IP network system and its access control method, IP address distributing device, and IP address distributing method
First Claim
Patent Images
1. An IP address generating device comprising:
- an address generation request receiving unit which receives a request to generate an IP address from a terminal device;
an IP address generating unit which sets a specific area in a node identifier of the IP address as an access control data area, and generates the IP address including a communication policy which is embedded in the access control data area and indicates whether a packet is to be admitted or not, wherein the IP address generating unit generates the IP address in response to the request; and
a communication policy searching unit which determines the communication policy based on user information for a terminal device to which the IP address is distributed, when the IP address is generated, andwherein the access control data area is located at a following bit of a PrefixID field which is included in the request and containing data identifying a network to which the address is to be distributed, and wherein the communication policy consists of a single bit, and the access control data area is located at a leading bit of an interface ID (IFID) when the IP address is an IPv6 address, and the access control data area is located at a host unit when the IP address is an IPv4 address.
1 Assignment
0 Petitions
Accused Products
Abstract
An IP network system includes an IP address generating device that sets a specific area in a node identifier of an IP address as an access control area that can be filtered by a network layer control device, and generates an IP address including a communication policy of the IP network system embedded in the access control area, and the network layer control device capable of filtering the access control area, wherein the network layer control device is configured to perform filtering setting according to the communication policy and thereby performs access control.
-
Citations
25 Claims
-
1. An IP address generating device comprising:
-
an address generation request receiving unit which receives a request to generate an IP address from a terminal device; an IP address generating unit which sets a specific area in a node identifier of the IP address as an access control data area, and generates the IP address including a communication policy which is embedded in the access control data area and indicates whether a packet is to be admitted or not, wherein the IP address generating unit generates the IP address in response to the request; and a communication policy searching unit which determines the communication policy based on user information for a terminal device to which the IP address is distributed, when the IP address is generated, and wherein the access control data area is located at a following bit of a PrefixID field which is included in the request and containing data identifying a network to which the address is to be distributed, and wherein the communication policy consists of a single bit, and the access control data area is located at a leading bit of an interface ID (IFID) when the IP address is an IPv6 address, and the access control data area is located at a host unit when the IP address is an IPv4 address. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An IP network system comprising:
-
a network control device that performs access control, and an address generation request receiving unit which receives a request to generate an IP address from a terminal device; an IP address generating device that sets a specific area in a node identifier of an IP address as an access control area, and generates the IP address including a communication policy which is embedded in the access control area and indicates whether a packet is to be admitted or not, wherein the IP address generating unit generates the IP address in response to the request; wherein the network layer control device is configured to perform filtering setting according to the communication policy which consists of a single bit; wherein the IP address generating device is configured to determine the communication policy based on user attribute information associated with the terminal device; and wherein the access control data area is located at a following bit of a PrefixID field which is included in the request and containing data identifying a network to which the address is to be distributed, and wherein the access control data area is located at a leading bit of an interface ID (IFID) when the IP address is an IPv6 address, and the access control data area is located at a host unit when the IP address is an IPv4 address. - View Dependent Claims (9, 10, 11)
-
-
12. An IP address generating method, with which an IP address generating device generates an IP address for a terminal device, the method comprising:
-
setting a specific area in a node identifier of the IP address as an access control area; and generating an IP address including a communication policy which is embedded in the access control area and indicates whether a packet is to be admitted or not; wherein the communication policy is determined based on user information for the terminal device to which the IP address is distributed, when the IP address is generated, and the communication policy consists of a single bit, and the access control data area is located at a leading bit of an interface ID (IFID) when the IP address is an IPv6 address, and the access control data area is located at a host unit when the IP address is an IPv4 address, and wherein the IP address is generated in response to a request from the terminal device by locating the access control data area at a following bit of a PrefixID field which is included in the request and containing data identifying a network to which the address is to be distributed. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method of controlling access in an IP network system including a terminal device, a network layer control device, and an IP address generating device, the method comprising:
-
a setting and generating operation of the IP address generating device comprising setting a specific area in a node identifier of an IP address as an access control area and generating an IP address including a communication policy which is embedded in the access control area and indicates whether a packet is to be admitted or not, wherein the IP address is generated in response to a request from the terminal device by locating the access control data at a following bit of a PrefixID field which is included in the request and containing data identifying a network to which the address is to be distributed; a receiving and accessing operation of the terminal device comprising receiving the IP address generated by the IP address generating device and accessing the IP network system with the received IP address; and a controlling operation of the network layer control device having the filtering setting set according to the communication policy comprising performing access control according to the communication policy, based on the IP address issued by the terminal device; wherein the communication policy is generated based on user attribute information associated with the terminal device, and the communication policy consists of a single bit, and the access control data area is located at a leading bit of an interface ID (IFID) when the IP address is an IPv6 address, and the access control data area is located at a host unit when the IP address is an IPv4 address. - View Dependent Claims (18)
-
-
19. A computer readable non-transitory memory containing a program of instructions for enabling a computer, serving as an IP address generating device configured to generate an IP address for a terminal device, to execute processes, comprising:
-
a setting process comprising setting a specific area in a node identifier of the IP address as an access control area; and a generating process comprising generating the IP address including a communication policy which is embedded in the access control area and indicates whether a packet is to be admitted or not; wherein the IP address is generated in response to a request from the terminal device by locating the access control data area at a following bit of a PrefixID field which is included in the request and containing data identifying a network to which the address is to be distributed; and wherein the communication policy is determined based on user information for a terminal device to which the IP address is distributed, when the IP address is generated, and the communication policy consists of a single bit, and the access control data area is located at a leading bit of an interface ID (IFID) when the IP address is an IPv6 address, and the access control data area is located at a host unit when the IP address is an IPv4 address. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A computer readable non-transitory memory containing a an IP address generated by an IP address generating unit for a terminal device, comprising:
-
a specific area which is set in a node identifier of the IP address as an access control area, and wherein the IP address includes a communication policy which is embedded in the access control area, and includes whether a packet is to be admitted or not; wherein the communication policy is determined based on user information for a terminal device to which the IP address is distributed, and consists of a single bit; wherein the IP address further comprises a PrefixID field containing data identifying a network to which the address is to be distributed, and the access control data area is located at a following bit of the PrefixID field; and wherein the access control data area is located at a leading bit of an interface ID (IFID) when the IP address is an IPv6 address, and the access control data area is located at a host unit when the IP address is an IPv4 address.
-
-
25. A computer readable non-transitory memory containing an IP address generated by an IP address generating unit for a terminal device, comprising:
-
a specific area which is set in a node identifier of the IP address as an access control area; and wherein the IP address includes a communication policy which is embedded in the access control area, and includes whether a packet is to be admitted or not; wherein the communication policy is determined based on user information for a terminal device to which the IP address is distributed, and consists of a single bit; wherein the IP address for a terminal device further comprises a PrefixID field containing data identifying a network to which the address is to be distributed, and the access control data area is located at a following bit of the PrefixID field; and wherein the access control data area is located at the 65th bit of the address.
-
Specification