DESC:FIELD OF THE INVENTION

The present disclosure relates to the field of network security. More particularly, the present disclosure relates to a method for enhancing the security of communications between network devices and implanting access control mechanism which are vital for protecting and enhancing the security of network devices communications. The present disclosure addresses critical vulnerabilities in an existing system by implementing an advanced security protocol that adapt to evolving cyber threats, thereby enhancing overall network resilience.

BACKGROUND OF THE INVENTION

As organizations increasingly depend on an interconnected systems and devices, safeguarding sensitive data from an unauthorized access has become paramount. The rapid growth of cyber threats necessitates effective strategies for securing the network device communications and enforcing rigorous access controls for protecting the organizational assets from the potential cyber threats, ensuring the integrity and confidentiality of the sensitive information.

Traditional network security methods typically use a Media Access Control (MAC) address filtering for device authentication. In the known traditional methods, a network access device, such as a router, checks the MAC address of the connecting device against a predefined list of allowed or denied addresses. If the MAC address is on the allowed list, the device is granted access. Otherwise, if the MAC address is on the denied list, the access is refused. While the traditional method is straightforward, it has certain vulnerabilities, most notably susceptibility to the MAC address spoofing where a malicious entity can mimic an approved MAC address and can gain unauthorized access to the network.

Additionally, the traditional method usually involves manual updating of the MAC address list which can be cumbersome and prone to human error, particularly in larger, more complex network environments. Moreover, in the conventional system, the MAC addresses are usually transmitted in an unencrypted form, making them susceptible to interception during transmission, thereby adding another security vulnerability.

In order to overcome the above, the present disclosure provides a system and a method which relates to a pair locking mechanism for the network devices. The disclosed method also enhances the network security while streamlining the management of the network device access.

SUMMARY AND OBJECTS OF THE INVENTION

The present disclosure relates to a method and system for enhancing a network security and improving a device authentication through a pair locking mechanism. The method utilizes an encrypted Media Access Control (MAC) address in conjunction with an automated whitelist management to ensure secure communication between the network devices. The pair-locking serves as an essential security measure for the networked devices, particularly in the environment where a data protection is paramount. By establishing a trusted relationship through a user confirmation and a cryptographic key exchange, the pair-locking helps safeguard the sensitive information from an unauthorized access.

The MAC address is a unique identifier assigned to a network interface controller which uses a network address in communications within a network segment.

The whitelisting is a cybersecurity strategy that approves a list of IP addresses, domain names and executable files that are permitted to run on a network, while denying the others. Whitelisting is used to safeguard computers and networks from potentially harmful threats on local networks or across the internet.

One of the objects of the present disclosure is to provide a method involving the use of an encrypted Media Access Control (MAC) address in the process of a device authentication, with a focus on secure transmission, automated whitelisting, and subsequent unlocking of internet access.

Another object of the present disclosure is enhancing the robustness of device authentication processes and mitigates common security vulnerabilities associated with the traditional MAC address filtering.

Yet another object of the present disclosure is to provide a method which is applicable in a broad range of network environments where a secure and reliable device authentication is required, including, but not limited to, internet service providers, enterprise networks, and residential internet setups.

Accordingly, one aspect of the present disclosure relates to a method for pair locking of network devices, the method comprising the steps of: establishing a pair-locking mechanism between at least two networking devices, including a primary device and a secondary device, connected through a wired connection; broadcasting an encrypted Media Access Control (MAC) address from the primary device over a TCP/IP port utilizing a TCP/TLS protocol; transmitting the encrypted MAC address from the secondary device to the primary device; decrypting the received encrypted MAC address at the primary device; checking the decrypted MAC address against the predefined whitelist stored in the primary device; automatically adding the MAC address to the whitelist; granting network access to the secondary device.

The step of transmitting includes transmitting the encrypted MAC address from the secondary device to the primary device to ensure secure transmission of the MAC address.

The step of adding includes automatically adding the MAC address to the predefined whitelist by primary device if the MAC address is not already on the whitelist.

The step of granting network access includes granting network access to the secondary device upon successful authentication of its MAC address, thereby unlocking internet access for the secondary device.

Another aspect of the present disclosure relates to a system for pair locking of network devices, the system comprising: a primary device configured to broadcast an encrypted MAC address over a TCP/IP port; a secondary device configured to securely transmit its MAC address in an encrypted form to the primary device; a TCP/TLS port is a transport layer security protocol that provides an additional layer of security on the top of the TCP/IP port; a decryption module within the primary device for decrypting the received MAC address; a whitelist management package within the primary device for maintaining a list of authorized MAC addresses.

