Network Relay Device and Frame Relaying Control Method

US 20120054359A1
Filed: 08/23/2011
Published: 03/01/2012
Est. Priority Date: 08/24/2010
Status: Abandoned Application

First Claim

Patent Images

1. A network relay device for relaying data frames received from external devices, the network relay device comprising:

a plurality of ports to which external devices connect, and configured pre-correlated with types of authentication to be conducted with respect to connected external devices, the types of authentication including a first authentication type and a second authentication type;

an authentication process section for determining, when an external device is connected to the network relay device, the type of authentication that the port to which the external device is connected is configured for, and if the determined type of authentication is the first authentication type, conducting mutual authentication between the network relay device and the external device using an authentication protocol chosen from among a plurality of authentication protocol candidates in accordance with type of connected external device; and

a relay process section for relaying frames received from an external device with which authentication by the authentication process section has succeeded.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network relay device includes: a plurality of ports to which external devices connect, and configured pre-correlated with types of authentication to be conducted with respect to connected external devices; an authentication process section for determining, when an external device is connected to the network relay device, the type of authentication that the port to which the external device is connected is configured for, and if the determined type of authentication is a first authentication type, conducting mutual authentication between the network relay device and the external device using an authentication protocol chosen from among a plurality of authentication protocol candidates in accordance with type of connected external device; and a relay process section for relaying frames received from an external device with which authentication by the authentication process section has succeeded.

17 Citations

View as Search Results

14 Claims

1. A network relay device for relaying data frames received from external devices, the network relay device comprising:
- a plurality of ports to which external devices connect, and configured pre-correlated with types of authentication to be conducted with respect to connected external devices, the types of authentication including a first authentication type and a second authentication type;
  
  an authentication process section for determining, when an external device is connected to the network relay device, the type of authentication that the port to which the external device is connected is configured for, and if the determined type of authentication is the first authentication type, conducting mutual authentication between the network relay device and the external device using an authentication protocol chosen from among a plurality of authentication protocol candidates in accordance with type of connected external device; and
  
  a relay process section for relaying frames received from an external device with which authentication by the authentication process section has succeeded.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The network relay device according to claim 1, wherein if the authentication process section determines the authentication type to be the second authentication type, the authentication process section conducts mutual authentication between the network relay device and the external device using a predetermined authentication protocol, regardless of the type of connected external device.
  - 3. The network relay device according to claim 1, wherein the authentication process section determines the type of a connected external device based on identifiers included in frames received from the external device.
  - 4. The network relay device according to claim 1, wherein:
    - after an external device has been connected to the network relay device, the relay process section, in response to generation of a predetermined trigger, stops relaying frames received from the external device; and
      
      if the authentication process section has received a key-exchange frame indicating that an exchange of keys used for authentication is being requested, the authentication process section conducts a process for exchanging keys with that external device which is connected to the port through which the key-exchange frame has been received.
  - 5. The network relay device according to claim 1, wherein the plurality of authentication protocol candidates includes at least one authentication protocol among EAP-MD5, EAP-TLS, EAP-TTLS, PEAP, LEAP, and EAP-FAST.
  - 6. The network relay device according to claim 2, wherein the predetermined authentication protocol is any one authentication protocol among EAP-MD5, EAP-TLS, EAP-TTLS, PEAP, LEAP, and EAP-FAST.
  - 7. The network relay device according to claim 1, wherein:
    - a permission list for identifying, by the use of information included in frames received from an external device, frames that are relay-eligible is stored in the network relay device; and
      
