Token based two factor authentication and virtual private networking system for network management and security and online third party multiple network management method

Abstract

A two-factor network authentication system uses “something you know” in the form of a password / Pin and “something you have” in the form of a key token. The password is encrypted in a secure area of the USB device and is protected from brute force attacks. The key token includes authentication credentials. Users cannot authenticate without the key token. Four distinct authentication elements that the must be present. The first element is a global unique identifier that is unique to each key. The second is a private credential generated from the online service provider that is stored in a secure area of the USB device. The third element is a connection profile that is generated from the online service provider. The fourth element is a credential that is securely stored with the online service provider. The first two elements create a unique user identity. The second two elements create mutual authentication.

Description

RELATED APPLICATIONS [0001] The present application is a Continuation-in-Part of U.S. patent application Ser. No. 11 / 071,071, filed Mar. 3, 2005 and which published on Apr. 6, 2006 bearing publication number 2006-0072527. U.S. patent application Ser. No. 11 / 071,071 and related international application serial number PCT / US05 / 06927, which published as publication number WO 2005 / -00725527 claim the benefit of U.S. Provisional Patent Application Ser. No. 60 / 549,959 entitled “SECURE AUTHENTICATION AND NETWORK MANAGEMENT SYSTEM FOR WIRELESS LAN APPLICATIONS” filed Mar. 4, 2004. The above identified publication numbers 2006-0072527 and WO 2005 / 89120 incorporated herein by reference in their entirety.BACKGROUND OF THE INVENTION [0002] 1. Field of the Invention [0003] The present invention relates to a user authentication system for network security and management, and more particularly, to a token based two factor authentication and virtual private networking system for third party network...

AI Technical Summary

Benefits of technology

[0023] A further possible additional function of the physical, plug in authenticating key is the incorporation of separate functionality such as network protection software, e.g. anti-virus, anti-spam, and anti-spyware software, on an individual's key. The key may simply check the user's computer to see if the required software, and updates, are present and then, if the user is not current (up to date with the most recent protection software), the management platform could quarantine the users device and force the updates onto the user's computer, essentially without the need for user intervention. The updated software may come directly from the key, or the key may be used only to verify the presence of the required software and the management platform actually send the updates to the subject machine. Either implementation results in a self-healing network. Almost any software application may be incorporated onto the key allowing the key to have separate functionality, such as a USB port flash drive. The present invention provides an efficient and effective tool for protecting the integrity and the health of a given network, and series of networks.

Problems solved by technology

Establishing and protecting identity is an increasing challenge and burden to both consumers and suppliers of goods or services.

While identity verification and protection is a widespread issue for all networks, the identity challenges on the Internet are most prominent as “online identity” (meaning identity over the internet) is inherently problematic.

However, higher security alone is not a complete solution.

Security solutions that are not accepted by users and used are ineffective.

Identity standards have not kept pace with changing needs and threats, which is putting online commerce and communication at risk to increasing vulnerability.

This problem will only grow worse as the Internet is increasingly used as the delivery platform for media content and services.

The common form of user authentication today, usernames and passwords, is weak and cumbersome (weak authentication as noted above).

The security weakness of usernames and passwords is well documented and as Microsoft's Bill Gates describes the situation, “Today, we're using password systems, and password systems simply won't cut it; in fact, they're very quickly becoming the weak link”.

With online services proliferating, the burden of remembering which combination was used for each application becomes problematic.

From an end user standpoint, there is growing frustration with the increasing threat of exposure of their personal data and finances and the increasing variety of systems they must interact with to protect themselves.

Some enterprise organizations have implemented strong authentication, including two-factor authentication utilizing Virtual Private Network (VPN) solutions, but these solutions were complex and produce end-user confusion and frustration.

Employees have tolerated difficult authentication solutions because they have few options.

Expensive enterprise in-house network authentication solutions requiring complicated installation and user inconvenience cannot simply be thrown over the wall to consumers and expect acceptance.

Images