Please download the dossier by clicking on the dossier button x
×

SDN controller

  • US 10,616,246 B2
  • Filed: 03/10/2017
  • Issued: 04/07/2020
  • Est. Priority Date: 05/11/2016
  • Status: Active Grant
0
Associated Cases
0
Associated Defendants
0
Product Citations
0
Petitions
1
Forward Citations
1
Assignment
First Claim
Patent Images

1. A software defined network (SDN) controller having a processor and addressable memory used in a private network constructed with an SDN, the SDN controller causes a computer to function as:

  • an address information specifying processing unit having a processor and addressable memory configured to specify a local address which is a communication partner in a coincident communication by monitoring, based on a global address of an illegal attack server received from a threat detection system which is present outside the private network, communications in the private network controlled by the SDN controller, and correlating a global address in each communication and the received global address;

    a terminal identification information specifying processing unit having a processor and addressable memory configured to specify terminal identification information on a client terminal to which the specified local address is assigned; and

    a security processing unit having a processor and addressable memory configured to perform, based on the specified terminal identification information, for an edge network device of two or more edge network devices, a control instruction to perform predetermined control processing to interrupt communication of the client terminal;

    wherein each edge network device of the two or more edge network devices comprises a respective rule table, wherein each rule table comprises one or more rules;

    wherein processing of a packet from the client terminal having the terminal identification information is suspended if a rule to control the packet received from the client terminal having the terminal identification information is not in the rule table of the edge network device;

    wherein the suspended packet is processed according to a control instruction from the SDN controller;

    wherein the SDN controller writes, as the control processing, a rule to discard the packet from the client terminal having the terminal identification information in the rule table of the edge network device;

    wherein the security processing unit notifies each edge network device of the two or more edge network devices to write the rule to discard the packet from the client terminal having the terminal identification information in the respective rule table of each edge network device;

    wherein the packet from the client terminal having the terminal identification information is discarded according to the written rule when the rule is in the rule table of the edge network device without inquiring of the SDN controller; and

    wherein when a fixed IP address is assigned by a user who uses the client terminal, the client terminal is controlled with the terminal identification information, wherein the terminal identification information includes at least a MAC address, and the edge network device disconnects or isolates communication of the client terminal.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×