      the relay process section includes an authentication information management section for changing content stipulated in the permission list in response to an external device'"'"'s state of connection.
  - 8. The network relay device according to claim 7, whereinif the authentication by the authentication process section has succeeded, the authentication information management section changes the content stipulated in the permission list so as to enable relay of frames received from the external device with which the authentication has succeeded.
  - 9. The network relay device according to claim 7, wherein when the authentication information management section has changed the content of the permission list, the authentication information management section furthermore transmits the content of the changed permission list to a separate network relay device connected to said network relay device.
  - 10. The network relay device according to claim 1, wherein the authentication process section is configured to function both as an authentication client based on IEEE 802.1X and as an authentication server based on IEEE 802.1X.
  - 11. The network relay device according to claim 1, wherein when a separate network relay device has been connected to the network relay device, if the MAC address of the separate network relay device is pre-registered in the network relay device as a MAC address for which connection is to be permitted, the authentication process section treats the separate network relay device as a partner with which mutual authentication has succeeded.

12. A method executed by a network relay device for controlling relay of frames received from external devices, the method comprising:
- a step of determining type of authentication that a port of the network relay device to which an external device is connected is configured for;
  
  a step of conducting, if the type of authentication that an external-device-connected port is configured for is a first authentication type, mutual authentication between the network relay device and the external device using an authentication protocol chosen from among a plurality of authentication protocol candidates in accordance with the type of the connected external device;
  
  a step of conducting, if the type of authentication that an external-device-connected port is configured for is a second authentication type, mutual authentication between the network relay device and the external device using a predetermined authentication protocol, regardless of the type of the connected external device; and
  
  a step of relaying frames received from an external device with which mutual authentication has succeeded.

13. A system of network relay devices, comprising:
- a first network relay device which is for relaying data frames received from external devices and which includesa plurality of ports to which external devices connect, and configured pre-correlated with types of authentication to be conducted with respect to connected external devices, the types of authentication including a first authentication type and a second authentication type,an authentication process section for determining, when an external device is connected to the first network relay device, the type of authentication that the port to which the external device is connected is configured for, and if the determined type of authentication is the first authentication type, conducting mutual authentication between the first network relay device and the external device using an authentication protocol chosen from among a plurality of authentication protocol candidates in accordance with type of connected external device, anda relay process section for relaying frames received from an external device with which authentication by the authentication process section has succeeded,a permission list for identifying, by the use of information included in frames received from an external device, frames that are relay-eligible being stored in the first network relay device,the relay process section including an authentication information management section for changing content stipulated in the permission list in response to an external device'"'"'s state of connection; and
  
  at least a second network relay device connected to the first network relay device,wherein when the authentication information management section of the first network relay device has changed the content of the permission list, the authentication information management section furthermore transmits the content of the changed permission list to the second network relay device.

14. A system of network relay devices, comprising:
- a first network relay device which is for relaying data frames received from external devices and which includesa plurality of ports to which external devices connect, and configured pre-correlated with types of authentication to be conducted with respect to connected external devices, the types of authentication including a first authentication type and a second authentication type,an authentication process section for determining, when an external device is connected to the first network relay device, the type of authentication that the port to which the external device is connected is configured for, and if the determined type of authentication is the first authentication type, conducting mutual authentication between the first network relay device and the external device using an authentication protocol chosen from among a plurality of authentication protocol candidates in accordance with type of connected external device, anda relay process section for relaying frames received from an external device with which authentication by the authentication process section has succeeded,the first network relay device having preregistered therein MAC addresses for which connection is to be permitted; and
  
  at least a second network relay device connected to the first network relay device,wherein if the MAC address of the second network relay device is among those pre-registered in the first network relay device as a connection-permitted MAC address, the authentication process section of the first network relay device treats the second network relay device as a partner with which mutual authentication has succeeded.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Buffalo Incorporated (Melco Holdings Incorporated)
Original Assignee
Buffalo Incorporated (Melco Holdings Incorporated)
Inventors
Yamada, Daisuke

Application Number

US13/215,252
Publication Number

US 20120054359A1
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04L 63/101   Access control lists [ACL]

H04L 63/162   at the data link layer

Network Relay Device and Frame Relaying Control Method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Network Relay Device and Frame Relaying Control Method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links