Public Key Generation Utilizing Media Access Control Address

1. An apparatus comprising: a memory, storing a set of instructions; and a processor, to execute the stored set of instructions, to: in a registration process of a user device in a network, generate a public/private key pair based on a media access control (MAC) address of the user device; transmit the generated public/private key pair to the user device; receive from the user device the generated public key and a user device digital signature, the user device requesting access to a network; verify if the digital signature is valid; determine the MAC address from a certificate extension of the public key; compare the determined MAC address with a MAC address of the user device requesting network access; and provide network access to the user device if the MAC address determined from the certificate extension is the same as the MAC address of the device requesting access to the network and if the digital signature is verified as valid.

2. The apparatus of claim 1 , wherein the processor is further to transmit, to the user device, an agent for installation on the user device.

3. The apparatus of claim 2 , wherein the agent, when installed on the user device, is to facilitate communication between the apparatus and the user device.

4. The apparatus of claim 1 , wherein the processor is further to provide the MAC address of the user device to a storage device for storage.

5. A method of managing access to a network, the method comprising: implementing a media access control based authentication operation in determining whether to grant a user device of a user access to the network; enabling the user to self-register the user device into a database of authorized users to access the network in response to the user being denied access to the network through the MAC based authentication operation and being listed as a valid user in a directory of active network users; receiving a MAC address of the user device; generating a public/private key pair for the user, the MAC address of the user device being embedded in the public certificate extension; and transmitting the generated public/private key pair to the user device.

6. The method of claim 5 , further comprising: storing the MAC address in association with the user, in a storage.

7. The method of claim 5 , further comprising: setting a re-verification timer based on information associated with the user device in the database of authorized users.

8. The method of claim 7 , further comprising: determining the re-verification timer has timed out; and initiating a re-verification process to re-verify the user of the user device.

9. The method of claim 8 , wherein the re-verification process includes: requesting reverification of the user at the user device for access to the network; receiving a response to the request from the user device including a digital signature of the user and the public key; and determining the digital signature is valid; determining the MAC address embedded in the certificate extension of the public key; comparing the determined MAC address from certificate extension with the MAC address of the user device requesting access to the network; providing access to the user device if the determined MAC address from the certificate extension is the same as the MAC address of the user device requesting access to the network and the digital signature is valid; and resetting the re-verification timer.

10. A non-transitory computer readable storage medium on which is embedded a computer program, said computer program implementing a method, said computer program comprising computer readable code to: receive, from a user device requesting access to a network, a public key and a digital signature, the public key including a media access control (MAC) address; verify if the digital signature is valid; determine the MAC address from the public key; compare the determined MAC address with a MAC address of the user device requesting access to the network; and provide network access to the user device if the MAC address determined from the public key is the same as the MAC address of the user device requesting access to the network and if the digital signature is valid.

11. The non-transitory computer readable storage medium of claim 10 , the computer readable code to further: in a self-registration process of a user device in a network, generate a public/private key pair based on the media access control (MAC) address of the user device; transmit the generated public/private key pair to the user device, wherein the public/private key is to facilitate network access by the user device; and provide the MAC address of the user device, associated with the user, to a storage device.

12. The non-transitory computer readable storage medium of claim 10 , the computer readable code to further: set a re-verification timer based on information associated with the user device in the database of authorized users.

13. The non-transitory computer readable storage medium of claim 12 , the computer readable code to further: determine the re-verification timer has timed out; and initiate a re-verification process to re-verify the user of the user device.

14. The non-transitory computer readable storage medium of claim 13 , the computer readable code to further: transmit to the user device a request for user credentials; receive a response to the request, the response including user credentials including a digital signature and the public key; determine the MAC address from the public key; compare the determined MAC address with the MAC address of the user device reverifying; if the MAC address from the public key and the MAC address of the user device reverifying match, continue to provide access to the network; if the received credentials do not match the credentials stored in the database of authorized users, deny access to the network; and reset the re-verification timer.

15. The non-transitory computer readable storage medium of claim 10 , the computer readable code to further: extract a subject name from public key; compare the extracted subject name with a user name associated with the MAC address; deny access of the names do not match based on the comparison; and grant access if the names match based on the comparison.