Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-04-01
2001-09-04
Sheikh, Ayaz (Department: 2155)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S155000, C713S168000, C375S222000, C375S223000
Reexamination Certificate
active
06286105
ABSTRACT:
BACKGROUND OF THE INVENTION
1. The Field of the Invention
This invention relates to access control between two or more network elements. More particularly, this invention relates to enforcing access privileges between interacting modems employing a defined protocol standard.
2. Present State of the Art
Traditional security and communication systems have employed a full spectrum of techniques from very simplistic techniques to extremely sophisticated and secure cryptographic methods. Many applications require stringent security measures for the protection of information traveling across the communication channel.
However, other communication channels may rely upon more simplistic techniques for preventing or at least greatly inhibiting unauthorized access to information on either end of a communication channel.
Traditional information security has generally been provided through the use of authentication and cryptographic information at a high level in a protocol communication stack. For example, authentication and access control are generally controlled at an application level where a communication channel has been established and the respective entities of the communication channel are interacting using an established communication protocol. Modern sophisticated communication protocols often utilize an extensive interactive process for establishing and refining a communication channel to enhance the data rate between the respective entities, namely modems. Access control is thereafter established at a higher protocol level. In thus allowing the respective entities of a communication channel to establish a link between the two entities for the purpose of verifying and authenticating the respective entities, the communication channel entities have in an unlimited respect opened themselves and made access available to the unauthenticated party. Furthermore, such an access evaluation process is generally performed, as discussed above, at a higher application level requiring a significant amount of processing and preparatory work to be performed by the various communication channel entities.
Thus, what is needed is a method of implementing security to enforce access privileges between communication channel entities, such as a calling modem, and an answering modem at a lower level in a protocol communication stack that does not introduce a substantial exposure to the entities by establishing higher level communication channels prior to enforcing, or alternatively restricting, the access of one entity to the other. Thus, it appears that there exists no present technique for providing a low level method of implementing security, such as link level security, to enforce access privileges between a calling modem and an answering modem over a communication channel. Therefore, a need exists for providing such a method wherein access control may be performed at a lower and more introductory phase of the establishment of a communication channel.
SUMMARY AND OBJECTS OF THE INVENTION
It is an object of the present invention to provide a method of implementing link level security to enforce access privileges between a calling modem and an answering modem over a communication channel during a communication session.
Another object of the present invention is to provide a method and architecture for enabling a security administrator to preload access control information into an initiating entity such as a calling modem hereby enforcing access privileges without requiring the exchange of the actual values enforcing the access control over the communication channel during a link establishment process.
A still further object of the present invention is to provide a method for enforcing access privileges between the entities of a communication channel such as a calling modem and an answering modem by preventing the two from physically exchanging discernable data information when the access privileges are not compatible.
Yet another object of the present invention is to provide a method of physically inhibiting the discernability of data information between entities lacking compatible access privileges.
Additional objects and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objects and advantages of the invention may be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. To achieve the foregoing objects, and in accordance with the invention as embodied and broadly described herein, a method for implementing link level security to enforce access privileges between a calling modem and an answering modem over a communication channel during a communication session is provided. The purpose of the present invention is to enforce access privileges at a lower level in a communication protocol stack, such as at a link level, thereby foregoing the establishment of a communication channel between entities when the access privileges associated therebetween are incompatible.
The present invention provides for a feature within a communicating device, such as a modem, that provides some security in a link level environment which may, alternatively, be activated through the use of a password known to the user and stored within the calling modem. The present invention is implemented, in one embodiment, by the installation of a password that is encoded and saved within the calling modem, the installation of which may be performed by a system administrator. When a calling modem attempts to contact an answering modem to establish a communication channel to facilitate a communication session through which data may be exchanged, the modems begin to establish a communication channel through traditional like-protocol mechanisms. In the preferred embodiment, a V.34 protocol invokes various phases during the generation and establishment of a communication channel. In the preferred embodiment, the calling modem queries a user for the necessary password for implementing an access controlled communication channel. The calling modem receives from the user a password and verifies the correctness of the password and thereafter engages security substeps in the establishment of the communication channel.
The V.34 communication protocol commences with a negotiating phase to determine and establish the optimized conditions for the physical layer between the calling and answering modems. The negotiating and handshaking process in the preferred embodiment takes the form of a phase 2 INFO sequences. Alternatively, V.8 handshaking sequences may be used. In the phase 2 handshaking start up procedure, the calling modem selects a subset of descriptors identifying individual modulation modifying polynomials, also known as scramblers, utilized by the V.34 protocol. The set of descriptors as well as the individual polynomials describing the scramblers are initially loaded into the calling modem by a security administrator thereby configuring the calling modem. Those skilled in the art of communication protocols, such as V.34, appreciate that the V.34 specification employs a standard polynomial for the generation of a standard scrambler for use during a non-secure communication session. In the present invention, non-standard polynomials and non-standard scramblers are derived and implemented for compatible communication between the calling modem and the answering modem during an access controlled communication session.
Upon the receipt of the descriptors for the corresponding scramblers as selected by the calling modem, the answering modem verifies that the descriptors comprise a subset of the security scramblers assigned to the calling modem. Upon the completion of the verification of the descriptors as sent by the calling modem, the answering modem requests another specific descriptor describing a secure scrambler, and requests the calling modem utilize this descriptor in selecting a specific security scrambler for use in the remainder of the trai
Brown Brady V.
Gustafson Ammon E.
Morley Kenneth S.
3Com Corporation
Backer Firmin
Sheikh Ayaz
Workman & Nydegger & Seeley
LandOfFree
Method for implementing link-level security to enforce... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for implementing link-level security to enforce..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for implementing link-level security to enforce... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2436242