Method for managing network access

US 7,194,004 B1
Filed: 01/28/2002
Issued: 03/20/2007
Est. Priority Date: 01/28/2002
Status: Active Grant

First Claim

Patent Images

1. A method of managing a network comprising:

a) authenticating a first node for communication in said network, said first node having a first list of trusted Internet Protocol (IP) addresses;

b) adding an IP address of said first node to a second list of trusted IP addresses if said authentication in a) is successful, said second list stored at a second node in said network; and

c) transmitting said second list to said first node, if said authentication in a) is successful.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing security in a computing network. A device connects to a network and authenticates itself with a server. Next, the server adds the IP address of the device to a list of trusted devices. The server broadcasts the trusted IP address to all devices in the network to which the newly authenticated device is allowed to communicate. The devices in the network add the trusted IP address to a list of trusted address stored on each device. The server may also transmit its stored list to the newly authenticated device. After a device has received a packet, it determines if the IP address associated with the packet is on its trusted list. If it is, the device processes the packet. If the IP address is not found on the safe list, the device queries the authentication server to determine if the IP address is safe.

122 Citations

20 Claims

1. A method of managing a network comprising:
- a) authenticating a first node for communication in said network, said first node having a first list of trusted Internet Protocol (IP) addresses;
  
  b) adding an IP address of said first node to a second list of trusted IP addresses if said authentication in a) is successful, said second list stored at a second node in said network; and
  
  c) transmitting said second list to said first node, if said authentication in a) is successful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising:
    - d) receiving a packet at said first node;
      
      e) determining if an IP address associated with said packet is in said first list of trusted IP addresses stored at said first node;
      
      f) determining if said IP address associated with said packet is on said second list of trusted IP addresses stored at said second node, if said IP address is not found on said first list; and
      
      g) sending a message to said first node indicating whether said IP address is trusted, based on the result of f).
  - 3. The method of claim 1, further comprising:
    - d) transmitting said IP address of said first node to authenticated nodes in said network, if said authentication in a) is successful.
  - 4. The method of claim 1, further comprising:
    - d) broadcasting a packet in said network indicating an IP address is un-trusted.
  - 5. The method of claim 4, further comprising:
    - e) removing said un-trusted IP address from a third list of authorized addresses at a third node in said network.
  - 6. The method of claim 5, further comprising:
    - f) removing said IP address of said first node from said second list if said first node fails to re-authenticate within a pre-determined time period.
  - 7. The method of claim 6, further comprising:
    - g) transmitting a message that said IP address of said first node is no longer trusted.
  - 8. The method of claim 1, further comprising:
    - d) removing an IP address associated with a fourth node from a third list of trusted addresses on a third node in said network if said third node fails to receive a packet from said IP address associated with said fourth node within a pre-determined time.

9. A method of managing a network comprising:
- a) authenticating a first node for communication in said network;
  
  b) adding an address of said first node to a first list of trusted addresses stored at a second node in said network, if said authentication is successful;
  
  c) transmitting said address of said first node to authenticated nodes in said network, if said authentication in a) is successful; and
  
  d) adding said address of said first node to a third list of trusted addresses stored at a third node in response to said transmission in c).
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, further comprising:
    - e) transmitting said address of said first node to a selected group of authenticated nodes in said network, wherein said selected group comprises nodes said first node is allowed to communicate with.
  - 11. The method of claim 9, further comprising:
    - e) receiving a packet at said first node;
      
      f) determining if an address associated with said packet is in a second list of trusted addresses, said second list stored on said first node;
      
      g) determining if said address associated with said packet is on said first list of trusted addresses, if said address was not found on said second list; and
      
      h) sending a message to said first node indicating whether said address is on said first list of trusted addresses, based on the result or g).

12. A method of managing a network comprising:
- a) authenticating a first node to access said network;
  
  b) adding an address of said first node to a first list of authenticated addresses stored at a second node in said network, if said authentication is successful;
  
  c) transmitting a copy of said first list to said first node, if said authentication in a) is successful; and
  
  d) amending a second list of addresses with said first list of authenticated addresses, said second list stored on said first node.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12 wherein the second list of addresses is created by storing said first list of authenticated addresses on said first node.
  - 14. The method of claim 12, further comprising:
    - e) receiving a packet at said first node;
      
      f) determining if an address associated with said packet is in said second list of trusted addresses;
      
      g) determining if said address associated with said packet is on said first list of trusted addresses, if said address associated with said packet was not found on said second list; and
      
      h) sending a message to said first node indicating whether said address associated with said packet is trusted, based on the result of g).

15. A computer readable medium having stored thereon instructions, which when run on a processor, perform a method of managing a network, said method comprising:
- a) assigning a first node in said network an IP address, said assignment in response to receiving a standard Dynamic Host Configuration Protocol (DHCP) request for an address for said first node to use for communication in said network;
  
  b) assigning said first node to a subnet in said network based on its authentication to access said network, wherein said network comprises a plurality of subnets and the subnet to which said first node is assigned is a first subnet which provides limited access to said network and controls the portions of said network to which said first node has accessc) receiving a request to authenticate said first node to have access to a second subnet; and
  
  d) assigning said first node to said second subnet if said authentication is successful, wherein said second subnet provides greater access to said network that said first subnet provides.
- View Dependent Claims (16)
- - 16. The computer readable medium of claim 15, wherein a) of said method comprises receiving a proprietary Dynamic Host Configuration Protocol (DHCP) request to authenticate said first node so that said first node may have access to the first subnet of said plurality.

17. A method of managing a network, said method comprising:
- a) receiving a request from a first node for an Internet Protocol (IP) address;
  
  b) assigning said first node to a first subnet in said network, wherein said first subnet is for nodes that have not been authenticated;
  
  c) receiving a request to authenticate said first node for access to a second subnet in said, wherein said second subnet is for nodes that have been authenticated;
  
  d) assigning said first node to said second subnet in said network if said authentication in c) is successful; and
  
  e) keeping said first node on said first subnet if said authentication in c) is unsuccessful.

18. A computer readable medium having stored thereon computer executable instructions, which when run on a processor, perform a method of managing a network, said method comprising:
- a) authenticating a first node for communication on said network, said first node having a first list of trusted Internet Protocol (IP) addresses; and
  
  b) adding an IP address of said first node to a second list of trusted IP addresses stored at a second node in said network, if said authentication in a) is successful; and
  
  c) transmitting said second list to said first node, if said authentication in a) is successful.
- View Dependent Claims (19, 20)
- - 19. The computer readable medium of claim 18, wherein said method further comprises:
    - d) broadcasting said IP address of said first node, if said authentication in a) is successful.
  - 20. The computer readable medium of claim 18, wherein said method further comprises:
    - d) transmitting a packet in said network indicating an IP address is un-trusted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Valtrus Innovations Limited (f/k/a Dolya Holdco 9 Limited) (Key Patent Innovations Limited)
Original Assignee
3Com Corporation (HP Inc.)
Inventors
Thomsen, Brant D.
Primary Examiner(s)
Pham; Chi
Assistant Examiner(s)
Abelson; Ronald

Application Number

US10/060,112
Time in Patent Office

1,877 Days
Field of Search

370/401, 370/352, 370/230, 370/254, 709/223, 709/220, 709/217, 709/203, 709/219
US Class Current

370/401
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/101 Access control lists [ACL]

Method for managing network access

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

122 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method for managing network access

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

122 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links