Exchange of network access control information using tightly-constrained network access control protocols

US 8,104,073 B2
Filed: 09/18/2007
Issued: 01/24/2012
Est. Priority Date: 08/10/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, with an access control device through a tightly-constrained handshake sequence of a network protocol, a first request to access a first network, wherein an endpoint device initiates the tightly-constrained handshake sequence when the endpoint device is requesting access rights for the first network;

in response to the first request and after the tightly-constrained handshake sequence, negotiating a set of nonce information with the endpoint device and receiving a trusted platform module (“

TPM”

) value from the endpoint device, wherein, due to constraints of the tightly-constrained handshake sequence, the access control device and the endpoint device are unable to negotiate the set of nonce information during the tightly-constrained handshake sequence;

receiving, with the access control device, a second request to access the first network through a second tightly-constrained handshake sequence of the network protocol, wherein the second request includes a digital signature;

in response to the second request, determining with the access control device whether the digital signature is valid according to the TPM value and the set of nonce information previously negotiated with the endpoint device in response to the first request; and

granting the access rights to the endpoint device when the digital signature is valid.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, techniques are described for securely exchanging network access control information. The techniques may be useful in situations where an endpoint device and an access control device perform a tightly-constrained handshake sequence of a network protocol when the endpoint device requests access to a network. The handshake sequence may be constrained in a variety of ways. Due to the constraints of the handshake sequence, the endpoint device and the access control device may be unable to negotiate a set of nonce information during the handshake sequence. For this reason, the access control device uses a previously negotiated set of nonce information and other configuration information associated with the endpoint device as part of a process to determine whether the endpoint device should be allowed to access the protected networks.

22 Citations

View as Search Results

25 Claims

1. A method comprising:
- receiving, with an access control device through a tightly-constrained handshake sequence of a network protocol, a first request to access a first network, wherein an endpoint device initiates the tightly-constrained handshake sequence when the endpoint device is requesting access rights for the first network;
  
  in response to the first request and after the tightly-constrained handshake sequence, negotiating a set of nonce information with the endpoint device and receiving a trusted platform module (“
  
  TPM”
  
  ) value from the endpoint device, wherein, due to constraints of the tightly-constrained handshake sequence, the access control device and the endpoint device are unable to negotiate the set of nonce information during the tightly-constrained handshake sequence;
  
  receiving, with the access control device, a second request to access the first network through a second tightly-constrained handshake sequence of the network protocol, wherein the second request includes a digital signature;
  
  in response to the second request, determining with the access control device whether the digital signature is valid according to the TPM value and the set of nonce information previously negotiated with the endpoint device in response to the first request; and
  
  granting the access rights to the endpoint device when the digital signature is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1,wherein the access rights comprise rights to communicate on the first network;
    - andwherein the method further comprises;
      
      allowing the endpoint device to communicate on a second network in response to the first request and when the digital signature of the second request is not valid; and
      
      using the second network to negotiate the set of nonce information with the endpoint device and to receive the TPM value from the endpoint device.
  - 3. The method of claim 1,wherein the network protocol is the Dynamic Host Configuration Protocol (“
    - DHCP”
      
      ); and
      
      wherein granting the access rights to the endpoint device to communicate on the first network comprises causing an Internet Protocol (“
      
      IP”
      
      ) address to be leased to the endpoint device, wherein an access point forwards IP packets that specify the IP address as a source address to the first network.
  - 4. The method of claim 1, wherein determining whether the digital signature of the second request is valid comprises:
    - calculating, in response to receiving the digital signature, a set of one or more candidate nonce values based on the nonce information negotiated in response to the first request;
      
      determining whether the digital signature was generated from the TPM value received from the endpoint device in response to the first request and a candidate nonce value in the set of candidate nonce values.
  - 5. The method of claim 1,wherein the digital signature is encrypted using a private encryption key of a TPM chip in the endpoint device;
    - andwherein determining whether the digital signature is valid comprises using a public key certificate associated with the private encryption key to determine whether the digital signature is valid.
  - 6. The method of claim 5, further comprising:
    - denying access to the first network and allowing the endpoint device to communicate on a second network when the public key certificate is not stored in a storage medium;
      
      receiving the public key certificate via the second network; and
      
      storing, in the storage medium, the public key certificate after receiving the public key certificate via the second network for use with a subsequent access request from the endpoint device.
  - 7. The method of claim 1,wherein the set of nonce information negotiated in response to the first request comprises a set of nonce values;
    - andwherein determining whether the digital signature is valid comprises;
      
