Method for detecting dedicated link between an end station and a network device
First Claim
Patent Images
1. An apparatus for performing at least one authentication protocol at multiple network layers for authenticating an end station coupled to a switch in a network, the apparatus comprising:
- a switch, comprising, a first driver that executes a link detect protocol at a physical layer; and
a plurality of ports, wherein each port comprises a first link beat control circuit and a first medium access control (MAC) unit, and wherein the first link beat control circuit manages a physical layer link active signaling process to determine whether a device coupled to a link is active; and
an end station including a second driver that supports the link detect protocol and a higher layer authentication protocol, a second link beat control circuit, and a second MAC, wherein the switch communicates with the end station via a network link to execute the link detect protocol and the higher layer authentication protocol, wherein the link detect protocol comprises, the switch starting a test timer;
the switch monitoring a link beat on the network link;
the switch sending an encrypted message to the end station;
the end station decrypting the encrypted message;
the end station dropping the link beat in response to the message;
if the switch has not detected that the link beat has been dropped before the test timer expires, the switch determining whether a retry limit has been reached;
if the retry limit has not been reached, the switch resending the encrypted message;
the switch detecting that the link beat has been dropped;
the switch determining that the switch is coupled by a direct link to the end station in response to detecting that the link beat has been dropped; and
the switch initiating the higher layer authentication protocol, which comprises, sending at least one encrypted message to the end station at a network layer above the physical layer; and
if the end station participates successfully in the authentication protocol, the switch granting the end station access to the network.
6 Assignments
0 Petitions
Accused Products
Abstract
A dedicated link between the intermediate system or other network device and the end system is detected prior to exchanging the authentication/identification information of the user, thereby ensuring that the information is seen only by the network device and the end system and by no one else. The method determines whether a network device has a direct connection to an end station using a test of a physical layer link active signaling mechanism. The method includes sending a message via the network from the network device to the end station indicating initiation of a test of the physical layer link active signaling mechanism. The network device then determines whether the end station participates in the test prior to proceeding with the authentication/identification processes.
44 Citations
1 Claim
-
1. An apparatus for performing at least one authentication protocol at multiple network layers for authenticating an end station coupled to a switch in a network, the apparatus comprising:
-
a switch, comprising, a first driver that executes a link detect protocol at a physical layer; and
a plurality of ports, wherein each port comprises a first link beat control circuit and a first medium access control (MAC) unit, and wherein the first link beat control circuit manages a physical layer link active signaling process to determine whether a device coupled to a link is active; and
an end station including a second driver that supports the link detect protocol and a higher layer authentication protocol, a second link beat control circuit, and a second MAC, wherein the switch communicates with the end station via a network link to execute the link detect protocol and the higher layer authentication protocol, wherein the link detect protocol comprises, the switch starting a test timer;
the switch monitoring a link beat on the network link;
the switch sending an encrypted message to the end station;
the end station decrypting the encrypted message;
the end station dropping the link beat in response to the message;
if the switch has not detected that the link beat has been dropped before the test timer expires, the switch determining whether a retry limit has been reached;
if the retry limit has not been reached, the switch resending the encrypted message;
the switch detecting that the link beat has been dropped;
the switch determining that the switch is coupled by a direct link to the end station in response to detecting that the link beat has been dropped; and
the switch initiating the higher layer authentication protocol, which comprises, sending at least one encrypted message to the end station at a network layer above the physical layer; and
if the end station participates successfully in the authentication protocol, the switch granting the end station access to the network.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeHewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
-
Original Assignee3Com Corporation (HP Inc.)
-
InventorsJain, Vipin K.
-
Primary Examiner(s)Sheikh, Ayaz
-
Assistant Examiner(s)Backer, Firmin
-
Application NumberUS09/019,462Time in Patent Office1,517 DaysField of Search713/201, 713/202, 713/200, 710/268, 709/303, 709/304, 709/305, 709/217, 709/225, 709/224, 709/220, 709/318US Class Current726/2CPC Class CodesH04L 41/12 Discovery or management of ...H04L 63/0442 wherein the sending and rec...H04L 63/08 for authentication of entit...