The networking devices includes the primary device and the secondary device that allows network to communicate and interact with one another.

The secondary device encrypts and sends its WAN MAC to the primary device in a secured way which is decrypted at the end of the primary device.

The primary device includes an automated process for adding new MAC addresses to the whitelist upon successful decryption and verification.

The whitelist management system includes an embedded whitelist package that permits or denies access to the primary device based on the verification results, ensuring that only authenticated devices with the MAC addresses listed in the whitelist access the sensitive data. The whitelist package is embedded with auto whitelist package that allows for the automatic modification or addition of the MAC addresses to the whitelist, thereby maintaining an up-to-date list of authorized devices ensuring data safety.

The present disclosure offers a robust solution to the common vulnerabilities associated with traditional MAC address filtering methods and represents a significant advancement in the field of network security.

The pair-locking creates a secure pairing model that requires user interaction to establish a trust between the network devices. The trust is established through a series of cryptographic exchanges, including the sharing of a public key, which facilitates an encrypted communication. The primary goals of the pair-locking mechanism are to prevent the unauthorized access of the network device by requiring a user confirmation for pairing and ensuring that the sensitive data can only be accessed by a trusted host, thus reducing the risk of data breaches. More particularly, the present disclosure provides a system and a method for advancement in network security to authenticate the network devices by combining an encrypted MAC address and automated whitelist management. This approach not only mitigates the risk associated with the MAC address spoofing and interception but also simplifies the process of the MAC address list management, making it more secure and efficient, especially in larger network environments.

BRIEF DESCRIPTION OF THE DRAWINGS

The aforementioned objectives, features, and advantages of the disclosure will be elucidated through the detailed description, which will be accompanied by illustrative figures. These drawings have been meticulously crafted to facilitate a comprehensive understanding of the various components and mechanisms that constitute the disclosure and wherein:

Figure 1 illustrates a method and a system of a pair locking mechanism in network devices for enhancing network security and improving device authentication.

DETAILED DESCRIPTION OF THE INVENTION

The following detailed description illustrates the salient features, benefits, and specific information pertaining to implementation of the present disclosure and should be construed as illustrative rather than restrictive. One skilled in the art will recognize that the present disclosure may be implemented in a manner different from that specifically discussed herein without departing from the scope of the present disclosure.

As described in this specification and the appended claims, there are two network devices: a primary device, and a secondary device. The primary device equipped with two packages, one that listens to a specific port using a TCP/TLS protocol, and another that is responsible for decrypting an encrypting string. The TCP/TLS is a transport layer security protocol that provides an additional layer of security on the top of the TCP/IP transport protocol. The primary device is directly connected to an internet fiber, allowing the primary device to act as single point of control for other supplementary devices in terms of internet access.

The secondary device is designed to encrypt and transmit a WAN (Wide Area Network) MAC (Media Access Control) address to the primary device in a secured way which is decrypted at the end of the primary device. The "WAN MAC" is the MAC address of a router's WAN interface. The WAN interface is the port on the router that connects to the internet service provider's network. The MAC address refers to a unique identifier assigned to a network interface controller (NIC) of the WAN port. The WAN MAC address can typically be found in the router's settings or on the product label and is essential for registering the MAC address with an Internet Service Provider.

The primary device operates exclusively with the secondary device, which broadcasts the MAC address and verifies that an encryption key of the secondary device matches the corresponding pair of the one stored in the primary device.

In scenarios where the secondary device is not trusted and lacks access to a vendor's private key, decryption fails, and the internet connectivity is unavailable to the secondary device. The vendor is responsible for providing a secure key infrastructure to ensure that only an authorized devices can access the sensitive data. Conversely, when only the authorized device is connected to the primary device, the process outlined in the present disclosure initiate the internet access for the overall system, thereby ensuring secure and controlled connectivity between the secondary and the primary device.

Referring to Fig. 1, it illustrates a method and a system 10 of a pair locking mechanism in the network devices for enhancing the network security and improving the user device authentication. The pair locking mechanism includes at least two networking devices named as a primary device 12 and a secondary device 14 which are connected through a wired connection 16. The primary device 12 broadcasts encrypted MAC address on a TCP/TLS port on a Local Area Network (LAN) which is responsible for listening to a specific port using a TCP/TLS protocol, and for decrypting an encrypting string. At step 102, the secondary wireless supporting device or the secondary device 14 securely transmits the MAC address in an encrypted form (i.e., VGhpcyBpcyBhlHRc3Qgc3RyaW5nLg==) to the primary device 12. The process of transmitting the MAC address in an encrypted form effectively mitigates the risk of MAC address interception during transmission, thereby enhancing the overall security of communication between the network devices.

