US Patent No: 6,393,484

Number of patents in Portfolio can not be more than 2000

System and method for controlled access to shared-medium public and semi-public internet protocol (IP) networks

3 Status Updates

Stats

ATTORNEY / AGENT: (SPONSORED)
 

Importance

Loading Importance Indicators... loading....

Abstract

A system and method prevent unauthorized users and devices, in a dynamic user/device environment, from obtaining access to shared-medium public and semi-public IP networks. A network includes a layered communication system and routers/switches for coupling users and devices to a Dynamic Host Control Protocol (DHCP) server and an authentication server. Databases support the servers. The network incorporates Address Resolution Protocol (ARP). Authorized users and devices register for service by providing the DHCP with user identification for log-in, passwords, MAC addresses, etc. When users connect to the network access point, a DHCP exchange is initiated to obtain a valid IP address and other associated parameters. The DHCP client initiates a MAC broadcast for IP addresses which contain in the request the end user's device MAC address. The associated router switch will pick up and forward to a DHCP server the end user's device request. The DHCP server will process the end user's request and extract the end user's device MAC address. With the end user's MAC address, the DHCP server accesses its device and/or user information in the database. If the MAC address is not registered, the DHCP server refuses to handle the request and logs the attempt, potentially alerting network operators of a security breach. If the MAC address is registered, a DHCP server selects an appropriate IP address and associated parameters to be returned to the requesting end user and connects via programming or command interface to the router switch that is forwarding the DHCP request on behalf of the end user device. The server adds an ARP IP to the MAC address table entry with the selected IP address and end user's MAC address. End user device authentication and IP lease are marked as provisional. A timer is started for a suggested duration. Optionally, the DHCP dynamically sets up filter rules in the router switch limiting access to a subset of IP addresses such as the address of a log-in server. Initial DHCP processing is completed and an IP address is assigned to the requesting end user's device by DHCP. When the timer expires, if the DHCP server finds the authenticating user state is provisional, it will revoke the IP lease, invalidate the corresponding ARP to MAC table entry in the associated router switch, and reset any IP-permissive filtering for that device. If the user is in the full authenticated state, it will simply remove the restrictive filtering.

Loading the Abstract Image... loading....

First Claim

Related Publications

Loading Related Publications... loading....

Patent Owner(s)

Patent OwnerAddressTotal Patents
INTERNATIONAL BUSINESS MACHINES CORPORATIONARMONK, NY68841

International Classification(s)

  • [Classification Symbol]
  • [Patents Count]

Inventor(s)

Inventor Name Address # of filed Patents Total Citations
Massarani, Leonardo C Westport, CT 2 305

Cited Art

Patent Info (Count) # Cites Year
 
INTERNATIONAL BUSINESS MACHINES CORPORATION (3)
5,909,549 Network management system wherein the managed device reestablishes a connection to a management station after detecting a broken connection 86 1996
6,012,088 Automatic configuration for internet access device 492 1996
6,314,531 Method and system for testing and debugging distributed software systems by using network emulation 23 1998
 
SUN MICROSYSTEMS, INC. (3)
5,884,024 Secure DHCP server 256 1996
5,732,137 Method and apparatus for secure remote authentication in a public network 60 1997
6,202,156 Remote access-controlled communication 51 1997
 
ALCATEL (1)
6,189,042 LAN internet connection having effective mechanism to classify LAN traffic and resolve address resolution protocol requests 24 1998
 
ASPECT SOFTWARE, INC. (1)
5,511,112 Automated voice system for improving agent efficiency and improving service to parties on hold 118 1994
 
FORTRESS TECHNOLOGIES INC. OF FLORIDA (F/K/A) DIGITAL SECURED NETWORKS TECHNOLOGY, INC. (1)
5,757,924 Network security device which performs MAC address translation without affecting the IP address 131 1995
 
HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. (1)
6,115,376 Medium access control address authentication 54 1997
 
ICL PERSONAL SYSTEMS OY (1)
5,802,285 Wide area network (WAN) interface for a transmission control protocol/internet protocol (TCP/IP) in a local area network (LAN) 87 1997
 
JUNO ONLINE SERVICES, INC. (1)
6,256,739 Method and apparatus to determine user identity and limit access to a communications network 191 1997
 
NEC CORPORATION (1)
6,003,137 Virtual group information managing method in bridge for network connection 24 1997
 
NETP&L, INC. (1)
6,233,616 Enterprise network management using directory containing network addresses of users obtained through DHCP to control routers and servers 50 1998
 
PANASONIC CORPORATION OF NORTH AMERICA (1)
5,550,984 Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information 358 1994
 
PUBLIC ACCESS TECHNOLOGY.COM, INC. (1)
5,774,652 Restricted access computer system 15 1996
 
ROCKWELL SCIENCE CENTER, LLC (1)
5,905,779 Automatic dial-up software update system 15 1998
 
Other [Check patent profile for assignment information] (2)
6,023,563 Networking switch having the network presence of a bridge 87 1996
5,708,654 Method for detecting proxy ARP replies from devices in a local area network 137 1996

Patent Citation Ranking

Forward Cites

Patent Info (Count) # Cites Year
 
CISCO TECHNOLOGY, INC. (16)
6,792,474 Apparatus and methods for allocating addresses in a network 53 2000
7,139,818 Techniques for dynamic host configuration without direct communications between client and server 15 2001
7,152,117 Techniques for dynamic host configuration using overlapping network 12 2002
7,143,435 Method and apparatus for registering auto-configured network addresses based on connection authentication 19 2002
7,167,912 Method and apparatus for detecting failures in network components 13 2002
7,234,163 Method and apparatus for preventing spoofing of network addresses 28 2002
7,337,224 Method and apparatus providing policy-based determination of network addresses 14 2002
7,533,255 Method and apparatus for restricting address resolution protocol table updates 3 2003
7,810,137 Method of controlling network access that induces consumption of merchant goods or services 1 2003
8,068,414 Arrangement for tracking IP address usage based on authenticated link identifier 0 2004
7,792,993 Apparatus and methods for allocating addresses in a network 0 2004
7,760,720 Translating native medium access control (MAC) addresses to hierarchical MAC addresses and their use 0 2004
7,639,686 Access network clusterhead for providing local mobility management of a roaming IPv4 node 8 2005
7,822,027 Network routing to the socket 1 2006
7,752,653 Method and apparatus for registering auto-configured network addresses based on connection authentication 0 2006
8,291,489 Method and apparatus for registering auto-configured network addresses based on connection authentication 0 2010
 
InterTrust Technologies Corp. (14)
7,266,681 Network communications security agent 1 2000
7,085,839 Network content management 11 2000
6,973,499 Ticketing and keying for orchestrating distribution of network content 11 2000
8,307,212 Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels 0 2003
7,415,617 Trusted infrastructure support systems, methods and techniques for secure electronic commerce, electronic transactions, commerce process control and automation, distributed computing, and rights management 39 2004
7,392,395 Trusted and secure techniques, systems and methods for item delivery and execution 11 2005
7,281,133 Trusted and secure techniques, systems and methods for item delivery and execution 17 2005
7,500,006 Ticketing and keying for orchestrating distribution of network content 0 2005
7,844,835 Systems and methods for secure transaction management and electronic rights protection 4 2005
8,185,473 Trusted infrastructure support systems, methods and techniques for secure electronic commerce, electronic transactions, commerce process control and automation, distributed computing, and rights management 1 2006
7,917,749 Systems and methods for secure transaction management and electronic rights protection 0 2006
7,925,898 Systems and methods using cryptography to protect secure computing environments 1 2006
7,454,609 Network communications security agent 0 2007
7,917,745 Network communications security agent 0 2008
 
MICROSOFT CORPORATION (14)
6,697,864 Login architecture for network access through a cable system 39 1999
8,255,569 Methods and systems for compressing data packets 0 2000
7,571,308 Method for controlling access to a network by a wireless client 4 2000
6,957,276 System and method of assigning and reclaiming static addresses through the dynamic host configuration protocol 36 2000
7,533,407 System and methods for providing network quarantine 7 2004
7,558,866 Method and system for securely provisioning a client device 3 2004
7,634,802 Secure method and system for creating a plug and play network 3 2005
7,587,518 System and method of assigning and reclaiming static addresses through the dynamic host configuration protocol 4 2005
7,526,677 Fragility handling 3 2005
7,827,545 Dynamic remediation of a client computer seeking access to a network with a quarantine enforcement policy 5 2005
7,793,096 Network access protection 1 2006
7,818,571 Securing wireless communications between devices 1 2007
8,386,614 Network connection manager 0 2007
8,380,246 Connecting mobile devices via interactive input medium 0 2007
 
