System and method for providing secure network access

US 7,769,995 B2
Filed: 11/30/2004
Issued: 08/03/2010
Est. Priority Date: 01/07/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of providing secure network access, comprising:

connecting, via a first interface, a secure network provisioning device to a security authority;

acquiring, by the secure network provisioning device operating in an acquisition mode, at least one network profile from the security authority;

configuring at least a second interface of the secure network provisioning device with data corresponding to attributes of said at least one network profile;

switching the secure network provisioning device from the acquisition mode to a gateway mode, in which gateway mode the secure network provisioning device functions as a gateway;

connecting, via the first interface, the secure network provisioning device to a client device, the first interface having been disconnected from the security authority; and

for each of said at least one network profile, providing the client device, while in the gateway mode, with access through at least the second interface to a secure network associated with the network profile,wherein disconnection of the first interface of the secure network provisioning device from the client device terminates access to the secure network by the client device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure network access is provided by connecting a secure network provisioning device to a security authority, acquiring one or more network profiles, configuring one or more network interfaces of the secure network provisioning device with data corresponding to attributes of the acquired network profiles, switching the secure network provisioning device from an acquisition mode to a gateway mode, and connecting the secure network provisioning device to a client device. The secure network provisioning device includes a first set of network communication interfaces requiring configuration blocks to enable access to associated networks, a second set of network communication interfaces free from a requirement for configuration prior to network access, a communication interface gateway module configured to gate network traffic between network communication interfaces and a network profile acquisition module configured to acquire network profiles containing data required to configure the communication interfaces of the first set.

Citations

20 Claims

1. A computer-implemented method of providing secure network access, comprising:
- connecting, via a first interface, a secure network provisioning device to a security authority;
  
  acquiring, by the secure network provisioning device operating in an acquisition mode, at least one network profile from the security authority;
  
  configuring at least a second interface of the secure network provisioning device with data corresponding to attributes of said at least one network profile;
  
  switching the secure network provisioning device from the acquisition mode to a gateway mode, in which gateway mode the secure network provisioning device functions as a gateway;
  
  connecting, via the first interface, the secure network provisioning device to a client device, the first interface having been disconnected from the security authority; and
  
  for each of said at least one network profile, providing the client device, while in the gateway mode, with access through at least the second interface to a secure network associated with the network profile,wherein disconnection of the first interface of the secure network provisioning device from the client device terminates access to the secure network by the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising, in response to a reset command:
    - erasing said at least one network profile from the secure network provisioning device; and
      
      switching the secure network provisioning device from the gateway mode to the acquisition mode.
  - 3. The method of claim 1, wherein one of said at least a second interface is a wireless network interface.
  - 4. The method of claim 1, wherein connecting the secure network provisioning device to the security authority requires physical proximity of the secure network provisioning device and the security authority.
  - 5. The method of claim 1, wherein connecting the secure network provisioning device to the client device requires physical proximity of the secure network provisioning device and the client device.
  - 6. The method of claim 1, wherein the first interface is a secure network provisioning device is connected to the security authority through a network interface independent of said at least one network interface.
  - 7. The method of claim 6, wherein the first interface is a wire-line network interface.
  - 8. The method of claim 6, wherein the secure network provisioning device presents as a plurality of computing devices, the plurality of devices comprising:
    - a secure network provisioning device ready to acquire network profiles when in the acquisition mode; and
      
      a standard network interface when in the gateway mode.
  - 9. The method of claim 8, wherein the first interface is a universal serial bus (USB) interface and presenting as a plurality of devices comprises enumerating different universal serial bus (USB) enumeration class identifiers in different modes.

10. A computer storage medium having thereon computer-executable instructions for providing secure network access to a client device through a secure network provisioning device, the instructions operable to perform a method comprising:
- managing at least one network profile associated with a secure network;
  
  accepting a connection from the secure network provisioning device in an acquisition mode, the connection over a first interface of the secure network provisioning device, the secure network provisioning device having a plurality of operating modes including the acquisition mode and a gateway mode; and
  
  providing over the first interface said at least one network profile to the secure network provisioning device, each network profile enabling the secure network provisioning device to provide the client device with access to the secure network associated with the network profile by functioning as a gateway between the client device, connected via the first interface, and the secure network, connected via a second interface, when the secure network provisioning device switches to the gateway mode and the first interface of the secure network provisioning device is disconnected from the computer storage medium and connected to the client device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The computer storage medium of claim 10, wherein providing said at least one network profile to the secure network provisioning device comprises engaging in a network profile acquisition protocol with the secure network provisioning device.
  - 12. The computer storage medium of claim 11, wherein the secure network provisioning device switches from acquisition mode to gateway mode upon completion of the network profile acquisition protocol.
  - 13. The computer storage medium of claim 10, wherein access to each secure network requires valid authentication credentials.
  - 14. The computer storage medium of claim 10, wherein managing said at least one network profile comprises, for each network profile, at least one of creating, reading and updating the network profile.
  - 15. The computer storage medium of claim 10, further comprising recognizing the secure network provisioning device with plug-and-play (PnP).
  - 16. The computer storage medium of claim 10, wherein accepting the connection from the secure network provisioning device requires physical proximity of the secure network provisioning device and the computer-readable medium.
  - 17. The computer storage medium of claim 10, wherein providing the client device with access to the secure network requires physical proximity of the secure network provisioning device and the client device.
  - 18. The computer storage medium of claim 10, wherein the first interface is a wire-line network interface.
  - 19. The computer storage medium of claim 10, wherein the secure network provisioning device is capable of presenting as a plurality of computing devices, the plurality of devices comprising:
    - a secure network provisioning device ready to acquire network profiles when in the acquisition mode; and
      
      a standard network interface when in the gateway mode.
  - 20. The computer storage medium of claim 19, wherein the first interface is a universal serial bus (USB) interface and presenting as the plurality of devices comprises enumerating different universal serial bus (USB) enumeration class identifiers in different modes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rovi Technologies Corporation (Adeia Inc.)
Original Assignee
Microsoft Corporation
Inventors
Nick, Benjamin E., AbiEzzi, Salim S., Manchester, Scott A., Corbett, Christopher J.
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US10/999,555
Publication Number

US 20050149757A1
Time in Patent Office

2,072 Days
Field of Search

713/153, 713/155, 726/15, 726/12
US Class Current

713/153
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04W 12/06   Authentication

H04W 12/082   using revocation of authori...

System and method for providing secure network access

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing secure network access

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links