Computer networks with unique identification

US 8,930,573 B2
Filed: 07/01/2011
Issued: 01/06/2015
Est. Priority Date: 06/15/2001
Status: Expired due to Term

First Claim

Patent Images

1. A computer network system, including:

a plurality of client nodes in a private network, each node having a unique data-link layer address;

at least one network device in the private network that is able to access the unique data-link layer address of at least one client node of the plurality; and

a Network Address Translator for mapping a client node IP address to an assigned IP address;

wherein the at least one network device is configured to;

use the accessed data-link layer address to uniquely identify the at least one client node;

determine positional information of the at least one client node as a physical location within the private network, a logical location within the private network, or a combination thereof, wherein the physical location is indicated by an NIC number of a router receiving packets from the at least one client node and the logical location is indicated by a VLAN ID; and

provide user-specific services at a network layer or above to the at least one client node responsive to the positional information and associated user information corresponding with the unique data-link layer address of the at least one client node; and

wherein the Network Address Translator is configured to use the physical location information in the mapping of the client node IP address to the assigned IP address.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer network is described in which the data-link layer address, e.g., MAC address, of the network cards of client nodes are used to uniquely identify the nodes in the provision of network to application layer services. A link layer aware router may determine the MAC address of a client node from a data packet transmitted by the client node, and determines the services to provide to the user, e.g., a proxy redirect of the packet, based on a database of client node MAC addresses to user attributes. By determining MAC addresses, the router can also identify unregistered MAC addresses, and can forward a HTTP request by an unregistered user to a remote configuration web page for registering the user or to a security warning web page. The router may also support Network Address Translation and Domain Name System services using the MAC addresses, with a fully qualified domain name, hostname or the like being assigned to the MAC addresses.

Citations

29 Claims

1. A computer network system, including:
- a plurality of client nodes in a private network, each node having a unique data-link layer address;
  
  at least one network device in the private network that is able to access the unique data-link layer address of at least one client node of the plurality; and
  
  a Network Address Translator for mapping a client node IP address to an assigned IP address;
  
  wherein the at least one network device is configured to;
  
  use the accessed data-link layer address to uniquely identify the at least one client node;
  
  determine positional information of the at least one client node as a physical location within the private network, a logical location within the private network, or a combination thereof, wherein the physical location is indicated by an NIC number of a router receiving packets from the at least one client node and the logical location is indicated by a VLAN ID; and
  
  provide user-specific services at a network layer or above to the at least one client node responsive to the positional information and associated user information corresponding with the unique data-link layer address of the at least one client node; and
  
  wherein the Network Address Translator is configured to use the physical location information in the mapping of the client node IP address to the assigned IP address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The system of claim 1, further comprising a database configured to include the unique data-link layer address of each client node of the plurality and the associated user information for each client node of the plurality, wherein the associated user information includes at least one of a logical user group, a physical location of the client node, and a logical location of the client node, wherein the physical location of the client node is indicated by an incoming router NIC number and the logical location of the client node is indicated by a VLAN ID.
  - 3. The system of claim 1, wherein providing the user-specific services includes communicating, responsive to the associated user information, human perceivable content that is adapted for a location of the at least one client node or a logical user group.
  - 4. The system of claim 1, further comprising a dynamic data structure configured to include a DNS binding between the unique data-link layer address, a fully qualified domain name (FQDN) and an IP address for one or more client nodes of the plurality.
  - 5. The system of claim 4, wherein the at least one network device is further configured to receive, from a first client node of the plurality of client nodes, a DNS request specifying the FQDN of a second client node of the plurality of client nodes.
  - 6. The system of claim 5, wherein the at least one network device is further configured to execute a twice NAT procedure if an IP address collision exists between the first client node and the second client node of the plurality of client nodes, wherein a first unique IP address for which there is no address collision is issued to the first node and a second unique IP address for which there is no address collision is issued to the second node.
  - 7. The system of claim 6, wherein the at least one network device is further configured to update a DNS binding of the first client node to include the first unique IP address and update a DNS binding of the second client node to include the second unique IP address;
    - and return the second unique IP address to the first client node in response to the DNS request.
  - 8. The system of claim 1, wherein the system includes at least one router that is able to determine the data-link layer address of a client node that has sent a data packet.
  - 9. The system of claim 8, wherein the at least one router is configured to conduct one or more policies for the client nodes based on the unique data-link layer address and information in a database.
  - 10. The system of claim 8, wherein the at least one router is configured to determine whether a data-link layer address of a client node is included in a database, and initiate a configuration procedure when the data-link layer address is not in the database.
  - 11. The system of claim 8, wherein the at least one router is configured to determine whether a data-link layer address of an end user is included in a database, and initiate a security procedure when the data-link layer address is not in the database.
  - 12. The system of claim 1, including a DNS server configured to assign a unique name to a client node by mapping a data-link layer address of the client node with the unique name.
  - 13. The system of claim 12, wherein the DNS server includes a database of data-link layer addresses correlated to fully qualified domain names.
  - 14. The system of claim 12, wherein the DNS server includes a database of data-link layer addresses correlated to hostnames.
  - 15. The system of claim 12, wherein when traffic is generated by a client node, the DNS server is configured to determine the unique name for the client node from the data-link layer address of the client node, and update an IP address for the unique name in a Dynamic Domain Name System table.
  - 16. The system of claim 1, wherein the at least one network device is further configured to use an associated VLAN ID on the NIC number and the NIC number to determine the positional information of the at least one client node.
  - 17. The system of claim 1, wherein the Network Address Translator is configured to use a data-link layer address of a client node in the mapping of an IP address of the client node to an assigned node.
  - 18. The system of claim 1, wherein the Network Address Translator is configured to provide a reverse NAT operation in which the assigned IP address is mapped to the client node IP address and a data-link layer address.
  - 19. The system of claim 1, wherein the Network Address Translator is configured to provide a twice NAT operation in which mapping is provided both for the client node IP address to the assigned IP address and for the assigned IP address to the client node IP address and a data-link layer address.
  - 20. The system of claim 1, wherein providing the user-specific services further includes providing at least one procedure that is adapted based, at least on part, on a user of the at least one client node or a group the user belongs to.

