Method and appartus for network security using a router based authentication

US 8,561,139 B2
Filed: 02/20/2009
Issued: 10/15/2013
Est. Priority Date: 10/01/2003
Status: Active Grant

First Claim

Patent Images

1. A system of security in a computer network comprising:

a. a border router has a system of security that provides a packet level authentication subsystem that does not use IP addresses of the packet, instead uses a token and a passkey in an optional data field of a packet header, the token is randomly generated and is used to encrypt the passkey and the system of security authenticates individual packets received at the border router from remote user clients in a global network;

b. the system of security routes packets from remote user clients based on the results of the packet level authentication by the authentication subsystem in the border router to different classes of networks.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A router based authentication system provides packet level authentication of incoming data packets and eliminates the risk of having data packets come in to the network whose source cannot be authenticated. In Router Based Authentication System (RBAS), a prior art router is adapted with an authentication function that works in conjunction with a security function in the client. Alternatively, a new router can be built that embeds an authentication function. The router based authentication function includes: (i) an ability to receive a telephone call and verify the caller by comparing with pre-stored caller id, (ii) generate a random alphanumeric code, deliver to the caller, and save in the system, (iii) reject all packets from the client that do not have a passkey embedded in the header of the packet. The security function in the client includes (i) display of an authentication screen that may display a telephone number to a border or internal router of a computer network of a business and enables entry of the passkey made up of the telephone number of the user and the alphanumeric code, and (ii) a function that encrypts the passkey and inserts the passkey in the header of each outgoing data packet to the business.

29 Citations

View as Search Results

17 Claims

1. A system of security in a computer network comprising:
- a. a border router has a system of security that provides a packet level authentication subsystem that does not use IP addresses of the packet, instead uses a token and a passkey in an optional data field of a packet header, the token is randomly generated and is used to encrypt the passkey and the system of security authenticates individual packets received at the border router from remote user clients in a global network;
  
  b. the system of security routes packets from remote user clients based on the results of the packet level authentication by the authentication subsystem in the border router to different classes of networks.
- View Dependent Claims (2, 3, 9, 10, 11, 12)
- - 2. The system of security in a computer network as in claim 1, further comprising:
    - the authentication subsystem creates the random code token and uses a telephone network to deliver the random code token to the client;
      
      the client uses the token to encrypt the passkey and embed in the packets outgoing from the client to the border router, where the router verifies the presence of the passkey, before routing the packet to the different classes of the networks.
  - 3. The system of security in a computer network as in claim 2, further comprising:
    - the authentication subsystem uses the telephone network to receive a call, verifies the caller by a combination of a caller id and a personal identification number and creates and delivers the random code token to the client, that enables the client to use the token to encrypt the passkey, in the outgoing packet from the client to the router, and where the router authenticates the passkey and determine the applicable access policy before routing the packet to the different classes of the networks.
  - 9. The system of security in a computer network as in claim 1, further comprising:
    - the different classes of networks behind a router, with different access policies, include from a group of, open networks accessible by anyone and restricted networks accessible by employees and customers of a business.
  - 10. The system of security in a computer network as in claim 2, further comprising:
    - the client embeds the token in a passkey and encrypts the passkey before embedding the passkey in the header of the packet.
  - 11. The system of security in a computer network as in claim 2, further comprising:
    - the client embeds the token in a passkey and encrypts the passkey with an encryption key derived from the random code token itself before embedding the passkey in the header of the packet.
  - 12. The system of security in a computer network as in claim 2, further comprising:
    - the client embeds the token in a passkey and encrypts the passkey with an encryption key derived from the random code token itself and where the encryption key is different for the passkey in each data packet before embedding the passkey in the header of the packet.

4. A system for continuous packet-level authenticated communication from an authorized user on a client to a server on a computer network, wherein a router routing data packets between the client and the server comprising:
- a. the router has a packet-level authentication subsystem that does not use IP addresses of the packet, instead uses a token and a passkey in an optional data field of a packet header;
  
  b. the packet-level authentication subsystem (i) receives a telephone call from the authorized user, (ii) verifies the user by caller id features of a public telephone infrastructure and a personal identification number and (iii) voice responds with a randomly generated alphanumeric token, the token is used to encrypt the passkey;
  
  c. the router verifies the packets of communication from the client for the presence of a passkey that is embedded with the alphanumeric in the optional data field of the packet header with the packet-level authentication subsystem.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The system as in claim 4, further comprising:
    - the router decrypts the passkey in the packet when the client encrypts the passkey before embedding it in the header of the packet.
  - 6. The system as in claim 4, further comprising:
    - the users being authenticated by pre-storing their cellular telephone numbers and a user selected PIN in the authentication subsystem.
  - 7. The system as in claim 4, further comprising:
    - the router decrypts the passkey in the packet when the client encrypts the passkey with an encryption key derived from the alphanumeric itself before embedding it in the header of the packet.
  - 8. The system as in claim 4, further comprising:
    - the router decrypts the passkey in the packet when the client encrypts the passkey with an encryption key derived from the alphanumeric itself before embedding it in the header of the packet and where the encryption key is different for the passkey in each data packet.

13. A method for continuous packet-level authenticated communication from an authorized user on a client to a server on a computer network, wherein a router routing data packets between the client and the server, comprising the steps of:
- a. providing a packet-level authentication subsystem in the router that does not use IP addresses in the packet header, instead uses a token and a passkey in an optional data field of packet header, randomly generating the token and using the token to encrypt the passkey for performing an authentication of incoming data packet to the router;
  
  b. routing in the router the packets to different networks based on the results of authentication of the authorized user on the client.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method as in claim 13, further comprising the steps of:
    - a. creating a random code token by the packet-level authentication subsystem and using a telephone network for delivering the random code token to the authorized user;
      
      b. enabling inputting the token by the user in to the client and using by the client the token for encrypting the passkey and embedding the encrypted passkey by the client in the packets outgoing from the client to the router.
  - 15. The method as in claim 14, further comprising the steps of:
    - verifying by the router the packets of communication from the client for the presence of a passkey embedded with the token in the packet header with the help of the authentication subsystem, before routing the packet to the different classes of the networks.
  - 16. The method as in claim 14, further comprising the steps of:
    - embedding the token in a passkey and encrypting the passkey before embedding it in the header of the packet.
  - 17. The method as in claim 14, further comprising the steps of:
    - embedding the token in a passkey and encrypting the passkey with an encryption key derived from the token itself before embedding it in the header of the packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tara Chand Singhal
Original Assignee
Tara Chand Singhal
Inventors
Singhal, Tara Chand
Primary Examiner(s)
LANIER, BENJAMIN E

Application Number

US12/378,943
Publication Number

US 20090199286A1
Time in Patent Office

1,698 Days
Field of Search

None
US Class Current

726/2
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/101   Access control lists [ACL]

Method and appartus for network security using a router based authentication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and appartus for network security using a router based authentication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links