Apparatus, method and system for improving network security
First Claim
1. A system for protecting sensitive information in a network comprising:
- a network component for storing the sensitive information necessary for authorized network access;
a network device, attachable to the network, that lacks the sensitive information necessary for authorized network access and is inoperative, at least in part, until the sensitive information is stored therein;
wherein, when the network device is attached to the network, the sensitive information necessary for authorized network access is downloaded from the network component and stored in the network device so that the network device becomes operational;
wherein, when the network device is disconnected from the network, the sensitive information necessary for authorized network access is erased from the network device, thereby making the network device inoperative at least in part and removing the sensitive information necessary for authorized network access from the network device;
wherein the network component is located in a secure environment comprising security for both physical access and network communications;
wherein the sensitive information necessary for authorized network access is selected from the group consisting of configuration information, a software image, and a combination of the forgoing; and
wherein the sensitive information is bundled with self-extracting software as stored at the network component.
8 Assignments
0 Petitions
Accused Products
Abstract
Devices, systems and related methods are disclosed for improving operational security of a network and/or network devices, such as wireless access points (APs). In the disclosed systems, a network device is not fully operational until it is attached to a network and downloads sensitive information. The information is stored in the network device so that when the device is disconnected from the network, the sensitive information is erased from the device, making the device inoperative and removing sensitive information, such as passwords, network security keys, or the like. Disabling the network device in this manner not only prevents the theft of sensitive network access information, by also discourages theft of the device itself because it cannot be used on another network without the configuration information. In addition to downloading configuration information, the network device can also download an executable image that is likewise not permanently resident on the device.
-
Citations
19 Claims
-
1. A system for protecting sensitive information in a network comprising:
-
a network component for storing the sensitive information necessary for authorized network access; a network device, attachable to the network, that lacks the sensitive information necessary for authorized network access and is inoperative, at least in part, until the sensitive information is stored therein; wherein, when the network device is attached to the network, the sensitive information necessary for authorized network access is downloaded from the network component and stored in the network device so that the network device becomes operational; wherein, when the network device is disconnected from the network, the sensitive information necessary for authorized network access is erased from the network device, thereby making the network device inoperative at least in part and removing the sensitive information necessary for authorized network access from the network device; wherein the network component is located in a secure environment comprising security for both physical access and network communications; wherein the sensitive information necessary for authorized network access is selected from the group consisting of configuration information, a software image, and a combination of the forgoing; and wherein the sensitive information is bundled with self-extracting software as stored at the network component. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for protecting sensitive information in a network comprising:
-
storing the sensitive information necessary for authorized network access at a network component; attaching a network device to the network, the network device lacking the sensitive information necessary for authorized network access and being inoperative, at least in part, until the sensitive information necessary for authorized network access is stored therein; downloading the sensitive information necessary for authorized network access from the network component to the network device; storing the sensitive information necessary for authorized network access in the network device so that the network device becomes operational on the network; when the network device is disconnected from the network, erasing the sensitive information necessary for authorized network access from the network device, thereby rendering the network device inoperative, at least in part; wherein the network component is located in a secure environment comprising security for both physical access and network communications; wherein the sensitive information necessary for authorized network access is selected from the group consisting of configuration information, a software image, and a combination of the forgoing; and wherein the sensitive information is bundled with self-extracting software as stored at the network component. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A device that is non-operational on a network unless the device is storing configuration information necessary for authorized network access comprising:
-
an interface for communicating with the network; a memory whose contents are erased upon loss of power to the device; means for downloading from a network component of the network and storing in the memory the configuration information necessary for authorized network access so that the configuration information necessary for authorized network access is not retained when the device is powered down, wherein the configuration information necessary for authorized network access, when stored in the memory, permits the device to operate on the network; wherein the device is a wireless access point (AP); wherein the network component is located in a secure environment comprising security for both physical access and network communications; wherein the means for downloading includes a bootstrap program for downloading from the network an executable image; wherein the executable image permits the device to download the configuration information necessary for authorized network access; wherein the configuration information necessary for authorized network access includes security information for allowing end user devices to access the network through the wireless AP; and wherein the device provides network access to a voice over IP phone that stores the security information and a software image in volatile memory. - View Dependent Claims (14, 15)
-
-
16. A network system, comprising:
-
a switch for attaching a device to a network so that information can be communicated between the device and the network system, wherein the device is not fully operational when first connected to the switch; and means for downloading configuration information necessary for authorized network access from a network component of the network system to a volatile memory included in the device in response to a request from the device, so that the configuration information necessary for authorized network access is not retained in the device when the device is powered down, the device being operable on the network after the configuration information necessary for authorized network access is downloaded into the volatile memory; means for downloading an executable image from the network system to the device; wherein the request is generated by running the executable image on the device; wherein the device is a wireless access point (AP); wherein the network component is located in a secure environment comprising security for both physical access and network communications; wherein the configuration information necessary for authorized network access includes security information for allowing end user devices to access the network system through a wireless AP; and wherein the device provides network access to a voice over IP phone that stores the security information and a software image in volatile memory. - View Dependent Claims (17, 18, 19)
-
Specification