Network communications security enhancing

US 7,720,462 B2
Filed: 07/21/2005
Issued: 05/18/2010
Est. Priority Date: 07/21/2005
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a network port to exchange one or more communication data packets over a network;

a plurality of access ports to exchange data with one or more remote endpoint devices, wherein the access ports include a wireless access port to exchange wireless data signals with the one or more remote endpoint devices through one or more existing communication session between the apparatus and the one or more endpoint devices;

a switching device to transfer one or more communication data packets received from the network with the network port to the wireless access port for transmission as wireless data signals to at least one of the remote endpoint devices, or to transfer wireless data signals received by the wireless access port to the network port for transmission over the network as one or more communication data packets; and

a controller to allow the one or more endpoint devices access to the network through the switching device of the apparatus according to one or more communication selectivity parameters, wherein the controller is configured to compare the communication selectivity parameters with a current day and time to determine whether to reduce access to the network for at least one of the remote devices, wherein the controller is configured to manage access to the network by the one or more remote endpoint devices on a per access port basis, wherein the controller is configured to allow network access over one or more wired ports and prohibit network access over the wireless port based on the comparison, wherein the controller includes at least one mapping table to correlate access permissions with each of the plurality of access ports, and wherein the controller is configured to prohibit initiation of new communication sessions with the apparatus by the one or more remote devices based, at least in part, on the comparison, while allowing those remote endpoint devices with existing communication sessions with the apparatus to continue to access the network through the switching device of the apparatus and while allowing any remote endpoint device that roams into range of the wireless access port to access the network through the switching device of the apparatus when the remote endpoint device has at least one existing communication session transferred from another access point associated with the apparatus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention facilitates security maintenance in a communication network. Present invention embodiments adjust power level and/or communication permission based upon designated parameters. The designated parameters can include time indications, days of the week, failed access attempts, source and destination indications and/or information content indications. For example, a present invention system and method can reduce and/or turn off power to a wireless communication port during designated intervals (e.g., during non standard work hours) and prevent unauthorized access via the wireless communication port.

37 Citations

View as Search Results

18 Claims

1. An apparatus comprising:
- a network port to exchange one or more communication data packets over a network;
  
  a plurality of access ports to exchange data with one or more remote endpoint devices, wherein the access ports include a wireless access port to exchange wireless data signals with the one or more remote endpoint devices through one or more existing communication session between the apparatus and the one or more endpoint devices;
  
  a switching device to transfer one or more communication data packets received from the network with the network port to the wireless access port for transmission as wireless data signals to at least one of the remote endpoint devices, or to transfer wireless data signals received by the wireless access port to the network port for transmission over the network as one or more communication data packets; and
  
  a controller to allow the one or more endpoint devices access to the network through the switching device of the apparatus according to one or more communication selectivity parameters, wherein the controller is configured to compare the communication selectivity parameters with a current day and time to determine whether to reduce access to the network for at least one of the remote devices, wherein the controller is configured to manage access to the network by the one or more remote endpoint devices on a per access port basis, wherein the controller is configured to allow network access over one or more wired ports and prohibit network access over the wireless port based on the comparison, wherein the controller includes at least one mapping table to correlate access permissions with each of the plurality of access ports, and wherein the controller is configured to prohibit initiation of new communication sessions with the apparatus by the one or more remote devices based, at least in part, on the comparison, while allowing those remote endpoint devices with existing communication sessions with the apparatus to continue to access the network through the switching device of the apparatus and while allowing any remote endpoint device that roams into range of the wireless access port to access the network through the switching device of the apparatus when the remote endpoint device has at least one existing communication session transferred from another access point associated with the apparatus.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The access point device of claim 1, wherein the controller is configured to manage access to the network by reducing a transmission range of the wireless access point, wherein the controller is configured to reduce the transmission range of the wireless access point by reducing power supplied to the wireless access port.
  - 3. The apparatus of claim 2, wherein the controller includes a memory to store the one or more communication selectivity parameters, wherein the controller is configured to adjust the power supplied to the wireless access port according to the communication selectivity parameters.
  - 4. The apparatus of claim 1, wherein the controller is configured to direct the switching device to cease responding to port identification signals from remote devices according to the communication selectivity parameters, wherein the port identification signals request the apparatus to notify the remote devices that the apparatus exists.
  - 5. The apparatus of claim 1, wherein the communication selectivity parameters identify network access restrictions based on at least one of a time of an attempted access, a date of the attempted access, a number of previous failed attempts of access by the remote device, or which remote device is attempting to access the network.
  - 6. The apparatus of claim 1, wherein at least one of the network port or the wireless access port is configured to receive a forwarding message from a remote access point, the forwarding message to indicate that the remote access point has an existing communication session with at least one of the remote devices, and when at least one of the remote devices roams into a transmission range of the wireless port and when the controller is prohibiting initiation of new communication sessions with the apparatus based, at least in part, on the comparison, the controller is configured to allow the at least one of the remote devices to access the network through the apparatus according to the forwarding message even though the at least one of the remote devices did not have an existing communication session with the apparatus.

