GB2459328A - Dynamic access control to a computer network's switch port - Google Patents
Dynamic access control to a computer network's switch port Download PDFInfo
- Publication number
- GB2459328A GB2459328A GB0807281A GB0807281A GB2459328A GB 2459328 A GB2459328 A GB 2459328A GB 0807281 A GB0807281 A GB 0807281A GB 0807281 A GB0807281 A GB 0807281A GB 2459328 A GB2459328 A GB 2459328A
- Authority
- GB
- United Kingdom
- Prior art keywords
- user
- port
- reader
- network switch
- credentials
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- H04L12/2425—
-
- H04L12/2461—
-
- H04L29/06802—
-
- H04L29/06809—
-
- H04L29/06823—
-
- H04L29/08684—
-
- H04L29/08981—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/54—Presence management, e.g. monitoring or registration for receipt of user log-on information, or the connection status of the users
-
- H04L12/2403—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H04W4/04—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W64/00—Locating users or terminals or network equipment for network management purposes, e.g. mobility management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Access to particular computer network switch ports is controlled such that a central server switches on (enables)/switches off (disables) particular user network switch ports in a Local Area Network (LAN) to control access to the network. The user network switch ports are controlled dynamically according to a user's presence or proximity, for example, presence in a particular room or building. A credentials reader is used to determine a user's presence such as a RF proximity or magnetic stripe access card reader, or alternatively a biometric reader may be employed. An identification of the user and the reader is sent to the central server when a user presents credentials to the reader, the central server looks up the user's associated network switch port in a database and, if an assigned port if found for that user, constructs and sends a configuration script to that port to turn the port on (or off). The configuration script may be sent using a telnet session over TCP port 23 or by using the SNMP protocol.
Description
Description
BRIEF DESCRIPTION OF THE DRAWING.S
For a more complete understanding of the invention, reference is hereby made to the drawings, in which: FIG. 1 is a schematic illustration of the basic components of the system of the present invention; FIG. 2 is a schematic flow diagram illustrating the operation software process.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
The present invention provides for substantial improvements in current network security methods by providing a means of physically shutting down network ports when the designated user of the port has left their place of work.
An illustration of the invention is provided in Figure 1, which shows the components of the process a more detailed flow diagram of the process is provided in Figure 2.
The process relies on detecting when a designated user enters a building or part of a building. This is achieved by the user presenting credentials to a credentials reader. The credentials could be a physical object such as an RF proximity or mag stripe access card. Equally the credentials could take the form of biometric information, supplied by a biometric reader. This invention could form part of a larger more wide ranging application such as an access control or building management system.
This information is sent to a software application running on a centralized server. The server application is preconfigured with the credential readers information and whether the reader is an ingress or egress reader. A record of each network switch to be controlled by the system is stored on the server, key: information required is as follows; * Manufacturer * Modelnumber * usemame and password for the configuration utility
SUMMARY OF THE INVENTION
It has now been discovered that the above and other advantages of the present invention may be obtained in the following manner. Specifically, the present invention provides a system for detecting when a user enters a room or a building and dynamically enabling their network switch port. Likewise the system can detect the fact the user has left a room or building and disabling their network switch port, thereby securing network access via the port.
The system of this invention detects the user entering or leaving a room or building via the users access control credentials. The system requires the user presents their credentials (this could be an RF proximity card, magnetic stripe card, biometric information or any other access control technology) to a suitable reader as they enter or exit the designated area, The system then uses the users credentials to identify the user and their designated network switch port. The system opens a communication session (this can be via either a telnet session over tcp port 23 or the SNMP protocol) with the network switch and enables or disables the users port as required. Claim
Claims (2)
1) An automated process to manage access to the computer network according to a users physical presence comprising; a) A point of authentication sensor able to detect valid credentials and transmit an authentication request to a central management server.b) A software process to extract the user and user variables from the credentials supplied. The uservariables include preconfigured information identifying the users designated network switch port. The process then constructs a configuration script to enable or disable the switch port depending upon direction of travel, connects to the switch and transmfts the instruction.
