Method and apparatus for preventing unauthorized access by a network device
First Claim
1. A method for use in a computer system including a plurality of devices each having a first identifier that uniquely identifies the respective device, a shared resource shared by the plurality of devices, and a network that couples the plurality of devices to the shared resource, the network assigning a second identifier to each of the plurality of devices, the second identifier indicating a port of at least one network component through which the respective device accesses the network, the method including acts of:
- (a) in response to one of the plurality of devices attempting to access the shared resource and representing itself to the shared resource as a first device using the first identifier, determining, using the second identifier, whether the one of the plurality of devices is attempting to access the shared resource through a port of the at least one network component that is different than a first port of the at least one network component used by the first device to access the shared resource; and
(b) when it is determined in the act (a) that the one of the plurality of devices is attempting to access the shared resource through a port of the at least one network component that is different than the first port, denying the attempted access by the one of the plurality of devices to the shared resource.
9 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for a networked computer system including a plurality of devices and a shared resource. In response to one of the devices attempting to access the shared resource and representing itself to the shared resource as a first device, determining whether the device is attempting to access the shared resource through a physical connection through the network that is different than a physical connection used by the first device to access the shared resource, and when it is, denying the attempted access.
86 Citations
66 Claims
-
1. A method for use in a computer system including a plurality of devices each having a first identifier that uniquely identifies the respective device, a shared resource shared by the plurality of devices, and a network that couples the plurality of devices to the shared resource, the network assigning a second identifier to each of the plurality of devices, the second identifier indicating a port of at least one network component through which the respective device accesses the network, the method including acts of:
-
(a) in response to one of the plurality of devices attempting to access the shared resource and representing itself to the shared resource as a first device using the first identifier, determining, using the second identifier, whether the one of the plurality of devices is attempting to access the shared resource through a port of the at least one network component that is different than a first port of the at least one network component used by the first device to access the shared resource; and (b) when it is determined in the act (a) that the one of the plurality of devices is attempting to access the shared resource through a port of the at least one network component that is different than the first port, denying the attempted access by the one of the plurality of devices to the shared resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 56)
-
-
23. A method for use in a computer system including a plurality of devices, a storage system shared by the plurality of devices, and a network that couples the plurality of devices to the storage system, wherein the network employs a protocol wherein each of the plurality of devices has a first identifier that uniquely identifies the device in a manner that is independent of a physical configuration of the computer system and a second identifier that uniquely identifies a port of at least one network component through which the respective device accesses the network, the method including acts of:
-
(a) in response to a login of a first device of the plurality of devices to the storage system, storing the first and second identifiers of the first device; (b) in response to an attempt, subsequent to the act (a), by one of the plurality of devices to login to the storage system while representing itself to the storage system as the first device, determining whether the one of the plurality of devices is attempting to login to the storage system through a port of the at least one network component that is different than a first port of the at least one network component used by the first device to login to the storage system in the act (a), including acts of; (b1) examining a value of the first identifier presented by the one of the plurality of devices to the storage system to determine that the one of the plurality of devices is representing itself to be the first device; (b2) comparing a value of the second identifier presented by the one of the plurality of devices to the stored value of the second identifier for the first device; and (b3) determining that the one of the plurality of devices is attempting to login to the storage system through a port of the at least one network component that is different than the first port when the value of the second identifier presented by the one of the plurality of devices mismatches the stored value of the second identifier for the first device; and (c) when it is determined in the act (b3) that the one of the plurality of devices is attempting to login to the storage system through a port of the at least one network component that is different than the first port, denying the attempted login by the one of the plurality of devices to the storage system. - View Dependent Claims (24, 25, 26)
-
-
27. A method for use in a computer system including a network and a plurality of devices coupled to the network, the network employing a protocol wherein each of the plurality of devices has a first identifier that uniquely identifies the device in a manner that is independent of a physical configuration of the computer system and a second identifier that uniquely identifies a port on at least one network component at which the respective device is connected, the at least one network component assigning a unique value for the second identifier to each of the plurality of devices that is logged into the network, the method including acts of:
-
(a) in response to one of the plurality of devices attempting to login to the network and representing itself to the network as a first device, determining whether the one of the plurality of devices is attempting to login to the network through a port on the at least one network component that is different than a first port of the at least one network component through which the first device previously logged into the network; and (b) when it is determined in the act (a) that the one of the plurality of devices is attempting to access the network through a port that is different than the first port, denying the attempted login by the one of the plurality of devices to the network. - View Dependent Claims (28, 29, 30, 31)
-
-
32. An apparatus for use in a computer system including a plurality of devices, a shared resource shared by the plurality of devices each having a first identifier that uniquely identifies the respective device, and a network that couples the plurality of devices to the shared resource, the network assigning a second identifier to each of the plurality of devices, the second identifier indicating a port of at least one network component at which the respective device is connected, the apparatus including:
-
an input to be coupled to the network; and at least one controller, coupled to the input, that is responsive to one of the plurality of devices attempting to access the shared resource while representing itself to the shared resource as a first device via the first identifier, to determine, based at least in part on the second identifier, whether the one of the plurality of devices is attempting to access the shared resource through a port of the at least one network component that is different than a first port of the at least one network component used by the first device to access the shared resource, and to deny the attempted access by the one of the plurality of devices to the shared resource when it is determined that the one of the plurality of devices is attempting to access the shared resource through a port of the at least one network component that is different than the first port. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
-
-
57. An apparatus for use in a computer system including a plurality of devices, a storage system shared by the plurality of devices, and a network that couples the plurality of devices to the storage system, wherein the network employs a protocol wherein each of the plurality of devices has a first identifier that uniquely identifies the device in a manner that is independent of a physical configuration of the computer system and a second identifier that uniquely identifies a port on at least one network component through which the respective device connects to the network, the apparatus comprising:
-
an input to be coupled to the network; a storage device; and at least one controller, coupled to the network and the storage device, that is responsive to a login of a first device of the plurality of devices to the storage system to store the first and second identifiers of the first device in the storage device; the at least one controller further being responsive to an attempt, after the login by the first device, by one of the plurality of devices to login to the storage system, while representing itself to the storage system as the first device, to; examine a value of the first identifier presented by the one of the plurality of devices to the storage system to determine that the one of the plurality of devices is representing itself to be the first device; compare a value of the second identifier presented by the one of the plurality of devices to the stored value of the second identifier for the first device; determine that the one of the plurality of devices is attempting to access the storage system through a port of the at least one network component that is different than a first port of the at least one network component used by the first device in logging into the storage system when the value of the second identifier presented by the one of the plurality of devices mismatches the stored value of the second identifier for the first device; and deny the attempted login by the one of the plurality of devices to the storage system when it is determined that the one of the plurality of devices is attempting to login to the storage system through a port of the at least one network component that is different than the first port. - View Dependent Claims (58, 59, 60, 61)
-
-
62. An apparatus for use in a computer system including a network and a plurality of devices coupled to the network, the network employing a protocol wherein each of the plurality of devices has a first identifier that uniquely identifies the device in a manner that is independent of a physical configuration of the computer system and a second identifier that uniquely identifies a port of at least one network component at which the respective device is connected, the at least one network component assigning a unique value for the second identifier to each of the plurality of devices that is logged into the network, the apparatus comprising:
-
at least one input to be coupled to at least one of the plurality of devices; and at least one controller that is responsive to one of the plurality of devices attempting to login to the network and representing itself to the network as a first device, to determine whether the one of the plurality of devices is attempting to login to the network through a port that is different than a first port of the at least one network component through which the first device previously logged into the network, and to deny the attempted login by the one of the plurality of devices to the network when the one of the plurality of devices is attempting to login to the network through a port of the at least one network component that is different than the first port. - View Dependent Claims (63, 64, 65, 66)
-
Specification