Method, system, and computer program product for restricting access to a network using a network communications device

US 7,248,563 B2
Filed: 07/31/2002
Issued: 07/24/2007
Est. Priority Date: 07/31/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method in a data processing system, said method comprising the steps of:

providing a network communications device that includes multiple ports for providing access to a network;

receiving a specification of one of said multiple ports;

receiving a specification of a time period; and

blocking access to said network through said one of said multiple ports during said time period, wherein blocking access to said network further comprises;

receiving, within said network communications device, a first network packet;

responsive to a determination that said one of said multiple ports through which said first network packet was received is said specified one of said multiple ports and that a current time is within said time period, discarding said network packet;

storing a media access control address of a computer system that transmitted said first network packet and storing an identification of said one of said multiple ports through which said first network packet was received within said network communications device;

receiving a second packet;

identifying a second one of said multiple ports through which said second packet was received;

determining whether said second one of said multiple ports is said specified one of said multiple ports;

determining a time period associated with said second one of said multiple ports;

determining whether a current time is within said determined time period;

determining a media access control address of a computer system that transmitted said second packet;

responsive to a determination that either said second one of said multiple ports is not said specified one of said multiple ports or that said current time is not within said determined time period, determining whether said media access control address of said computer system that transmitted said second packet is stored in said network communications device; and

responsive to a determination that said media access control address of said computer system that transmitted said second packet is stored in said network communications device, discarding said second packet.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are disclosed for restricting access to a network using a network communications device. The network communications device includes multiple ports for providing access to a data processing system to the network. A specification of one of the multiple ports is received. A specification of a time period is also received. Access to the network is then blocked through the specified port during the specified time period.

Citations

30 Claims

1. A method in a data processing system, said method comprising the steps of:
- providing a network communications device that includes multiple ports for providing access to a network;
  
  receiving a specification of one of said multiple ports;
  
  receiving a specification of a time period; and
  
  blocking access to said network through said one of said multiple ports during said time period, wherein blocking access to said network further comprises;
  
  receiving, within said network communications device, a first network packet;
  
  responsive to a determination that said one of said multiple ports through which said first network packet was received is said specified one of said multiple ports and that a current time is within said time period, discarding said network packet;
  
  storing a media access control address of a computer system that transmitted said first network packet and storing an identification of said one of said multiple ports through which said first network packet was received within said network communications device;
  
  receiving a second packet;
  
  identifying a second one of said multiple ports through which said second packet was received;
  
  determining whether said second one of said multiple ports is said specified one of said multiple ports;
  
  determining a time period associated with said second one of said multiple ports;
  
  determining whether a current time is within said determined time period;
  
  determining a media access control address of a computer system that transmitted said second packet;
  
  responsive to a determination that either said second one of said multiple ports is not said specified one of said multiple ports or that said current time is not within said determined time period, determining whether said media access control address of said computer system that transmitted said second packet is stored in said network communications device; and
  
  responsive to a determination that said media access control address of said computer system that transmitted said second packet is stored in said network communications device, discarding said second packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, further comprising the steps of:
    - storing said specified one of said multiple ports in a database in said network communication device;
      
      storing said specified time period in said database in said network communication device; and
      
      associating said specified one of said multiple ports with said specified time period together in said database.
  - 3. The method according to claim 1, further comprising the steps of:
    - responsive to a determination that said media access control address of said computer system that transmitted said second packet is not stored in said network communications device, forwarding said second packet.
  - 4. The method according to claim 1, further comprising the step of:
    - identifying one of said multiple ports through which said first network packet was received;
      
      determining whether said one of said multiple ports through which said first network packet was received is said specified one of said multiple ports;
      
