Method and apparatus for providing continuous user verification in a packet-based network
First Claim
Patent Images
1. A system for authenticating a user on a public data network based on the Internet Protocol (“
- IP”
) comprising;
an originating host connected to said IP network and associated with said user;
a control information generator coupled to the originating host to insert control information into a plurality of IP data packets emanating from said originating host, wherein the control information includes user verification information inserted into the payload portion of a data packet, and wherein the header of the plurality of IP data packets remains unchanged;
one or more intermediate devices configured to run standard IP that transmit said plurality of IP data packets based on said unchanged header without the routing being affected by said control information in the payload portion of said IP data packets; and
a receiving host connected to said IP network for receiving data packets from said originating host, including a function which operates to identify data packets containing said control information in the payload portion, authenticating the user based on said user verification information, and restoring said payload portion of a data packet without said control information.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method of authenticating a user of a data network which inserts control information into certain data packets being sent over the network. The control information is user-specific, including such items as user identity, password, originating CPU, or biometric information. Inserting the control information into data packets transmitted during the entire session permits continuous authentication.
90 Citations
16 Claims
-
1. A system for authenticating a user on a public data network based on the Internet Protocol (“
- IP”
) comprising;an originating host connected to said IP network and associated with said user; a control information generator coupled to the originating host to insert control information into a plurality of IP data packets emanating from said originating host, wherein the control information includes user verification information inserted into the payload portion of a data packet, and wherein the header of the plurality of IP data packets remains unchanged; one or more intermediate devices configured to run standard IP that transmit said plurality of IP data packets based on said unchanged header without the routing being affected by said control information in the payload portion of said IP data packets; and a receiving host connected to said IP network for receiving data packets from said originating host, including a function which operates to identify data packets containing said control information in the payload portion, authenticating the user based on said user verification information, and restoring said payload portion of a data packet without said control information. - View Dependent Claims (2, 3, 4, 5, 6)
- IP”
-
7. A method of authenticating a host device continuously for a session on a public IP communication network, comprising one or more sending hosts connected across the said public communication network to one or more receiving hosts:
-
a. generating data by an application residing on a sending host to be transmitted to a receiving host over said communication system; b. requesting a security module on said sending host to transmit said data with authentication information by said application; c. generating said authentication information by said security module; d. generating a plurality of authenticating packets containing said data and said authentication information in the payload portion of said authenticating packets; e. transmitting said authenticating packets over said IP communication network; f. delivering said authenticating packets to said receiving host; g. extracting said authentication information from said authenticating packets by said receiving host; h. restoring the original data by said receiving host by removing authentication information from said payload portion; i. authenticating the sending host based on the authentication information by said receiving host; and j. delivering the data to an application on the receiving host. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for authenticating a host device on an IP network comprising:
-
a. a sending host connected to said IP network configured to generate a plurality of IP packets; b. an authentication information generator coupled to the sending host to insert authentication information into the payload portion of a continuous plurality of said IP packets emanating from said sending host forming a plurality of authenticating packets; c. a transmission controller coupled to the sending host to assure IP protocol integrity for said authenticating packets by modifying the MTU value to reflect said authentication information; d. one or more intermediate hosts configured to transmit said authenticating packets as standard IP packets; and e. a receiving host connected to said IP network for receiving data packets from said sending host, including a function which operates to identify authenticating packets containing said authentication information, authenticating said sending host based on said authentication information, and restoring said IP packets without said authentication information. - View Dependent Claims (14, 15, 16)
-
Specification