Packet inspection device, mobile computer and packet transfer method in mobile computing with improved mobile computer authenticity check scheme
First Claim
1. A packet inspection device for inspecting packets transmitted from a computer located inside a network under own management toward another computer located outside said network, comprising:
- a judging unit configured to judge whether a passing of a packet transmitted from a mobile computer other than own management target computers to outside said network is permitted or not, according to a mobile computer identification information contained in said packet, and to send a message indicating a refusal of the passing of said packet to said mobile computer when the passing of said packet is judged to be not permitted;
a transfer unit configured to transfer said packet when the judging unit judges that the passing of said packet is permitted;
a key information returning unit configured to check whether a user information regarding a user of said mobile computer satisfies a prescribed condition or not, upon receiving a message requesting a key information for generating the mobile computer identification information from said mobile computer, and to return a requested key information to said mobile computer when the user information satisfies the prescribed condition; and
a management target computer recognition unit configured to indicate the own management target computers managed by the packet inspection device;
wherein the judging unit judges that a passing of one packet transmitted from one computer inside said network is permitted when the management target computer recognition unit indicates that said one packet is transmitted from one of the own management target computers.
1 Assignment
0 Petitions
Accused Products
Abstract
A packet transfer scheme for realizing a control of a packet inspection device to pass only packets from those mobile computers that can be recognized as authenticated among non-management target mobile computers that had moved inside the network, to outside the network. A packet inspection device judges whether a passing of a packet transmitted from a mobile computer other than own management target computers to outside the own network is permitted or not, according to a mobile computer identification information contained in the packet, and sends a message indicating a refusal of the passing of the packet to the mobile computer when the passing of the packet is judged to be not permitted; and then transfers the packet when the passing of the packet is judged to be permitted; and also checks whether a user information regarding a user of the mobile computer satisfies a prescribed condition or not, upon receiving a message requesting a key information for generating the mobile computer identification information from the mobile computer, and returns a requested key information to the mobile computer when the user information satisfies the prescribed condition.
113 Citations
15 Claims
-
1. A packet inspection device for inspecting packets transmitted from a computer located inside a network under own management toward another computer located outside said network, comprising:
-
a judging unit configured to judge whether a passing of a packet transmitted from a mobile computer other than own management target computers to outside said network is permitted or not, according to a mobile computer identification information contained in said packet, and to send a message indicating a refusal of the passing of said packet to said mobile computer when the passing of said packet is judged to be not permitted; a transfer unit configured to transfer said packet when the judging unit judges that the passing of said packet is permitted; a key information returning unit configured to check whether a user information regarding a user of said mobile computer satisfies a prescribed condition or not, upon receiving a message requesting a key information for generating the mobile computer identification information from said mobile computer, and to return a requested key information to said mobile computer when the user information satisfies the prescribed condition; and a management target computer recognition unit configured to indicate the own management target computers managed by the packet inspection device; wherein the judging unit judges that a passing of one packet transmitted from one computer inside said network is permitted when the management target computer recognition unit indicates that said one packet is transmitted from one of the own management target computers. - View Dependent Claims (2, 3)
-
-
4. A mobile computer for carrying out communications while moving among inter-connected networks, comprising:
-
a first transmission unit configured to transmit a registration message containing a current location information of the mobile computer to a mobile computer management device, when the mobile computer management device for managing a location information of the mobile computer and transferring packets destined to the mobile computer to a current location of the mobile computer is provided at a network other than a currently located network of the mobile computer; a second transmission unit configured to transmit a request message for requesting a key information for generating a mobile computer identification information, to a packet inspection device for inspecting packets transmitted from inside the currently located network toward outside the currently located network, when a message indicating a refusal of a passing of the registration message transmitted by the first transmission unit is received from the packet inspection device; and a third transmission unit configured to transmit a packet to be transmitted toward outside the currently located network by attaching the mobile computer identification information generated from the key information, when the key information is returned from the packet inspection device in response to the request message transmitted by the second transmission unit; wherein the first transmission unit transmits the registration message containing the current location information of the mobile computer to the mobile computer management device bv attaching the mobile computer identification information after the key information is returned from the packet inspection device in response to the request message, and after a permission response with respect to the registration message is received from the mobile computer management device, the third transmission unit causes said computer to transmit a data packet to a correspondent computer by attaching the mobile computer identification information. - View Dependent Claims (5)
-
-
6. A packet transfer method at a packet inspection device for inspecting packets transmitted from a computer located inside a network under own management toward another computer located outside said network, comprising the steps of:
-
