Security apparatus and method for local area networks
First Claim
1. A method for blocking access to one or more protected devices on a computer network-by a client device having a physical device address, comprising the steps of:
- (a) receiving address resolution requests broadcast on the computer network by the client device seeking access to one of the protected devices, each of the one or more protected devices having a physical device address;
(b) processing the address resolution requests to determine whether the client device is an unknown device;
(c) if the client device is unknown as determined in step (b), placing the client device in a restricted status, and transmitting restricted address resolution replies to the protected on the computer network to block access to the protected devices by the client device and allow access to an authentication server;
(d) if the client device is unknown as determined in step (b), monitoring the authentication server to determine if the client device is authorized or unauthorized by the authentication server;
(e) if the client device is authorized as determined in step (d), removing the restricted status for the client device and allowing access to the protected devices; and
(f) if the client device is unauthorized as determined in step (d), changing the restricted status to a blocked status and transmitting block address resolution replies at predetermined intervals on the computer network to block access to the protected devices by the client device.
11 Assignments
0 Petitions
Accused Products
Abstract
The present invention includes a method and apparatus for controlling data link layer access to protected servers on a computer network by a client device. Address resolution requests broadcast on the network by the client device seeking access to any network device are received and then processed to determine whether the client device is unknown. If the client device is unknown, restriction address resolution replies are transmitted to the protected devices to restrict access by the client device to the protected devices and allow access to an authentication server. The authentication server is monitored to determine if the client device is authorized or unauthorized by the authentication server. If the client device is authorized, access is allowed to the protected devices. If the client device is unauthorized, blocking address resolution replies are transmitted on the computer network to block access by the client device to all other network devices.
-
Citations
23 Claims
-
1. A method for blocking access to one or more protected devices on a computer network-by a client device having a physical device address, comprising the steps of:
-
(a) receiving address resolution requests broadcast on the computer network by the client device seeking access to one of the protected devices, each of the one or more protected devices having a physical device address; (b) processing the address resolution requests to determine whether the client device is an unknown device; (c) if the client device is unknown as determined in step (b), placing the client device in a restricted status, and transmitting restricted address resolution replies to the protected on the computer network to block access to the protected devices by the client device and allow access to an authentication server; (d) if the client device is unknown as determined in step (b), monitoring the authentication server to determine if the client device is authorized or unauthorized by the authentication server; (e) if the client device is authorized as determined in step (d), removing the restricted status for the client device and allowing access to the protected devices; and (f) if the client device is unauthorized as determined in step (d), changing the restricted status to a blocked status and transmitting block address resolution replies at predetermined intervals on the computer network to block access to the protected devices by the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus comprising memory and processing for blocking access to one or more protected devices on a computer network by a client device having a physical device address, comprising the steps of:
-
means for receiving address resolution requests broadcast on the computer network by the client device seeking access to one of the protected devices, each of the one or more protected devices having physical device address; means for processing the address resolution requests to determine whether the client device is an unknown device; means for placing the client device in a restricted status, and transmitting restriction address resolution replies to the protected devices on the computer network to block access to the protected devices by the client and allow access to the authentication server if the client device is unknown; means for monitoring the authentication server to determine if the client device is authorized or unauthorized by the authentication server if the client device is unknown; means for removing the restricted status for the client device and allowing access to the protected device if the client device is authorized; and means for changing the restricted status to a blocked status and transmitting blocking address resolution replies at predetermined intervals on the computer network to block access to the protected devices by the client device if the client device is unauthorized. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification