Identification and authentication of end user systems for packet communications network services
First Claim
1. In a data network, a method of obtaining security in packet transmission from an input port to an output port, comprising the steps of:
- including in each data packet an identity of said input port and an identity of a user of said input port transmitting said each data packet; and
in said network, prior to transmitting to said output port, for said each data packet, checking whether said user, identified by said user identity, has been previously authorized to transmit from said input port identified by said port identity if network transmission capacity is available.
1 Assignment
0 Petitions
Accused Products
Abstract
A high capacity metropolitan area network (MAN) is described. Data traffic from users is connected to data concentrators at the edge of the network, and is transmitted over fiber optic data links to a hub where the data is switched. The hub includes a plurality of data switching modules, each having a control means, and each connected to a distributed control space division switch. Advantageously, the data switching modules, whose inputs are connected to the concentrators, perform all checking and routing functions, while the 1024×1024 maximum size space division switch, whose outputs are connected to the concentrators, provides a large fan-out distribution network for reaching many concentrators from each data switching module. Distributed control of the space division switch permits several million connection and disconnection actions to be performed each second, while the pipelined and parallel operation within the control means permits each of the 256 switching modules to process at least 50,000 transactions per second. The data switching modules chain groups of incoming packets destined for a common outlet of the space division switch so that only one connection in that switch is required for transmitting each group of chained packets from a data switching module to a concentrator. MAN provides security features including a port identification supplied by the data concentrators, and a check that each packet is from an authorized source user, transmitting on a port associated with that user, to an authorized destination user that is in the same group (virtual network) as the source user.
250 Citations
12 Claims
-
1. In a data network, a method of obtaining security in packet transmission from an input port to an output port, comprising the steps of:
-
including in each data packet an identity of said input port and an identity of a user of said input port transmitting said each data packet; and in said network, prior to transmitting to said output port, for said each data packet, checking whether said user, identified by said user identity, has been previously authorized to transmit from said input port identified by said port identity if network transmission capacity is available.
-
-
2. In a data network, a method of obtaining security in packet transmission from an input port to an output port, comprising the steps of:
-
including in each data packet an identify of said input port and an identity of a user of said input port transmitting said each data packet; and in said network, prior to transmitting to said output port, for said each data packet, checking whether said user, identified by said user identity, has been previously authorized to transmit from said input port identified by said port identity if network transmission capacity is available; wherein said identify of said port is supplied by said data network and is out of control of a user at said port. - View Dependent Claims (10)
-
-
3. A data network for transmitting data packets, comprising:
-
means for inserting in a packet am identity of a port transmitting said packet, said means being comprised in said network and out of control of a user at said port; and means for authenticating from said port identity of said port and from addressing data in said packet whether said port is authorized to transmit said packet to said network prior to transmitting said packet to a destination. - View Dependent Claims (4, 11, 12)
-
-
5. In a data network, a method of achieving secure transmission from a source user to a destination user comprising the steps of:
-
said destination user logging into said system with a login data packet comprising a destination user password, destination user identification, a destination group identification, and a destination port identification supplied by said network; said data network authenticating said destination user password, destination user identification, destination user group number, and destination user port number as being authorized to receive packets for said destination group and user; said source user logging into said system with a login packet comprising an identification of said source user, a source user password, a source group identification, and a source port identification supplied by said network; authenticating said source user password and source user, source user group, and source user port identifications; recording, in source tables, authorization for said identifications of said source user, source group, and source port; recording, in routing tables, authorization for said destination user and said destination group, and an identity of said destination port; for each transmitted packet, checking a source user identification and source group identification, and a source port identification supplied by said network, in said source tables, and finding a destination port using a destination user identification and a destination group identification in said routing tables; if results of said source checking and destination port finding steps indicate that said source and said destination have been recorded in said source tables and said destination tables, transmitting said packet to a destination port identified in said finding step. - View Dependent Claims (6, 7, 8, 9)
-
Specification