DIGITAL ASSET ENTERPRISES, L.L.C. (13)
6,976,258 Providing quality of service guarantees to virtual hosts 50 1999
6,711,607 Dynamic scheduling of task streams in a multiple-resource system to ensure task stream quality of service 46 2000
6,754,716 Restricting communication between network devices on a common network 61 2000
6,948,003 Enabling a service provider to provide intranet services 42 2000
6,985,937 Dynamically modifying the resources of a virtual server 77 2000
6,907,421 Regulating file access rates according to file type 8 2000
7,143,024 Associating identifiers with virtual processes 9 2000
6,909,691 Fairly partitioning resources while limiting the maximum fair share 24 2000
7,219,354 Virtualizing super-user privileges for multiple virtual processes 16 2000
RE43051 Enabling a service provider to provide intranet services 0 2007
RE42214 Providing quality of service guarantees to virtual hosts 0 2007
RE42726 Dynamically modifying the resources of a virtual server 0 2008
RE44210 Virtualizing super-user privileges for multiple virtual processes 0 2009
 
FOUNDRY NETWORKS, LLC (10)
7,562,390 System and method for ARP anti-spoofing security 8 2003
7,523,485 System and method for source IP anti-spoofing security 13 2003
7,876,772 System, method and apparatus for providing multiple access modes in a data communications network 4 2003
7,735,114 Multiple tiered network security system, method and apparatus using dynamic user policy assignment 5 2003
7,516,487 System and method for source IP anti-spoofing security 16 2004
7,979,903 System and method for source IP anti-spoofing security 3 2009
8,245,300 System and method for ARP anti-spoofing security 0 2009
8,006,304 System and method for ARP anti-spoofing security 3 2009
8,239,929 Multiple tiered network security system, method and apparatus using dynamic user policy assignment 1 2010
8,249,096 System, method and apparatus for providing multiple access modes in a data communications network 0 2010
 
INFOEXPRESS, INC. (9)
7,523,484 Systems and methods of controlling network access 8 2004
7,590,733 Dynamic address assignment for access control on DHCP networks 8 2005
8,051,460 Systems and methods of controlling network access 2 2008
7,890,658 Dynamic address assignment for access control on DHCP networks 0 2009
8,117,645 Systems and methods of controlling network access 2 2011
8,112,788 Systems and methods of controlling network access 2 2011
8,108,909 Systems and methods of controlling network access 2 2011
8,347,350 Systems and methods of controlling network access 0 2012
8,347,351 Systems and methods of controlling network access 0 2012
 
CHECK POINT SOFTWARE TECHNOLOGIES, INC. (7)
8,200,818 System providing internet access management with router-based policy enforcement 0 2001
6,850,943 Security system and methodology for providing indirect access control 36 2003
8,136,155 Security system with methodology for interprocess communication control 0 2003
7,788,726 System and methodology providing information lockbox 1 2003
7,590,684 System providing methodology for access control with cooperative enforcement 7 2004
8,136,149 Security system with methodology providing verified secured individual end points 1 2005
7,627,896 Security system providing methodology for cooperative enforcement of security policies during SSL sessions 7 2005
 
SUN MICROSYSTEMS, INC. (7)
7,765,581 System and method for enabling scalable security in a virtual private network 1 1999
7,336,790 Decoupling access control from key management in a network 7 1999
6,977,929 Method and system for facilitating relocation of devices on a network 8 1999
6,970,941 System and method for separating addresses from the delivery scheme in a virtual private network 27 1999
6,870,842 Using multicasting to provide ethernet-like communication behavior to selected peers on a network 15 1999
6,798,782 Truly anonymous communications using supernets, with the provision of topology hiding 35 1999
7,685,309 System and method for separating addresses from the delivery scheme in a virtual private network 1 2005
 
SYMANTEC CORPORATION (7)
7,249,187 Enforcement of compliance with network security policies 17 2002
7,827,607 Enhanced client compliancy using database of security sensor data 2 2005
7,805,752 Dynamic endpoint compliance policy configuration 1 2005
7,694,343 Client compliancy in a NAT environment 2 2005
7,836,501 Client compliancy with self-policing clients 3 2006
8,239,915 Endpoint management using trust rating data 3 2006
8,370,933 Systems and methods for detecting the insertion of poisoned DNS server addresses into DHCP servers 0 2009
 
VERIZON SERVICES CORP. (7)
7,843,923 Methods and apparatus for determining the port and/or physical location of an IP device and for using that information 0 2003
7,843,934 Methods and apparatus for providing emergency telephone service to IP-based telephone users 0 2003
7,836,160 Methods and apparatus for wiretapping IP-based telephone lines 2 2003
7,873,985 IP based security applications using location, port and/or device identifier information 2 2003
7,844,814 Methods and apparatus for protecting against IP address assignments based on a false MAC address 1 2007
8,411,672 Methods and apparatus for providing emergency telephone service to IP-based telephone users 0 2010
8,402,559 IP based security applications using location, port and/or device identifier information 0 2010
 
CITRIX SYSTEMS, INC. (5)
6,922,724 Method and apparatus for managing server load 96 2000
6,789,112 Method and apparatus for administering a server having a subsystem in communication with an event channel 28 2000
6,785,726 Method and apparatus for delivering local and remote server events in a similar fashion 66 2000
6,826,606 Method and apparatus for communicating among a network of servers 56 2001
6,807,580 Method and apparatus for communicating among a network of servers 33 2001
 
RESEARCH IN MOTION LIMITED (4)
8,352,550 Wireless communication systems 0 2008
8,086,677 Information exchange in wireless servers 2 2008
8,005,922 Remote control in a wireless communication system 2 2008
8,065,361 Apparatus and methods using a data hub server with servers to source and access informational content 1 2009
 
BROCADE COMMUNICATIONS SYSTEMS, INC. (3)
7,873,984 Network security through configuration servers in the fabric environment 0 2002
7,243,367 Method and apparatus for starting up a network or fabric 1 2002
7,774,833 System and method for protecting CPU against remote access attacks 5 2003
 
FUJITSU LIMITED (3)
6,928,282 Mobile IP network system 20 2001
7,469,298 Method and system for enabling layer 2 transmission of IP data frame between user terminal and service provider 15 2002
7,975,289 Program, client authentication requesting method, server authentication request processing method, client and server 0 2005
 
NOMADIX, INC. (3)
8,190,708 Gateway device having an XML interface and associated method 0 2000
8,266,266 Systems and methods for providing dynamic network authorization, authentication and accounting 1 2010
8,156,246 Systems and methods for providing content and services on a network system 5 2011
 
TIME WARNER CABLE (3)
7,512,969 System and method for detecting and reporting cable network devices with duplicate media access control addresses 12 2003
7,895,665 System and method for detecting and reporting cable network devices with duplicate media access control addresses 1 2008
7,713,309 System and method for detecting and reporting cable network devices with duplicate media access control addresses 0 2008
 
AT&T INTELLECTUAL PROPERTY II, L.P. (2)
7,881,289 Method and apparatus for porting telephone numbers of endpoint devices 0 2004
8,040,896 Service selection in a shared access network using virtual networks 0 2008
 
HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. (2)
6,952,428 System and method for a specialized dynamic host configuration protocol proxy in a data-over-cable network 43 2001
8,009,668 Method and apparatus for router aggregation 0 2004
 
INTELLECTUAL VENTURES I LLC (2)
7,343,421 Restricting communication of selected processes to a set of specific network addresses 6 2000
7,739,401 Restricting communication of selected processes to a set of specific network addresses 3 2008
 
KABUSHIKI KAISHA TOSHIBA (2)
7,188,245 Contents transmission/reception scheme with function for limiting recipients 5 2003
7,516,328 Contents transmission/reception scheme with function for limiting recipients 0 2007
 
TIME WARNER CABLE ENTERPRISES LLC (2)
7,272,846 System and method for detecting and reporting cable modems with duplicate media access control addresses 19 2002
8,260,941 System and method for detecting and reporting cable modems with duplicate media access control addresses 0 2007
 
AT&T CORP. (1)
7,065,578 Service selection in a shared access network using policy routing 4 2001
 
AT&T INTELLECTUAL PROPERTY I, L.P. (1)
8,055,248 System and method for providing integrated voice and data services utilizing wired cordless access with unlicensed spectrum and wired access with licensed spectrum 0 2010
 
AVAYA INC. (1)
6,618,757 System and method for dynamic IP address management 46 2000
 
BCE INC. (1)
7,904,952 System and method for access control 1 2004
 
BELLSOUTH INTELLECTUAL PROPERTY CORPORATION (1)
8,457,082 System and method for providing integrated voice and data services utilizing wired cordless access with unlicensed/unregulated spectrum 0 2003
 
CANON KABUSHIKI KAISHA (1)
7,512,709 Address restriction method, address restriction program, and address restriction apparatus 0 2003
 