21. A method of servicing nodes on a computer network that includes a plurality of nodes and a router for routing traffic from and to the plurality of nodes, including:
- obtaining data-link layer addresses for at least one node of the plurality of nodes, wherein the plurality of nodes are in a private network;
  
  determining positional information for the at least one node of the plurality of nodes as a physical location within the private network, a logical location within the private network, or a combination thereof, wherein the physical location is indicated by an NIC number of a router within the private network receiving packets from the at least one node and the logical location is indicated by a VLAN ID;
  
  mapping an IP address of the at least one node to an assigned IP address with a Network Address Translator using the physical location information for the at least one node;
  
  performing a lookup of the data-link layer address of the at least one node of the plurality of nodes when traffic is received therefrom; and
  
  providing the at least one node of the plurality of nodes with user-specific services at a network layer or above responsive to the positional information and attribute information of a user associated with the at least one node of the plurality obtained from the lookup.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The method of claim 21, further comprising constructing or augmenting a database of the data-link layer addresses correlated to the attribute information of users associated with the nodes of the plurality, wherein the attribute information includes at least one of a logical user group, a physical location of the node, or a logical location of the node, wherein the physical location of the node is indicated by an incoming router NIC number and the logical location of the node is indicated by a VLAN ID.
  - 23. The method of claim 21, further comprising constructing or augmenting a dynamic data structure to include a DNS binding between the data-link layer address, a fully qualified domain name (FQDN), and an IP address for one or more of the nodes of the plurality.
  - 24. The method of claim 21, further comprising managing an address collision wherein the address collision occurs when receiving from a first node of the plurality of nodes a DNS request specifying a fully qualified domain name (FQDN) of a second node of the plurality of nodes, wherein managing the address collision includes:
    - executing a twice NAT procedure if an IP address collision exists between the first node and the second node of the plurality of nodes, wherein a first unique IP address for which there is no address collision is issued to the first node and a second unique IP address for which there is no address collision is issued to the second node;
      
      updating a DNS binding of the first node to include the first unique IP address and updating a DNS binding of the second node to include the second unique IP address; and
      
      returning the second unique IP address to the first node in response to the DNS request.
  - 25. The method of claim 21, wherein mapping the IP address of the at least one node to the assigned IP address using the physical location information for the at least one node comprises mapping the IP address of the at least one node to the assigned IP address using the NIC number and an associated VLAN ID on the NIC number.

26. A computer network system, including:
- a plurality of client nodes in a private network, each of which has a unique data-link layer address;
  
  a Network Address Translator for mapping a client node IP address to an assigned IP address; and
  
  at least one network device within the private network and configured to;
  
  identify an access from an unknown client node as a client node of the plurality that is not included in a database configured to include records for client nodes in the plurality of client nodes;
  
  identify position information for the unknown client node as a physical location within the private network, a logical location within the private network, or a combination thereof, wherein the physical location is indicated by an NIC number of a router receiving packets from the at least one client node and the logical location is indicated by a VLAN ID;
  
  add a new record to the database including the position information and the unique data-link layer address for the unknown client node to the database;
  
  perform a lookup of the unique data-link layer address of a client node of the plurality in the database for at least some traffic received from the client node; and
  
  provide the client node with user-specific services at a network layer or above responsive to non-IP address information associated with a user of the client node obtained from the lookup and including the position information;
  
  wherein the Network Address Translator is configured to use the physical location information in the mapping of the client node IP address.
- View Dependent Claims (27, 28, 29)
- - 27. The system of claim 26, wherein the at least one network device is further configured to:
    - initiate a security procedure to generate the non-IP address information associated with the user for the unknown client node responsive to the position information; and
      
      add the non-IP address information associated with the user to the record of the database associated with the position information.
  - 28. The system of claim 27, wherein the at least one network device is further configured to redirect the access from the unknown client node to a start-up page configured to collect at least some of the non-IP address information associated with the user as part of the security procedure.
  - 29. The system of claim 26, wherein the at least one network device is further configured to:
    - access the unique data-link layer address to uniquely identify at least one client node of the plurality responsive to a communication to or from the at least one client node; and
      
      provide user-specific services at the network layer or above to the at least one client node responsive to the communication and the non-IP address information associated with the user corresponding to the unique data-link layer address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Antlabs Pte Ltd.
Original Assignee
Antlabs Pte Ltd.
Inventors
Teo, Wee Tuck, Singh, Rhandeev
Primary Examiner(s)
Ferris, Derrick
Assistant Examiner(s)
Sciacca, Scott M

Application Number

US13/175,517
Publication Number

US 20110264806A1
Time in Patent Office

1,285 Days
Field of Search

709/228, 709/238, 370/389, 370/392, 370/395.53, 370/409
US Class Current

709/245
CPC Class Codes

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 61/25   of the same type

H04L 61/35   involving non-standard use ...

H04L 61/4511   using domain name system [DNS]

H04L 61/50   Address allocation

Computer networks with unique identification

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Computer networks with unique identification

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links