Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network access regulating
Reexamination Certificate
1998-10-08
2001-04-03
Vu, Viet D. (Department: 2758)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network access regulating
C709S217000, C709S223000, C713S152000
Reexamination Certificate
active
06212561
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to securing user domain access in a computer network. More particularly, the present invention relates to forcing a network computer user to terminate all then existing domain connections before proceeding with a connection to a secured domain requiring sequential only access.
2. The Background
A significant concern of the individual private and public domains making up the Internet or any other system incorporating multiple networks is the ability to insure that only those users who are authorized to access the individual private and public domains within the comprehensive network have the capability to access such networks. Serious security risks are posed by the possibility of unauthorized users having the know-how and capability to invade the individual private and public domains within the network.
In today's networking environment, many privately owned domain sites exist on the Internet which allow access only to those individuals which have been granted the proper authorization. For example, these may include company owned private domains containing confidential information and, as such, the company may grant access only to those employed by the company, or they may be communities of interest (i.e. “pay-sites”) which provide information only to those users which subscribe to the privately owned domain. The user who connects to the Internet, typically by means of an Internet Service Provider (ISP) or Telephone Company (Telco), may also possess the capability to make numerous concurrent connections to these privately owned and “secure” domain sites. While these simultaneous connections add to user efficiency, they do so at the cost of heightening the potential for security violations.
Additionally, it is becoming increasingly more prevalent for individual computer users to have the capability to remotely access privately owned intra networks. This type of access allows the user to connect with the private intra network of the company from the user's residence by means of the telephone line or other convenient means. The inception of wireless remote connections have even made it possible for users to connect from almost any imaginable locale. The ability to connect remotely to individual private intra networks, once seen as a luxury, has become so commonplace that many working professionals require such access in order to accomplish their everyday job assignments. In many instances, remote users connect to privately owned intra networks through the same means that individuals connect to the Internet, typically Telcos or ISPs. This allows the remote user to concurrently connect with any number of authorized private intra networks, as well as the various public and private domains of the Internet. While these simultaneous connections are efficient to the user, they also pose the potential for serious security violations.
FIG. 1
shows a simplified diagram of a computer user connected to a computer network
10
via a host computer
12
linked to an access point
14
which grants authorization to external networks or domains
16
,
18
and
20
. The potential for a network security violation is posed by the user having the required authorization and capability through the access point
14
to connect with the various domains
16
,
18
and
20
simultaneously. The user has access to the computer networks through a work station or host computer
12
. The host computer
12
has the capability to connect with the external networks through an access point
14
. An access point
14
is essentially an external location capable of permitting authorized users to access external computer networks, typically the access point consists of a series of Network Access Servers (NASs) and other related hardware, software and/or firmware. An access point
14
may also include a modem pool (not shown) maintained by a Telephone Company (Telco) or an Internet Service Provider (ISP) which enables its authorized users or subscribers to obtain external network access through the host computer
12
which has the required dial-up connection capability. Those of ordinary skill in the art will recognize that other types of access methods may be provided by a Telcos or ISP such as frame relay, leased lines, ATM (Asynchronous Transfer Mode), ADSL (Asymmetric Digital Subscriber Line) and the like.
Typically, when the user desires to access a specified domain, such as the first privately owned secured domain site
16
the user runs a network logon application program on the host computer
12
which requires the user to input user identification and authorization information as a means of initiating access to the desired network. This information is then directed to the access point
14
where it is verified to insure that the host user has the required authorization to permit access to the desired network. Once authorization is granted to the user a connection is established via the access point
14
with the home gate
22
of the specified first privately owned secure domain site
16
. The connection established may be a tunnel-based connections, such as L2TP (Layer Two Tunneling Protocol) or L2F (Layer Two Forwarding) or an IP-based (Internet Protocol) connection, such as used with ATM or frame relay. The user of the host computer
12
, having established such a connection, has the ongoing capability to access the specified domain until the connection is terminated either at the directive of the user or by error in data transmission. The access point
14
will typically have the capability to connect the user to various other privately owned secured domain sites, such as the second private domain site
18
or the public Internet
20
. This key function of the access point
14
allows the host computer
12
to access other privately owned secured domain sites, private intra networks or the public domains of the Internet concurrently while the initial connection to the first specified private domain site
16
connection remains open. However, while simultaneous dual usage of specified domains can be a useful advantage in terms of data transfer and efficiency, it can also open up unlimited possibilities for potential security violations.
For example,
FIG. 2
illustrates the scenario which may present itself where the computer user is a consultant employed by two competing companies; company X the owner of a first privately owned secured domain site
30
and company Y the owner of a second privately owned secured domain site
32
. The consultant, as a means of carrying out his services, has been granted authorized remote access to both privately owned secured domain sites
30
,
32
. The consultant/user's host computer
34
remotely connects to these two privately owned secured domain sites
30
,
32
through an access point
36
, typically an ISP or Telco. The consultant/user thereby has the capability to access the two privately owned secured domain sites concurrently. The consultant/user first initiates a log-on session through an application program to gain authorized access to Company X's privately owned secured domain site
30
. The authorization data, typically a user name and password, is then transmitted to the access point
36
where it is verified for authorization. Once authorization has taken place, an L2TP tunnel
38
is created between the access point
36
and the home gate
40
of Company X's privately owned secured domain site
30
. While the tunnel connection to Company X's privately owned secured domain site
30
remains open, the consultant/user may have the desire to open a connection to Company Y's privately owned secured domain site
32
. This connection is initiated in the same fashion as the first connection, an application program allows for log-on, authorization data is transmitted and verified at the access point
36
and an L2TP tunnel
42
connection is created between the access point
36
and the home gate
44
of Company Y's privately owned secured doma
Lou Shuxian
Sitaraman Aravind
Zhang Shujin
Cisco Technology Inc.
D'Alessandro & Ritchie
Vu Viet D.
LandOfFree
Forced sequential access to specified domains in a computer... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Forced sequential access to specified domains in a computer..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Forced sequential access to specified domains in a computer... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2551443