Method of controlling communication between devices in a network and apparatus for the same

US 20070064689A1
Filed: 09/16/2004
Published: 03/22/2007
Est. Priority Date: 09/19/2003
Status: Abandoned Application

First Claim

Patent Images

1. A communication control method for controlling communication between devices on a predetermined network by using a communication control apparatus located on the same level as other devices of the network, the method comprising:

determining at least a cut-off object device of which communication is needed to be cut-off, according to a set communication control rule; and

providing an address resolution protocol (ARP) packet in which a data link layer address is manipulated, to the cut-off object device, wherein the cut-off object device is controlled to transmit its data packets to manipulated abnormal addresses, and by doing so, communication by the cut-off object device is cut off.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a technology by which rules on communication permission or control are enforced to network internal devices such that an environment which looks as if to have a virtual firewall existing between network internal devices can be established. A communication control apparatus for this is located on the same level in the network as other devices are located. By using this communication control apparatus, an address resolution protocol (ARP) packet in which a data link layer address is manipulated is provided to devices that are the objects of communication cut-off, such that data packets transmitted by the communication cut-off object devices are transmitted to manipulated abnormal addresses. By doing so, communication with the communication cut-off object devices is cut off. For a device which is in a communication cut-off state although the device is not an object of communication cut-off any more, the communication control apparatus transmits an ARP packet including normal address information to the device such that the communication cut-off state is canceled.

337 Citations

18 Claims

1. A communication control method for controlling communication between devices on a predetermined network by using a communication control apparatus located on the same level as other devices of the network, the method comprising:
- determining at least a cut-off object device of which communication is needed to be cut-off, according to a set communication control rule; and
  
  providing an address resolution protocol (ARP) packet in which a data link layer address is manipulated, to the cut-off object device, wherein the cut-off object device is controlled to transmit its data packets to manipulated abnormal addresses, and by doing so, communication by the cut-off object device is cut off.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The communication control method of claim 1, further comprising:
    - transmitting an ARP packet including normal address information to a device which is in a communication cut-off state although the device is not an object of communication cut-off any more, such that the communication cut-off state is canceled.
  - 3. The communication control method of claim 1, further comprising:
    - setting part or all of the data link layer addresses of the cut-off object devices to the data link layer address of the communication control apparatus or a third data link layer address that is not of the cut-off object devices, such that communication between cut-off object devices is cut off.
  - 4. The communication control method of claim 1, further comprising:
    - if there is collision between the Internet protocol (IP) address of a device newly connected to the predetermined network and the IP addresses of existing devices, transferring a correct IP address to the existing devices in a unicast method such that the collision of the IP address is prevented.
  - 5. The communication control method of claim 1, further comprising:
    - collecting network layer addresses and data link layer addresses of network internal devices for which the communication control rule is set.
  - 6. The communication control method of claim 5, wherein the step of collecting address is performed by a first method in which the communication control apparatus receives an ARP packet broadcast by a device in the network in order to communicate with any other device in the network, and detects a network layer address and a data link layer address included in the packet, and/or by a second method in which based on the address of an administration object device which is manually input by a network administrator, the communication control apparatus transmits an ARP request packet and detects a network layer address and a data link layer address from an ARP reply packet transmitted by the administration object device in response to the ARP request packet.

7. A communication control method for controlling communication between devices on a predetermined network, the method comprising:
- collecting network layer addresses and data link layer addresses existing in the network, by a communication control apparatus;
  
  storing communication control rules, which are set to perform desired communication control for collected addresses by a network administrator, in a communication control rule database (DB);
  
  detecting an address resolution protocol (ARP) packet transmitted by a device in the network in order to communicate with another device in the network;
  
  determining whether or not the detected ARP packet corresponds to a communication cut-off object, by referring to the communication control rule DB; and
  
  if the packet corresponds to the communication cutoff object, transmitting an ARP for communication cut-off, wherein communication between network internal devices can be selectively controlled when necessary.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 8. The communication control method of claim 7, wherein collecting the addresses is performed by a first method in which the communication control apparatus receives an ARP packet broadcast by a device in the network in order to communicate with any other device in the network, and detects a network layer address and a data link layer address included in the packet, and/or by a second method in which based on the address of an administration object device which is manually input by a network administrator, the communication control apparatus transmits an ARP request packet and detects a network layer address and a data link layer address from an ARP reply packet transmitted by the administration object device in response to the ARP request packet.
  - 9. The communication control method of claim 7, wherein the objects of setting the communication control rule include communication between network layer addresses, communication between data link layer addresses, and communication between a network layer address and a data link layer address.
  - 10. The communication control method of claim 7, wherein the objects of setting the communication control rule further include communication between network layer address and network layer address groups, communication between data link layer address and data link layer address groups, communication between network layer addresses and data link layer address groups, communication between data link layer addresses and network layer address groups, and communication between network layer address groups and data link layer address groups.
  - 11. The communication control method of claim 7, wherein when a reception side address is an object of cut-off, a cut-off packet is transmitted to the ‘
    - same addresses’
      
      as the reception protocol address.
  - 12. The communication control method of claim 7, wherein when a transmission side address is an object of cut-off, a cut-off packet is transmitted to ‘
    - all’
      
      protocol-data link layer addresses belonging to the same network as that of the transmission side protocol.
  - 13. The communication control method of claim 7, further comprising:
    - if a network internal device transmits an ARP reply packet in response to the ARP request packet transmitted by the communication control apparatus, retrieving an relation rule by using a transmission side address included in the detected reply packet, and if the retrieval result indicates that there is a cut-off rule for the transmission side address, transmitting a cut-off packet to all protocol-data link layer address DBs (DB-3) belonging to the same network as that of the transmission side protocol.
  - 14. The communication control method of claim 7, further comprising:
    - for a device which is in a communication cut-off state although the device is not an object of communication cut-off any more with detection of a network layer packet, transmitting an ARP packet for canceling the communication cut-off state.
  - 15. The communication control method of any one of claims 7 and 14, further comprising:
    - by referring to the communication control rule DB at regular time interval, transmitting an ARP request packet for communication cut-off/canceling communication cut-off according to a communication control rule registered in the DB.
  - 16. The communication control method of claim 7, further comprising:
    - if a reception side data link layer address is a cut-off address and there is a packet forwarding rule for the address, forwarding the received protocol layer packet with having the destination address of the received protocol layer packet as a normal data link layer address.
  - 17. The communication control method of claim 7, further comprising:
    - if there is collision between the Internet protocol (IP) address of a device newly connected to the predetermined network and the IP addresses of existing devices, transferring a correct IP address to the existing devices in a unicast method such that the collision of the IP address is prevented.

18. A communication control apparatus which is located on the same level as that of devices on a predetermined network;
- provides an environment where an administrator of the network can set a communication control rule capable of cutting off communication between the devices when necessary;
  
  while administering the set communication control rules in a database, provides an ARP packet in which the data link layer address is manipulated, to the devices that are set as the objects of communication cut-off, such that data packets transmitted by the communication cut-off object devices are made to be transmitted to an manipulated abnormal address; and
  
  by doing so, cuts off communication between the communication cut-off object devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Inimax Company Limited
Original Assignee
Inimax Company Limited
Inventors
Song, Seok, Shin, Yong, Ju, Yong

Application Number

US10/572,085
Publication Number

US 20070064689A1
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

H04L 61/103 across network layers, e.g....

Method of controlling communication between devices in a network and apparatus for the same

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

337 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method of controlling communication between devices in a network and apparatus for the same

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

337 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links