CITRIX ONLINE LLC (1)
7,685,630 Methods and systems for providing scalable authentication 1 2006
 
EMC CORPORATION (1)
6,983,330 Method and apparatus for using multiple paths for processing out of band commands 9 1999
 
EXTREME NETWORKS, INC. (1)
7,568,107 Method and system for auto discovery of authenticator for network login 2 2003
 
FASOO.COM CO., LTD (1)
8,056,122 User authentication method and system using user's e-mail address and hardware information 0 2003
 
HATTERAS NETWORKS (1)
7,447,215 Methods, systems, and computer program products for classifying a packet based on a destination address 5 2002
 
INTEL CORPORATION (1)
7,386,629 System and method for synchronous configuration of DHCP server and router interfaces 6 2003
 
INTERNATIONAL BUSINESS MACHINES CORPORATION (1)
7,652,995 Autonomic reassociation of clients in a wireless local area network 0 2003
 
INTUIT INC. (1)
7,542,468 Dynamic host configuration protocol with security 2 2005
 
JUNIPER NETWORKS, INC. (1)
7,836,182 Network device having universal address pool manager and a multi-protocol network address pool 0 2005
 
KONAMI DIGITAL ENTERTAINMENT CO., LTD. (1)
7,201,659 Data delivery system, data delivery server and video game device 6 2002
 
LG-ERICSSON CO., LTD. (1)
6,965,598 Signal traffic routing method for a signaling network 1 2000
 
MASONITE HOLDINGS CORPORATION (1)
6,643,694 System and method for integrating a proxy server, an e-mail server, and a DHCP server, with a graphic interface 24 2000
 
MCAFEE, INC. (1)
7,251,685 Method and apparatus for detailed protocol analysis of frames captured in an IEEE 802.11(b) wireless LAN 9 2005
 
NEC CORPORATION (1)
7,127,511 System for and a method of providing an online time period reserving service, which can protect an excessive load from being applied to a communication system, in order to provide a stable communication to a user 14 2001
 
NVIDIA CORPORATION (1)
7,120,930 Method and apparatus for control of security protocol negotiation 18 2002
 
ONLINE CONNECTIVITY INC. (1)
7,526,538 System using server to provide mobile computer accessing to a different network without reconfiguring the mobile computer 20 2005
 
PENDRAGON ELECTRONICS AND TELECOMMUNICATIONS RESEARCH LLC (1)
7,117,258 Method and apparatus for assigning IP address using agent in zero configuration network 3 2002
 
PETNOTE, LLC (1)
7,581,004 System and method for alerting on open file-share sessions on a user's electronic device 2 2006
 
QUALLION LLC (1)
7,640,340 Techniques for dynamic host configuration using overlapping network addresses 3 2006
 
SAMSUNG ELECTRONICS CO., LTD. (1)
7,444,411 Internet interface service system and method providing public internet access to users carrying mobile terminals 0 2001
 
Sprint Communications Company L.P. (1)
8,305,951 Conditional media access control address filtering 0 2010
 
TELECOM ITALIA S.P.A. (1)
7,966,229 Method and system for accounting access by users to data networks, related computer program product 0 2006
 
TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) (1)
7,996,537 Method and arrangement for preventing illegitimate use of IP addresses 0 2002
 
TREND MICRO INCORPORATED (1)
7,231,660 Method and system for preventing unauthorized server interference in an internet protocol network 4 2000
 
TRUSTWAVE HOLDINGS, INC. (1)
7,448,076 Peer connected device for protecting access to local area networks 3 2002
 
WATCHGUARD TECHNOLOGIES, INC. (1)
6,961,336 Contacting a computing device outside a local network 8 2001
 
YOICS, INC. (1)
8,447,843 System, method and computer program product for identifying, configuring and accessing a device on a network 0 2007
 
Other [Check patent profile for assignment information] (1)
8,468,118 System and method for analyzing and utilizing intellectual property information 0 2001

Maintenance Fees

Fee Large entity fee small entity fee micro entity fee due date
11.5 Year Payment $7400.00 $3700.00 $1850.00 Nov 21, 2013
Fee Large entity fee small entity fee micro entity fee
Surcharge - 11.5 year - Late payment within 6 months $160.00 $80.00 $40.00
Surcharge after expiration - Late payment is unavoidable $700.00 $350.00 $175.00
Surcharge after expiration - Late payment is unintentional $1,640.00 $820.00 $410.00