Access controller for local area network
First Claim
1. An access controller for use in a communications network having a plurality of stations which vie for access to a shared physical medium, the access controller comprising:
- means for passively detecting packets transmitted on the medium;
means for determining if a detected packet indicates that one of the stations is attempting an unauthorized access to another station; and
means for originating an access termination signal on the medium if the means for determining determines that the detected packet indicates an unauthorized access, the access termination signal selectively terminating the particular unauthorized access while allowing other authorized accesses by the attempting station to continue.
1 Assignment
0 Petitions
Accused Products
Abstract
An access controller for peer-to-peer communication networks which monitors the data packets transmitted between stations, determines when an access that needs to be controlled is being made, and then either destroys the packet or transmits one or more packets which appear as legitimate message packets to the stations but which, in fact, terminates or alters the communication path between the two stations. Since the invention is free of any particular protocol restrictions, it can be implemented with any type of protocol and at any layer of that protocol. And since the access control mechanism is neither part of the physical communication path nor part of the communication primitives, the stations cannot detect, in any direct sense, that their access is being controlled, and they do not need to be programmed to follow any special control protocols, or to use encryption. A signature signal can be used as a safety mechanism to prevent multiple access controllers from controlling the same network, to prevent an unauthorized access controller from seizing control of the network.
-
Citations
41 Claims
-
1. An access controller for use in a communications network having a plurality of stations which vie for access to a shared physical medium, the access controller comprising:
-
means for passively detecting packets transmitted on the medium; means for determining if a detected packet indicates that one of the stations is attempting an unauthorized access to another station; and means for originating an access termination signal on the medium if the means for determining determines that the detected packet indicates an unauthorized access, the access termination signal selectively terminating the particular unauthorized access while allowing other authorized accesses by the attempting station to continue. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19)
-
-
15. A network access controller comprising:
-
an interface circuit, connected to transmit and detect data packets on a physical medium shared by a plurality of network stations; a memory, having stored therein data which represents a list of authorized network access types; and processor means, connected to the interface circuit and the memory, for receiving a detected packet from the interface circuit, and for comparing the detected packet with the list of authorized network protocol types, to determine whether the detected packet indicates an unauthorized access, and, if the detected packet indicates an unauthorized access, for causing the interface circuit to transmit an access termination signal on the physical medium, the access termination signal selectively terminating the unauthorized access while allowing other authorized accesses to be attempted.
-
-
20. An access controller for use in a communications network having a plurality of stations which vie for access to a shared physical medium, the access controller comprising:
-
means for passively detecting packets transmitted on the medium; means for determining if a detected packet indicates that one of the stations is attempting an unauthorized access to another station; and means for transmitting an access termination signal to a source station which originated the detected packet, if the means for determining determines that the detected packet indicates an unauthorized access, and the access termination signal indicating to the source station that a destination station specified in the detected packet is not operable.
-
-
21. An access controller for use in a peer-to-peer communications network having a plurality of stations which vie for access to a shared physical medium, the access controller comprising:
-
means for passively detecting packets transmitted on the network; means for determining if a detected packet indicates that a communication between a first station and a second station is being attempted, and that the attempted communication is of a type which is unauthorized; and means for originating a termination signal which causes the unauthorized communication between the first and second station to terminate, while allowing the first and second stations to continue other authorized communications with each other, and allowing each of the first and second stations to continue other authorized communications with other stations.
-
-
22. A method for controlling access to a communications network in which a plurality of stations vie for access to a shared physical medium, the method comprising the steps of:
-
detecting packets transmitted on the medium; determining if information in a detected packet indicates that one of the stations is attempting an unauthorized access to another station; and if the detected packet indicates an unauthorized access, transmitting an access termination signal on the medium which selectively terminates the particular unauthorized access while allowing other authorized accesses by the attempting station to continue. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A method for controlling access to a communications network having a plurality of stations which vie for access to a shared physical medium, the method comprising the steps of:
-
passively detecting packets transmitted on the medium; determining if a detected packet indicates that one of the stations is attempting an access to another station which is unauthorized; and if the detected packet indicates an unauthorized access, transmitting an access termination signal over the medium to a source station which originated the unauthorized access, the access termination signal indicating to the source station that a destination station specified in the detected packet is not operable.
-
-
39. A method for controlling access to a peer-to-peer communications network which includes a plurality of station that vie for access to a shared medium, the method comprising the steps of:
-
passively detecting packets transmitted on the shared medium; determining if a detected packet indicates that a communication between a first station and a second station is being attempted, and that the attempted communication is of a type which is unauthorized; and originating a termination signal on the medium which causes the unauthorized communication between the first and second station to terminate, while allowing the first and second stations to continue other authorized communications with each other, and allowing each of the first and second stations to continue other authorized communications with other stations.
-
-
40. A method for preventing unauthorized accesses to a communication medium shared by a plurality of network stations which communicate by exchanging data packets, the steps of the method performed by an access controller station which masquerades as one of the stations indicated as a destination address in an unauthorized access, the method comprising the steps of:
-
detecting information which indicates the type of data packet presently being communicated on the medium; comparing the detected data protocol type to a list of authorized data protocol types, to determine if the protocol type presently being communicated on the medium is unauthorized; and transmitting a reply packet on the medium, the reply packet appearing as a legitimate response by an intended destination station indicated by the detected packet, while terminating the unauthorized access and allowing other authorized accesses to continue.
-
-
41. A method for preventing a selected attempted communication by a first station with a second station within a network of stations connected by a physical medium, where the communication is being attempted in accordance with a packet-type communication protocol which provides a mechanism for effecting termination of the communication, said method comprising the steps of:
-
detecting the presence on the medium of a packet representing said selected attempted communication; and preventing said selected attempted communication by said first station by originating on said physical medium an access prevention signal in accordance with said communication terminating mechanism, while allowing other communications by said first station to continue.
-
Specification