judging whether a passing of a packet transmitted from a mobile computer other than own management target computers to outside said network is permitted or not at the packet inspection device, according to a mobile computer identification information contained in said packet; sending a message indicating a refusal of the passing of said packet to said mobile computer when the judging step judges that the passing of said packet is not permitted; transferring said packet when the judging step judges that the passing of said packet is permitted; and checking whether a user information regarding a user of said mobile computer satisfies a prescribed condition or not, upon receiving a message requesting a key information for generating the mobile computer identification information from said mobile computer, and returning a requested key information to said mobile computer when the user information satisfies the prescribed condition; wherein the packet inspection device has a management target computer recognition unit for indicating the own management target computers managed by the packet inspection device; and the judging step judges that a passing of one packet transmitted from one computer inside said network is permitted when the management target computer recognition unit indicates that said one packet is transmitted from one of the own management target computers. - View Dependent Claims (7, 8)
-
-
9. A packet transfer method at a mobile computer for carrying out communications while moving among interconnected networks, comprising the steps of:
-
(a) transmitting a registration message containing a current location information of the mobile computer to a mobile computer management device, when the mobile computer management device for managing a location information of the mobile computer and transferring packets destined to the mobile computer to a current location of the mobile computer is provided at a network other than a currently located network of the mobile computer; (b) transmitting a request message for requesting a key information for generating a mobile computer identification information, to a packet inspection device for inspecting packets transmitted from inside the currently located network toward outside the currently located network, when a message indicating a refusal of a passing of the registration message transmitted by the step (a) is received from the packet inspection device; and (c) transmitting a packet to be transmitted toward outside the currently located network by attaching the mobile computer identification information generated from the key information, when the key information is returned from the packet inspection device in response to the request message transmitted by the step (b); wherein the step (a) transmits the registration message containing the current location information of the mobile computer to the mobile computer management device by attaching the mobile computer identification information after the key information is returned from the packet inspection device in response to the request message, and after a permission response with respect to the registration message is received from the mobile computer management device, the step (c) cause said computer to transmit a data packet to a correspondent computer by attaching the mobile computer identification information. - View Dependent Claims (10)
-
-
11. A computer usable medium having computer readable program codes embodied therein for causing a computer to function as a packet inspection device for inspecting packets transmitted from a computer located inside a network under own management toward another computer located outside said network, the computer readable program codes including:
-
a first computer readable program code for causing said computer to judge whether a passing of a packet transmitted from a mobile computer other than own management target computers to outside said network is permitted or not, according to a mobile computer identification information contained in said packet, and send a message indicating a refusal of the passing of said packet to said mobile computer when the passing of said packet is judged to be not permitted; a second computer readable program code for causing said computer to transfer said packet when the first computer readable program code judges that the passing of said packet is permitted; a third computer readable program code for causing said computer to check whether a user information regarding a user of said mobile computer satisfies a prescribed condition or not, upon receiving a message requesting a key information for generating the mobile computer identification information from said mobile computer, and return a requested key information to said mobile computer when the user information satisfies the prescribed condition; and a fourth computer readable program code for causing said computer to indicate the own management target computers managed by the packet inspection device; wherein the first computer readable program code causes said computer to judge that a passing of one packet transmitted from one computer inside said network is permitted when the fourth computer readable program code indicates that said one packet is transmitted from one of the own management target computers. - View Dependent Claims (12, 13)
-
-
14. A computer usable medium having computer readable program codes embodied therein for causing a computer to function as a mobile computer for carrying out communications while moving among inter-connected networks, the computer readable program codes including:
-
a first computer readable program code for causing said computer to transmit a registration message containing a current location information of the mobile computer to a mobile computer management device, when the mobile computer management device for managing a location information of the mobile computer and transferring packets destined to the mobile computer to a current location of the mobile computer is provided at a network other than a currently located network of the mobile computer; a second computer readable program code for causing said computer to transmit a request message for requesting a key information for generating a mobile computer identification information, to a packet inspection device for inspecting packets transmitted from inside the currently located network toward outside the currently located network, when a message indicating a refusal of a passing of the registration message transmitted by the first transmission unit is received from the packet inspection device; and a third computer readable program code for causing said computer to transmit a packet to be transmitted toward outside the currently located network by attaching the mobile computer identification information generated from the key information, when the key information is returned from the packet inspection device in response to the request message transmitted by the second transmission unit; wherein the first computer readable program code causes said computer to transmit the registration message containing the current location information of the mobile computer to the mobile computer management device by attaching the mobile computer identification information after the key information is returned from the packet inspection device in response to the request message, and after a permission response with respect to the registration message is received from the mobile computer management device the third computer readable program code causes said computer to transmit a data packet to a correspondent computer by attaching the mobile computer identification information. - View Dependent Claims (15)
-
Specification