Method and appartus for network security using a router based authentication
First Claim
1. A system of security in a computer network comprising:
- a. a border router has a system of security that provides a packet level authentication subsystem that does not use IP addresses of the packet, instead uses a token and a passkey in an optional data field of a packet header, the token is randomly generated and is used to encrypt the passkey and the system of security authenticates individual packets received at the border router from remote user clients in a global network;
b. the system of security routes packets from remote user clients based on the results of the packet level authentication by the authentication subsystem in the border router to different classes of networks.
0 Assignments
0 Petitions
Accused Products
Abstract
A router based authentication system provides packet level authentication of incoming data packets and eliminates the risk of having data packets come in to the network whose source cannot be authenticated. In Router Based Authentication System (RBAS), a prior art router is adapted with an authentication function that works in conjunction with a security function in the client. Alternatively, a new router can be built that embeds an authentication function. The router based authentication function includes: (i) an ability to receive a telephone call and verify the caller by comparing with pre-stored caller id, (ii) generate a random alphanumeric code, deliver to the caller, and save in the system, (iii) reject all packets from the client that do not have a passkey embedded in the header of the packet. The security function in the client includes (i) display of an authentication screen that may display a telephone number to a border or internal router of a computer network of a business and enables entry of the passkey made up of the telephone number of the user and the alphanumeric code, and (ii) a function that encrypts the passkey and inserts the passkey in the header of each outgoing data packet to the business.
29 Citations
17 Claims
-
1. A system of security in a computer network comprising:
-
a. a border router has a system of security that provides a packet level authentication subsystem that does not use IP addresses of the packet, instead uses a token and a passkey in an optional data field of a packet header, the token is randomly generated and is used to encrypt the passkey and the system of security authenticates individual packets received at the border router from remote user clients in a global network; b. the system of security routes packets from remote user clients based on the results of the packet level authentication by the authentication subsystem in the border router to different classes of networks. - View Dependent Claims (2, 3, 9, 10, 11, 12)
-
-
4. A system for continuous packet-level authenticated communication from an authorized user on a client to a server on a computer network, wherein a router routing data packets between the client and the server comprising:
-
a. the router has a packet-level authentication subsystem that does not use IP addresses of the packet, instead uses a token and a passkey in an optional data field of a packet header; b. the packet-level authentication subsystem (i) receives a telephone call from the authorized user, (ii) verifies the user by caller id features of a public telephone infrastructure and a personal identification number and (iii) voice responds with a randomly generated alphanumeric token, the token is used to encrypt the passkey; c. the router verifies the packets of communication from the client for the presence of a passkey that is embedded with the alphanumeric in the optional data field of the packet header with the packet-level authentication subsystem. - View Dependent Claims (5, 6, 7, 8)
-
-
13. A method for continuous packet-level authenticated communication from an authorized user on a client to a server on a computer network, wherein a router routing data packets between the client and the server, comprising the steps of:
-
a. providing a packet-level authentication subsystem in the router that does not use IP addresses in the packet header, instead uses a token and a passkey in an optional data field of packet header, randomly generating the token and using the token to encrypt the passkey for performing an authentication of incoming data packet to the router; b. routing in the router the packets to different networks based on the results of authentication of the authorized user on the client. - View Dependent Claims (14, 15, 16, 17)
-
Specification