Multiplex communications – Pathfinding or routing – Switching a message which includes an address header
Reexamination Certificate
1998-01-30
2001-04-03
Vy, Huy D. (Department: 2664)
Multiplex communications
Pathfinding or routing
Switching a message which includes an address header
C370S216000, C370S217000, C370S396000, C370S409000, C709S220000, C709S223000, C709S249000
Reexamination Certificate
active
06212191
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field
The present invention relates to a method and system for data processing in general, and in particular to a method and system for providing security mechanism within a local-area network. Still more particularly, the present invention relates to a method and system for providing security mechanism to an Asynchronous Transfer Mode emulated local-area network.
2. Description of the Prior Art
For several years, the embedded base of many communication networks have been established according to the IEEE 802 Local-Area Network (LAN) standards, such as the IEEE 802.3 standard for Ethernet LANs and the IEEE 802.5 standard for Token-Ring LANs. These communication networks are considered to be “connectionless” because data packets can be exchanged within these networks without establishing a layer-2 connection under the seven-layer networking reference model established by the International Organization for Standardization (ISO). In addition, the applications within these communications networks typically reside on top of a layer-2 protocol and a layer-3 protocol, such as Medium Access Connection (MAC) and Internet Protocol (IP), respectively.
With the advent of Asynchronous Transfer Mode (ATM) technology, which offers the advantages of fixed-size cell switching, sealablility from a few megabits to hundreds of megabits, the ability to offer guaranteed quality of service on a per connection basis, etc., it is desirable to interconnect a LAN which is still under one of the IEEE 802 LAN standards (or so-called a Legacy LAN) with communication networks that are equipped with ATM capabilities. This type of interconnection has been achieved by a variety of methods, such as bridging-and-routing, that are well-known to those skilled in the art of communications network development. Generally speaking, all these methods provide acceptable results, but as a whole, there is ample room for improvement. For example, some of the methods are based on a broadcast principle that mimics shared-medium operations in which all data packets must be broadcast to all destinations. This method of packet broadcast ends up flooding the entire ATM network with broadcast traffic. Another problem associated with the broadcast principle is that it requires that a mesh of networks be established between all bridges and ATM hosts within a LAN and that all inter-LAN traffic pass through a router, which typically becomes the bottleneck of the LAN.
As a goal to provide a better ATM network solution, the ATM Forum has developed another bridging solution called LAN Emulation (LANE). LANE protocols allow ATM networks to provide the appearance of a LAN-like Ethernet or a LAN-like Token-Ring. A LANE architecture emulates traditional LAN technologies over a switched ATM network. Specifically, LANE relies on a LAN Emulation Server (LES) to perform ATM-to-MAC address translations, and a Broadcast and Unknown Server (BUS) to perform data broadcast. A more detailed description of the LANE technology can be found in
LAN Emulation Over ATM Specifications
, version 1.0, promulgated by the ATM Forum, the content of which is incorporated herein by reference.
One of the major issues in migrating Legacy LANs to ATM technology is system security. Legacy LANs offer intrinsic system security in the sense that a physical connection between two end systems implies that the two end systems are on the same LAN. With emulated LANs, any participating station is allowed to be assigned to an emulated LAN via an administrative procedure, which essentially decouples a physical end system and its connection from its membership in a particular emulated LAN. That means an end system may be physically moved but may still participate in the same emulated LAN. Thus, physical connectivity in emulated LANs no longer implies the same level of system security as in Legacy LANs. As a result, there is a risk of unauthorized computer systems connected to an emulated LAN and attempting to utilize services normally not authorized to these computer systems. In addition, since LE client usage of a LAN Emulation Configuration Server (LECS) is optional, reliance on the configuration protocol is not a viable security mechanism for an emulated LAN. Consequently, it would be desirable to provide a better security mechanism for an emulated LAN.
SUMMARY OF THE INVENTION
In view of the foregoing, it is therefore an object of the present invention to provide an improved method and system for data processing.
It is another object of the present invention to provide an improved method and system for providing a security mechanism within a local-area network.
It is yet another object of the present invention to provide an improved method and system for providing a security mechanism to an Asynchronous Transfer Mode emulated local-area network.
In accordance with a method and system of the present invention, an Asynchronous Transfer Mode (ATM) emulated local-area network (LAN) is served by a LAN Emulation Server (LES), a Broadcast and Unknown Server (BUS), and a LAN Emulation Configuration Server (LECS). After receiving a LE_JOIN_REQUEST from an LE client within the emulated LAN, the LES forms a LE_CONFIGURE_REQUEST on behalf of the LE client, by utilizing the information from the LE_JOIN_REQUEST. The LES then sends the LE_CONFIGURE_REQUEST to the LECS. In turn, the LECS sends back a LE_CONFIGURE_RESPONSE to the LES. After receiving the LE_CONFIGURE_RESPONSE from the LECS, a determination is made as to whether or not a status field within the LE_CONFIGURE_RESPONSE indicates a success and a target ATM address field within the LE_CONFIGURE_RESPONSE contains an ATM address of the LES. If both of the above-mentioned conditions are met, the LES then sends a LE_JOIN_RESPONSE with a success status back to the requesting LE client such that the requesting LE client is allowed to join the emulated LAN.
All objects, features, and advantages of the present invention will become apparent in the following detailed written description.
REFERENCES:
patent: 5446726 (1995-08-01), Rostoker et al.
patent: 5461627 (1995-10-01), Rypinski
patent: 5526349 (1996-06-01), Diaz et al.
patent: 5581552 (1996-12-01), Civanlar et al.
patent: 5600644 (1997-02-01), Chang et al.
patent: 5708654 (1998-01-01), Arndt et al.
patent: 5805805 (1998-09-01), Civanlar et al.
patent: 5812552 (1998-09-01), Arora et al.
patent: 5835481 (1998-11-01), Akyol et al.
patent: 5974452 (1999-10-01), Karapetkov et al.
Bill Ellington et al., “Implementing ATM Forum-Compliant LAN Emulation,” IBM Corporation, Digital Communications Design Conference, 1996.
Alexander Cedell A.
Squire Matthew B.
Dillon Andrew J.
Felsman, Bradley, Vaden Gunther & Dillon
International Business Machines - Corporation
Phan M.
Vy Huy D.
LandOfFree
Method and system for providing security to asynchronous... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for providing security to asynchronous..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for providing security to asynchronous... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2443364