Public key generation utilizing media access control address

US 9,270,454 B2
Filed: 08/31/2012
Issued: 02/23/2016
Est. Priority Date: 08/31/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory, storing a set of instructions; and

a processor, to execute the stored set of instructions, to;

in a registration process of a user device in a network, generate a public/private key pair based on a media access control (MAC) address of the user device;

transmit the generated public/private key pair to the user device;

receive from the user device the generated public key and a user device digital signature, the user device requesting access to a network;

verify if the digital signature is valid;

determine the MAC address from a certificate extension of the public key;

compare the determined MAC address with a MAC address of the user device requesting network access; and

provide network access to the user device if the MAC address determined from the certificate extension is the same as the MAC address of the device requesting access to the network and if the digital signature is verified as valid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, in a registration process where a user device is registering for access to a network, a public/private key pair may be generated based on a media access control (MAC) address of a user device. The generated public/private key pair may be transmitted to the user device for future access to the network. In some embodiments, where a user device is requesting access to a network, a MAC address embedded in a public key may be utilized to determine whether access to the network should be granted.

21 Citations

View as Search Results

15 Claims

1. An apparatus comprising:
- a memory, storing a set of instructions; and
  
  a processor, to execute the stored set of instructions, to;
  
  in a registration process of a user device in a network, generate a public/private key pair based on a media access control (MAC) address of the user device;
  
  transmit the generated public/private key pair to the user device;
  
  receive from the user device the generated public key and a user device digital signature, the user device requesting access to a network;
  
  verify if the digital signature is valid;
  
  determine the MAC address from a certificate extension of the public key;
  
  compare the determined MAC address with a MAC address of the user device requesting network access; and
  
  provide network access to the user device if the MAC address determined from the certificate extension is the same as the MAC address of the device requesting access to the network and if the digital signature is verified as valid.
- View Dependent Claims (2, 3, 4)
- - 2. The apparatus of claim 1, wherein the processor is further to transmit, to the user device, an agent for installation on the user device.
  - 3. The apparatus of claim 2, wherein the agent, when installed on the user device, is to facilitate communication between the apparatus and the user device.
  - 4. The apparatus of claim 1, wherein the processor is further to provide the MAC address of the user device to a storage device for storage.

5. A method of managing access to a network, the method comprising:
- implementing a media access control based authentication operation in determining whether to grant a user device of a user access to the network;
  
  enabling the user to self-register the user device into a database of authorized users to access the network in response to the user being denied access to the network through the MAC based authentication operation and being listed as a valid user in a directory of active network users;
  
  receiving a MAC address of the user device;
  
  generating a public/private key pair for the user, the MAC address of the user device being embedded in the public certificate extension; and
  
  transmitting the generated public/private key pair to the user device.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The method of claim 5, further comprising:
    - storing the MAC address in association with the user, in a storage.
  - 7. The method of claim 5, further comprising:
    - setting a re-verification timer based on information associated with the user device in the database of authorized users.
  - 8. The method of claim 7, further comprising:
    - determining the re-verification timer has timed out; and
      
      initiating a re-verification process to re-verify the user of the user device.
  - 9. The method of claim 8, wherein the re-verification process includes:
    - requesting reverification of the user at the user device for access to the network;
      
      receiving a response to the request from the user device including a digital signature of the user and the public key; and
      
      determining the digital signature is valid;
      
      determining the MAC address embedded in the certificate extension of the public key;
      
      comparing the determined MAC address from certificate extension with the MAC address of the user device requesting access to the network;
      
      providing access to the user device if the determined MAC address from the certificate extension is the same as the MAC address of the user device requesting access to the network and the digital signature is valid; and
      
      resetting the re-verification timer.

10. A non-transitory computer readable storage medium on which is embedded a computer program, said computer program implementing a method, said computer program comprising computer readable code to:
- receive, from a user device requesting access to a network, a public key and a digital signature, the public key including a media access control (MAC) address;
  
  verify if the digital signature is valid;
  
  determine the MAC address from the public key;
  
  compare the determined MAC address with a MAC address of the user device requesting access to the network; and
  
  provide network access to the user device if the MAC address determined from the public key is the same as the MAC address of the user device requesting access to the network and if the digital signature is valid.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The non-transitory computer readable storage medium of claim 10, the computer readable code to further:
    - in a self-registration process of a user device in a network, generate a public/private key pair based on the media access control (MAC) address of the user device;
      
      transmit the generated public/private key pair to the user device, wherein the public/private key is to facilitate network access by the user device; and
      
      provide the MAC address of the user device, associated with the user, to a storage device.
  - 12. The non-transitory computer readable storage medium of claim 10, the computer readable code to further:
    - set a re-verification timer based on information associated with the user device in the database of authorized users.
  - 13. The non-transitory computer readable storage medium of claim 12, the computer readable code to further:
    - determine the re-verification timer has timed out; and
      
      initiate a re-verification process to re-verify the user of the user device.
  - 14. The non-transitory computer readable storage medium of claim 13, the computer readable code to further:
    - transmit to the user device a request for user credentials;
      
      receive a response to the request, the response including user credentials including a digital signature and the public key;
      
      determine the MAC address from the public key;
      
      compare the determined MAC address with the MAC address of the user device reverifying;
      
      if the MAC address from the public key and the MAC address of the user device reverifying match, continue to provide access to the network;
      
      if the received credentials do not match the credentials stored in the database of authorized users, deny access to the network; and
      
      reset the re-verification timer.
  - 15. The non-transitory computer readable storage medium of claim 10, the computer readable code to further:
    - extract a subject name from public key;
      
      compare the extracted subject name with a user name associated with the MAC address;
      
      deny access of the names do not match based on the comparison; and
      
      grant access if the names match based on the comparison.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Maruti, Kamat, Black, Chuck A
Primary Examiner(s)
Lim, Krisna

Application Number

US13/600,318
Publication Number

US 20140068252A1
Time in Patent Office

1,271 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 9/0866   involving user or device id...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Public key generation utilizing media access control address

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Public key generation utilizing media access control address

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links