×

Dynamic host configuration and network access authentication

  • US 8,688,834 B2
  • Filed: 10/29/2004
  • Issued: 04/01/2014
  • Est. Priority Date: 07/09/2004
  • Status: Expired due to Fees
First Claim
Patent Images

1. A system for providing secure communication in an access network, comprising:

  • networked computers configured to operate as;

    an authenticator for authenticating access to said access network;

    a dynamic host configuration protocol (DHCP) server for managing internet protocol (IP) address assignments for said access network;

    a router for connecting said access network to other networks; and

    a network bridge constituting a server port, a plurality of client ports and a forwarding database configured to communicate with each other, said forwarding database is configured to store connections as a relation between media access control address (MAC) and said client ports and includes at least an authorized forwarding database (AFD), an unauthorized forwarding database (UFD), and a penalty list database (PL),wherein said UFD is configured to store said connections, as the relation between said MAC addresses and said client ports, that have yet to be authenticated by said authenticator, for a time period specified by said network bridge or said authenticator prior to being moved to the AFD or removed from the UFD, and said UFD is configured to remove said connections from the UFD if said connections fail in the authentication or the time period specified expires;

    wherein the connections that are authenticated are moved to said AFD, which is configured to store said authenticated connections as the relation between said MAC addresses and said client ports for a time period specified by said network bridge or said authenticator and said AFD is configured to remove said authenticated connections from the AFD based on a predetermined policy of the access network or physical disconnection of said authenticated connections from the respective client ports;

    wherein the network bridge is configured to prohibit communication exchanges from the client ports other than those that comport with said connections as the relation between said MAC addresses and said client ports stored in either of the AFD and the UFD for the time period specified; and

    wherein the penalty list database (PL) configured to store said connections removed from the UFD and remove the stored connections automatically at the expiration of a life time timer assigned to each of the stored connections in the PL and in which a length of said life time timer is configured to increase at an increasing rate or exponentially each time the same combination of the MAC address and the client port is added to the PL repeatedly in order to prevent denial of service attack (DoS) from the client ports other than the client ports that comport with said connections as the relation between said MAC addresses and said client ports stored in either of the AFD and the UFD.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×