Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network access regulating
Reexamination Certificate
1998-04-28
2001-05-15
Lim, Krisna (Department: 2758)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network access regulating
C249S203000, C249S216000, C249S216000
Reexamination Certificate
active
06233616
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to computer networks for managing enterprise network access and providing enterprise network security.
BACKGROUND OF THE INVENTION
The marketplace for many companies has expanded tremendously in recent years. Large national companies have expanded into international or global companies that see their marketplace as the world; and even smaller companies have expanded into the international and global marketplace to become international competitors. This market expansion has been driven by the technology that has made both voice and data communication easier.
Technological advances in recent years have allowed computer users to maintain access to their corporate or home information networks from remote locations. Therefore, regardless of someone's work or travel location, he or she can maintain contact with desired networks through “remote offices,” “mobile computing,” or “telecommuting.”
Remote offices, as they are referred to here, are those subsidiaries or divisions of a company organization that are geographically spaced from the main or base office. These include, but are not limited to, foreign manufacturing plants, regional sales offices, and vendor organizations. Mobile computing, as it is used here, is directed to the use of transportable self-contained computers, such as laptop computers. Mobile computing also includes the method of establishing a telecommunications link to a server or network of other computers. Lastly, telecommuting, as it is used here, refers to the use of a telecommunications link, preferably through a computer, to enable an individual to conduct his or her business from any desired location, rather than be required to physically travel to a particular location.
Co-pending application Ser. No. 956,697, filed Oct. 24, 1997, entitled ENTERPRISE NETWORK MANAGEMENT USING DIRECTORY CONTAINING NETWORK ADDRESSES OF USERS AND DEVICES PROVIDING ACCESS LISTS TO ROUTERS AND SERVERS is directed to local area computer networks (“LANs”) connected over a wide area network (“WAN”). The system described in this application includes firewalls to control the information flow and restrict user access from WAN circuits. According to this co-pending application, computer networks use routing or switching devices to route user messages and files to and from internal LANs and the external WAN. The messages and files of the directory services are contained on LAN server devices and the information in these messages and files are routed across the WAN.
Co-pending application Ser. No. 956,697, filed Oct. 24, 1997, also is directed to directory services products that may be used to integrate phone directory information, e-mail, and facsimile addressing across an enterprise network. In this context, an enterprise network includes two or more LANs connected through one or more WANs. LDAP consist of workstations, servers, routers, switches and hubs. Users may also dial-in to obtain access to these enterprise resources. The directory services products are software applications that communicate among themselves using a directory access protocol (“DAP”) and intercommunicate with other devices, such as mail servers, with a lightweight directory access protocol (“LDAP”).
Finally, co-pending application Ser. No. 956,697, filed Oct. 24, 1997, extends the concept of directory services to the management and control of an enterprise network by integrating directory technology, router management, and server management to form an enterprise network management and security solution. The features and advantages of this co-pending application, however, do not extend to the use of directory services to control access by remote users to elements of an enterprise network. It is desirable to have a system with these capabilities.
SUMMARY OF THE INVENTION
The present is a system and method for enhancing the capabilities of an enterprise network and security through directory services. These enhancements are directed to directory enabled network management and network security for use in LAN communications over a WAN. Use of the present invention will permit mobile computer users to move from one LAN to another LAN without experiencing problems in gaining access to their home LAN or network. This includes establishing a connection from a remote hotel or airport to their home LAN or network.
To accommodate this freedom of movement by mobile computer users in an enterprise network, it is desirable to provide them with a dynamic IP address. This dynamic IP address is obtained from a DHCP (Dynamic Host Control Protocol) server. DHCP is a protocol that dynamically assigns addresses to devices on a network. With dynamic addressing, a mobile computing device, such as a laptop computer, can have a different IP address every time it connects to the network. Dynamic addressing simplifies network administration because the control software is only required to store and track IP addresses in use rather than requiring an administrator to continuously manage this task.
Further, according to the present invention, directory services are updated with the IP information stored in the enterprise DHCP server on a periodic or an on-demand basis. By this being the case, directory services are capable of generating a request to retrieve DHCP information on a periodic basis or the DHCP server may transmit the information to directory services on an on-demand basis.
If the DHCP server is not part of the enterprise network, a dial-in connection may be made through an Internet service provider (ISP) to access the DHCP server. In this type of system configuration, the enterprise network must contain an authentication server that knows the IP address of the dial-in user. Directory services are updated with the IP information stored in the enterprise network authentication server on a periodic basis or on an on-demand basis. Directory services are capable of generating a request to obtain the IP information from the authentication server on a periodic basis or the authentication server may transmit the information to the directory services application on an on-demand basis.
Once the directory services has obtained the user IP information, and it associates that information with the other user information stored in the directory, such as user name, password, public keys, network location, and the network management and security, as described in Ser. No. 956,697, filed Oct. 24, 1997, is provided to these mobile users.
An object of the present invention is to provide a system and method for enterprise network management that uses directory services to control access to elements of the enterprise network.
A further object of the present invention is to provide a system and method for management of an enterprise network that uses the combined operation of a DHCP server, and directory services server to control access to elements of an enterprise network.
Another object of the present invention is to provide a system and method for management of an enterprise network that uses the combined operation of a DHCP server, authentication server, and directory services server to control access to elements of an enterprise network.
These and other objects of the present invention will be described in detail in the remainder of the specification referring to the drawings.
REFERENCES:
patent: 5548726 (1996-08-01), Pettus
patent: 5594921 (1997-01-01), Pettus
patent: 5774668 (1998-06-01), Choquier et al.
patent: 5884039 (1999-03-01), Ludwig et al.
patent: 5922049 (1999-07-01), Radia et al.
Lim Krisna
Vandigriff John E.
LandOfFree
Enterprise network management using directory containing... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Enterprise network management using directory containing..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Enterprise network management using directory containing... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2482566