The method as described in claim 11, wherein said realm comprises at least one of an uninitialized client realm, a Kerberos realm, or a Dynamic Host Configuration Protocol server realm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Medvinsky, Alexander, Lalwaney, Poornima
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
Dada; Beemnet W

Application Number

US09/799,918
Publication Number

US 20010047484A1
Time in Patent Office

2,808 Days
Field of Search

713/168, 713/100, 713/200, 713/151, 713/153, 713/154, 713/169, 713/170, 709/203, 709/245, 709/222, 709/226, 726/10, 726/15, 726/11, 726/12, 726/13, 380/278, 380/279, 380/282
US Class Current

713/168
CPC Class Codes

H04L 2101/604   Address structures or formats

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5014   using dynamic host configur...

H04L 61/5053   Lease time; Renewal aspects

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Authenticated dynamic address assignment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticated dynamic address assignment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links