Domain Isolation Through Virtual Network Machines

US 20110061103A1
Filed: 11/11/2010
Published: 03/10/2011
Est. Priority Date: 12/24/1998
Status: Abandoned Application

First Claim

Patent Images

1. A computerized method comprising:

retrieving a plurality of records for a plurality of subscribers associated with a plurality of end stations connected to a single network device through a plurality of links, wherein each of the plurality of subscribers is associated with a different one of the plurality of records;

authenticating each of the plurality of subscribers based on the one of the plurality of records retrieved for that subscriber;

authorizing each of the subscribers to determine what that subscriber can do after being authenticated based on the one of the plurality of records retrieved for that subscriber, wherein each of the plurality of records comprises information indicating which of a plurality of virtual networks the respective subscriber can access, wherein the plurality of virtual networks are virtually isolated from each other, wherein the single network device comprises a plurality of virtual network machines that are virtually independent but share a set of physical resources of the single network device, wherein each of the virtual network machines is one of a virtual router and a virtual bridge, and wherein each of the plurality of virtual network machines belongs to a different one of the plurality of virtual networks;

coupling different ones of the plurality of end stations to different ones of the virtual network machines according to said authorizing through dynamic bindings;

forwarding information flows of the plurality of end stations via the different respective virtual network machines to which the corresponding subscriber end station is coupled based on control and policy information in separate independently administrable network databases of the virtual network machines, wherein each of the separate independently administrable network databases includes address, policy and control information; and

accounting for the network activity of each of the plurality of end stations in the plurality of virtual network machines.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and device for communicating information resources between subscriber end stations and nodes belonging to different network domains is described. The device instantiates different virtual network machines for different network domains using separate independently administrable network databases. Each of the administrable chores of the separate independently administrable network databases includes the assignment of access control and the configuration of the policies for those network databases. The policies include traffic filtering policies to indicate what kind of information payloads can be carried, traffic and route filtering policies to indicate what paths through the network will be used for each payload carried. Each of the network domains includes one of the different virtual network machines and each of the different network domains is virtually isolated from other network domains.

97 Citations

View as Search Results

25 Claims

1. A computerized method comprising:
- retrieving a plurality of records for a plurality of subscribers associated with a plurality of end stations connected to a single network device through a plurality of links, wherein each of the plurality of subscribers is associated with a different one of the plurality of records;
  
  authenticating each of the plurality of subscribers based on the one of the plurality of records retrieved for that subscriber;
  
  authorizing each of the subscribers to determine what that subscriber can do after being authenticated based on the one of the plurality of records retrieved for that subscriber, wherein each of the plurality of records comprises information indicating which of a plurality of virtual networks the respective subscriber can access, wherein the plurality of virtual networks are virtually isolated from each other, wherein the single network device comprises a plurality of virtual network machines that are virtually independent but share a set of physical resources of the single network device, wherein each of the virtual network machines is one of a virtual router and a virtual bridge, and wherein each of the plurality of virtual network machines belongs to a different one of the plurality of virtual networks;
  
  coupling different ones of the plurality of end stations to different ones of the virtual network machines according to said authorizing through dynamic bindings;
  
  forwarding information flows of the plurality of end stations via the different respective virtual network machines to which the corresponding subscriber end station is coupled based on control and policy information in separate independently administrable network databases of the virtual network machines, wherein each of the separate independently administrable network databases includes address, policy and control information; and
  
  accounting for the network activity of each of the plurality of end stations in the plurality of virtual network machines.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computerized method of claim 1, wherein the authenticating is further based on a username and password combination associated with each of the plurality of subscribers.
  - 3. The computerized method of claim 1, wherein the authenticating is further based on a unique key associated with each of the plurality of subscribers.
  - 4. The computerized method of claim 1, wherein the retrieving further comprises retrieving the plurality of records from a local storage of the single network device.
  - 5. The computerized method of claim 1, wherein the different one of the plurality of records further comprises information that indicates that the respective subscriber can access more than one of the plurality of virtual networks.
  - 6. The computerized method of claim 1, further comprising:
    - changing the coupling of at least one of the end stations to a different one of the plurality of virtual network machines.
  - 7. The computerized method of claim 6, wherein the changing the coupling is due to utilizing a higher bandwidth connection for business connection and a lower bandwidth connection for home use.
  - 8. The computerized method of claim 6, wherein the changing the coupling is due to using a higher bandwidth for video transmission and lower bandwidth connection for other uses.
  - 9. The computerized method of claim 6, wherein the changing the coupling is due to changing service providers.

