Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
2006-05-02
2006-05-02
Wiley, David (Department: 2143)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S238000, C709S225000, C713S185000, C713S153000, C713S152000, C713S152000
Reexamination Certificate
active
07039713
ABSTRACT:
A policy agent of a network performs an out-of-band user authentication process to verify the identity of a user of a client computer and associates the network data received from the client computer with the user. When the client computer initiates a network data connection to or through the policy agent, the policy agent sends an encrypted challenge to the client computer. The challenge is encrypted with a private key of the policy agent. When the client computer receives the challenge, it decrypts the challenge and prepares a message digest value based on the challenge and the network data sent by the user. The message digest value is then encrypted with the private key of the user to form a response, and the response is sent to the policy agent. The policy agent decrypts the response with the public key of the user to obtain the message digest value and calculates a digest value based on the challenge and the received network data. The policy agent then compares the calculated digest value with the decrypted digest value. A match between the two digest values indicates that the user is successfully authenticated and that the received network data are associated with the user. The policy agent may then apply network policies based on the credentials of the authenticated user.
REFERENCES:
patent: 5684951 (1997-11-01), Goldman et al.
patent: 5724425 (1998-03-01), Chang et al.
patent: 5745573 (1998-04-01), Lipner et al.
patent: 5757916 (1998-05-01), MacDoran et al.
patent: 6052788 (2000-04-01), Wesinger et al.
patent: 6292892 (2001-09-01), Davis
patent: 6311218 (2001-10-01), Jain et al.
patent: 6510513 (2003-01-01), Danieli
patent: 6725276 (2004-04-01), Hardjono et al.
“Applied Cryptography” by Bruce Schneier, 2nd edition.
K. Egevang & P. Francis,RFC 1631: The IP Network Address Translator(NAT), May 1994, Available from http://www-bib.fh-bielefeld.de/epub/doc/idoc/rfc/rfc1600-1699/rfc1631.html.
M. St. Johns,RFC 931: Authentication Server, Jan. 1984, Available from http://www-bib.fh-bielefeld.de/epub/doc/idoc/rfc/rfc0900-0999/rfc931.html.
R. Rivest,RFC 1321: The MD5 Message Digest Algorithm, Apr. 1992, Available from http://www-bib.fh-bielefeld.de/epub/doc/idoc/rfc/rfc1300-1399/rfc1321.html.
Burton S. Kaliski Jr,An Overview of the PKCS Standards: An RSA Laboratories Technical Note, Nov. 1, 1993, Available from http://www.areane.com/doc/rsa/pkcs/overview.htm.
Van Gunter David
Waters Lester L.
Lee & Hayes PLLC
Microsoft Corporation
Shin Kyung H.
Wiley David
LandOfFree
System and method of user authentication for network... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method of user authentication for network..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method of user authentication for network... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3627982