Packet inspection device, mobile computer and packet transfer method in mobile computing with improved mobile computer authenticity check scheme

US 6,163,843 A
Filed: 10/24/1997
Issued: 12/19/2000
Est. Priority Date: 10/25/1996
Status: Expired due to Term

First Claim

Patent Images

1. A packet inspection device for inspecting packets transmitted from a computer located inside a network under own management toward another computer located outside said network, comprising:

a judging unit configured to judge whether a passing of a packet transmitted from a mobile computer other than own management target computers to outside said network is permitted or not, according to a mobile computer identification information contained in said packet, and to send a message indicating a refusal of the passing of said packet to said mobile computer when the passing of said packet is judged to be not permitted;

a transfer unit configured to transfer said packet when the judging unit judges that the passing of said packet is permitted;

a key information returning unit configured to check whether a user information regarding a user of said mobile computer satisfies a prescribed condition or not, upon receiving a message requesting a key information for generating the mobile computer identification information from said mobile computer, and to return a requested key information to said mobile computer when the user information satisfies the prescribed condition; and

a management target computer recognition unit configured to indicate the own management target computers managed by the packet inspection device;

wherein the judging unit judges that a passing of one packet transmitted from one computer inside said network is permitted when the management target computer recognition unit indicates that said one packet is transmitted from one of the own management target computers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A packet transfer scheme for realizing a control of a packet inspection device to pass only packets from those mobile computers that can be recognized as authenticated among non-management target mobile computers that had moved inside the network, to outside the network. A packet inspection device judges whether a passing of a packet transmitted from a mobile computer other than own management target computers to outside the own network is permitted or not, according to a mobile computer identification information contained in the packet, and sends a message indicating a refusal of the passing of the packet to the mobile computer when the passing of the packet is judged to be not permitted; and then transfers the packet when the passing of the packet is judged to be permitted; and also checks whether a user information regarding a user of the mobile computer satisfies a prescribed condition or not, upon receiving a message requesting a key information for generating the mobile computer identification information from the mobile computer, and returns a requested key information to the mobile computer when the user information satisfies the prescribed condition.

113 Citations

View as Search Results

15 Claims

1. A packet inspection device for inspecting packets transmitted from a computer located inside a network under own management toward another computer located outside said network, comprising:
- a judging unit configured to judge whether a passing of a packet transmitted from a mobile computer other than own management target computers to outside said network is permitted or not, according to a mobile computer identification information contained in said packet, and to send a message indicating a refusal of the passing of said packet to said mobile computer when the passing of said packet is judged to be not permitted;
  
  a transfer unit configured to transfer said packet when the judging unit judges that the passing of said packet is permitted;
  
  a key information returning unit configured to check whether a user information regarding a user of said mobile computer satisfies a prescribed condition or not, upon receiving a message requesting a key information for generating the mobile computer identification information from said mobile computer, and to return a requested key information to said mobile computer when the user information satisfies the prescribed condition; and
  
  a management target computer recognition unit configured to indicate the own management target computers managed by the packet inspection device;
  
  wherein the judging unit judges that a passing of one packet transmitted from one computer inside said network is permitted when the management target computer recognition unit indicates that said one packet is transmitted from one of the own management target computers.
- View Dependent Claims (2, 3)
- - 2. The packet inspection device of claim 1, further comprising:
    - a management target computer recognition unit for indicating the own management target computers managed by the packet inspection device;
      
      wherein the judging unit judges that a passing of one packet transmitted from one computer inside said network is not permitted when the management target computer recognition unit indicates that said one packet is transmitted from a computer other than the own management target computers, and said one packet does not contain the mobile computer identification information.
  - 3. The packet inspection device of claim 2, wherein the judging unit judges that a passing of said one packet is permitted when the management target computer recognition unit indicates that said one packet is transmitted from a computer other than the own management target computers, said one packet contains the mobile computer identification information, and an authenticity of said one computer is checked according the mobile computer identification information contained in said one packet.