At step 104, upon receiving the encrypted MAC address from the secondary device 14, the primary device 12 decrypts the encrypted MAC Address (i.e., A1:A2:A3:A4:A5). At step 106, after successfully decrypting the MAC address, the primary device 12 checks the MAC address against a predefined whitelist. The whitelist contains authorized MAC addresses that are permitted to access the network. At step 108, if the MAC address of the networking device (i.e., the secondary device (12)) is not already present on the predefined whitelist, the primary device 12 automatically adds the MAC address to the whitelist. This methodology helps in eliminating the need for manual management and update of the MAC address list, streamlining administrative processes.

Upon successful authentication, the primary device 12 grants access to the transmitting device or secondary device 14, thereby unlocking the internet access of the secondary device 14 at step 110. This process not only strengthens the network security but also simplifies the network device authentication process by making the process more efficient, particularly in complex network environments.

The methodology according to the present disclosure is capable of helping manufacturing and vendor companies that wish to lock their devices together and ensuring that paired devices are protected from unauthorized use cases. By implementing the pair-locking mechanism, the organizations can enhance their security posture while facilitating easier management of the connected devices within their networks.

Thus, the pair-locking mechanism provides a robust framework for securing communications between the network devices while improving the user authentication processes. Through automated features and secure transmission protocols, the present disclosure addresses critical vulnerabilities in existing network infrastructures, ensuring that only authorized devices can access the sensitive resources.

Other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed invention, from a study of the drawings, the disclosure, and the appended claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage. Any reference sign in the claims should not be construed as limiting the scope.
,CLAIMS:
1. A method for pair locking of network devices, the method comprising the steps of:
establishing a pair-locking mechanism between at least two networking devices, including a primary device and a secondary device, connected through a wired connection;
broadcasting an encrypted Media Access Control (MAC) address from the primary device over a TCP/IP port utilizing a TCP/TLS protocol;
transmitting the encrypted MAC address from the secondary device to the primary device;
decrypting the received encrypted MAC address at the primary device;
checking the decrypted MAC address against the predefined whitelist stored in the primary device;
automatically adding the MAC address to the whitelist;
granting network access to the secondary device.

2. The method as claimed in claim 1, wherein the step of transmitting includes transmitting the encrypted MAC address from the secondary device to the primary device to ensure secure transmission of the MAC address.

3. The method as claimed in claim 1, wherein the step of adding includes automatically adding the MAC address to the predefined whitelist by primary device if the MAC address is not already on the whitelist.

4. The method as claimed in claim 1, wherein the step of granting network access includes granting network access to the secondary device upon successful authentication of its MAC address, thereby unlocking internet access for the secondary device.

5. A system (10) for pair locking of network devices, the system (10) comprising:
a primary device (12) broadcast an encrypted MAC address over a TCP/IP port;
a secondary device (14) securely transmits its MAC address in an encrypted form to the primary device (12);
a TCP/TLS port is a transport layer security protocol that provides an additional layer of security on the top of the TCP/IP port;
a decryption module within the primary device (12) for decrypting the received MAC address;
a whitelist management system within the primary device (12) for maintaining a list of authorized MAC addresses.

6. The system as claimed in claim 5, wherein the networking devices include the primary device (12) and the secondary device (14) that allows network to communicate and interact with one another.

7. The system as claimed in claim 6, wherein the secondary device (14) encrypts and sends its WAN MAC to the primary device (12) in a secured way which is decrypted at the end of the primary device (12).

8. The system as claimed in claim 5, wherein the primary device (12) includes an automated process for adding new MAC addresses to the whitelist upon successful decryption and verification.

9. The system as claimed in claim 5, wherein the whitelist management system includes an embedded whitelist package that permits or denies access to the primary device (12) based on the verification results, ensuring that only authenticated devices with the MAC addresses listed in the whitelist access the sensitive data.

10. The system as claimed in claim 9, wherein the whitelist package is embedded with auto whitelist package that allows for the automatic modification or addition of the MAC addresses to the whitelist, thereby maintaining an up-to-date list of authorized devices ensuring data safety.