7. a method comprising:
- examining, with an access point, a mapping table that correlates one or more predetermine network access parameters to a plurality of access ports on a per access port basis, wherein the examining includes comparing the one or more predetermine network access parameters with a current day and time;
  
  determining any network access restrictions for the remote endpoint devices through a wireless access port of the access point based on the comparison of the one or more predetermine network access parameters with the current day and time;
  
  when the comparison of the predetermine network access parameters indicates that there are no network access restrictions, transferring, with a switching device of the access point, wireless data signals received by the wireless access port from one or more remote endpoint devices to a network through a network port of the access point, wherein the network port is configured to transmit the wireless data signals over the network as one or more communication data packets;
  
  when the comparison of the predetermine network access parameters indicates that there is at least one network access restriction, preventing, with the access point, initiation of new communication sessions with the remote endpoint devices, allowing those remote endpoint devices with existing communication sessions with the access point to continue to access the network through the access point, allowing remote endpoint devices access to the network over one or more wired ports of the access point, and allowing any remote endpoint device that roams into range of the wireless access port to access the network through the access point when the remote endpoint device has at least one existing communication session with another access point.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising reducing power supplied to the wireless access port to reduce a transmission range of the wireless access point.
  - 9. The method of claim 7, further comprising when the predetermine network access parameters indicate that there is at least one network access restriction, ceasing to respond to port identification signals from one or more remote endpoint devices, wherein the port identification signals request the access point to notify the remote devices that the access point exists.
  - 10. The method of claim 7, further comprising, when the predetermine network access parameters indicate that there is at least one network access restriction, ceasing to transfer wireless data signals received from the network to the wireless access port for transmission to one or more remote endpoint devices.
  - 11. The method of claim 7, wherein the predetermine network access parameters identify network access restrictions based on at least one of a time of an attempted access, a date of the attempted access, a number of previous failed attempts of access by the remote device, or which remote device is attempting to access the network.
  - 12. The method of claim 7, further comprising:
    - receiving, with the access point, a forwarding message from a remote access point, the forwarding message to indicate that the remote access point has an existing communication session with at least one of the remote devices; and
      
      when the access point is preventing initiation of new communication sessions and at least one of the remote devices roams into a transmission range of the wireless access port, allowing the at least one of the remote devices to access the network through the wireless access port of the access point according to the forwarding message even though the at least one of the remote devices did not have an existing communication session with the access point.

13. a system comprising:
- means for examining one or more predetermine network access parameters to determine any network access restrictions for the remote endpoint devices through a wireless access port, wherein the means for examining is configured to examine a mapping table that correlates the predetermine network access parameters to a plurality of access ports including the wireless access port on a per access port basis, and wherein the means for examining is configured to compare the one or more predetermine network access parameters with a current day and time to determine any network access restriction;
  
  means for transferring wireless data signals received by the wireless access port from one or more remote endpoint devices to a network via a network access port when the comparison of the predetermine network access parameters indicates that there are no network access restrictions, wherein the network access port is configured to transmit the wireless data signals over the network as one or more communication data packets; and
  
  means for preventing initiation of new communication sessions with the remote endpoint devices when the comparison of the predetermine network access parameters indicates that there is at least one network access restriction, wherein the means for preventing is configured to allow those remote endpoint devices with existing communication sessions to continue to access the network through the wireless access port, allow remote endpoint devices access to the network with sessions through one or more wired ports, and allow any remote endpoint device that roams into range of the wireless access port to access the network when the remote endpoint device has at least one existing communication session with another access point.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, further comprising means for reducing power supplied to the wireless access port to reduce the transmission range of a wireless access point.
  - 15. The system of claim 13, further comprising means for ceasing to respond to port identification signals from one or more remote endpoint devices to the network when the predetermine network access parameters indicate that there is at least one network access restriction, wherein the port identification signals request a wireless access point to notify the remote devices that the wireless access point exists.
  - 16. The system of claim 13, further comprising means for ceasing to transfer wireless data signals received from the network to the wireless access port for transmission to one or more remote endpoint devices when the predetermine network access parameters indicate that there is at least one network access restriction.
  - 17. The system of claim 13, wherein the predetermine network access parameters identify network access restrictions based on at least one of a time of an attempted access, a date of the attempted access, a number of previous failed attempts of access by the remote device, or which remote device is attempting to access the network.
  - 18. The system of claim 13, further comprising means for receiving a forwarding message from a remote access point, the forwarding message to indicate that the remote access point has an existing communication session with at least one of the remote devices, and when at least one of the remote devices roams into a transmission range of the wireless access port the means for preventing is configured to allow the at least one of the remote devices to access the network through the wireless access port according to the forwarding message even though at least one of the remote devices did not have an existing communication session and the predetermine network access parameters indicate that there is at least one network access restriction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Chu, Steve
Primary Examiner(s)
Nguyen; Duc
Assistant Examiner(s)
Rego; Dominic E

Application Number

US11/187,341
Publication Number

US 20070021093A1
Time in Patent Office

1,762 Days
Field of Search

455/525, 455/515, 455/526, 455/410, 455/411, 455/421, 455/422.1, 455/432.1, 370/338, 370/445, 370/469, 370/462, 370/322, 370/346, 370/347, 370/461, 340/3.51
US Class Current

455/410
CPC Class Codes

H04L 63/20   for managing network securi...

H04W 12/068   using credential vaults, e....

H04W 12/084   using delegated authorisati...

H04W 28/18   Negotiating wireless commun...

H04W 52/0258   controlling an operation mo...

H04W 76/20   Manipulation of established...

Y02D 30/70   in wireless communication n...

Network communications security enhancing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Network communications security enhancing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links