4. A mobile computer for carrying out communications while moving among inter-connected networks, comprising:
- a first transmission unit configured to transmit a registration message containing a current location information of the mobile computer to a mobile computer management device, when the mobile computer management device for managing a location information of the mobile computer and transferring packets destined to the mobile computer to a current location of the mobile computer is provided at a network other than a currently located network of the mobile computer;
  
  a second transmission unit configured to transmit a request message for requesting a key information for generating a mobile computer identification information, to a packet inspection device for inspecting packets transmitted from inside the currently located network toward outside the currently located network, when a message indicating a refusal of a passing of the registration message transmitted by the first transmission unit is received from the packet inspection device; and
  
  a third transmission unit configured to transmit a packet to be transmitted toward outside the currently located network by attaching the mobile computer identification information generated from the key information, when the key information is returned from the packet inspection device in response to the request message transmitted by the second transmission unit;
  
  wherein the first transmission unit transmits the registration message containing the current location information of the mobile computer to the mobile computer management device bv attaching the mobile computer identification information after the key information is returned from the packet inspection device in response to the request message, andafter a permission response with respect to the registration message is received from the mobile computer management device, the third transmission unit causes said computer to transmit a data packet to a correspondent computer by attaching the mobile computer identification information.
- View Dependent Claims (5)
- - 5. The mobile computer of claim 4, wherein the third transmission unit transmits a data packet to a correspondent computer without attaching the mobile computer identification information when said message indicating a refusal of a passing of the registration message transmitted by the first transmission unit is not received from the packet inspection device.

6. A packet transfer method at a packet inspection device for inspecting packets transmitted from a computer located inside a network under own management toward another computer located outside said network, comprising the steps of:
- judging whether a passing of a packet transmitted from a mobile computer other than own management target computers to outside said network is permitted or not at the packet inspection device, according to a mobile computer identification information contained in said packet;
  
  sending a message indicating a refusal of the passing of said packet to said mobile computer when the judging step judges that the passing of said packet is not permitted;
  
  transferring said packet when the judging step judges that the passing of said packet is permitted; and
  
  checking whether a user information regarding a user of said mobile computer satisfies a prescribed condition or not, upon receiving a message requesting a key information for generating the mobile computer identification information from said mobile computer, and returning a requested key information to said mobile computer when the user information satisfies the prescribed condition;
  
  wherein the packet inspection device has a management target computer recognition unit for indicating the own management target computers managed by the packet inspection device; and
  
  the judging step judges that a passing of one packet transmitted from one computer inside said network is permitted when the management target computer recognition unit indicates that said one packet is transmitted from one of the own management target computers.
- View Dependent Claims (7, 8)
- - 7. The packet transfer method of claim 6, wherein the packet inspection device has a management target computer recognition unit for indicating the own management target computers managed by the packet inspection device;
    - andwherein the judging step judges that a passing of one packet transmitted from one computer inside said network is not permitted when the management target computer recognition unit indicates that said one packet is transmitted from a computer other than the own management target computers, and said one packet does not contain the mobile computer identification information.
  - 8. The packet transfer method of claim 7, wherein the judging step judges that a passing of said one packet is permitted when the management target computer recognition unit indicates that said one packet is transmitted from a computer other than the own management target computers, said one packet contains the mobile computer identification information, and an authenticity of said one computer is checked according the mobile computer identification information contained in said one packet.

9. A packet transfer method at a mobile computer for carrying out communications while moving among interconnected networks, comprising the steps of:
- (a) transmitting a registration message containing a current location information of the mobile computer to a mobile computer management device, when the mobile computer management device for managing a location information of the mobile computer and transferring packets destined to the mobile computer to a current location of the mobile computer is provided at a network other than a currently located network of the mobile computer;
  
  (b) transmitting a request message for requesting a key information for generating a mobile computer identification information, to a packet inspection device for inspecting packets transmitted from inside the currently located network toward outside the currently located network, when a message indicating a refusal of a passing of the registration message transmitted by the step (a) is received from the packet inspection device; and
  
  (c) transmitting a packet to be transmitted toward outside the currently located network by attaching the mobile computer identification information generated from the key information, when the key information is returned from the packet inspection device in response to the request message transmitted by the step (b);
  
  wherein the step (a) transmits the registration message containing the current location information of the mobile computer to the mobile computer management device by attaching the mobile computer identification information after the key information is returned from the packet inspection device in response to the request message, andafter a permission response with respect to the registration message is received from the mobile computer management device, the step (c) cause said computer to transmit a data packet to a correspondent computer by attaching the mobile computer identification information.
- View Dependent Claims (10)
- - 10. The packet transfer method of claim 9, wherein the step (c) transmits a data packet to a correspondent computer without attaching the mobile computer identification information when said message indicating a refusal of a passing of the registration message transmitted by the step (a) is not received from the packet inspection device.

