System, method and apparatus for authenticating and protecting an IP user-end device
First Claim
1. A method for authenticating and protecting an Internet Protocol (IP) user-end device comprising the steps of:
- providing a client-based security software resident on the IP user-end device;
authenticating the IP user-end device using the client-based security software and a network security node communicably coupled to the IP user-end device;
in response to successfully authenticating the IP user-end device, authenticating a user of the IP user-end device whenever a trigger condition occurs using an in-band channel between the client-based security software and the network security node, wherein the step of authenticating the user of the IP user-end device comprises the steps of;
initiating a authenticating call from the network security node to the IP user-end device;
in response to the authenticating call being answered at the IP user-end device, sending a request for a passcode to the IP user-end device, wherein the request prompts the user of the IP user-end device to enter a passcode;
sending to the IP user-end device a message to disable the IP user-end device when the passcode is invalid; and
after determining whether the passcode is valid or invalid, terminating the authenticating call; and
protecting the IP user-end device by;
(a) screening incoming IP traffic to the IP user-end device using the client-based security software, and (b) detecting an attack or a threat involving the IP user-end device using the network security node.
22 Assignments
0 Petitions
Accused Products
Abstract
A system, method and apparatus authenticates and protects an Internet Protocol (IP) user-end device by providing a client-based security software resident on the IP user-end device, authenticating the IP user-end device using the client-based security software and a network security node communicably coupled to the IP user-end device, authenticating a user of the IP user-end device whenever a trigger condition occurs using an in-band channel between the client-based security software and the network security node, and protecting the IP user-end device by: (a) screening incoming IP traffic to the IP user-end device using the client-based security software, and (b) detecting an attack or a threat involving the IP user-end device using the network security node.
-
Citations
22 Claims
-
1. A method for authenticating and protecting an Internet Protocol (IP) user-end device comprising the steps of:
-
providing a client-based security software resident on the IP user-end device; authenticating the IP user-end device using the client-based security software and a network security node communicably coupled to the IP user-end device; in response to successfully authenticating the IP user-end device, authenticating a user of the IP user-end device whenever a trigger condition occurs using an in-band channel between the client-based security software and the network security node, wherein the step of authenticating the user of the IP user-end device comprises the steps of; initiating a authenticating call from the network security node to the IP user-end device; in response to the authenticating call being answered at the IP user-end device, sending a request for a passcode to the IP user-end device, wherein the request prompts the user of the IP user-end device to enter a passcode; sending to the IP user-end device a message to disable the IP user-end device when the passcode is invalid; and after determining whether the passcode is valid or invalid, terminating the authenticating call; and protecting the IP user-end device by;
(a) screening incoming IP traffic to the IP user-end device using the client-based security software, and (b) detecting an attack or a threat involving the IP user-end device using the network security node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus for authenticating and protecting an Internet Protocol (IP) user-end device comprising:
-
a communications interface; a memory; and a processor communicably coupled to the communications interface and the memory wherein the processor is configured to run a client-based security software resident on the IP user-end device; wherein the client-based security software and a network security node are communicably coupled to the IP user-end device and are operable to;
(a) authenticate the IP user-end device, and (b) in response to successfully authenticating the IP user-end device, authenticate a user of the IP user-end device whenever a trigger condition occurs using an in-band channel between the client-based security software and the network security node, wherein the step of authenticating the user of the IP user-end device comprises the steps of;initiating a authenticating call from the network security node to the IP user-end device; in response to the authenticating call being answered at the IP user-end device, sending a request for a passcode to the IP user-end device, wherein the request prompts the user of the IP user-end device to enter a passcode; sending to the IP user-end device a message to disable the IP user-end device when the passcode is invalid; and after determining whether the passcode is valid or invalid, terminating the authenticating call; wherein client-based security software protects the IP user-end device by screening incoming IP traffic to the IP user-end device; and wherein the network security node protects the IP user-end device by detecting an attack or a threat involving the IP user-end device.
-
-
20. A system comprising:
-
one or more Internet Protocol (IP) user-end devices, each IP end-user device comprising a first communications interface, a first memory, and a first processor communicably coupled to the first communications interface and the first memory wherein the first processor is configured to run a client-based security software resident on the IP user-end device; a network security node comprising a second communications interface, a second memory, and a second processor communicably coupled to the second communications interface and the second memory; an IP network communicably coupling the one or more IP user-end devices to the network security node; wherein the client-based security software and the network security node;
(a) authenticate the IP user-end device, and (b) in response to successfully authenticating the IP user-end device, authenticate a user of the IP user-end device whenever a trigger condition occurs using an in-band channel between the client-based security software and the network security node, wherein the step of authenticating the user of the IP user-end device comprises the steps of;initiating a authenticating call from the network security node to the IP user-end device; in response to the authenticating call being answered at the IP user-end device, sending a request for a passcode to the IP user-end device, wherein the request prompts the user of the IP user-end device to enter a passcode; sending to the IP user-end device a message to disable the IP user-end device when the passcode is invalid; and after determining whether the passcode is valid or invalid, terminating the authenticating call; wherein client-based security software protects the IP user-end device by screening incoming IP traffic to the IP user-end device; and wherein the network security node protects the IP user-end device by detecting an attack or a threat involving the IP user-end device. - View Dependent Claims (21, 22)
-
Specification