Secure modem gateway concentrator

US 7,774,602 B2
Filed: 12/09/2005
Issued: 08/10/2010
Est. Priority Date: 12/30/2004
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

an authentication server, a client and an access controller interconnectable for communications therebetween;

said access controller including a plurality of ports each connectable to a respective one of a plurality of computers;

said authentication server operable to deliver a given first key from among a plurality of first keys to said client;

said access controller operable to store a plurality of second keys each of which is complementary to a respective one of said first keys for encrypting at least a portion of communications between said client and said controller;

said access controller operable to associate each of said second keys with a respective one of said ports;

said access controller further operable to receive, from said client, instructions and an indication of a specified one of the ports and to pass said instructions to the computer connected to the specified one of the ports according to a verification protocol utilizing the second key associated with the specified one of the ports and the given first key, wherein said verification protocol includes a generation of a random number by said client, an encryption of said random number by said client using said given first key, a delivery of said random number and said encrypted random number from said client to said access controller, a decryption of said encrypted number by said access controller using the second key associated with specified one of the ports, a comparison of said random number and said decrypted number, and a decision to pass at least a portion of said instructions to the computer connected to the specified one of the ports via the specified one of the ports when said comparison finds a match of said random number with said decrypted number.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded. Another embodiment includes a secure access controller having a plurality of ports for connection to a plurality of different pieces of computer equipment. The secure access controller thus intermediates communications between the modem and the plurality of different pieces of computer equipment.

33 Citations

View as Search Results

27 Claims

1. A system comprising:
- an authentication server, a client and an access controller interconnectable for communications therebetween;
  
  said access controller including a plurality of ports each connectable to a respective one of a plurality of computers;
  
  said authentication server operable to deliver a given first key from among a plurality of first keys to said client;
  
  said access controller operable to store a plurality of second keys each of which is complementary to a respective one of said first keys for encrypting at least a portion of communications between said client and said controller;
  
  said access controller operable to associate each of said second keys with a respective one of said ports;
  
  said access controller further operable to receive, from said client, instructions and an indication of a specified one of the ports and to pass said instructions to the computer connected to the specified one of the ports according to a verification protocol utilizing the second key associated with the specified one of the ports and the given first key, wherein said verification protocol includes a generation of a random number by said client, an encryption of said random number by said client using said given first key, a delivery of said random number and said encrypted random number from said client to said access controller, a decryption of said encrypted number by said access controller using the second key associated with specified one of the ports, a comparison of said random number and said decrypted number, and a decision to pass at least a portion of said instructions to the computer connected to the specified one of the ports via the specified one of the ports when said comparison finds a match of said random number with said decrypted number.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 24)
- - 2. The system according to claim 1 wherein said authentication server is operable to generate said plurality of first keys and said plurality of second keys and to deliver said plurality of second keys to said access controller.
  - 3. The system according to claim 1 wherein communications between said client and said access controller are carried via said authentication server.
  - 4. The authentication system according to claim 1 wherein each of said first keys is a public encryption key and each of said second keys is a complementary private encryption key.
  - 5. The authentication system according to claim 1 wherein said authentication server and said client are interconnectable by a first communication medium and said access controller and said client are interconnectable by a second communication medium;
    - said mediums selected from the group of networks consisting of an Intranet, the Internet, the Public Switched Telephone Network (PSTN), a local area network, and a wireless network.
  - 6. The authentication system according to claim 1 wherein the computer connected to the specified one of the ports is a telecommunications switch.
  - 7. The authentication system according to claim 1 wherein said instruction is encrypted by said client using said given first key and said verification protocol is based on a successful decryption of said instruction by said access controller using the second key associated with the specified one of the ports.
  - 8. The authentication system according to claim 2 wherein said given first key is only delivered to said client after the second key associated with the specified one of the ports has been successfully delivered to said access controller.
  - 9. The authentication system according to claim 1 wherein said given first key is only delivered to said client if a user operating said client authenticates said user'"'"'s identity with said server.
  - 10. The authentication system according to claim 2 wherein said access controller contains a preset key and said server maintains a record of said preset key;
    - said server operable to only generate said given first key and the second key complementary to the given first key if said access controller successfully transmits said preset key to said server and said transmitted preset key matches said server'"'"'s record thereof.
  - 24. The authentication system defined in claim 1, wherein said verification protocol further includes a decision not to pass said at least a portion of said instruction if no match is found.

