IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 7992193 B1

PDFFull Text
Date of Patent:
Aug. 02, 2011

Filed:

Mar. 17, 2005

Method and apparatus to secure aaa protocol messages

Applicants:

Fabio Maino, Palo Alto, CA (US);

Michael Fine, San Francisco, CA (US);

Irene Kuffel, Napa, CA (US);

Arthur Zavalkovsky, Netanya, IL;

Inventors:

Fabio Maino, Palo Alto, CA (US);

Michael Fine, San Francisco, CA (US);

Irene Kuffel, Napa, CA (US);

Arthur Zavalkovsky, Netanya, IL;

Assignee:

Cisco Technology, Inc., San Jose, CA (US);

Attorney:

Hickman Palermo Truong & Becker LLP

Primary Examiner:

Hosuk Song

Assistant Examiner:

Suman Debnath

Int. Cl.
CPC ...
G06F 7/04 (2006.01); H04L 9/32 (2006.01); H04L 9/00 (2006.01);
U.S. Cl.
CPC ...
Abstract

A method and an apparatus are disclosed for securing authentication, authorization and accounting (AAA) protocol messages. An encryption key, a device identifier value, and verification data are received and stored at a network device. The verification data comprises in part a copy the encryption key and the device identifier value, and has been encrypted using a private key of a server. A shared secret is generated by applying a computational function to the encryption key and the device identifier value. Based on the shared secret, a first message integrity check value for a message is generated. The message, the first integrity check value, and the verification data are sent to the server. The server decrypts the verification data using the private key, extracts the encryption key and the device identifier value, and generates the same shared secret by applying the same computational function to the extracted encryption key and device identifier value. Based on this generated shared secret, a second message integrity check value is generated and compared to the received first message integrity check value.

Find Patent Forward Citations

Loading…