Filters to isolate untrusted ports of switches

US 7,305,549 B2
Filed: 05/25/2004
Issued: 12/04/2007
Est. Priority Date: 04/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

dividing a plurality of switch ports into trusted ports and untrusted ports, wherein the trusted ports are those ports that are coupled either directly or via one or more additional switches to a trusted computing device; and

applying filters on each untrusted port to allow the untrusted ports to communicate with any trusted port, but disallow the untrusted ports to communicate with any other untrusted port.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique is provided for dividing a plurality of switch ports into trusted ports and untrusted ports. The trusted ports are those ports that are coupled either directly or via one or more additional switches to a trusted computing device. Filters are applied on each untrusted port to allow the untrusted ports to communicate with any trusted port, but disallow the untrusted ports to communicate with any other untrusted port.

74 Citations

View as Search Results

27 Claims

1. A method, comprising:
- dividing a plurality of switch ports into trusted ports and untrusted ports, wherein the trusted ports are those ports that are coupled either directly or via one or more additional switches to a trusted computing device; and
  
  applying filters on each untrusted port to allow the untrusted ports to communicate with any trusted port, but disallow the untrusted ports to communicate with any other untrusted port.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the communicating with any trusted port includes receiving data from any trusted port.
  - 3. The method of claim 1, wherein the communicating with any untrusted port includes receiving data from any untrusted port.
  - 4. The method of claim 1, wherein the communicating with any trusted port includes transmitting data to any trusted port.
  - 5. The method of claim 1, wherein the communicating with any untrusted port includes transmitting data to any untrusted port.
  - 6. The method of claim 1, further comprising converting an untrusted port into a trusted port in response to authentication of a computing device that is attached to the port.
  - 7. The method of claim 1, further comprising an untrusted computing device that is a boot client.
  - 8. The method of claim 1, wherein the trusted computing device is a boot server.
  - 9. The method of claim 1, wherein the trusted computing device is an authentication server.
  - 10. The method of claim 1, further comprising an untrusted computing device that is a rogue server.
  - 11. The method of claim 10, wherein a rogue agent is not able to connect the rogue server to a trusted port.
  - 12. The method of claim 1, wherein the switch includes a first switch and a second switch that are in data communication with each other, wherein the first switch includes a first port that is in communication with a computing device and the second switch includes a second port that is in communication with the trusted computing device that is a boot server.

13. A method, comprising:
- dividing a plurality of ports of a switch into trusted ports and untrusted ports, wherein trusted ports are those ports of the switch that are coupled either directly or via one or more additional switches to a trusted computing device; and
  
  converting an untrusted port of the switch into a trusted port in response to authentication of a computing device that is attached to the port.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, further comprising applying filters on the untrusted ports to allow untrusted ports to communicate with trusted ports, wherein an untrusted computing device that is a boot client is connected to an untrusted port.
  - 15. The method of claim 13, wherein the trusted computing device that is a boot server is connected to the trusted port.
  - 16. The method of claim 13, wherein the trusted computing device that is an authentication server is connected to the trusted port.
  - 17. The method of claim 13, wherein the switch includes a first switch and a second switch that are in data communication with each other, wherein the first switch includes a first port that is in communication with a computing device and the second switch includes a second port, and wherein the second port is in communication with the trusted computing device that is a boot server.

18. A switch assembly, comprising:
- at least one switch that includes a plurality of ports, wherein the ports are divided into trusted ports and untrusted ports, further wherein the trusted ports are those ports of the switch that are not coupled either directly or via one or more additional switches to a trusted computing device; and
  
  a filter that is applied to the untrusted ports to allow the untrusted ports to communicate with trusted ports, but disallow the untrusted ports from communicating with other untrusted ports.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 19. The switch assembly of claim 18, wherein communicating with any trusted port includes receiving data from any trusted port.
  - 20. The switch assembly of claim 18, wherein communicating with any untrusted port includes receiving data from any untrusted port.
  - 21. The switch assembly of claim 18, wherein communicating with any trusted port includes transmitting data to any trusted port.
  - 22. The switch assembly of claim 18, wherein communicating with any untrusted port includes transmitting data to any untrusted port.
  - 23. The switch assembly of claim 18, further comprising converting an untrusted port into a trusted port in response to authentication of a computing device that is attached to the port.
  - 24. The switch assembly of claim 18, wherein an untrusted computing device that is a boot client is connected to an untrusted port.
  - 25. The switch assembly of claim 18, wherein the trusted computing device that is a boot server is connected to the trusted port.
  - 26. The switch assembly of claim 18, wherein the trusted computing device that is an authentication server is connected to the trusted port.
  - 27. The switch assembly of claim 18, including a first switch and a second switch that are in data communication with each other, wherein the first switch includes a first port and the second switch includes a second port, and wherein the second port is in communication with a boot server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hunt, Galen C., Simon, Jeff
Primary Examiner(s)
Peeso; Thomas R.

Application Number

US10/853,932
Publication Number

US 20050246768A1
Time in Patent Office

1,288 Days
Field of Search

713/155, 713/154, 713/161, 713/166, 713/168
US Class Current

713/155
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 61/5014   using dynamic host configur...

H04L 63/0823   using certificates cryptogr...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

Filters to isolate untrusted ports of switches

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

74 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Filters to isolate untrusted ports of switches

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links