      determining whether a current time is within said time period; and
      
      in response to a determination that either said one of said multiple ports through which said first network packet was received is not said specified one of said multiple ports or that said current time is not within said time period, forwarding said first network packet to said network.
  - 5. The method according to claim 1, further comprising:
    - responsive to a determination that said media access control address of said computer system that transmitted said second packet is not stored in said network communications device, forwarding said second packet.
  - 6. The method according to claim 1, wherein said network communications device is a router.
  - 7. The method according to claim 1, wherein said network communications device is a switch.
  - 8. The method according to claim 1, wherein said network communications device is a hub.
  - 9. The method according to claim 1, further comprising the steps of:
    - specifying a media access control address of a computer system which is to be restricted from accessing said network;
      
      storing said media access control address in a database that is included in a memory in a said network communications device.
  - 10. The method according to claim 9, further comprising the steps of:
    - storing said specification of one of said multiple ports in a second database within said communications device; and
      
      storing said specification of said time period in said second database.

11. A data processing system comprising:
- a network communications device that includes multiple ports for providing access to a network;
  
  said network communications device including a CPU executing code for receiving a specification of one of said multiple ports;
  
  said CPU executing code for receiving a specification of a time period; and
  
  said network communications device for blocking access to said network through said one of said multiple ports during said time period, wherein blocking access to said network further comprises;
  
  said network communications device for receiving a first network packet;
  
  said network communications device discarding said network packet in response to a determination that said one of said multiple ports through which said first network packet was received is said specified one of said multiple ports and that a current time is within said time periodsaid network communications device for storing a media access control address of a computer system that transmitted said first network packet and an identification of said one of said multiple ports through which said first network packet was received within said network communications device;
  
  said network communications device for receiving a second packet;
  
  said CPU executing code for identifying a second one of said multiple ports through which said second packet was received;
  
  said CPU executing code for determining whether said second one of said multiple ports is said specified one of said multiple ports;
  
  said CPU executing code for determining a time period associated with said second one of said multiple ports;
  
  said CPU executing code for determining whether a current time is within said determined time period;
  
  said CPU executing code for determining a media access control address of a computer system that transmitted said second packet;
  
  said CPU executing code for determining whether said media access control address of said computer system that transmitted said second packet is stored in said network communications device in response to a determination that either said second one of said multiple ports is not said specified one of said multiple ports or that said current time is not within said determined time period; and
  
  said CPU executing code for discarding said second packet in response to a determination that said media access control address of said computer system that transmitted said second packet is stored in said network communications device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system according to claim 11, further comprising:
    - a database in said network communication device for storing said specified one of said multiple ports;
      
      said database for storing said specified time period; and
      
      said CPU executing code for associating said specified one of said multiple ports with said specified time period together in said database.
  - 13. The system according to claim 11, further comprising:
    - said CPU executing code for forwarding said second packet in response to a determination that said media access control address of said computer system that transmitted said second packet is not stored in said network communications device.
  - 14. The system according to claim 11, further comprising:
    - said CPU executing code for identifying one of said multiple ports through which said first network packet was received;
      
      said CPU executing code for determining whether said one of said multiple ports through which said first network packet was received is said specified one of said multiple ports;
      
      said CPU executing code for determining whether a current time is within said time period; and
      
      in response to a determination that either said one of said multiple ports through which said first network packet was received is not said specified one of said multiple ports or that said current time is not within said time period, said network communications device forwarding said first network packet to said network.
  - 15. The system according to claim 11, further comprising:
    - in response to a determination that said media access control address of said computer system that transmitted said second packet is not stored in said network communications device, said network communications device forwarding said second packet.
  - 16. The system according to claim 11, further comprising said network communications device being a router.
  - 17. The system according to claim 11, further comprising said network communications device being a switch.
  - 18. The system according to claim 11, further comprising said network communications device being a hub.
  - 19. The system according to claim 11, further comprising:
    - said CPU executing code for receiving a specified media access control address of a computer system which is to be restricted from accessing said network;
      
      a database included in a memory in a said network communications device for storing said media access control address.
  - 20. The system according to claim 19, further comprising:
    - a second database included within said communications device for storing said specification of one of said multiple ports; and
      
      said specification of said time period being stored in said second database.