2) The method according to claim (1) wherein the network ports, or groups of network ports are controlled according to a pre-configu red time schedule.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0807281A GB2459328A (en) | 2008-04-22 | 2008-04-22 | Dynamic access control to a computer network's switch port |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0807281A GB2459328A (en) | 2008-04-22 | 2008-04-22 | Dynamic access control to a computer network's switch port |
Publications (3)
Publication Number | Publication Date |
---|---|
GB0807281D0 GB0807281D0 (en) | 2008-05-28 |
GB2459328A true GB2459328A (en) | 2009-10-28 |
GB2459328A9 GB2459328A9 (en) | 2009-12-09 |
Family
ID=39494015
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB0807281A Withdrawn GB2459328A (en) | 2008-04-22 | 2008-04-22 | Dynamic access control to a computer network's switch port |
Country Status (1)
Country | Link |
---|---|
GB (1) | GB2459328A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015128854A1 (en) * | 2014-02-28 | 2015-09-03 | Digital Car Services Bvba | Safety measures for a network, secured network and method for securing a network. |
BE1022908B1 (en) * | 2014-02-28 | 2016-10-12 | Digital Car Services Bvba | SECURITY FOR A NETWORK, SECURE NETWORK AND METHOD FOR SECURING A NETWORK |
CN109639493A (en) * | 2018-12-20 | 2019-04-16 | 新华三技术有限公司 | The network equipment, behavior control device and TSN configuration method |
CN111427282A (en) * | 2020-03-24 | 2020-07-17 | 珠海格力电器股份有限公司 | Port mode configuration method and device, storage medium and building control system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020009078A1 (en) * | 2000-05-12 | 2002-01-24 | Tim Wilson | Server and method for providing specific network services |
US20040022242A1 (en) * | 2002-07-31 | 2004-02-05 | International Business Machines Corporation | Method, system, and computer program product for restricting access to a network using a network communications device |
WO2004036397A1 (en) * | 2002-10-17 | 2004-04-29 | Zacharias Sahlberg | Method and device for separating different segments of computer equipment |
US20050138377A1 (en) * | 2003-12-18 | 2005-06-23 | First Carl L. | Method and apparatus to provide secure communication |
US20060067340A1 (en) * | 2004-09-29 | 2006-03-30 | Johannes Ruetschi | Methods and apparatus for managing TLS connections in a large soft switch |
US20080147953A1 (en) * | 2006-12-19 | 2008-06-19 | Ncr Corporation | Automated processing device and equipment lockdown |
-
2008
- 2008-04-22 GB GB0807281A patent/GB2459328A/en not_active Withdrawn
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020009078A1 (en) * | 2000-05-12 | 2002-01-24 | Tim Wilson | Server and method for providing specific network services |
US20040022242A1 (en) * | 2002-07-31 | 2004-02-05 | International Business Machines Corporation | Method, system, and computer program product for restricting access to a network using a network communications device |
WO2004036397A1 (en) * | 2002-10-17 | 2004-04-29 | Zacharias Sahlberg | Method and device for separating different segments of computer equipment |
US20050138377A1 (en) * | 2003-12-18 | 2005-06-23 | First Carl L. | Method and apparatus to provide secure communication |
US20060067340A1 (en) * | 2004-09-29 | 2006-03-30 | Johannes Ruetschi | Methods and apparatus for managing TLS connections in a large soft switch |
US20080147953A1 (en) * | 2006-12-19 | 2008-06-19 | Ncr Corporation | Automated processing device and equipment lockdown |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015128854A1 (en) * | 2014-02-28 | 2015-09-03 | Digital Car Services Bvba | Safety measures for a network, secured network and method for securing a network. |
BE1022908B1 (en) * | 2014-02-28 | 2016-10-12 | Digital Car Services Bvba | SECURITY FOR A NETWORK, SECURE NETWORK AND METHOD FOR SECURING A NETWORK |
CN109639493A (en) * | 2018-12-20 | 2019-04-16 | 新华三技术有限公司 | The network equipment, behavior control device and TSN configuration method |
CN109639493B (en) * | 2018-12-20 | 2022-03-25 | 新华三技术有限公司 | Network device, state control device and TSN configuration method |
CN111427282A (en) * | 2020-03-24 | 2020-07-17 | 珠海格力电器股份有限公司 | Port mode configuration method and device, storage medium and building control system |
CN111427282B (en) * | 2020-03-24 | 2021-05-25 | 珠海格力电器股份有限公司 | Port mode configuration method and device, storage medium and building control system |
Also Published As
Publication number | Publication date |
---|---|
GB0807281D0 (en) | 2008-05-28 |
GB2459328A9 (en) | 2009-12-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9928670B2 (en) | Method and system for access control monitoring | |
CN105118127B (en) | A kind of guest system and control method thereof | |
CN104134253B (en) | A kind of gate control system and gate inhibition's deployment method | |
CN104167040B (en) | The long-range control method of a kind of electronic lock and system | |
US20070109098A1 (en) | System for providing network access security | |
CN108510626B (en) | Dynamic password access control management method and management system thereof | |
CN106204864A (en) | Gate control system based on dynamic two-dimension code and door opening method | |
CN106327649A (en) | Two-dimensional code based access control system and door opening method | |
CN107222373B (en) | Control method, system and terminal of smart home, FIDO server and safety equipment | |
CN109003371A (en) | A kind of identification access control, the method and its system of ladder control | |
CN103035041A (en) | Novel field device inspection system and inspection method thereof | |
CN106204866A (en) | A kind of gate control system based on Quick Response Code and door opening method | |
CN101803331A (en) | Method and system for accessing devices in a secure manner | |
CN107426160B (en) | Control method, system and terminal of smart home, FIDO server and safety equipment | |
CN105278337A (en) | Access control method and apparatus of intelligent household system | |
CN103220313A (en) | Device network sharing method and cooperated device control method thereof | |
CN102739874B (en) | Mobile terminal identity authentication unlocking method | |
CN105261100A (en) | Entrance guard unlocking method and system | |
CN204990444U (en) | Intelligent security controlgear | |
CN105574967A (en) | Intelligent access control system and operation method thereof | |
US10515343B1 (en) | Method and system for reporting and monitoring location-related activities of mobile devices | |
GB2459328A (en) | Dynamic access control to a computer network's switch port | |
CN206557866U (en) | A kind of gate control system based on GPS location | |
US20130038448A1 (en) | Access Control System | |
CN102339483A (en) | Security system and method by integrating access control and information equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |