Security apparatus and method for local area networks
First Claim
1. A method for blocking access to one or more protected devices each having a physical device address on a computer network by a client device having a physical device address, comprising the steps of:
- (a) receiving address resolution requests broadcast on the network by the client device seeking access to one of the protected devices;
(b) processing the address resolution requests to determine whether the client device is an unknown device;
(c) if the client device is unknown as determined in step (b), transmitting address resolution replies on the computer network to block access to the protected devices and allow access to an authentication server;
(d) if the client device is unknown as determined in step (b), monitoring the authentication server to determine if the client device is authorized or unauthorized by the authentication server;
(e) if the client device is authorized as determined in step (d), allowing access to the protected devices; and
(f) if the client device is unauthorized as determined in step (d), transmitting blocking address resolution replies on the computer network to block access to the protected devices.
11 Assignments
0 Petitions
Accused Products
Abstract
The present invention includes a method and apparatus for controlling data link layer access to protected servers on a computer network by a client device. Address resolution requests broadcast on the network by the client device seeking access to any network device are received and then processed to determine whether the client device is unknown. If the client device is unknown, restriction address resolution replies are transmitted to the protected devices to restrict access by the client device to the protected devices and allow access to an authentication server. The authentication server is monitored to determine if the client device is authorized or unauthorized by the authentication server. If the client device is authorized, access is allowed to the protected devices. If the client device is unauthorized, blocking address resolution replies are transmitted on the computer network to block access by the client device to all other network devices.
-
Citations
25 Claims
-
1. A method for blocking access to one or more protected devices each having a physical device address on a computer network by a client device having a physical device address, comprising the steps of:
-
(a) receiving address resolution requests broadcast on the network by the client device seeking access to one of the protected devices;
(b) processing the address resolution requests to determine whether the client device is an unknown device;
(c) if the client device is unknown as determined in step (b), transmitting address resolution replies on the computer network to block access to the protected devices and allow access to an authentication server;
(d) if the client device is unknown as determined in step (b), monitoring the authentication server to determine if the client device is authorized or unauthorized by the authentication server;
(e) if the client device is authorized as determined in step (d), allowing access to the protected devices; and
(f) if the client device is unauthorized as determined in step (d), transmitting blocking address resolution replies on the computer network to block access to the protected devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus for blocking access to one or more protected devices each having a physical device address on a computer network by a client device having a physical device address, comprising the steps of:
-
means for receiving address resolution requests broadcast on the network by the client device seeking access to one of the protected devices;
means for processing the address resolution requests to determine whether the client device is an unknown device;
means for transmitting address resolution replies on the computer network to block access to the protected devices and allow access to an authentication server if the client device is unknown;
means for monitoring the authentication server to determine if the client device is authorized or unauthorized by the authentication server if the client device is unknown;
means for allowing access to the protected devices if the client device is authorized; and
means for transmitting blocking address resolution replies on the computer network to block access to the protected devices if the client device is unauthorized. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. (canceled)
-
25. (canceled)
Specification