WO2010121312A1 - Équipement réseau - Google Patents

Équipement réseau Download PDF

Info

Publication number
WO2010121312A1
WO2010121312A1 PCT/AU2010/000456 AU2010000456W WO2010121312A1 WO 2010121312 A1 WO2010121312 A1 WO 2010121312A1 AU 2010000456 W AU2010000456 W AU 2010000456W WO 2010121312 A1 WO2010121312 A1 WO 2010121312A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
network
user
appliance
network appliance
Prior art date
Application number
PCT/AU2010/000456
Other languages
English (en)
Inventor
Trent Davis
James Peter Brotchie
Stephen James Thorne
Original Assignee
Agent Smith Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2009901766A external-priority patent/AU2009901766A0/en
Application filed by Agent Smith Pty Ltd filed Critical Agent Smith Pty Ltd
Publication of WO2010121312A1 publication Critical patent/WO2010121312A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration

Definitions

  • the present invention relates to the field of network communication, specifically the Internet. More particularly, the invention relates to an appliance for use in a communications network. The appliance provides user management and reporting.
  • Consumer appliances have been developed that make user access to the Internet quick and relatively simple. These appliances include routers, modems, firewalls, backup devices and network attached storage (NAS). Many of these devices require user specific data to be entered during an initial configuration in order for the device to operate in location. For instance, a modem will require the DNS of the ISP as well as a usemame and password. A router will need a gateway IP address and individual IP addresses for each device on the network. Some of the configuration requirements have been automated through the development of setup programs (called wizards) but significant user involvement is still often required.
  • wizards setup programs
  • an ISP may supply a pre-configured modem when establishing a new account. While this overcomes the initial configuration issue it creates new problems if the device is reset since the user generally does not have the experience or knowledge to reconfigure the appliance. Problems also arise if there are other appliances in the network that have conflicting IP addresses. Thus despite pre-configuration lengthy conversations with technicians are often required.
  • ⁇ management at a micro level is even more important as there are generally more configuration parameters to control and higher volume usage to monitor. For instance, in a business environment every user will have a username and password whereas the home environment will generally allow open access.
  • the invention resides in a network appliance comprising: a unique identifier; a network interface communicating with a local network; and a connection to external data storage for storage of data; wherein the data is stored using the unique identifier or a key associated with the unique identifier.
  • the unique identifier is suitably a serial number.
  • the unique identifier is stored on a removable storage device.
  • the appliance further comprises a gateway that enables communication between the local network and a global data communications network.
  • connection is a local connection to external local data storage.
  • connection is a connection to a global data communications network and the data storage is in a cloud data centre.
  • the data is suitably configuration data for configuration of the network appliance.
  • the local network includes other network devices and the configuration data includes data for configuration of the other network devices.
  • the data may also include network data and user data.
  • the user data may include a username, a password and user activity data and may be encrypted.
  • the user activity data may include a download volume and a download limit attributed to a user.
  • the data is suitably encoded using the unique identifier or a cryptographic key associated with the unique identifier.
  • the invention resides in a method of storing data pertaining to a local network including the steps of: gathering data from the local network; accessing an external data storage connected to the local network; and storing the data in the external data storage using a unique identifier associated with a network appliance on the local network.
  • the external data storage is a cloud data centre in a global data communications network, such as the Internet.
  • the stored data is preferably encrypted.
  • FIG 1 is a schematic of a network environment relevant to the invention
  • FIG 2 is a block diagram of a network appliance incorporating the invention.
  • FIG 3 is a data structure example.
  • Embodiments of the present invention reside primarily in a network appliance that provides management of users on the network.
  • the network appliance is connected to a network of users as well as to a global communications network (the Internet).
  • the Internet global communications network
  • Many of the concepts associated with network computing will be well known to persons skilled in the art. Accordingly, the hardware and software described below have been illustrated in concise schematic form in the drawings, showing only those specific details that are necessary for understanding the embodiments of the present invention, but so as not to obscure the disclosure with excessive detail that will be readily apparent to those of ordinary skill in the art having the benefit of the present description.
  • adjectives such as first and second, left and right, and the like may be used solely to distinguish one element or action from another element or action without necessarily requiring or implying any actual such relationship or order.
  • Words such as “comprises” or “includes” are intended to define a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed, including elements that are inherent to such a process, method, article, or apparatus.
  • the network appliance 1 is connected to a number of users 2 and other network devices 3 in a user network 4.
  • the user network 4 may be a small local area network such as a home network of three or four computers or a larger local area network such as a business having several hundred computers.
  • the user network 4 could also be a wide area network made up of several linked local area networks.
  • a user 2 is considered to be any of a range of possible connection devices in the network including: desktop computers; mobile computing devices such as laptops, netbooks and PDA devices; servers; or other active devices on the network.
  • network devices 3 which may include: network attached storage; Internet gateway device, such as a modem and/or a firewall; a spam filter; a virus scanner; a router or block of switches; or other network management and connectivity devices.
  • the user network 4 is connected to the Internet 5 in conventional manner and may access a cloud data centre 6 as described further below.
  • the appliance 1 is shown schematically in FIG 2.
  • Each appliance 1 has one or more network ports 13 for connection to the local network 4 and/or the Internet 5.
  • the appliance 1 may be a router/modem and attach directly to the Internet 5 via a network port 13 or may be an independent device that connects to other network devices 3 (such as a router and a modem) via the network ports 13.
  • Each appliance 1 has a unique identifier, such as a serial number, which may be permanently stored in the appliance in local storage 11 , such as read only memory, but is preferably stored in a removable storage device 7 such as a USB key.
  • the removable storage device 7 connects to the device through a port 16, which most commonly will be a USB port. In this embodiment the removable storage device 7 can be accurately considered as a key since it unlocks the operation of the appliance 1. In one embodiment there may be a security requirement that the removable storage device 7 must be connected to the appliance 1 for the appliance to operate.
  • the serial number or a cryptographic key associated with the serial number is used to identify user data collected and stored by the appliance 1.
  • the user data may include: configuration data such as ISP address and login data; username and password for each user; user activity data such as websites visited and download volume; a download limit or quota; and date/time.
  • the user data may also be encrypted in the case where a cryptographic key is associated with the serial number.
  • the download volume attributed to each user 2 on the user network 4 may be logged by appliance 1 and stored as part of the user data on the local removable storage device 7, the cloud data centre 6 or the local storage 15.
  • the appliance 1 may identify users 2 by way of a Medium Access Control (MAC) address of a connection device which the user 2 is using.
  • MAC Medium Access Control
  • each user 2 may be required to log into the appliance 1 when accessing the internet 5 by providing the user name and password.
  • the download volume may then be written to the user data according to a user name or a MAC address.
  • the appliance 1 may also have a RAM component 12 for temporary local storage of data, but in the preferred embodiment the collected data is stored externally so that it is retrievable independently of the appliance 1 and is nonvolatile. In this way failure of the appliance does not mean a loss of data. Furthermore, if the device does fail another device can be substituted and immediately configured from the externally stored configuration data.
  • the external storage is local storage 15 such as a hard disk drive, solid state drive or flash memory that is connected to the appliance 1 via a port 14.
  • the port may be an RS232 port, USB port, parallel port or other suitable protocol port.
  • the external storage is provided by a cloud data centre 6 that is accessible via the Internet 5.
  • a cloud data centre is a distributed collection of network enabled data storage devices with associated processors that manage the storage and retrieval of data from the cloud. Data is stored in the cloud using an address that is encrypted for security.
  • one part of the security protocol may use a cryptographic key associated with the unique identifier that is stored in a removable storage device 7 that connects to the appliance 1 via a port 16.
  • a benefit of this arrangement is that failure of the appliance is non-critical since the device 7 can be connected to a replacement device and provide the required key for accessing the data stored in the cloud 6.
  • a similar advantage applies for data stored in a local external storage device 15.
  • data may be stored in a format depicted in FIG 3 with each data record containing the unique key that facilitates retrieval and a user identification field to facilitate user specific analysis.
  • the data may be arranged in any manner that permits later retrieval and analysis.
  • the generic appliance will contain all generic hardware and software for connecting to the user network and the Internet with the device 7, or the combination of the device 7 and external storage 15, providing the specific configuration data to facilitate communication. Specific user data may then be retrieved from the local external storage 15 or the cloud 6.
  • Storing user data in the cloud 6 removes the requirement of a user to have specific knowledge and experience about the configuration of the network they access. For instance, all network related data for all devices on the network may be stored in the cloud. If any particular device fails it is replaced with a generic device which then self-configures by retrieving required data from the cloud via the appliance 1. In this respect the device 7 is the element that contains the essential information for data access.
  • the data storage and management options differ significantly from existing options since all user data is stored in the cloud and accessible at any time at a micro level.
  • Existing data captured, stored and processed by some ISPs is only captured from the ISP side of the user network 4 whereas the appliance 1 facilitates capture of data from the user side of the user network 4 as well as the ISP side.
  • Management and reporting of the user data may be accessed via a web interface that is processed in the cloud, thus reducing local processing requirements.
  • An administrator simply connects to the user network 4 and has full access to all of the resources the cloud can provide, such as user permissions, quotas, user activity and usage history, rate limiting configuration etc.
  • a reporting web page may include a usage history showing web sites visited by a user, a time and date each web site was visited and how long the user spent on each website.
  • the reporting web page may also include a communication history showing details of sent and received email and posts made to and from chat rooms and social networking websites. Additionally, the communication history may be reviewed by an administrator for appropriate language, detecting on line predators, detecting cyber-bullying and other related items. Alternatively, the communication history may be automatically reviewed by software and alerts sent to appropriate personnel.
  • a user's download volume may also be reviewed on the reporting web page showing a download volume or quota used and a remaining download volume or quota for each user.
  • a management web page may allow an administrator to, but is not limited to:
  • a particular advantage of the invention is that the collection and processing of user and network data is independent of the ISP or the network appliance. Indeed, it is also independent of any other network devices on the user network. This provides enhanced security and flexibility compared to known systems.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention porte sur un équipement réseau (1) comprenant un identifiant unique, une interface réseau (13) communiquant avec un réseau local (4) et une connexion (14, 16) vers un dispositif de stockage de données externe (7, 15) pour un stockage de données. Les données sont stockées à l'aide de l'identifiant unique ou d'une clé associée à l'identifiant unique.
PCT/AU2010/000456 2009-04-23 2010-04-22 Équipement réseau WO2010121312A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2009901766A AU2009901766A0 (en) 2009-04-23 Network appliance
AU2009901766 2009-04-23

Publications (1)

Publication Number Publication Date
WO2010121312A1 true WO2010121312A1 (fr) 2010-10-28

Family

ID=43010597

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2010/000456 WO2010121312A1 (fr) 2009-04-23 2010-04-22 Équipement réseau

Country Status (1)

Country Link
WO (1) WO2010121312A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060072477A1 (en) * 2002-12-04 2006-04-06 Koninklijke Philips Electronics N.V. Using configuration identifiers for communicating configuration descriptions
WO2008055081A2 (fr) * 2006-10-31 2008-05-08 Aastra Technologies Limited Procédé et système pour une configuration d'entités de réseau
WO2008074396A1 (fr) * 2006-12-20 2008-06-26 Koninklijke Kpn N.V. Configuration d'une mémoire destinée à être utilisée dans un appareil mobile

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060072477A1 (en) * 2002-12-04 2006-04-06 Koninklijke Philips Electronics N.V. Using configuration identifiers for communicating configuration descriptions
WO2008055081A2 (fr) * 2006-10-31 2008-05-08 Aastra Technologies Limited Procédé et système pour une configuration d'entités de réseau
WO2008074396A1 (fr) * 2006-12-20 2008-06-26 Koninklijke Kpn N.V. Configuration d'une mémoire destinée à être utilisée dans un appareil mobile

Similar Documents

Publication Publication Date Title
AU2019204090B2 (en) Networking flow logs for multi-tenant environments
US10116626B2 (en) Cloud based logging service
US7890627B1 (en) Hierarchical statistical model of internet reputation
EP2837157B1 (fr) Gestion de répertoire d'adresses réseau
CN108616490A (zh) 一种网络访问控制方法、装置及系统
US11997069B2 (en) Intelligent firewall access rules
RU2498398C2 (ru) Система и способ эффективной реализации улучшенного маршрутизаторного устройства
US9893968B1 (en) Troubleshooting network paths in a distributed computing environment
WO2016197782A2 (fr) Procédé et appareil de gestion de port de service et support d'informations lisible par ordinateur
WO2022214019A1 (fr) Procédé et appareil de déploiement d'un dispositif de réseau et dispositif, système et support de stockage
Manninen Cybersecurity in agricultural communication networks: Case dairy farms
CN104618469B (zh) 一种基于代理网络架构的局域网访问控制方法及管理机
WO2010121312A1 (fr) Équipement réseau
KR20170077540A (ko) 로그 관리 방법, 시스템 및 컴퓨터 판독 가능한 기록 매체
KR101070522B1 (ko) 스푸핑 공격 탐지 및 차단 시스템 및 방법
US10873607B1 (en) Logical network abstraction for network access control
CN109818779A (zh) 基于云计算技术的铁路通信集中网络构建方法
Agboola Installation of Zentyal; LINUX Small Business Server

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10766505

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10766505

Country of ref document: EP

Kind code of ref document: A1