21. A computer readable medium encoded with a computer program, which, when executed in a data processing system, causes said data processing system to perform the following steps:
- providing a network communications device that includes multiple ports for providing access to a network;
  
  receiving a specification of one of said multiple ports;
  
  receiving a specification of a time period; and
  
  blocking access to said network through said one of said multiple ports during said time period, wherein blocking access to said network further comprises;
  
  receiving a first network packet;
  
  discarding said network packet in response to a determination that said one of said multiple ports through which said first network packet was received is said specified one of said multiple ports and that a current time is within said time period;
  
  storing a media access control address of a computer system that transmitted said first network packet and an identification of said one of said multiple ports through which said first network packet was received within said network communications device;
  
  receiving a second packet;
  
  identifying a second one of said multiple ports through which said second packet was received;
  
  determining whether said second one of said multiple ports is said specified one of said multiple ports;
  
  determining a time period associated with said second one of said multiple ports;
  
  determining whether a current time is within said determined time;
  
  determining a media access control address of a computer system that transmitted said second packet;
  
  determining whether said media access control address of said computer system that transmitted said second packet is stored in said network communications device in response to a determination that either said second one of said multiple ports is not said specified one of said multiple ports or that said current time is not within said determined time period; and
  
  discarding said second packet in response to a determination that said media access control address of said computer system that transmitted said second packet is stored in said network communications device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The product according to claim 21, further comprising:
    - instruction means for storing said specified one of said multiple ports in a database in said network communication device;
      
      instruction means for storing said specified time period in said database in said network communication device; and
      
      instruction means for associating said specified one of said multiple ports with said specified time period together in said database.
  - 23. The product according to claim 21, further comprising:
    - instruction means for forwarding said second packet in response to a determination that said media access control address of said computer system that transmitted said second packet is not stored in said network communications device.
  - 24. The product according to claim 21, further comprising:
    - instruction means for identifying one of said multiple ports through which said first network packet was received;
      
      instruction means for determining whether said one of said multiple ports through which said first network packet was received is said specified one of said multiple ports;
      
      instruction means for determining whether a current time is within said time period; and
      
      in response to a determination that either said one of said multiple ports through which said first network packet was received is not said specified one of said multiple ports or that said current time is not within said time period, instruction means for forwarding said first network packet to said network.
  - 25. The product according to claim 21, further comprising instruction means responsive to a determination that said media access control address of said computer system that transmitted said second packet is not stored in said network communications device, for forwarding said second packet.
  - 26. The product according to claim 21, wherein said network communications device is a router.
  - 27. The product according to claim 21, wherein said network communications device is a switch.
  - 28. The product according to claim 21, wherein said network communications device is a hub.
  - 29. The product according to claim 21, further comprising:
    - instruction means for specifying a media access control address of a computer system which is to be restricted from accessing said network;
      
      instruction means for storing said media access control address in a database that is included in a memory in a said network communications device.
  - 30. The product according to claim 29, further comprising:
    - instruction means for storing said specification of one of said multiple ports in a second database within said communications device; and
      
      instruction means for storing said specification of said time period in said second database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Bhogal, Kulvir Singh, Ishmael, Nizamudeen Jr., Sidhu, Mandeep Singh
Primary Examiner(s)
Kizou; Hassan
Assistant Examiner(s)
Patel; Jay P.

Application Number

US10/210,526
Publication Number

US 20040022242A1
Time in Patent Office

1,819 Days
Field of Search

370/230, 370/230.1, 370/235, 709/225, 726/4, 726/11
US Class Current

370/230
CPC Class Codes

H04L 63/10 for controlling access to d...

Method, system, and computer program product for restricting access to a network using a network communications device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system, and computer program product for restricting access to a network using a network communications device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links