      determining that the digital signature is based on one of the nonce values in the set of values negotiated in response to the first request; and
      
      removing from the set of nonce values the nonce value on which the digital signature is based so that the removed nonce value cannot be used to generate a valid digital signature for a subsequent access request from the endpoint device.
  - 8. The method of claim 1,wherein the set of nonce information negotiated in response to the first request comprises a time indicator that indicates a time;
    - andwherein determining whether the digital signature is valid comprises determining whether the digital signature was generated from a nonce value equal to the time indicated by the time indicator.
  - 9. The method of claim 1,wherein the set of nonce information negotiated in response to the first request comprises a sequence number;
    - andwherein determining whether the digital signature is valid comprises determining that the digital signature was generated from a nonce value equal to a number that follows the sequence number.

10. An access control device comprising:
- a request reception module that receives a digital signature through a tightly-constrained handshake sequence of a network protocol, wherein an endpoint device initiates the tightly-constrained handshake sequence when the endpoint device is requesting access rights, wherein the digital signature is generated from a trusted platform module (“
  
  TPM”
  
  ) value and a nonce value, and wherein, due to constraints of the tightly-constrained handshake sequence, the access control device and the endpoint device are unable to negotiate a set of nonce information during the tightly-constrained handshake sequence;
  
  a cache management module that determines whether the access control device has previously negotiated the set of nonce information with the endpoint device in response to a previous access request from the endpoint device;
  
  a TPM evaluation module that determines whether the TPM value was previously received from the endpoint device in response to the previous access request and was determined to be associated with an acceptable configuration;
  
  a nonce evaluation module that determines whether the nonce value is acceptable based on the set of nonce information previously negotiated with the endpoint device;
  
  a signature verification module that determines whether the digital signature is valid when the digital signature is based on the TPM value previously received from the endpoint device and the set of nonce information previously negotiated with the endpoint device in response to the previous access request; and
  
  an access instruction module that grants the access rights to the endpoint device when the digital signature is valid.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The access control device of claim 10,wherein the access right comprise rights to communicate on a first network;
    - wherein the access instruction module allows the endpoint device to communicate on a second network when the access control device has not previously negotiated the set of nonce information, when the TPM value is not associated with the acceptable configuration, when the nonce value is not acceptable, or when the digital signature is not valid; and
      
      wherein the access control device uses the second network to negotiate the set of nonce information with the endpoint device.
  - 12. The access control device of claim 10,wherein the access right comprise rights to communicate on a first network;
    - wherein the network protocol is the Dynamic Host Configuration Protocol (“
      
      DHCP”
      
      ); and
      
      wherein the access instruction module causes the endpoint device to be able to communicate on the first network by causing an Internet Protocol (“
      
      IP”
      
      ) address to be leased to the endpoint device, wherein an access point forwards IP packets that specify the IP address as a source address to the first network.
  - 13. The access control device of claim 10,wherein, due to constraints of the tightly-constrained handshake sequence, the endpoint device is unable to send the TPM value and the nonce value to the access control device during the tightly-constrained handshake sequence of the network protocol;
    - andwherein the cache management module determines whether the TPM value is associated with the acceptable configuration when the access control device has previously received the TPM value;
      
      wherein the access control device further comprises a nonce calculation module that calculates a set of one or more candidate nonce values;
      
      wherein the signature verification module determines whether the digital signature is valid given the TPM value and a candidate nonce value in the set of candidate nonce values; and
      
      wherein the nonce evaluation module determines whether the nonce value is acceptable at least in part by determining whether the candidate nonce value is acceptable.
  - 14. The access control device of claim 10,wherein the digital signature is encrypted using a private encryption key of a TPM chip in the endpoint device;
    - andwherein the signature verification module uses a public key certificate associated with the private encryption key to determine whether the digital signature is valid.
  - 15. The access control device of claim 14,wherein the access instruction module allows the endpoint device to be able to communicate on a second network when the public key certificate is not stored in the storage medium;
    - andwherein the cache management module stores, in the storage medium, the public key certificate after receiving the public key certificate via the second network.
  - 16. The access control device of claim 10,wherein the set of nonce information comprises a set of values;
    - wherein the nonce evaluation module determines that the nonce value is acceptable when the nonce value is in the set of values; and
      
      wherein the nonce evaluation module removes the nonce value from the set of values when the nonce value is in the set of values.
  - 17. The access control device of claim 10,wherein the set of nonce information comprises a time indicator that indicates a time;
    - andwherein the nonce evaluation module determines that the nonce value is acceptable based on the time indicated by the time indicator.
  - 18. The access control device of claim 10,wherein the set of nonce information comprises a sequence number;
    - andwherein the nonce evaluation module determines that the nonce value is acceptable when the nonce value is equal to a number that follows the sequence number.

19. A non-transitory computer-readable medium comprising instructions, wherein the instructions cause one or more programmable processors of an access control device to:
- receive, with an access control device through a tightly-constrained handshake sequence of a network protocol, a first request to access a first network, wherein an endpoint device initiates the tightly-constrained handshake sequence when the endpoint device is requesting access rights for the first network;
  
  in response to the first request and after the tightly-constrained handshake sequence, negotiate a set of nonce information with the endpoint device and receive a trusted platform module (“
  
  TPM”
  
  ) value from the endpoint device, wherein, due to constraints of the tightly-constrained handshake sequence, the access control device and the endpoint device are unable to negotiate the set of nonce information during the tightly-constrained handshake sequence;
  
  receive a second request to access the first network through a second tightly-constrained handshake sequence of the network protocol, wherein the second request includes a digital signature;
  
  in response to the second request, determine with the access control device whether the digital signature was generated from the TPM value and the set of nonce information previously negotiated with the endpoint device in response to the first request; and
  
  grant the access rights to the endpoint device when the digital signature is valid.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The non-transitory computer-readable medium of claim 19, wherein the instructions further cause the one or more programmable processors to:
    - calculate, in response to receiving the digital signature, a set of one or more candidate nonce values based on the nonce information negotiated in response to the first request;
      
      determine whether the digital signature was generated from the TPM value received from the endpoint in response to the first request and a candidate nonce value in the set of candidate nonce values.
  - 21. The non-transitory computer-readable medium of claim 19,wherein the network protocol is the Dynamic Host Configuration Protocol (“
    - DHCP”
      
      ); and
      
      wherein the instructions cause the one or more programmable processors to allow the endpoint device to communicate on the first network at least in part by causing the one or more programmable processors to cause an Internet Protocol (“
      
      IP”
      
      ) address to be leased to the endpoint device, wherein an access point forwards IP packets that specify the IP address as a source address to the first network.
  - 22. The non-transitory computer-readable medium of claim 19,wherein the digital signature is encrypted using a private encryption key of a TPM chip in the endpoint device;
    - andwherein the instructions cause the one or more programmable processors to determine whether the digital certificate is valid at least in part by causing the one or more programmable processors to use a public key certificate associated with the private encryption key to determine whether the digital signature is valid.
  - 23. The non-transitory computer-readable medium of claim 22, wherein the instructions further cause the one or more programmable processors to:
    - allow the endpoint device to communicate on a second network when the public key certificate is not stored in the storage medium;
      
      receive the public key certificate via the second network; and
      
      store, in the storage medium, the public key certificate after receiving the public key certificate via the second network for use with a subsequent access request from the endpoint device.
  - 24. The non-transitory computer-readable medium of claim 19,wherein the set of nonce information negotiated in response to the first request comprises a set of nonce values;
    - andwherein the instructions cause the one or more programmable processors to determine whether the digital signature is valid at least in part by causing the one or more programmable processors to;
      
      determine that the digital signature is based on one of the nonce values in the set of values negotiated in response to the first request; and
      
      remove from the set of nonce values the nonce value on which the digital signature is based so that the removed nonce value cannot be used to generate a valid digital signature for a subsequent access request from the endpoint device.
  - 25. The non-transitory computer-readable medium of claim 19,wherein the set of nonce information negotiated in response to the first request comprises a time indicator that indicates a time;
    - andwherein the instructions cause the one or more programmable processors to determine whether the digital signature is valid comprises determining whether the digital signature was generated from nonce value equal to the time indicated by the time indicator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Original Assignee
Juniper Networks Incorporated
Inventors
Hanna, Stephen R.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
GUIRGUIS, MICHAEL M

Application Number

US11/857,111
Publication Number

US 20090041252A1
Time in Patent Office

1,589 Days
Field of Search

726/4, 713/168, 713/171
US Class Current

726/4
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/12 Applying verification of th...

Exchange of network access control information using tightly-constrained network access control protocols

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Exchange of network access control information using tightly-constrained network access control protocols

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links