Security extensions using at least a portion of layer 2 information or bits in the place of layer 2 information

US 8,087,064 B1
Filed: 07/20/2001
Issued: 12/27/2011
Est. Priority Date: 08/31/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating a party to a transaction, the method comprising:

receiving a packet having at least a part of layer 2 header information replaced with a unique bit string;

examining at least a part of the unique bit string;

comparing the at least a part of the unique bit string examined with stored information; and

authenticating the party only if the at least a part of the unique bit string examined matches the stored information;

wherein the at least a part of the unique bit string examined depends on a type of the transaction, the type being a type of financial transaction.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Using information applied to a packet at an ingress port of a network for enhancing security such as user authentication for example. Such authentication may be applied in addition to (i.e., as an extension of) other authentication measures. The information applied to a packet may be “context information” which replaces at least some bits of layer 2 information (e.g., a header). Users or customers may define security policies. They may define different security policies for different types of transactions. They may also define security policies based on the location from which the transaction originated. If the customer is an organization with different classes of users, it may define different security policies based on the type of transaction, the location from which the transaction originated, and/or the class of user. The class of user may be identified based on at least a part of the “context information”. At least a part of the context information may also be used to monitor a location from which a transaction originated, thereby permitting fraudulent uses to be traced.

Citations

25 Claims

1. A method for authenticating a party to a transaction, the method comprising:
- receiving a packet having at least a part of layer 2 header information replaced with a unique bit string;
  
  examining at least a part of the unique bit string;
  
  comparing the at least a part of the unique bit string examined with stored information; and
  
  authenticating the party only if the at least a part of the unique bit string examined matches the stored information;
  
  wherein the at least a part of the unique bit string examined depends on a type of the transaction, the type being a type of financial transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 further comprising:
    - approving a transaction if the party was authenticated.
  - 3. The method of claim 2 wherein the stored information compared with the at least a part of the unique bit string examined depends on the type of the transaction.
  - 4. The method of claim 1 wherein the type of the transaction is selected from a group of transaction types consisting of:
    - (A) transactions greater than a predetermined amount;
      
      (B) transactions less than a predetermined amount;
      
      (C) purchases delivered to a credit card billing address; and
      
      (D) purchases delivered to an address other than a credit card billing address.
  - 5. The method of claim 1 wherein the stored information compared with the at least a part of the unique bit string examined depends on a type of the transaction.
  - 6. The method of claim 1 wherein the at least a part of the unique bit string examined identifies a location at which packets from the party to the transaction entered the network.
  - 7. The method of claim 1 wherein the at least a part of the unique bit string examined identifies an individual who is a party to the transaction.
  - 8. The method of claim 1 wherein the at least a part of the unique bit string examined identifies a group to which an individual, who is a party to the transaction, belongs.
  - 9. The method of claim 1 wherein the at least a part of the unique bit string examined identifies a customer that is a party to the transaction.
  - 10. The method of claim 1 wherein the at least a part of the unique bit string identifies at least one of a customer identification, an individual user identification, a network ingress location, and a user class.
  - 11. The method of claim 1 wherein the at least a part of the unique bit string identifies at least two of a customer identification, an individual user identification, a network ingress location, and a user class.
  - 12. The method of claim 1 wherein the at least a part of the unique bit string identifies at least three of a customer identification, an individual user identification, a network ingress location, and a user class.
  - 13. The method of claim 1 wherein the unique bit string is provisioned by a network service provider.
  - 14. The method of claim 1 wherein the unique bit string is controlled by a network service provider.
  - 15. The method of claim 1 wherein the act of authenticating does not require the transmission of any authentication information from the party.
  - 16. The method of claim 1, wherein the layer 2 header information is one of data link layer header and a network access layer header.
  - 17. The method of claim 1, wherein the layer 2 header information is a MAC header.

18. A method for authenticating a party to a transaction, the method comprising:
- a) applying a unique bit string to layer 2 header information of packets entering the network, the unique bit string uniquely identifying the party and an ingress location of the network;
  
  b) examining at least a part of the unique bit string;
  
  c) comparing the at least a part of the unique bit string examined with stored information; and
  
  d) approving a transaction only if the at least a part of the unique bit string examined matches the stored information;
  
  wherein the at least a part of the unique bit string examined depends on a type of the transaction, the type being a type of financial transaction.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18 wherein the unique bit string is maintained as the packet is communicated within the network.
  - 20. The method of claim 18 wherein the unique bit string identifies a logical port at which the packet entered the network.
  - 21. The method of claim 18 wherein no information in addition to the unique bit string is needed for authenticating the party to the transaction.

22. An apparatus for authenticating a party to a transaction, the apparatus comprising:
- a) an input for accepting an authentication request, the authentication request including a packet having at least a part of a layer 2 header information replaced with a unique bit string;
  
  b) storage means for storing authentication information;
  
  c) means for examining at least a part of the unique bit string;
  
  d) a comparison facility for comparing the at least a part of the unique bit string examined with the stored authentication information; and
  
  e) means for authenticating a party to a transaction only if the at least a part of the unique bit string examined matches the stored authentication information;
  
  wherein the at least a part of the unique bit string examined depends on a type of the transaction, the type being a type of financial transaction.
- View Dependent Claims (23, 24, 25)
- - 23. The apparatus of claim 22 further comprising:
    - f) means for approving the transaction if the party was authenticated.
  - 24. The apparatus of claim 23 further comprising:
    - g) an output for forwarding an authorization response to the transaction facility.
  - 25. The apparatus of claim 22 further comprising:
    - f) an output for forwarding an authentication response to the transaction facility.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Communications Inc.
Inventors
Baum, Robert T.
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US09/910,429
Time in Patent Office

3,812 Days
Field of Search

713/168, 713/151, 705/73, 726/3
US Class Current

726/3
CPC Class Codes

G06Q 20/382   insuring higher security of...

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 2212/00   Encapsulation of packets

H04L 2463/102   applying security measure f...

H04L 45/04   Interdomain routing, e.g. h...

H04L 61/10   of different types

H04L 61/35   involving non-standard use ...

H04L 63/107   wherein the security polici...

H04L 63/126   the source of the received ...

H04L 63/162   at the data link layer

H04L 69/08   Protocols for interworking;...

H04L 69/18   Multiprotocol handlers, e.g...

H04L 69/22   Parsing or analysis of headers

H04L 69/324   in the data link layer [OSI...

H04L 69/325   in the network layer [OSI l...

Security extensions using at least a portion of layer 2 information or bits in the place of layer 2 information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Security extensions using at least a portion of layer 2 information or bits in the place of layer 2 information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links