11. An access controller for intermediating communications between an interface and a plurality of ports;
- said access controller operable to store a plurality of second keys each of which is complementary to a respective one of a plurality of first keys;
  
  said access controller operable to associate each of said second keys with a respective one of said ports;
  
  said access controller operable to communicate with a client via said interface and with a plurality of computers via respective ones of said ports;
  
  said client operable to store a given one of said first keys and to receive instructions from a user;
  
  said access controller operable to receive, from said client, said instructions and an indication of a specified one of the ports and to selectively pass said instructions to the computer connected to the specified one of the ports when a verification protocol utilizing the second key associated with the specified one of the ports and the given one of the first keys is met, wherein said verification protocol includes a generation of a random number by said client, an encryption of said random number by said client using said given one of the first keys, a delivery of said random number and said encrypted random number from said client to said access controller, a decryption of said encrypted number by said access controller using the second key associated with the specified one of the ports, a comparison of said random number and said decrypted number, and a decision to pass at least a portion of said instructions to the computer connected to the specified one of the ports via the specified one of the ports when said comparison finds a match of said random number with said decrypted number.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 25)
- - 12. The access controller of claim 11 wherein said access controller is operable to obtain said plurality of second keys from an authentication server and said client is operable to obtain said given one of said first keys from said authentication server, said authentication server operable to generate said plurality of first keys and said plurality of second keys.
  - 13. The access controller of claim 11 wherein each of said first keys is a public encryption key and each of said second keys is a complementary private encryption key.
  - 14. The access controller of claim 11 wherein a medium for connecting said interface and said client is at least one of an RS-232 link, a Teletypewriter (TTY) link, a Universal Serial Bus (USB) cable, the Internet, an Intranet, a Virtual Private Network (VPN), the Public Switched Telephone Network (PSTN), a local area network a wireless network, Internet Protocol Security (IPSec), Protected Extensible Authentication Protocol (PEAP), and Transport Layer Security (TLS).
  - 15. The access controller of claim 11 wherein a medium for connecting each of said ports and the plurality of computers is at least one of an RS-232 link, a Teletypewriter (TTY) link, a Universal Serial Bus (USB) cable, the Internet, an Intranet, a Virtual Private Network (VPN), the Public Switched Telephone Network (PSTN), a local area network, a wireless network, Internet Protocol Security (IPSec), Protected Extensible Authentication Protocol (PERP), and Transport Layer Security (TLS).
  - 16. The access controller of claim 11 wherein the computer connected to the specified one of the ports is a telecommunications switch.
  - 17. The access controller of claim 11 said instruction is encrypted by said client using said given one of the first keys and said verification protocol is based on a successful decryption of said instruction by said access controller using the second key associated with the specified one of the ports.
  - 18. The access controller of claim 12 wherein said given one of the first keys is only passed to said client after the second key associated with the specified one of the ports has been successfully passed to said access controller.
  - 19. The access controller of claim 12 wherein said given one of the first keys is only passed to said client if a user operating said client authenticates said user'"'"'s identity with said server.
  - 20. The access controller of claim 12 wherein said access controller contains a preset key and said server maintains a record of said preset key;
    - said server operable to only generate said given one of the first keys and the second key complementary to the first key if said access controller successfully transmits said preset key to said server and said transmitted preset key matches said server'"'"'s record thereof.
  - 25. The access control defined in claim 11, wherein said verification protocol further includes a decision not to pass said at least a portion of said instruction if no match is found.

21. In an authentication server, a method of delivering a given first key from among a plurality of first keys for securing access between a client and a computer from among a plurality of computers via an access controller having a plurality of ports;
- said access controller connected to said computers via respective ones of said ports;
  
  said access controller having a plurality of second keys each of which is complementary to a respective one of said first keys;
  
  said access controller for receiving, from said client, instructions and an indication of a specified one of the ports and for selectively passing said instructions to the computer connected to the specified one of the ports when a verification protocol utilizing the second key associated with the specified one of the ports and the given first key is met, wherein said verification protocol includes a generation of a random number by said client, an encryption of said random number by said client using the given first key, a delivery of said random number and said encrypted random number from said client to said access controller, a decryption of said encrypted number by said access controller using the second key associated with the specified one of the ports, a comparison of said random number and said decrypted number, and a decision to pass at least a portion of said instructions to the computer connected to the specified one of the ports via the specified one of the ports when said comparison finds a match of said random number with said decrypted number;
  
  said method comprising;
  
  receiving a request for a key from said client;
  
  authenticating said request; and
  
  sending the given first key to said client when said request is authenticated.
- View Dependent Claims (22)
- - 22. The method of claim 21 comprising the additional steps of:
    - receiving a request for a key from said access controller;
      
      authenticating said access controller request;
      
      generating an updated second key associated with the specified one of the ports and an updated first key corresponding to said updated second key if said access controller request is authenticated;
      
      delivering said updated second key to said access controller;
      
      receiving a request for a key from said client;
      
      authenticating said client request; and
      
      sending said updated first key to said client if said client request is authenticated.

23. A method of securing access between a client and a computer from among a plurality of computers via an access controller having a plurality of ports;
- said access controller connected to said plurality of computers via respective ones of said ports;
  
  said method comprising;
  
  receiving an instruction at said client destined for said computer;
  
  receiving an indication of a specified one of the ports;
  
  generating a random number by said client;
  
  encrypting said random number by said client using a first key;
  
  delivering said random number, said encrypted random number, said indication of the specified one of the ports and said instruction to said access controller;
  
  obtaining a second key based on the indication of the specified one of the ports;
  
  decrypting said encrypted number using the second key by said access controller;
  
  comparing said random number and said decrypted number; and
  
  passing at least a portion of said instruction to the computer connected via the specified one of the ports when said comparison finds a match of said random number with said decrypted number.
- View Dependent Claims (26)
- - 26. The method defined in claim 23, further comprising discarding said at least a portion of said instruction if no match is found.

27. A method for securing access between a client and a computer from among a plurality of computers via an access controller having a plurality of ports, the access controller connected to the computers via respective ones of the ports, the access controller operable to associate each of the ports with a respective one of a plurality of keys, the method comprising:
- (a) receiving, from the client, instructions and an indication of a specified one of the ports;
  
  (b) obtaining the key that is associated with the specified one of the ports; and
  
  (c) passing the instructions to the computer connected to the specified one of the ports when a verification protocol utilizing at least the key is met, wherein said verification protocol includes a generation of a random number by said client, an encryption of said random number by said client using another key that is complementary to the key, a delivery of said random number and said encrypted random number from said client to said access controller, a decryption of said encrypted number by said access controller using the key, a comparison of said random number and said decrypted number, and a decision to pass at least a portion of said instructions to the computer connected to the specified one of the ports via the specified one of the ports when said comparison finds a match of said random number with said decrypted number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BCE Incorporated
Original Assignee
BCE Incorporated
Inventors
O'Brien, William G., Lou, Dafu, Yeap, Tet Hin
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
SCHWARTZ, DARREN B

Application Number

US11/297,465
Publication Number

US 20060161775A1
Time in Patent Office

1,705 Days
Field of Search

370227-229, 380255-257, 380/259, 380/266, 380/270, 380 33- 34, 380277-279, 713/150, 713/151, 713/153, 726/2, 726/3, 726/11, 726/12, 726/14, 726/16
US Class Current

713/171
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 9/083   involving central third par...

H04L 9/0844   with user authentication or...

H04L 9/0891   Revocation or update of sec...

H04L 9/321   involving a third party or ...

Secure modem gateway concentrator

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Secure modem gateway concentrator

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links