What technology area does this patent fall under?

Primary CPC classification H04L63/105. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Sep 05 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Method and apparatus for dual stack access

US9756052B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9756052-B2
Application number	US-201514737295-A
Country	US
Kind code	B2
Filing date	Jun 11, 2015
Priority date	Oct 30, 2009
Publication date	Sep 5, 2017
Grant date	Sep 5, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The present invention discloses a method of dual stack access, wherein a network device authenticates the first protocol address of a requesting client, stores the user name, first protocol address, and address status information of the client in the user information table if the authentication succeeds, assigns a second protocol address to the client, stores this second protocol address and address status information in the user information table, generates control rules for the client according to its user information, and controls dual stack access of the client according to the rules. This invention provides effective authentication-based access control of dual stack users.

First claim

Opening claim text (preview).

The invention claimed is: 1. A network device comprising: a processor; and a memory on which is stored machine readable instructions to cause the processor to: receive, from a client device, a request to access a network, the request including an IPv4 address of the client device; authenticate the IPv4 address of the client device; in response to the IPv4 address of the client device being authenticated, assign an IPv6 address to the client device and store an IPv4 address status and an IPv6 address status of the client device in a user information table; set the stored IPv4 address status of the client device to normal; send the client device a router advertisement (RA) message to inform the client device of an IPv6 address allocation method; read messages exchanged with the client device during assignment of the IPv6 address to determine the IPv6 address and the IPv6 address status; and control how the client device accesses the network based on control rules for the client device, wherein the control rules are based upon the IPv4 address and the IPv6 address of the client device. 2. The network device of claim 1 , wherein the request received from the client device is an application protocol request. 3. The network device of claim 1 , wherein the machine readable instructions are further to cause the processor to: store a user name of the client device, the IPv4 address of the client device, and the IPv6 address of the client device in the user information table. 4. The network device of claim 3 , wherein the machine readable instructions are further to cause the processor to: generate the control rules for the client device based upon information contained in the user information table. 5. The network device of claim 1 , wherein the machine readable instructions are further to cause the processor to: set the IPv6 address status in the user information table after the RA message is sent to the client device. 6. The network device of claim 5 , wherein the machine readable instructions are further to cause the processor to: after the RA message is sent to the client device, receive from the client device, a duplicate address detection (DAD) neighbor solicitation (NS) message for the IPv6 address within a predefined RA delay; and set the IPv6 address status to DAD. 7. The network device of claim 6 , wherein the machine readable instructions are further to cause the processor to: determine that a predefined DAD delay has passed, during which the network device did not receive a neighbor advertisement (NA) message; and set the IPv6 address status to normal. 8. A method for controlling access to a network by a client device, said method comprising: receiving, from a client device, a request to access a network, the request including an IPv4 address of the client device; authenticating the IPv4 address of the client device; in response to the IPv4 address of the client device being authenticated, assigning an IPv6 address to the client device and storing an IPv4 address status and an IPv6 address status of the client device in a user information table; setting the stored IPv4 address status to normal; sending the client device a router advertisement (RA) message to inform the client device of an IPv6 address allocation method; reading messages exchanged with the client device during assignment of the IPv6 address to determine the IPv6 address and the IPv6 address status; and controlling how the client device accesses the network based on control rules for the client device, wherein the control rules are based upon the IPv4 address and the IPv6 address of the client device. 9. The method of claim 8 , further comprising: storing a user name of the client device, the IPv4 address of the client device, and the IPv6 address of the client device in the user information table. 10. The method of claim 8 , further comprising: setting the IPv6 address status in the user information table after the RA message is sent to the client device; after the RA message is sent to the client device, receiving from the client device, a duplicate address detection (DAD) neighbor solicitation (NS) message for the IPv6 address within a predefined RA delay; setting the IPv6 address status to DAD; determining that a predefined DAD delay has passed, during which the network device did not receive a neighbor advertisement (NA) message; and setting the IPv6 address status to normal. 11. A non-transitory computer readable medium on which is stored machine readable instructions that when executed by a processor are to cause the processor to: receive, from a client device, a request to access a network, the request including an IPv4 address of the client device; authenticate the IPv4 address of the client device; in response to the IPv4 address of the client device being authenticated, assign an IPv6 address to the client device and store an IPv4 address status and an IPv6 address status of the client device in a user information table; set the stored IPv4 address status of the client device to normal; send the client device a router advertisement (RA) message to inform the client device of an IPv6 address allocation method; read messages exchanged with the client device during assignment of the IPv6 address to determine the IPv6 address and the IPv6 address status; and control how the client device accesses the network based on control rules for the client device, wherein the control rules are based upon the IPv4 address and the IPv6 address of the client device. 12. The non-transitory computer readable medium of claim 11 , wherein the machine readable instructions are further to cause the processor to: store a user name of the client device, the IPv4 address of the client device, and the IPv6 address of the client device in the user information table; and generate the control rules for the client device based upon information contained in the user information table.

Assignees

Hewlett Packard Entpr Dev Lp

Inventors

Lin Tao

Classifications

H04L63/105Primary
Multiple levels of security · CPC title
H04L29/12971
Electricity · mapped topic
H04L29/12216
Electricity · mapped topic
H04L61/6059
Electricity · mapped topic
H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title

Patent family

Related publications grouped by family.

View patent family 42081333

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9756052B2 cover?: The present invention discloses a method of dual stack access, wherein a network device authenticates the first protocol address of a requesting client, stores the user name, first protocol address, and address status information of the client in the user information table if the authentication succeeds, assigns a second protocol address to the client, stores this second protocol address and ad…
Who is the assignee on this patent?: Hewlett Packard Entpr Dev Lp
What technology area does this patent fall under?: Primary CPC classification H04L63/105. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Sep 05 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).