IP-closed circuit system and method
First Claim
Patent Images
1. A switching module comprising:
- a first port group comprising at least one source port, wherein each source port in the first port group is configured for;
(i) testing if a data frame received at that source port includes a tag and, only if a tag is not included, modifying a data frame transmitted by a data source in communication with that source port by including in the data frame a tag comprising a unique port ID that is based on a source chip ID and a source port number, and (ii) routing the modified data frame to a destination port in a second port group, the destination port being adapted to communicate with a receiver, if a unique port number assigned to the destination port is associated with the tag in a routing table assigned to the source port; and
a control unit for assigning a unique port ID comprising a source chip ID and a port number combination to each port in the first and second port groups, and for assigning to each port in the first port group a routing table including at least one tag and at least one destination port number associated with the at least one tag.
0 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a switching module for creating and operating secure networks of data sources and monitoring stations, and for providing controlled access to the data sources and monitoring stations from public networks.
29 Citations
37 Claims
-
1. A switching module comprising:
-
a first port group comprising at least one source port, wherein each source port in the first port group is configured for;
(i) testing if a data frame received at that source port includes a tag and, only if a tag is not included, modifying a data frame transmitted by a data source in communication with that source port by including in the data frame a tag comprising a unique port ID that is based on a source chip ID and a source port number, and (ii) routing the modified data frame to a destination port in a second port group, the destination port being adapted to communicate with a receiver, if a unique port number assigned to the destination port is associated with the tag in a routing table assigned to the source port; anda control unit for assigning a unique port ID comprising a source chip ID and a port number combination to each port in the first and second port groups, and for assigning to each port in the first port group a routing table including at least one tag and at least one destination port number associated with the at least one tag. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
10. A video device comprising:
-
a camera; a storage unit in communication with the camera for storing data frames recorded by the camera; a server for controlling the camera and the storage unit, and for accessing and transmitting the stored data frames; and a port unit configured for;
(i) receiving a layer-independent virtual local area network ID (VID), and (ii) testing if a data frame received at that source port includes a tag and, only if a tag is not included, modifying a data frame to be transmitted by the camera by including in the data frame a tag comprising both the layer-independent VID and a unique port ID that is based on a source chip ID and a source port number. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method for operating an IP network, comprising a switching module comprising a first port group comprising at least one port, a second port group comprising at least one port, and a control unit, the method comprising the steps of:
-
assigning from the control unit a unique port number to each port in the first and second port groups; assigning from the control unit each port in the first port group a routing table including at least one layer independent virtual local area network ID (VID) and at least one destination port number associated with the at least one VID; storing at a first port of the first port group a security parameter corresponding to a data source in communication with the first port; locking down the stored security parameter at the first port; authorizing by the first port a data frame transmitted by the data source by comparing the locked and stored security parameter with a parameter subsequently received from the data source; modifying by the first port the authorized data frame by including therein a tag comprising a layer independent VID; routing the modified data frame to a destination port in the second port group, if a unique port number assigned to the destination port is associated with the layer independent VID in a routing table assigned to the first port; and transmitting by the destination port a data frame modified by at least one port in the first port group to a receiver in communication with the at least one port in the second port group; determining that an unauthorized device is in communication with the first port of the locked and stored security parameter and the subsequently received parameters mismatch; and disabling the first port from one or more port groups for a predetermined period to prevent data transmission from the unauthorized device in response to determining that an unauthorized device is in communication with the first port. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 36, 37)
-
Specification