What technology area does this patent fall under?

Primary CPC classification H04L63/102. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Nov 17 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Network system, controller and packet authenticating method

US2016337372A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016337372-A1
Application number	US-201615220988-A
Country	US
Kind code	A1
Filing date	Jul 27, 2016
Priority date	Apr 3, 2012
Publication date	Nov 17, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A controller managing a switch receives from the switch, a notice of an unknown packet sent from an access source host that is used by a plurality of users having different authorities. The controller inquires authentication data of a packet transmission user to the access source host. The controller inquires the permission or refusal of access to the access destination host based on the authentication data. When the access is permitted, the controller instructs the switch to register a flow entry of transfer of the packet. When the access is refused, the controller instructs the switch to register a flow entry of discard of the packet.

First claim

Opening claim text (preview).

1 - 10 . (canceled) 11 . a control apparatus, comprising: a memory configured to store program instructions; and a processor configured to execute the program instructions to: receive user information from an access terminal of a network user; send, to an authentication server, an inquiry corresponding to the user information; identify, in responds to receiving an indication of access permission corresponding to the network user from the authentication server, a processing instruction for processing a packet corresponding to the network user; and send the processing instruction to a switch apparatus configured to receive the packet from the access terminal. 12 . The control apparatus according to claim 11 , wherein the processor is further configured to execute the program instructions to send a request for the user information to the access terminal. 13 . The control apparatus according to claim 11 , wherein the processor is further configured to execute the program instructions to receive, from the switch apparatus, a request for processing the packet. 14 . The control apparatus according to claim 11 , wherein the inquiry includes a port identifier corresponding to the user. 15 . The control apparatus according to claim 11 , wherein the processor is further configured to execute the program instructions to: identify, in response to receiving an indication of access denial corresponding to the network user from the authentication server, a discarding instruction for discarding a packet corresponding to the network user; and send the discarding instruction to the switch apparatus. 16 . The control apparatus according to claim 15 , wherein the processor is further configured to execute the program instructions to: count the indication of access denial received from the authentication server; send, to the switch apparatus, an instruction to cancel the discarding instruction, when a count of the indication of access denial is over a threshold. 17 . A network system, comprising: an access terminal associated with a network user; an authentication server; a switch apparatus configured to receive the packet from the access terminal; and a control apparatus comprising: a memory configured to store program instructions; and a processor configured to execute the program instructions to: receive, from the access terminal, user information of the network user; send, to the authentication server, an inquiry corresponding to the user information; identify, in response the receiving an indication of access permission corresponding to the network user from the authentication server, a processing instruction for processing a packet corresponding to the network user; and send the processing instruction to the switch apparatus. 18 . the network system according to claim 17 , wherein the processor is further configured to execute the program instructions to send a request for the user information to the access terminal. 19 . The network system according to claim 17 , wherein the processor is further configured to execute the program instructions to receive, from the switch apparatus, a request for processing the packet. 20 . The network system according to claim 17 , wherein the inquiry includes a port identifier corresponding to the user. 21 . The network system according to claim 17 , wherein the processor is further configured to execute the program instructions to: identify, in response to receiving an indication of access denial corresponding to the network user from the authentication server, a discarding instruction for discarding a packet corresponding to the network user; and send the discarding instruction to the switch apparatus. 22 . The network system according to claim 21 , wherein the processor is further configured to execute the program instructions to: count the indication the access denial received from the authentication server; send, to the switch apparatus, an instruction to cancel the discarding instruction, when a count of the indication of access denial is over a threshold. 23 . A network control method, comprising: receiving user information from an access terminal to which an network user access; sending, to an authentication server, an inquiry corresponding to the user information; identifying, in response to receiving an indication of access permission corresponding to the network user from the authentication server, a processing instruction for processing a packet corresponding to the network user; and sending the processing instruction to a switch apparatus configured to receive the packet from the access terminal. 24 . The network control method according to claim 23 , further comprising sending a request for the user information to the access terminal. 25 . The network control method according to claim 23 , further comprising receiving, from the switch apparatus, a request for processing the packet. 26 . The network control method according to claim 23 , wherein the inquiry includes a port identifier corresponding to the user. 27 . The network control method according to claim 23 , further comprising: identifying, in response to receiving the indication of access denial from the authentication server; a discarding instruction for discarding a packet corresponding to the network user; and sending the discarding instruction to the switch apparatus. 28 . The network control method according to claim 27 , further comprising: counting the indication of access denial received from the authentication server; sending, to the switch apparatus, an instruction to cancel the discarding instruction, when a count of the indication of access denial is over a threshold.

Assignees

Nec Corp

Inventors

Togawa Osamu

Classifications

H04L63/0884
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
H04L63/102Primary
Entity profiles · CPC title
H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
H04L63/0227
Filtering policies (mail message filtering H04L51/212) · CPC title

Patent family

Related publications grouped by family.

View patent family 49300418

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016337372A1 cover?: A controller managing a switch receives from the switch, a notice of an unknown packet sent from an access source host that is used by a plurality of users having different authorities. The controller inquires authentication data of a packet transmission user to the access source host. The controller inquires the permission or refusal of access to the access destination host based on the authen…
Who is the assignee on this patent?: Nec Corp
What technology area does this patent fall under?: Primary CPC classification H04L63/102. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Nov 17 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).