Network security device and method
First Claim
1. A security device for enabling a user to commence a session between a network peripheral device and a network, comprising:
- an immutable memory element that comprises first information including application software that initiates and provides at least one security service;
a persistent memory element that comprises second information to enable the security device to configure the network peripheral device to access at least one different network;
a volatile memory element that comprises third information, including data for authentication, said third information erased from the volatile memory at a completion of a connection session; and
an enclosure for enclosing said immutable memory element, said persistent memory element, and said volatile memory element.
0 Assignments
0 Petitions
Accused Products
Abstract
The invention describes a method for hardening a security mechanism against physical intrusion and substitution attacks. A user establishes a connection between a network peripheral device and a network via a security mechanism. The security mechanism includes read only memory (ROM) that contains code that initiates operation of the mechanism and performs authentication functions. A persistent memory contains configuration information. A volatile memory stores user and device identification information that remains valid only for a given session and is erased thereafter to prevent a future security breach. A tamper-evident enclosure surrounds the memory elements, which if breached, becomes readily apparent to the user.
-
Citations
20 Claims
-
1. A security device for enabling a user to commence a session between a network peripheral device and a network, comprising:
-
an immutable memory element that comprises first information including application software that initiates and provides at least one security service; a persistent memory element that comprises second information to enable the security device to configure the network peripheral device to access at least one different network; a volatile memory element that comprises third information, including data for authentication, said third information erased from the volatile memory at a completion of a connection session; and an enclosure for enclosing said immutable memory element, said persistent memory element, and said volatile memory element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for facilitating a connection session with a user between a network peripheral device and a network, comprising:
-
accessing an immutable memory element within a security device that comprises first information that provides at least one security service; accessing a persistent memory element within said security device that comprises second information including configuration information for configuring the network peripheral device to access the network; accessing a volatile memory element within said security device that comprises third information, including data for authentication; and erasing said third information at a completion of a connection session. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification