Communication device, communication system, and communication method

US 10,397,111 B2
Filed: 12/19/2017
Issued: 08/27/2019
Est. Priority Date: 02/15/2017
Status: Active Grant

First Claim

Patent Images

1. A communication device comprising:

a protocol information table configured to store a MAC address, an IP address, and expiration time of the IP address in corresponding relation to one another;

a whitelist storing memory configured to store a whitelist including a MAC address and an IP address; and

a processing unit,wherein the processing unit extracts a client MAC address, a client IP address, and client expiration time of the client IP address from a communication content for establishing or for connecting communications between a server and a client in accordance with a protocol to dynamically allocate an IP address,when searching the protocol information table for a MAC address based on the client MAC address to retrieve an entry, the processing unit updates an IP address and expiration time in the retrieved entry with the client IP address and the client expiration time, and when retrieving no entry, generates a new entry including the client MAC address, the client IP address, and the client expiration time, andthe processing unit searches the whitelist storing memory for a MAC address based on the client MAC address, and updates an IP address in a retrieved entry with the client IP address,wherein the whitelist includes a source IP address, a destination IP address, a source MAC address, a destination MAC address, a source valid/invalid bit to control transfer or discard of a packet, and a destination valid/invalid bit to control transfer or discard of a packet,wherein the processing unit searches the whitelist storing memory while using the client MAC address as a key, andwherein the processing unit modifies a source IP address of an entry having a source MAC address matched with the client MAC address to the client IP address to validate a source valid/invalid bit, and modifies a destination IP address of an entry having a destination MAC address matched with the client MAC address to the client IP address to validate a destination valid/invalid bit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A packet relay device automatically generates a whitelist including an authorized communication rule. The packet relay device snoops on communications between a DHCP server and a DHCP client in accordance with DHCP. When the IP address of a DHCP client is changed, the packet relay device also automatically changes IP address information included in a whitelist related to the DHCP client to IP address information newly allocated to the DHCP client.

Citations

8 Claims

1. A communication device comprising:
- a protocol information table configured to store a MAC address, an IP address, and expiration time of the IP address in corresponding relation to one another;
  
  a whitelist storing memory configured to store a whitelist including a MAC address and an IP address; and
  
  a processing unit,wherein the processing unit extracts a client MAC address, a client IP address, and client expiration time of the client IP address from a communication content for establishing or for connecting communications between a server and a client in accordance with a protocol to dynamically allocate an IP address,when searching the protocol information table for a MAC address based on the client MAC address to retrieve an entry, the processing unit updates an IP address and expiration time in the retrieved entry with the client IP address and the client expiration time, and when retrieving no entry, generates a new entry including the client MAC address, the client IP address, and the client expiration time, andthe processing unit searches the whitelist storing memory for a MAC address based on the client MAC address, and updates an IP address in a retrieved entry with the client IP address,wherein the whitelist includes a source IP address, a destination IP address, a source MAC address, a destination MAC address, a source valid/invalid bit to control transfer or discard of a packet, and a destination valid/invalid bit to control transfer or discard of a packet,wherein the processing unit searches the whitelist storing memory while using the client MAC address as a key, andwherein the processing unit modifies a source IP address of an entry having a source MAC address matched with the client MAC address to the client IP address to validate a source valid/invalid bit, and modifies a destination IP address of an entry having a destination MAC address matched with the client MAC address to the client IP address to validate a destination valid/invalid bit.
- View Dependent Claims (2, 3, 4)
- - 2. The communication device according to claim 1,wherein when accepting from an input-output device an instruction to change a whitelist generating state to a whitelist operating state, the processing unit searches the whitelist storing memory with MAC address information and IP address information stored on entries stored on the protocol information table, while using the MAC address information as a key, andthe processing unit modifies a source IP address of an entry having a source MAC address matched with the MAC address information to the IP address information to validate a source valid/invalid bit, and modifies a destination IP address of an entry having a destination MAC address matched with the MAC address information to the IP address information to validate a destination valid/invalid bit.
  - 3. The communication device according to claim 1,wherein when receiving an input of MAC address information, IP address information, and expiration time information to be added or modified from an input-output device, the processing unit searches the protocol information table for a MAC address based on the MAC address information to retrieve an entry, and updates an IP address and expiration time in the retrieved entry with the IP address information and the expiration time information, and when retrieving no entry, generates a new entry including the MAC address information, the IP address information, and the expiration time information, andthe processing unit modifies a source IP address of an entry having a source MAC address matched with the MAC address information to the IP address information to validate a source valid/invalid bit valid, and modifies a destination IP address of an entry having a destination MAC address matched with the MAC address information to the IP address information to validate a destination valid/invalid bit.
  - 4. The communication device according to claim 1,wherein the processing unit makes reference to the whitelist storing memory in an operating state;
    - when the source valid/invalid bit and the destination valid/invalid bit are valid, the processing unit transfers a received packet; and
      
      when the source valid/invalid bit or the destination valid/invalid bit is invalid, the processing unit discards a received packet.

5. A communication device comprising:
- a protocol information table configured to store a MAC address, an IP address, and expiration time of the IP address in corresponding relation to one another;
  
  a whitelist storing memory configured to store a whitelist including a MAC address and an IP address; and
  
  a processing unit,wherein the processing unit extracts a client MAC address, a client IP address, and client expiration time of the client IP address from a communication content for establishing or for connecting communications between a server and a client in accordance with a protocol to dynamically allocate an IP address,when searching the protocol information table for a MAC address based on the client MAC address to retrieve an entry, the processing unit updates an IP address and expiration time in the retrieved entry with the client IP address and the client expiration time, and when retrieving no entry, generates a new entry including the client MAC address, the client IP address, and the client expiration time, andthe processing unit searches the whitelist storing memory for a MAC address based on the client MAC address, and updates an IP address in a retrieved entry with the client IP address,wherein whitelist includes a source IP address, a destination IP address, a source MAC address, a destination MAC address, a source valid/invalid bit to control transfer or discard of a packet, and a destination valid/invalid bit to control transfer or discard of a packet,wherein the processing unit extracts a client MAC address from a communication content for releasing or for disconnecting communications between the server and the client in accordance with the protocol to dynamically allocate an IP address,wherein the processing unit searches the protocol information table for a MAC address based on the client MAC address, and removes a retrieved entry,wherein the processing unit searches the whitelist storing memory while using the client MAC address as a key, andwherein the processing unit invalidates a source valid/invalid bit of an entry having a source MAC address marched with the client MAC address, and invalidates a destination valid/invalid bit of an entry having a destination MAC address matched with the client MAC address.
- View Dependent Claims (6, 7)
- - 6. The communication device according to claim 5,wherein processing unit removes an entry having zero expiration time in the protocol information table,the processing unit searches the whitelist storing memory while using a MAC address of the removed entry as a key, andthe processing unit invalidates a source valid/invalid bit of an entry having a source MAC address matched with the MAC address of the removed entry, and invalidates a destination valid/invalid bit of an entry having a destination MAC address matched with the MAC address of the removed entry.
  - 7. The communication device according to claim 5,wherein when receiving an input of MAC address information to be removed from an input-output device, the processing unit searches the protocol information table for a MAC address based on the MAC address information and removes a retrieved entry,the processing unit searches the whitelist storing memory while using the MAC address information as a key, andthe processing unit invalidates a source valid/invalid bit of an entry having a source MAC address matched with the MAC address information, and invalidates a destination valid/invalid bit of an entry having a destination MAC address matched with the MAC address information.

8. A communication system comprising:
- a communication device; and
  
  a server configured to dynamically allocate an IP address to a client,wherein communication device includesa protocol information table configured to store a MAC address, an IP address, and expiration time of the IP address in corresponding relation to one another,a whitelist storing memory configured to store a whitelist including a MAC address and an IP address, anda processing unit,the processing unit extracts a client MAC address, a client IP address, and client expiration time of the client IP address from a communication content for establishing or for connecting communications between a server and a client in accordance with a protocol to dynamically allocate an IP address,when searching the protocol information table for a MAC address based on the client MAC address to retrieve an entry, the processing unit updates an IP address and expiration time in the retrieved entry with the client IP address and the client expiration time, and when retrieving no entry, generates a new entry including the client MAC address, the client IP address, and the client expiration time, andthe processing unit searches the whitelist storing memory for a MAC address based on the client MAC address, and updates an IP address in a retrieved entry with the client IP address,wherein whitelist includes a source IP address, a destination IP address, a source MAC address, a destination MAC address, a source valid/invalid bit to control transfer or discard of a packet, and a destination valid/invalid bit to control transfer or discard of a packet,wherein the processing unit extracts a client MAC address from a communication content for releasing or for disconnecting communications between the server and the client in accordance with the protocol to dynamically allocate an IP address,wherein the processing unit searches the protocol information table for a MAC address based on the client MAC address, and removes a retrieved entry,wherein the processing unit searches the whitelist storing memory while using the client MAC address as a key, andwherein the processing unit invalidates a source valid/invalid bit of an entry having a source MAC address marched with the client MAC address, and invalidates a destination valid/invalid bit of an entry having a destination MAC address matched with the client MAC address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alaxala Networks Corporation (Fortinet Inc.)
Original Assignee
Alaxala Networks Corporation (Fortinet Inc.)
Inventors
Uchizumi, Keigo
Primary Examiner(s)
Phan, Tri H

Application Number

US15/846,531
Publication Number

US 20180234339A1
Time in Patent Office

616 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 45/74   Address processing for routing

H04L 61/103   across network layers, e.g....

H04L 61/5014   using dynamic host configur...

Communication device, communication system, and communication method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Communication device, communication system, and communication method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links