Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-09-30
2001-12-04
Hua, Ly V. (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C713S152000
Reexamination Certificate
active
06327662
ABSTRACT:
TECHNICAL FIELD
The present invention generally pertains to the field of computer networking. More particularly, the present invention is related to and intermediate device representing clients to a central site.
BACKGROUND ART
Computers have become an integral tool used in a wide variety of different applications, such as in finance and commercial transactions, computer-aided design and manufacturing, health-care, telecommunication, education, etc. Computers are finding new applications as a result of advances in hardware technology and rapid development in software technology. Furthermore, a computer system's functionality is dramatically enhanced by coupling stand-alone computers together to form a computer network. In a computer network, users may readily exchange files, share information stored on a common database, pool resources, and communicate via e-mail and via video teleconferencing.
Computer networks can be arranged in numerous configurations comprising a variety of network types. Some of the most popular types of networks comprise Ethernet (coaxial cable or twisted-pair cable), token ring, Fiber Distributed Data Interface (FDDI), Frame Relay, Integrated Services Digital Network (ISDN), X.25, Synchronous Data Link Control (SDLC). Typically, these networks are arranged in local area networks (LANs) and wide area networks (WANs). Usually, LANs are distinguished from WANs based upon the geographical area they cover and sometimes the number of users connected to the network. For example, a group of personal computers (PCs) in a home or single business site (location) usually communicate with each other over a LAN. Groups of PCs disposed remote from one another, such as those in different homes, different companies, or different branch offices of the same company, typically communicate with each other over a WAN.
There has been an immense increase in the number of separate networks and the number of users communicating over these various networks. This growth has resulted in a tremendous need for connectivity capacity and the ability to accurately transmit information to an address corresponding to a particular PC or “client”. One approach that effectively expands address capacity is to provide address translation through a Network Address Translator (NAT).
Typically, a NAT is associated with a primary LAN and facilitates the transmission of communication from the primary LAN to a central site (e.g. a Remote Access Server (RAS) at an Internet Service Provider (ISP)). Specifically, the NAT allows several clients to share a common single connection to an ISP, thereby reducing the number of connections necessary to couple the numerous clients in the LAN to the ISP. Additionally, by allowing the numerous clients of the LAN to access the ISP over a single common connection, the NAT reduces the costs associated with coupling the numerous clients to the ISP. More specifically, instead of paying for a separate and distinct ISP account for each client in the LAN, only a single account (to connect the NAT to the ISP) need be purchased. Also, only a single globally routable Internet Protocol (IP) address is needed to be assigned by the RAS.
In operation, a conventional NAT translates a primary LAN address for a client to another network address associated with the NAT. A NAT performs an address translation by mapping an address of the primary LAN to an address in another network. For example, a user on a PC attached to a LAN may have a particular LAN address but that LAN address would not necessarily be valid if the user tried to utilize the LAN address as an Internet Protocol (IP) source address when communicating with an ISP over a WAN. Thus, one function a NAT typically provides is translation between a local LAN address (e.g. a local IP address) and a WAN address (e.g., an ISP designated source IP address). It will be understood that the primary LAN address for a client on the LAN does not typically change. On the other hand, a temporary IP source address provided by an ISP will, typically, change from session to session. There are numerous well-known NAT mapping techniques including static, dynamic, masquerading, etc. which are utilized in differing situations to meet a variety of design criteria.
Although conventional NATs have several advantages associated therewith, conventional prior art NATs also have significant drawbacks associated therewith. As an example, a particular client may seek to establish a link to, for example, a Remote Access Server (RAS). Alternatively, the NAT automatically establishes such a link when the user attempts to access a non-local internet site. In such cases, the NAT device interacts (i.e. establishes a link) with the RAS on behalf of the client. However, many RASs may require client authentication. Such a request for client authentication will be received by the NAT, but can only be properly responded to by the client or a user thereof. Hence, the NAT must, in some manner, communicate the received request for authentication to the appropriate client. Many conventional NATs are simply unable to convey such a request for authentication to the appropriate client. As a result, the RAS will not communicate with the NAT and, in turn, the client.
In one prior art attempt to solve this problem, each client on the LAN which is coupled to the NAT has a special application (e.g. a Terminate-and-Stay-Resident program) installed thereon. This prior art approach has several substantial disadvantages. First, a unique version of the special application must be written and installed for each client environment (i.e. the operating system of the client). That is, one version of the special application must be written for and installed on clients running, for example, Windows NT™. Another version of the special application must be written for and installed on clients running, for example, Windows 95™. Still another version of the special application must be written for and installed on clients running, for example, Windows 98™, and so on. This requirement is costly and time-consuming. Furthermore, the clients must be monitored and a new version of the special application must be installed thereon if the client environment changes (e.g. a client environment of Windows 95™ is updated to Windows 98™, and so on).
Finally, the requirement to monitor the client environment and install (and update) various versions of the special application demands extensive user intervention and also demands a level of sophistication which is beyond the scope of the ordinary consumer.
Thus, a need exists for a method and system for providing security during use of an intermediate device wherein the method and system allows a user of a client to be prompted for authentication information. A further need exists for a method and system which meets the above-listed need and which is independent of the operating system environment of the client to be authenticated. Yet another need exits for a method and system which meets the above listed needs and which does not require extensive consumer intervention or consumer sophistication.
DISCLOSURE OF THE INVENTION
The present invention provides a method and system for providing security during use of an intermediate device wherein the method and system allows a user of a client to be prompted for authentication information. The present invention also provides a method and system which meets the above-listed need and which is independent of the operating system environment of the client to be authenticated. The present invention further provides a method and system which meets the above listed needs and which does not require extensive consumer intervention or consumer sophistication.
Specifically, in one embodiment, an intermediate device includes memory. The memory of the intermediate device is adapted to a store a deliverable security applet. Additionally, the intermediate device is configured to download the deliverable security applet to a desired location. The present embodiment also includes a client which is coupled to the intermed
3Com Corporation
Hua Ly V.
Wagner , Murabito & Hao LLP
LandOfFree
Security through the use of tokens and automatically... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security through the use of tokens and automatically..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security through the use of tokens and automatically... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2596982