NETWORK SECURITY DEVICE AND METHOD

US 20100318813A1
Filed: 08/23/2010
Published: 12/16/2010
Est. Priority Date: 12/05/2001
Status: Active Grant

First Claim

Patent Images

1. A peripheral device for enabling a user to commence a session with a network, comprising:

a security device comprising;

an immutable memory element that comprises first information including an application software that initiates a security operation;

a persistent memory element that comprises second information to enable the security device to configure the peripheral device to access a different network;

a volatile memory element that comprises third information, including data for authentication, where the third information is erased from the volatile memory at a completion of a connection session; and

an enclosure for enclosing the immutable memory element, the persistent memory element, and the volatile memory element.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention describes a method for hardening a security mechanism against physical intrusion and substitution attacks. A user establishes a connection between a network peripheral device and a network via a security mechanism. The security mechanism includes read only memory (ROM) that contains code that initiates operation of the mechanism and performs authentication functions. A persistent memory contains configuration information. A volatile memory stores user and device identification information that remains valid only for a given session and is erased thereafter to prevent a future security breach. A tamper-evident enclosure surrounds the memory elements, which if breached, becomes readily apparent to the user.

70 Citations

View as Search Results

20 Claims

1. A peripheral device for enabling a user to commence a session with a network, comprising:
- a security device comprising;
  
  an immutable memory element that comprises first information including an application software that initiates a security operation;
  
  a persistent memory element that comprises second information to enable the security device to configure the peripheral device to access a different network;
  
  a volatile memory element that comprises third information, including data for authentication, where the third information is erased from the volatile memory at a completion of a connection session; and
  
  an enclosure for enclosing the immutable memory element, the persistent memory element, and the volatile memory element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The peripheral device of claim 1, wherein the security operation comprises an authentication of the security device upon a receipt of identification information from the security device.
  - 3. The peripheral device of claim 1, wherein the security operation comprises an authentication of the user to the network upon a receipt of identification information from the user.
  - 4. The peripheral device of claim 1, wherein the immutable memory comprises a private key for encrypting user identification information.
  - 5. The peripheral device of claim 1, wherein the immutable memory comprises a private key for encrypting security device identification information.
  - 6. The peripheral device of claim 1, wherein the immutable memory comprises a read-only memory.
  - 7. The peripheral device of claim 1, wherein the immutable memory comprises a write-once read-only memory.
  - 8. The peripheral device of claim 1, wherein the persistent memory comprises a complementary metal oxide semiconductor random access memory.
  - 9. The peripheral device of claim 1, wherein the persistent memory comprises a programmable read only memory.
  - 10. The peripheral device of claim 1, wherein the volatile memory comprises a random access memory.
  - 11. The peripheral device of claim 1, wherein the enclosure is a tamper-evident enclosure.
  - 12. The peripheral device of claim 11, wherein the tamper-evident enclosure exhibits an indication of any attempt to gain access to at least one of the memory elements enclosed therein.
  - 13. The peripheral device of claim 1, wherein the peripheral device comprises a computer terminal.
  - 14. The peripheral device of claim 1, wherein the peripheral device comprises a personal computer.
  - 15. The peripheral device of claim 1, wherein the peripheral device comprises a personal data assistant.
  - 16. The peripheral device of claim 1, wherein the network comprises a virtual private network.
  - 17. The peripheral device of claim 1, wherein the third information comprises a user password.
  - 18. The peripheral device of claim 1, wherein the third information comprises a session specific cryptographic key.
  - 19. The peripheral device of claim 1, wherein the security device comprises a network card that is coupled to the peripheral device.

20. A method for facilitating a connection session between a network peripheral device and a network, comprising:
- deploying a security device within the network peripheral device;
  
  accessing an immutable memory element within the security device that comprises first information including an application software that initiates a security operation;
  
  accessing a persistent memory element within the security device that comprises second information to enable the security device to configure the peripheral device to access a different network;
  
  accessing a volatile memory element within the security device that comprises third information, including data for authentication; and
  
  erasing the third information at a completion of a connection session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Corporation (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Hebrais, Philippe, Carrico, Sandra Lynn

Granted Patent

US 8,356,189 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/194
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 63/164   at the network layer

NETWORK SECURITY DEVICE AND METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

70 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

NETWORK SECURITY DEVICE AND METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others