Methods and apparatus for user authentication and interactive unit authentication
First Claim
1. A method, comprising:
- establishing a connection between a virtual private network (VPN) hardware client and an internet;
establishing a connection between a client computer and the internet, where the connection passes through the VPN hardware client;
establishing a tunnel between the client computer and a remote network upon successfully authenticating the virtual private network (VPN) hardware client to the remote network, where the VPN hardware client is operably connected to and remote to the client computer, and where the VPN hardware client is a hardware device,where authenticating the VPN hardware client comprises;
receiving an initial data request from a client computing device;
sending a web page containing a first query for authentication information to said client computing device in response to said initial data request;
receiving first authentication information in response to said first query; and
verifying said first authentication information, and wherein the step of providing the client computing device authentication mechanism comprises;
returning, in response to verifying the first authentication information, a web page containing a query for client authentication information to said client computing device, the web page including information about the status of the secure data connection;
receiving client authentication information from said client computing device; and
verifying said client authentication information;
controlling the VPN hardware client to provide two different levels of access to a user of the client computer, where a first level of access provides access to the internet to an unauthenticated user of the client computer, and where a second level of access provides access to both the internet and to the remote network to a user of the client computer that has been authenticated to the remote network through the tunnel;
examining all data requests received by the VPN hardware client both before the VPN hardware client has been authenticated to the remote network and after the VPN hardware client has been authenticated to the remote network; and
selectively allowing data requests seeking access to the tunnel, where data requests seeking access to the tunnel will be granted access to the tunnel when the data requests are either data requests that do not require that they originate from an authenticated user of the client computer or are data requests from an authenticated user of the client computer.
1 Assignment
0 Petitions
Accused Products
Abstract
In a hardware client for remote logon to a network, a two layer authentication protocol enables authorized users to log on while discouraging unauthorized users. The hardware client prevents logging on to the network if the hardware client is stolen. The hardware client itself is authenticated in the first authentication layer in order to establish a link to the network. Then a client computer authenticates in a second layer and further establishes a secure connection to the network. If the power of the hardware client goes off (as it would if or example it were unplugged for transport), then the authentication is not saved and therefore is lost. The hardware client must be reauthenticated before it can be used again.
39 Citations
17 Claims
-
1. A method, comprising:
-
establishing a connection between a virtual private network (VPN) hardware client and an internet; establishing a connection between a client computer and the internet, where the connection passes through the VPN hardware client; establishing a tunnel between the client computer and a remote network upon successfully authenticating the virtual private network (VPN) hardware client to the remote network, where the VPN hardware client is operably connected to and remote to the client computer, and where the VPN hardware client is a hardware device, where authenticating the VPN hardware client comprises; receiving an initial data request from a client computing device; sending a web page containing a first query for authentication information to said client computing device in response to said initial data request; receiving first authentication information in response to said first query; and verifying said first authentication information, and wherein the step of providing the client computing device authentication mechanism comprises; returning, in response to verifying the first authentication information, a web page containing a query for client authentication information to said client computing device, the web page including information about the status of the secure data connection; receiving client authentication information from said client computing device; and verifying said client authentication information; controlling the VPN hardware client to provide two different levels of access to a user of the client computer, where a first level of access provides access to the internet to an unauthenticated user of the client computer, and where a second level of access provides access to both the internet and to the remote network to a user of the client computer that has been authenticated to the remote network through the tunnel; examining all data requests received by the VPN hardware client both before the VPN hardware client has been authenticated to the remote network and after the VPN hardware client has been authenticated to the remote network; and selectively allowing data requests seeking access to the tunnel, where data requests seeking access to the tunnel will be granted access to the tunnel when the data requests are either data requests that do not require that they originate from an authenticated user of the client computer or are data requests from an authenticated user of the client computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 16)
-
-
8. A method of making a secure connection between a virtual private network (VPN) hardware client and a network, comprising the steps of:
-
A. receiving, at the hardware client, an initial data request from a client computing device; B. sending a first query for authentication information from the hardware client to said client computing device in response to said initial data request; C. receiving, at the hardware client, first authentication information in response to said first query; D. verifying said first authentication information; E. establishing a secure data connection from the hardware client, over a public network, to the network in response to verifying said first authentication information, wherein the secure data connection includes a tunnel between the hardware client and the network; F. receiving a second data request from said client computing device; G. determining whether said second data request is a data type to be transmitted without authentication of said client computing device; a) if yes, directing said second data request to a destination outside said network; b) if no, determining whether said client computing device is authenticated; i) if yes, forwarding the packet across said secure data connection to said network, wherein the packet travels over the tunnel; ii) if no, sending a second query for authentication information to said client computing device; (1) receiving second authentication information from said client computing device, wherein said second authentication information is transmitted over the network; (2) verifying said second authentication information; (3) storing an identifier of said client computing device such that said client is authenticated for subsequent data requests; wherein the method further comprises; examining each data request received by the hardware client prior to authenticating the hardware client to the network and examining each data request received by the hardware client post authenticating the hardware client to the network. - View Dependent Claims (9, 10, 11, 12, 13, 15, 17)
-
-
14. A circuit, comprising:
-
a data communications port; a memory; an authentication table; and a controller coupled to said data communications port, said memory and said authentication table, said controller being configured to; authenticate to a network; establish a secure data connection over a public network, the secure data connection including a tunnel between a virtual private network (VPN) hardware client and the network, in response to authenticating; provide a client computing device authentication mechanism for authenticating at least one client computing device connecting to the network via the tunnel through the hardware client, wherein the client computing device authentication mechanism comprises; sending a query for client authentication information to said client computing device; receiving client authentication information from said client computing device, wherein said client computing device transmits said client authentication information over the network; verifying said client authentication information; and storing an identifier of said client computing device such that said client is authenticated; examine each data request received at said data communications port prior to authenticating the hardware client to the network and examining each data request received by the hardware client post authenticating the hardware client to the network; determine whether said data request originated from a client computing device having an identifier stored in said authentication table; and transmitting across said secure data connection only data requests belong to one of the following types;
1) a data request of a data type to be transmitted without authentication of an originating client computing device,
2) a data request from an authenticated client computing device.
-
Specification