GB2459328A - Dynamic access control to a computer network's switch port - Google Patents

Dynamic access control to a computer network's switch port Download PDF

Info

Publication number
GB2459328A
GB2459328A GB0807281A GB0807281A GB2459328A GB 2459328 A GB2459328 A GB 2459328A GB 0807281 A GB0807281 A GB 0807281A GB 0807281 A GB0807281 A GB 0807281A GB 2459328 A GB2459328 A GB 2459328A
Authority
GB
United Kingdom
Prior art keywords
user
port
reader
network switch
credentials
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0807281A
Other versions
GB0807281D0 (en
GB2459328A9 (en
Inventor
Paul Anderson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB0807281A priority Critical patent/GB2459328A/en
Publication of GB0807281D0 publication Critical patent/GB0807281D0/en
Publication of GB2459328A publication Critical patent/GB2459328A/en
Publication of GB2459328A9 publication Critical patent/GB2459328A9/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • H04L12/2425
    • H04L12/2461
    • H04L29/06802
    • H04L29/06809
    • H04L29/06823
    • H04L29/08684
    • H04L29/08981
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/54Presence management, e.g. monitoring or registration for receipt of user log-on information, or the connection status of the users
    • H04L12/2403
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0213Standardised network management protocols, e.g. simple network management protocol [SNMP]
    • H04W4/04
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W64/00Locating users or terminals or network equipment for network management purposes, e.g. mobility management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Access to particular computer network switch ports is controlled such that a central server switches on (enables)/switches off (disables) particular user network switch ports in a Local Area Network (LAN) to control access to the network. The user network switch ports are controlled dynamically according to a user's presence or proximity, for example, presence in a particular room or building. A credentials reader is used to determine a user's presence such as a RF proximity or magnetic stripe access card reader, or alternatively a biometric reader may be employed. An identification of the user and the reader is sent to the central server when a user presents credentials to the reader, the central server looks up the user's associated network switch port in a database and, if an assigned port if found for that user, constructs and sends a configuration script to that port to turn the port on (or off). The configuration script may be sent using a telnet session over TCP port 23 or by using the SNMP protocol.

Description

Description
BRIEF DESCRIPTION OF THE DRAWING.S
For a more complete understanding of the invention, reference is hereby made to the drawings, in which: FIG. 1 is a schematic illustration of the basic components of the system of the present invention; FIG. 2 is a schematic flow diagram illustrating the operation software process.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
The present invention provides for substantial improvements in current network security methods by providing a means of physically shutting down network ports when the designated user of the port has left their place of work.
An illustration of the invention is provided in Figure 1, which shows the components of the process a more detailed flow diagram of the process is provided in Figure 2.
The process relies on detecting when a designated user enters a building or part of a building. This is achieved by the user presenting credentials to a credentials reader. The credentials could be a physical object such as an RF proximity or mag stripe access card. Equally the credentials could take the form of biometric information, supplied by a biometric reader. This invention could form part of a larger more wide ranging application such as an access control or building management system.
This information is sent to a software application running on a centralized server. The server application is preconfigured with the credential readers information and whether the reader is an ingress or egress reader. A record of each network switch to be controlled by the system is stored on the server, key: information required is as follows; * Manufacturer * Modelnumber * usemame and password for the configuration utility
SUMMARY OF THE INVENTION
It has now been discovered that the above and other advantages of the present invention may be obtained in the following manner. Specifically, the present invention provides a system for detecting when a user enters a room or a building and dynamically enabling their network switch port. Likewise the system can detect the fact the user has left a room or building and disabling their network switch port, thereby securing network access via the port.
The system of this invention detects the user entering or leaving a room or building via the users access control credentials. The system requires the user presents their credentials (this could be an RF proximity card, magnetic stripe card, biometric information or any other access control technology) to a suitable reader as they enter or exit the designated area, The system then uses the users credentials to identify the user and their designated network switch port. The system opens a communication session (this can be via either a telnet session over tcp port 23 or the SNMP protocol) with the network switch and enables or disables the users port as required. Claim

Claims (2)

1) An automated process to manage access to the computer network according to a users physical presence comprising; a) A point of authentication sensor able to detect valid credentials and transmit an authentication request to a central management server.b) A software process to extract the user and user variables from the credentials supplied. The uservariables include preconfigured information identifying the users designated network switch port. The process then constructs a configuration script to enable or disable the switch port depending upon direction of travel, connects to the switch and transmfts the instruction.
2) The method according to claim (1) wherein the network ports, or groups of network ports are controlled according to a pre-configu red time schedule.
GB0807281A 2008-04-22 2008-04-22 Dynamic access control to a computer network's switch port Withdrawn GB2459328A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0807281A GB2459328A (en) 2008-04-22 2008-04-22 Dynamic access control to a computer network's switch port

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0807281A GB2459328A (en) 2008-04-22 2008-04-22 Dynamic access control to a computer network's switch port

Publications (3)

Publication Number Publication Date
GB0807281D0 GB0807281D0 (en) 2008-05-28
GB2459328A true GB2459328A (en) 2009-10-28
GB2459328A9 GB2459328A9 (en) 2009-12-09

