Peer connected device for protecting access to local area networks
First Claim
1. An apparatus for controlling access to one or more protected devices each having a physical device address on a computer network by a client device having a physical device address, comprising:
- a central processing unit;
a network interface configured to receive address resolution requests broadcast on the network by the client device seeking access to one of the protected devices and to transmit address resolution replies generated by the apparatus on the computer network; and
a security module running on the central processing unit and configured to;
(a) process the address resolution requests from the client device to determine whether the client device is unknown;
(b) transmit address resolution replies on the computer network to block access to the protected devices and allow access to an authentication server, if the client device is unknown;
(c) monitor the authentication server to determine if the client device is authorized or unauthorized by the authentication server, if the client device is unknown;
(d) allow access to the protected devices, if the client device is authorized; and
(e) transmit blocking address resolution replies on the computer network to block access to the protected devices, if the client device is unauthorized;
wherein the apparatus is connected as a peer device on the computer network.
11 Assignments
0 Petitions
Accused Products
Abstract
A peer connected device for controlling access by a client device to protected devices on a computer network. The peer connected device has a central processing unit and a network interface configured to receive address resolution requests broadcast on the computer network by the client device seeking access to one of the protected devices and to transmit address resolution replies generated by the apparatus on the computer network. Additionally, a security module is running on the central processing unit and configured to (a) process the address resolution requests from the client device to determine whether the client device is unknown; (b) transmit address resolution replies on the computer network to block access to the protected devices and allow access to an authentication server, if the client device is unknown; (c) monitor the authentication server to determine if the client device is authorized or unauthorized by the authentication server, if the client device is unknown; (d) allow access to the protected devices, if the client device is authorized; and (e) transmit blocking address resolution replies on the computer network to block access to the protected devices, if the client device is unauthorized.
108 Citations
20 Claims
-
1. An apparatus for controlling access to one or more protected devices each having a physical device address on a computer network by a client device having a physical device address, comprising:
-
a central processing unit;
a network interface configured to receive address resolution requests broadcast on the network by the client device seeking access to one of the protected devices and to transmit address resolution replies generated by the apparatus on the computer network; and
a security module running on the central processing unit and configured to;
(a) process the address resolution requests from the client device to determine whether the client device is unknown;
(b) transmit address resolution replies on the computer network to block access to the protected devices and allow access to an authentication server, if the client device is unknown;
(c) monitor the authentication server to determine if the client device is authorized or unauthorized by the authentication server, if the client device is unknown;
(d) allow access to the protected devices, if the client device is authorized; and
(e) transmit blocking address resolution replies on the computer network to block access to the protected devices, if the client device is unauthorized;
wherein the apparatus is connected as a peer device on the computer network. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus for controlling access to one or more network devices, including one or more protected devices among the network devices, each having a physical device address on a computer network by a client device having a physical device address, comprising:
-
a central processing unit;
a network interface configured to receive address resolution requests broadcast on the network by the client device seeking access to one of the protected devices;
a detection module running on the central processor and configured to process the address resolution requests from the client device to determine whether the client device is unknown;
an access restriction module running on the central processor and configured to block data link layer access to the protected devices and allow access to an authentication server, if the client device is unknown;
an authentication monitoring module running on the central processor and configured to monitor the authentication server to determine if the client device is authorized or unauthorized by the authentication server, if the client device is unknown; and
an access blocking module running on the central processor and configured to block data link layer access to the network devices on the computer network, if the client device is unauthorized;
wherein the apparatus is connected as a peer device on the computer network; and
wherein the apparatus does not require dedicated software on the client device in order to control access to the network devices. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A computer readable memory for directing a computer connected as a peer in a computer network to control access to one or more protected devices each having a physical device address on a computer network by a client device having a physical device address, the computer being configured to receive address resolution requests broadcast on the network by the client device seeking access to one of the protected devices and to transmit address resolution replies generated by the apparatus on the computer network, the memory comprising:
a security module configured to;
(a) run on the computer;
(b) process the address resolution requests from the client device to determine whether the client device is unknown;
(c) transmit address resolution replies on the computer network to block access to the protected devices and allow access to an authentication server, if the client device is unknown;
(d) monitor the authentication server to determine if the client device is authorized or unauthorized by the authentication server, if the client device is unknown;
(e) allow access to the protected devices, if the client device is authorized; and
(f) transmit blocking address resolution replies on the computer network to block access to the protected devices, if the client device is unauthorized. - View Dependent Claims (14, 15, 16, 17)
-
18. A computer readable memory for directing a computer connected as a peer in a computer network to control access to one or more protected devices each having a physical device address on a computer network by a client device having a physical device address, the computer being configured to receive address resolution requests broadcast on the network by the client device seeking access to one of the protected devices and to transmit address resolution replies generated by the apparatus on the computer network, the memory comprising:
-
a detection module configured to run on the computer and to process the address resolution requests from the client device to determine whether the client device is unknown;
an access restriction module configured to run on the computer and to block data link layer access to the protected devices and allow access to an authentication server, if the client device is unknown;
an authentication monitoring module configured to run on the computer and to monitor the authentication server to determine if the client device is authorized or unauthorized by the authentication server, if the client device is unknown; and
an access blocking module configured to run on the computer and to block data link layer access to the network devices on the computer network, if the client device is unauthorized. - View Dependent Claims (19, 20)
-
Specification