10. A single network device to act as an intermediate station comprising:
- a plurality of transceivers to communicate information resources between subscriber end stations and nodes belonging to different virtual networks;
  
  a set of two or more separately administrable network databases, wherein each of the independently administrable network databases includes address, policy and control information; and
  
  a machine-readable medium having stored therein a set of instructions to cause the single network device to, retrieve a plurality of records for a plurality of subscribers associated with a plurality of subscriber end stations connected to the single network device through a plurality of links, wherein each of the plurality of records is associated with a different one of the plurality of subscribers;
  
  authenticate each of the plurality of subscribers based on the one of the plurality of records retrieved for that subscriber, authorize each of the subscribers to determine what that subscriber can access after being authenticated based on the one of the plurality of records retrieved for that subscriber, wherein each of the plurality of records comprises information indicating which of a plurality of virtual networks the respective subscriber can access, wherein each of the plurality of virtual networks are virtually isolated from each other, wherein the single network device comprises a plurality of virtual network machines that are virtually independent but share a set of physical resources of the single network device, wherein the virtual network machine is one of a virtual router and a virtual bridge, and wherein each of the plurality of virtual network machines belongs to a different one of the plurality of virtual networks;
  
  couple the plurality of subscriber end stations to the different ones of the virtual network machines according to said authorizing through dynamic binding,forward information flows of the plurality of subscriber end stations via the different respective virtual network machines based on control and policy information in the separately administrable network databases of the virtual network machines, and account for the network activity of each of the subscribers in the plurality of virtual network machines.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The single network device of claim 10, wherein the authenticate is further based on a username and password combination associated with each of the plurality of subscribers.
  - 12. The single network device of claim 10, wherein the authenticate is further based on a unique key associated with each of the plurality of subscribers.
  - 13. The single network device of claim 10, wherein the retrieve further comprises retrieving the plurality of records from a local storage of the single network device.
  - 14. The single network device of claim 10, wherein each of the plurality of records further comprises information that indicates that the respective subscriber can access more than one virtual network.
  - 15. The single network device of claim 10, wherein the set of instructions further cause the single network device to:
    - change the coupling of at least one of the subscriber end stations to a different one of the plurality of virtual network machines.
  - 16. The single network device of claim 15, wherein the change of the coupling is due to utilizing a higher bandwidth connection for business connection and a lower bandwidth connection for home use.
  - 17. The single network device of claim 15, wherein the change of the coupling is due to using a higher bandwidth for video transmission and lower bandwidth connection for other uses.

18. A network comprising:
- a plurality of subscriber end stations;
  
  a plurality of nodes belonging to a plurality of different virtual networks, wherein the plurality of different virtual networks is virtually isolated from each other;
  
  a remote server station having stored therein subscriber records, each record including information concerning a set of the plurality of different virtual networks to which a subscriber has access to; and
  
  a subscriber management system coupled to the remote server station, coupled to the subscriber end stations through links, and coupled between the subscriber end stations and the plurality of nodes, the subscriber management system being a single network device and having,a plurality of virtual network machines that are virtually independent but share a set of physical resources of the subscriber management system, wherein each of the virtual network machines is one of a virtual router and a virtual bridge, wherein each of the plurality of virtual network machines belongs to a different one of the plurality of different virtual networks, wherein each of the virtual network machines includes a separate independently administrable network database, and wherein each of the independently administrable network databases includes address, control and policy information, andclient software in communication with the remote server station that collectively,retrieve the corresponding subscriber records responsive to establishment of the links with the subscriber end stations;
  
  authenticate through identification and verification based on the retrieved subscriber records,authorize based on the retrieved subscriber records to determine which of the different virtual network machines each of the subscriber end stations should be coupled,couple the plurality of subscriber end stations to the different virtual network machines based on the authorization through dynamic bindings, andforward information flows of the plurality of subscriber end stations via the different respective virtual network machines based on the separately administrable network databases, andaccount for network activity over each of the subscriber end stations in the plurality of virtual network machines.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The network of claim 18, wherein the authenticate is further based on a username and password combination associated with each of the plurality of subscribers.
  - 20. The network of claim 18, wherein the authenticate is further based on a unique key associated with each of the plurality of subscribers.
  - 21. The network of claim 18, wherein the retrieve further comprises retrieving the plurality of records from a local storage of the subscriber management system.
  - 22. The network of claim 18, wherein the record further comprises information associated that indicates that the respective subscriber can access more than one of the plurality of the virtual networks.
  - 23. The network of claim 18, wherein the client software further collectively:
    - change the coupling of at least one of the subscriber end stations to a different one of the plurality of virtual network machines.
  - 24. The network of claim 23, wherein the change of the coupling is due to utilizing a higher bandwidth connection for business connection and a lower bandwidth connection for home use.
  - 25. The network of claim 23, wherein the change of the coupling is due to using a higher bandwidth for video transmission and lower bandwidth connection for other uses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
William Salkewicz
Original Assignee
William Salkewicz
Inventors
Salkewicz, William

Application Number

US12/944,602
Publication Number

US 20110061103A1
Time in Patent Office

Days
Field of Search
US Class Current

726/21
CPC Class Codes

G06F 21/44   Program or device authentic...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/00   Arrangements for maintenanc...

Domain Isolation Through Virtual Network Machines

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Domain Isolation Through Virtual Network Machines

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links