11. A computer usable medium having computer readable program codes embodied therein for causing a computer to function as a packet inspection device for inspecting packets transmitted from a computer located inside a network under own management toward another computer located outside said network, the computer readable program codes including:
- a first computer readable program code for causing said computer to judge whether a passing of a packet transmitted from a mobile computer other than own management target computers to outside said network is permitted or not, according to a mobile computer identification information contained in said packet, and send a message indicating a refusal of the passing of said packet to said mobile computer when the passing of said packet is judged to be not permitted;
  
  a second computer readable program code for causing said computer to transfer said packet when the first computer readable program code judges that the passing of said packet is permitted;
  
  a third computer readable program code for causing said computer to check whether a user information regarding a user of said mobile computer satisfies a prescribed condition or not, upon receiving a message requesting a key information for generating the mobile computer identification information from said mobile computer, and return a requested key information to said mobile computer when the user information satisfies the prescribed condition; and
  
  a fourth computer readable program code for causing said computer to indicate the own management target computers managed by the packet inspection device;
  
  wherein the first computer readable program code causes said computer to judge that a passing of one packet transmitted from one computer inside said network is permitted when the fourth computer readable program code indicates that said one packet is transmitted from one of the own management target computers.
- View Dependent Claims (12, 13)
- - 12. The article of manufacture of claim 11, wherein the computer readable program code means further includes:
    - fourth computer readable program code means for causing said computer to indicate the own management target computers managed by the packet inspection device;
      
      wherein the first computer readable program code means causes said computer to judge that a passing of one packet transmitted from one computer inside said network is not permitted when the fourth computer readable program code means indicates that said one packet is transmitted from a computer other than the own management target computers, and said one packet does not contain the mobile computer identification information.
  - 13. The article of manufacture of claim 12, wherein the first computer readable program code means causes said computer to judge that a passing of said one packet is permitted when the fourth computer readable program code means indicates that said one packet is transmitted from a computer other than the own management target computers, said one packet contains the mobile computer identification information, and an authenticity of said one computer is checked according the mobile computer identification information contained in said one packet.

14. A computer usable medium having computer readable program codes embodied therein for causing a computer to function as a mobile computer for carrying out communications while moving among inter-connected networks, the computer readable program codes including:
- a first computer readable program code for causing said computer to transmit a registration message containing a current location information of the mobile computer to a mobile computer management device, when the mobile computer management device for managing a location information of the mobile computer and transferring packets destined to the mobile computer to a current location of the mobile computer is provided at a network other than a currently located network of the mobile computer;
  
  a second computer readable program code for causing said computer to transmit a request message for requesting a key information for generating a mobile computer identification information, to a packet inspection device for inspecting packets transmitted from inside the currently located network toward outside the currently located network, when a message indicating a refusal of a passing of the registration message transmitted by the first transmission unit is received from the packet inspection device; and
  
  a third computer readable program code for causing said computer to transmit a packet to be transmitted toward outside the currently located network by attaching the mobile computer identification information generated from the key information, when the key information is returned from the packet inspection device in response to the request message transmitted by the second transmission unit;
  
  wherein the first computer readable program code causes said computer to transmit the registration message containing the current location information of the mobile computer to the mobile computer management device by attaching the mobile computer identification information after the key information is returned from the packet inspection device in response to the request message, andafter a permission response with respect to the registration message is received from the mobile computer management device the third computer readable program code causes said computer to transmit a data packet to a correspondent computer by attaching the mobile computer identification information.
- View Dependent Claims (15)
- - 15. The article of manufacture of claim 14, wherein the third computer readable program code means causes said computer to transmit a data packet to a correspondent computer without attaching the mobile computer identification information when said message indicating a refusal of a passing of the registration message transmitted by the first computer readable program code means is not received from the packet inspection device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Ishiyama, Masahiro, Shimbo, Atsushi, Inoue, Atsushi, Fukumoto, Atsushi, Okamoto, Toshio, Tsuda, Yoshiyuki
Primary Examiner(s)
De Cady, Albert
Assistant Examiner(s)
NGUYEN, NGUYEN X

Application Number

US08/957,773
Time in Patent Office

1,152 Days
Field of Search

713/201, 709/217, 709/218, 709/225, 380/23, 380/25
US Class Current

726/11
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

Packet inspection device, mobile computer and packet transfer method in mobile computing with improved mobile computer authenticity check scheme

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

113 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Packet inspection device, mobile computer and packet transfer method in mobile computing with improved mobile computer authenticity check scheme

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

113 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links