Computer network with unique identification

US 8,005,981 B2
Filed: 06/15/2001
Issued: 08/23/2011
Est. Priority Date: 06/15/2001
Status: Active Grant

First Claim

Patent Images

1. A computer network system, including:

a plurality of client nodes, each of which has a unique data link layer address;

at least one network device which is able to access the unique data link layer address of at least one client node of the plurality;

a database configured to include the unique data link layer address of each client node of the plurality and associated user information for each client node of the plurality, wherein the user information includes at least one of a logical user group, a physical location of the client node, or a logical location of the client node, wherein the physical location of a device node is indicated by an incoming router NIC number and the logical location of a device node is indicated by a VLAN ID;

a dynamic data structure configured to include a DNS binding between the unique data link layer address, a fully qualified domain name (FQDN) and an IP address for one or more client nodes of the plurality;

wherein the at least one network device is configured to;

use the accessed data link layer address to uniquely identify the at least one client node;

upon identification of the at least one client node in association with a communication to or from the at least one client node, provide user-specific services at a network layer or above to the at least one client node based on the associated user information corresponding with the unique data link layer address of the at least one client node, wherein providing the user-specific services includes communicating, responsive to the associated user information, human perceivable content that is adapted for the location of the at least one client node or the logical user group;

receive, from a first client node of the plurality of client nodes, a DNS request specifying the FQDN of a second client node of the plurality of client nodes;

execute a twice NAT procedure if an IP address collision exists between the first client node and the second client node of the plurality of client nodes, wherein a first unique IP address for which there is no address collision is issued to the first node and a second unique IP address for which there is no address collision is issued to the second node;

update the DNS binding of the first client node to include the first unique IP address and update the DNS binding of the second client node to include the second unique IP address; and

return the second unique IP address to the first client node in response to the DNS request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer network is described in which the data link layer address, e.g., MAC address, of the network cards of client nodes are used to uniquely identify the nodes in the provision of network to application layer services. A link layer aware router may determine the MAC address of a client node from a data packet transmitted by the client node, and determines the services to provide to the user, e.g., a proxy redirect of the packet, based on a database of client node MAC addresses to user attributes. By determining MAC addresses, the router can also identify unregistered MAC addresses, and can forward an HTTP request by an unregistered user to a remote configuration web page for registering the user, or to a security warning web page. The router may also support Network Address Translation and Domain Name System services using the MAC addresses, with a fully qualified domain name, hostname, or the like, being assigned to the MAC addresses.

82 Citations

View as Search Results

22 Claims

1. A computer network system, including:
- a plurality of client nodes, each of which has a unique data link layer address;
  
  at least one network device which is able to access the unique data link layer address of at least one client node of the plurality;
  
  a database configured to include the unique data link layer address of each client node of the plurality and associated user information for each client node of the plurality, wherein the user information includes at least one of a logical user group, a physical location of the client node, or a logical location of the client node, wherein the physical location of a device node is indicated by an incoming router NIC number and the logical location of a device node is indicated by a VLAN ID;
  
  a dynamic data structure configured to include a DNS binding between the unique data link layer address, a fully qualified domain name (FQDN) and an IP address for one or more client nodes of the plurality;
  
  wherein the at least one network device is configured to;
  
  use the accessed data link layer address to uniquely identify the at least one client node;
  
  upon identification of the at least one client node in association with a communication to or from the at least one client node, provide user-specific services at a network layer or above to the at least one client node based on the associated user information corresponding with the unique data link layer address of the at least one client node, wherein providing the user-specific services includes communicating, responsive to the associated user information, human perceivable content that is adapted for the location of the at least one client node or the logical user group;
  
  receive, from a first client node of the plurality of client nodes, a DNS request specifying the FQDN of a second client node of the plurality of client nodes;
  
  execute a twice NAT procedure if an IP address collision exists between the first client node and the second client node of the plurality of client nodes, wherein a first unique IP address for which there is no address collision is issued to the first node and a second unique IP address for which there is no address collision is issued to the second node;
  
  update the DNS binding of the first client node to include the first unique IP address and update the DNS binding of the second client node to include the second unique IP address; and
  
  return the second unique IP address to the first client node in response to the DNS request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, wherein said system includes at least one router which is able to determine the data link layer address of a client node which has sent a data packet.
  - 3. The system of claim 2, wherein said router is configured to conduct one or more policies for said client nodes based on said data link layer address and database information.
  - 4. The system of claim 2, wherein said router is configured to determine whether a client node'"'"'s data link layer address is included in said database, and initiate a configuration procedure when said data link layer address is not in said database.
  - 5. The system of claim 2, wherein said router is configured to determine whether an end user'"'"'s data link layer address is included in said database, and initiate a security procedure when said address is not in said database.
  - 6. The system of claim 1, wherein said system is configured to determine positional information of the at least one client node and record the positional information in said database;
    - andproviding the user-specific services is further responsive to the positional information.
  - 7. The system of claim 1, including a DNS server, wherein said DNS server is configured to assign a unique name to a client node by mapping the client node'"'"'s data link layer address with said unique name.
  - 8. The system of claim 7, wherein the DNS server includes a database of data link layer addresses to fully qualified domain names.
  - 9. The system of claim 7, wherein the DNS server includes a database of data link layer addresses to hostnames.
  - 10. The system of claim 7, wherein when traffic is generated by a client node, the router is configured to determine the unique name for the client node from the data link layer address of the client node, and update the IP address for said name in a DDNS table.
  - 11. The system of claim 1, wherein said system includes a Network Address Translator for mapping a client node IP address to an assigned IP address.
  - 12. The system of claim 11, wherein said Network Address Translator is configured to use a client node'"'"'s data link layer address in the mapping of an IP address of said client node to an assigned node.
  - 13. The system of claim 11, wherein said Network Address Translator is configured to use physical location information for a client node in the mapping of an IP address of the client node.
  - 14. The system of claim 11, wherein said Network Address Translator is configured to provide a reverse NAT operation in which an assigned IP address is mapped to a client node IP address and data link layer address.
  - 15. The system of claim 11, wherein said Network Address translator is configured to provide a twice NAT operation in which mapping is provided both for a client node IP address to an assigned IP address and for an assigned IP address to a client node IP address and data link layer address.
  - 16. The system of claim 1, wherein providing the user-specific services further includes providing at least one procedure that is adapted based on the user of the at least one client node or a group the user belongs to.

17. A method of servicing nodes on a computer network which includes a plurality of nodes and a router for routing traffic from and to said nodes, including:
- obtaining data link layer addresses for said nodes of the plurality;
  
  constructing or augmenting a database of said data link layer addresses correlated to attribute information of users associated with said nodes of the plurality, wherein the attribute information includes at least one of a logical user group, a physical location of the node, or a logical location of the node, wherein the physical location of the node is indicated by an incoming router NIC number and the logical location of the node is indicated by a VLAN ID;
  
  constructing or augmenting a dynamic data structure to include a DNS binding between the unique data link layer address, a fully qualified domain name (FQDN), and an IP address for one or more of the nodes of the plurality;
  
  performing a lookup of said data link layer address of a node of the plurality in said database when traffic is received from said node;
  
  providing said node with user-specific services at a network layer or above based on the attribute information of the user associated with the node obtained from said look-up, wherein providing said node with the user-specific services includes presenting information to the user of the node that is adapted for the user or a group the user belongs to responsive to the attribute information of the user; and
  
  if an address collision occurs when receiving from a first node of the plurality of nodes a DNS request specifying the FQDN of a second node of the plurality of nodes, managing the address collision by;
  
  executing a twice NAT procedure if an IP address collision exists between the first node and the second node of the plurality of nodes, wherein a first unique IP address for which there is no address collision is issued to the first node and a second unique IP address for which there is no address collision is issued to the second node;
  
  updating the DNS binding of the first node to include the first unique IP address and update the DNS binding of the second node to include the second unique IP address; and
  
  returning the second unique IP address to the first node in response to the DNS request.

18. A computer network system, including:
- a plurality of client nodes, each of which has a unique data link layer address;
  
  a database configured to include records for client nodes of the plurality, each record comprising the unique data link layer address of a client node and non-IP address information associated with a user of the client node, wherein the non-IP address information includes at least one of a logical user group, a physical location of the client node, or a logical location of the client node, wherein the physical location of a client node is indicated by an incoming router NIC number and the logical location of a client node is indicated by a VLAN ID;
  
  a dynamic data structure configured to include a DNS binding between the unique data link layer address, a fully qualified domain name (FQDN) and an IP address for one or more client nodes of the plurality; and
  
  at least one network device configured to;
  
  identify an access from an unknown client node as a client node of the plurality that is not included in the database;
  
  identify position information for the unknown client node;
  
  add a new record to the database including the position information and the unique data link layer address for the unknown client node to the database;
  
  perform a lookup of the unique data link layer address of a client node of the plurality in the database for at least some traffic received from the client node; and
  
  provide the client node with user-specific services at a network layer or above based on the non-IP address information associated with a user of the client node obtained from the lookup.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The system of claim 18, wherein the at least one network device is further configured to:
    - initiate a security procedure to generate the non-IP address information associated with a user for the unknown client node responsive to the position information; and
      
      add the non-IP address information associated with a user to the record of the database associated with the position information.
  - 20. The system of claim 19, wherein the at least one network device is further configured to redirect the access from the unknown client node to a start-up page configured to collect at least some of the non-IP address information associated with a user as part of the security procedure.
  - 21. The system of claim 18, wherein the at least one network device is further configured to:
    - access the unique data link layer address to uniquely identify at least one client node of the plurality responsive to a communication to or from the at least one client node; and
      
      provide user-specific services at a network layer or above to the at least one client node responsive to the communication and the non-IP address information associated with a user corresponding to the unique data link layer address.
  - 22. The system of claim 18, wherein the position information comprises a physical location or a network location derived from at least one of a network card identifier and a virtual LAN identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Antlabs Pte Ltd.
Original Assignee
Antlabs Pte Ltd.
Inventors
Singh, Rhandeev, Tuck, Teo Wee
Primary Examiner(s)
Pwu; Jeffery
Assistant Examiner(s)
Sciacca; Scott M

Application Number

US10/480,391
Publication Number

US 20040249975A1
Time in Patent Office

3,721 Days
Field of Search

709217-219, 709220-222, 709223-225, 709227-229, 709/238
US Class Current

709/238
CPC Class Codes

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 61/25   of the same type

H04L 61/35   involving non-standard use ...

H04L 61/4511   using domain name system [DNS]

H04L 61/50   Address allocation

Computer network with unique identification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Computer network with unique identification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links