Secure modem gateway concentrator
First Claim
1. A system comprising:
- an authentication server, a client and an access controller interconnectable for communications therebetween;
said access controller including a plurality of ports each connectable to a respective one of a plurality of computers;
said authentication server operable to deliver a given first key from among a plurality of first keys to said client;
said access controller operable to store a plurality of second keys each of which is complementary to a respective one of said first keys for encrypting at least a portion of communications between said client and said controller;
said access controller operable to associate each of said second keys with a respective one of said ports;
said access controller further operable to receive, from said client, instructions and an indication of a specified one of the ports and to pass said instructions to the computer connected to the specified one of the ports according to a verification protocol utilizing the second key associated with the specified one of the ports and the given first key, wherein said verification protocol includes a generation of a random number by said client, an encryption of said random number by said client using said given first key, a delivery of said random number and said encrypted random number from said client to said access controller, a decryption of said encrypted number by said access controller using the second key associated with specified one of the ports, a comparison of said random number and said decrypted number, and a decision to pass at least a portion of said instructions to the computer connected to the specified one of the ports via the specified one of the ports when said comparison finds a match of said random number with said decrypted number.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded. Another embodiment includes a secure access controller having a plurality of ports for connection to a plurality of different pieces of computer equipment. The secure access controller thus intermediates communications between the modem and the plurality of different pieces of computer equipment.
33 Citations
27 Claims
-
1. A system comprising:
- an authentication server, a client and an access controller interconnectable for communications therebetween;
said access controller including a plurality of ports each connectable to a respective one of a plurality of computers;
said authentication server operable to deliver a given first key from among a plurality of first keys to said client;
said access controller operable to store a plurality of second keys each of which is complementary to a respective one of said first keys for encrypting at least a portion of communications between said client and said controller;
said access controller operable to associate each of said second keys with a respective one of said ports;
said access controller further operable to receive, from said client, instructions and an indication of a specified one of the ports and to pass said instructions to the computer connected to the specified one of the ports according to a verification protocol utilizing the second key associated with the specified one of the ports and the given first key, wherein said verification protocol includes a generation of a random number by said client, an encryption of said random number by said client using said given first key, a delivery of said random number and said encrypted random number from said client to said access controller, a decryption of said encrypted number by said access controller using the second key associated with specified one of the ports, a comparison of said random number and said decrypted number, and a decision to pass at least a portion of said instructions to the computer connected to the specified one of the ports via the specified one of the ports when said comparison finds a match of said random number with said decrypted number. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 24)
- an authentication server, a client and an access controller interconnectable for communications therebetween;
-
11. An access controller for intermediating communications between an interface and a plurality of ports;
- said access controller operable to store a plurality of second keys each of which is complementary to a respective one of a plurality of first keys;
said access controller operable to associate each of said second keys with a respective one of said ports;
said access controller operable to communicate with a client via said interface and with a plurality of computers via respective ones of said ports;
said client operable to store a given one of said first keys and to receive instructions from a user;
said access controller operable to receive, from said client, said instructions and an indication of a specified one of the ports and to selectively pass said instructions to the computer connected to the specified one of the ports when a verification protocol utilizing the second key associated with the specified one of the ports and the given one of the first keys is met, wherein said verification protocol includes a generation of a random number by said client, an encryption of said random number by said client using said given one of the first keys, a delivery of said random number and said encrypted random number from said client to said access controller, a decryption of said encrypted number by said access controller using the second key associated with the specified one of the ports, a comparison of said random number and said decrypted number, and a decision to pass at least a portion of said instructions to the computer connected to the specified one of the ports via the specified one of the ports when said comparison finds a match of said random number with said decrypted number. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 25)
- said access controller operable to store a plurality of second keys each of which is complementary to a respective one of a plurality of first keys;
-
21. In an authentication server, a method of delivering a given first key from among a plurality of first keys for securing access between a client and a computer from among a plurality of computers via an access controller having a plurality of ports;
- said access controller connected to said computers via respective ones of said ports;
said access controller having a plurality of second keys each of which is complementary to a respective one of said first keys;
said access controller for receiving, from said client, instructions and an indication of a specified one of the ports and for selectively passing said instructions to the computer connected to the specified one of the ports when a verification protocol utilizing the second key associated with the specified one of the ports and the given first key is met, wherein said verification protocol includes a generation of a random number by said client, an encryption of said random number by said client using the given first key, a delivery of said random number and said encrypted random number from said client to said access controller, a decryption of said encrypted number by said access controller using the second key associated with the specified one of the ports, a comparison of said random number and said decrypted number, and a decision to pass at least a portion of said instructions to the computer connected to the specified one of the ports via the specified one of the ports when said comparison finds a match of said random number with said decrypted number;
said method comprising;
receiving a request for a key from said client;
authenticating said request; and
sending the given first key to said client when said request is authenticated. - View Dependent Claims (22)
- said access controller connected to said computers via respective ones of said ports;
-
23. A method of securing access between a client and a computer from among a plurality of computers via an access controller having a plurality of ports;
- said access controller connected to said plurality of computers via respective ones of said ports;
said method comprising;
receiving an instruction at said client destined for said computer;
receiving an indication of a specified one of the ports;
generating a random number by said client;
encrypting said random number by said client using a first key;
delivering said random number, said encrypted random number, said indication of the specified one of the ports and said instruction to said access controller;
obtaining a second key based on the indication of the specified one of the ports;
decrypting said encrypted number using the second key by said access controller;
comparing said random number and said decrypted number; and
passing at least a portion of said instruction to the computer connected via the specified one of the ports when said comparison finds a match of said random number with said decrypted number. - View Dependent Claims (26)
- said access controller connected to said plurality of computers via respective ones of said ports;
-
27. A method for securing access between a client and a computer from among a plurality of computers via an access controller having a plurality of ports, the access controller connected to the computers via respective ones of the ports, the access controller operable to associate each of the ports with a respective one of a plurality of keys, the method comprising:
- (a) receiving, from the client, instructions and an indication of a specified one of the ports;
(b) obtaining the key that is associated with the specified one of the ports; and
(c) passing the instructions to the computer connected to the specified one of the ports when a verification protocol utilizing at least the key is met, wherein said verification protocol includes a generation of a random number by said client, an encryption of said random number by said client using another key that is complementary to the key, a delivery of said random number and said encrypted random number from said client to said access controller, a decryption of said encrypted number by said access controller using the key, a comparison of said random number and said decrypted number, and a decision to pass at least a portion of said instructions to the computer connected to the specified one of the ports via the specified one of the ports when said comparison finds a match of said random number with said decrypted number.
- (a) receiving, from the client, instructions and an indication of a specified one of the ports;
Specification