Family

ID=39494015

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0807281A Withdrawn GB2459328A (en) 2008-04-22 2008-04-22 Dynamic access control to a computer network's switch port

Country Status (1)

Country Link
GB (1) GB2459328A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015128854A1 (en) * 2014-02-28 2015-09-03 Digital Car Services Bvba Safety measures for a network, secured network and method for securing a network.
BE1022908B1 (en) * 2014-02-28 2016-10-12 Digital Car Services Bvba SECURITY FOR A NETWORK, SECURE NETWORK AND METHOD FOR SECURING A NETWORK
CN109639493A (en) * 2018-12-20 2019-04-16 新华三技术有限公司 The network equipment, behavior control device and TSN configuration method
CN111427282A (en) * 2020-03-24 2020-07-17 珠海格力电器股份有限公司 Port mode configuration method and device, storage medium and building control system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020009078A1 (en) * 2000-05-12 2002-01-24 Tim Wilson Server and method for providing specific network services
US20040022242A1 (en) * 2002-07-31 2004-02-05 International Business Machines Corporation Method, system, and computer program product for restricting access to a network using a network communications device
WO2004036397A1 (en) * 2002-10-17 2004-04-29 Zacharias Sahlberg Method and device for separating different segments of computer equipment
US20050138377A1 (en) * 2003-12-18 2005-06-23 First Carl L. Method and apparatus to provide secure communication
US20060067340A1 (en) * 2004-09-29 2006-03-30 Johannes Ruetschi Methods and apparatus for managing TLS connections in a large soft switch
US20080147953A1 (en) * 2006-12-19 2008-06-19 Ncr Corporation Automated processing device and equipment lockdown

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020009078A1 (en) * 2000-05-12 2002-01-24 Tim Wilson Server and method for providing specific network services
US20040022242A1 (en) * 2002-07-31 2004-02-05 International Business Machines Corporation Method, system, and computer program product for restricting access to a network using a network communications device
WO2004036397A1 (en) * 2002-10-17 2004-04-29 Zacharias Sahlberg Method and device for separating different segments of computer equipment
US20050138377A1 (en) * 2003-12-18 2005-06-23 First Carl L. Method and apparatus to provide secure communication
US20060067340A1 (en) * 2004-09-29 2006-03-30 Johannes Ruetschi Methods and apparatus for managing TLS connections in a large soft switch
US20080147953A1 (en) * 2006-12-19 2008-06-19 Ncr Corporation Automated processing device and equipment lockdown

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015128854A1 (en) * 2014-02-28 2015-09-03 Digital Car Services Bvba Safety measures for a network, secured network and method for securing a network.
BE1022908B1 (en) * 2014-02-28 2016-10-12 Digital Car Services Bvba SECURITY FOR A NETWORK, SECURE NETWORK AND METHOD FOR SECURING A NETWORK
CN109639493A (en) * 2018-12-20 2019-04-16 新华三技术有限公司 The network equipment, behavior control device and TSN configuration method
CN109639493B (en) * 2018-12-20 2022-03-25 新华三技术有限公司 Network device, state control device and TSN configuration method
CN111427282A (en) * 2020-03-24 2020-07-17 珠海格力电器股份有限公司 Port mode configuration method and device, storage medium and building control system
CN111427282B (en) * 2020-03-24 2021-05-25 珠海格力电器股份有限公司 Port mode configuration method and device, storage medium and building control system

Also Published As

Publication number Publication date
GB0807281D0 (en) 2008-05-28
GB2459328A9 (en) 2009-12-09

Similar Documents

Publication Publication Date Title
US9928670B2 (en) Method and system for access control monitoring
CN105118127B (en) A kind of guest system and control method thereof
CN104134253B (en) A kind of gate control system and gate inhibition's deployment method
CN104167040B (en) The long-range control method of a kind of electronic lock and system
US20070109098A1 (en) System for providing network access security
CN108510626B (en) Dynamic password access control management method and management system thereof
CN106204864A (en) Gate control system based on dynamic two-dimension code and door opening method
CN106327649A (en) Two-dimensional code based access control system and door opening method
CN107222373B (en) Control method, system and terminal of smart home, FIDO server and safety equipment
CN109003371A (en) A kind of identification access control, the method and its system of ladder control
CN103035041A (en) Novel field device inspection system and inspection method thereof
CN106204866A (en) A kind of gate control system based on Quick Response Code and door opening method
CN101803331A (en) Method and system for accessing devices in a secure manner
CN107426160B (en) Control method, system and terminal of smart home, FIDO server and safety equipment
CN105278337A (en) Access control method and apparatus of intelligent household system
CN103220313A (en) Device network sharing method and cooperated device control method thereof
CN102739874B (en) Mobile terminal identity authentication unlocking method
CN105261100A (en) Entrance guard unlocking method and system
CN204990444U (en) Intelligent security controlgear
CN105574967A (en) Intelligent access control system and operation method thereof
US10515343B1 (en) Method and system for reporting and monitoring location-related activities of mobile devices
GB2459328A (en) Dynamic access control to a computer network's switch port
CN206557866U (en) A kind of gate control system based on GPS location
US20130038448A1 (en) Access Control System
CN102339483A (en) Security system and method by integrating access control and information equipment

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)