Medium access control address authentication
First Claim
1. A method for improving network security in a network including a star configured interconnection device having a plurality of ports adapted for connection to respective MAC layer devices, comprising:
- storing authentication data in the star configured interconnection device, the authentication data mapping MAC adresses to ports in the star configured interconnection device;
receiving a packet on a port;
accepting the packet carries a source MAC address which the authentication data maps to the port; and
executing an authentication protocol on the port to determine whether the MAC address originates from an authorized sender according to the authentication protocol when the packet does not carry a source MAC address which the authentication data maps to the port.
6 Assignments
0 Petitions
Accused Products
Abstract
A method for improving network security in a network that includes a star configured interconnection device such as a repeater, a bridge or a switch, that has a plurality of ports adapted for connection to respective MAC layer devices includes storing authentication data in the star configured interconnection device that maps MAC addresses of end stations in the network to particular ports on the star configured interconnection device. Upon receiving a packet on a particular port, the process involves determining whether the packet carries a source address which the authentication data maps to the particular port. If the packet carries a source address which the authentication data maps to the particular port, then the packet is accepted. If the packet does not carry a source MAC address which the authentication maps to the port, then an authentication protocol is executed on the port to determine whether the MAC address originates from an authorized sender according to the authentication protocol.
144 Citations
37 Claims
-
1. A method for improving network security in a network including a star configured interconnection device having a plurality of ports adapted for connection to respective MAC layer devices, comprising:
-
storing authentication data in the star configured interconnection device, the authentication data mapping MAC adresses to ports in the star configured interconnection device; receiving a packet on a port; accepting the packet carries a source MAC address which the authentication data maps to the port; and executing an authentication protocol on the port to determine whether the MAC address originates from an authorized sender according to the authentication protocol when the packet does not carry a source MAC address which the authentication data maps to the port. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for improving network security in a network including a star configured interconnection device having a plurality of ports adapted for connection to respective MAC layer devices, comprising:
-
storing an authentication key for a MAC address in a MAC layer device; responding at the MAC layer device to a challenge from the star configured interconnection device, by sending a response based on the authentication key to the star configured interconnection device. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A network device, comprising:
-
a plurality of ports adapted for connection across a transmission medium to respective MAC layer devices; memory including authentication data, the authentication data mapping MAC addresses to ports in the plurality of ports; processing resources which monitor a packet on a particular port in the plurality of ports, wherein the packet is accepted when the packet carries a source MAC address which the authentication data maps to the port, wherein an authentication protocol is executed on the port to determine whether the MAC address originates from an authorized sender according to authentication protocol when the packet does not carry a source MAC address which the authentication data maps to the port. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A network adapter, comprising:
-
a medium access control unit having a MAC address; memory storing an authentication key for the MAC address; and resources which respond to a challenge received at the medium access control unit by sending a response based on the authentication key through the medium access control unit. - View Dependent Claims (33, 34, 35, 36, 37)
-
Specification