Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
1998-01-08
2001-03-20
Maung, Zarni (Department: 2154)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S250000
Reexamination Certificate
active
06205483
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a communication apparatus, a communication terminal and a program recording medium, which are used for constituting a local area network.
2. Description of the Related Art
Over the recent years, the information has been exchanged by use of a local area network (hereinafter referred to as a LAN) in a variety of fields. A construction and a fundamental operation of the LAN used at the present will be described by exemplifying a bus type LAN with reference to FIG.
10
.
As illustrated in
FIG. 10
, the LAN is constructed of a transmission line, a plurality of stations
31
and a plurality of nodes
34
(known as network interface cards). The stations
31
are defined as apparatuses (e.g., computers) actually employed by users who exchange the information by using the LAN. The node
34
is defined as a communication apparatus for connecting the station
31
to the transmission line, and is constructed of a controller
32
and a transceiver
33
. It is to be noted that a specific construction (configuration) of the node
34
is different depending on the specifications of the LAN and the construction of the station
31
. For example, in the LAN based on the specifications classified as 10BASE2, if the station
31
is a disk top type computer, a board type apparatus insertable into an extension slot of the computer is used as a node
34
. By contrast, in the LAN based on the specifications classified as 10BASE5, the board inserted into the extension slot is an apparatus corresponding to the controller
32
, and the transceiver
33
is connected to this board (the controller
32
) via a cable.
The node
34
executes a process of converting data outputted by the station
31
into a signal for the transmission line, and a process reverse thereto. More specifically, the controller
32
within the node
34
, when indicated by the station
31
to transmit the data, creates a packet by adding, to this item of data, pieces of information such as a transmitting address and a receiving address (which are layer-2 addresses called a LAN address or a MAC address), and transfers the thus created packet to the transceiver
33
. The transceiver
33
converts a form of the signal of the transferred packet and transmits it onto the transmission line.
When the packet is transmitted via the transmission line, the transceiver
33
receives this packet, converts the signal form and transfers it to the controller
32
. The controller
32
, if the receiving address within the transferred packet is coincident with an address allocated to the controller
32
itself (hereinafter referred to as a self-address), transfers the intra-packet data to the station
31
. Note that the self address is normally printed inwardly of the controller
21
by the manufacturer. Whereas if the intra-packet receiving address is not coincident with the self-address, the controller
32
disposes of the transferred packet without transferring the intra-packet data to the station
31
.
For instance, when the data transmitted from a station C to a station A, as shown in
FIG. 10
, a packet in which “A” is set in the receiving address and “C” is set in the transmitting address, is sent to the transmission line from a node C. Both of the node A and the node B receive this packet, however, the node B discards the received packet because of the receiving address not being the self-address. While on the other hand, the node A transfers the data contained in that packet to the station A because of the receiving address being the self-address. In the LAN, the data transmitted from the station C to the station A thus arrives at only the station A.
In the normal LAN, a protocols explained so far is used in combination with a high-layer protocol (TCP/IP etc.) incorporating a communication processing function to some extent. In the high-layer protocol, an address (a layer-3 address called a network address etc) different from the LAN address is used. Therefore, the packet transmitted onto the transmission line is in fact the one holding the data containing the address used in the high-layer protocol, and any one of the controller
32
and the station
31
implements control (a process relative to the high-layer protocol) making use of the network address.
As explained above, the prior art LAN is designed for freely exchanging the information between the stations. Hence, it was difficult to perform a test etc by use of the conventional LAN. Further, when an important conference using the LAN takes place, it might happen that data not related to the conference are received by the stations engaged in the conference, which can hinder the conference may occur.
SUMMARY OF THE INVENTION
It is a primary object of the present invention to provide a communication apparatus, a communication terminal and a program recording medium that are capable of constituting a local area network which would be able to restrict information exchanged between stations.
To accomplish the above and other objects, according to a first aspect of the present invention, a communication apparatus is connected to a terminal and a transmission line of a local area network, and allows the terminal to function as one communication terminal of the local area network. The communication apparatus includes a communication regulation information storing unit which stores communication regulation information defined as information for classifying other communication terminals connected to the local area network into a communication terminal permitted to communicate and a terminal not permitted to communicate in accordance with a network address. A take-in unit of the apparatus takes in communication data addressed to a self-terminal from the transmission line on the basis of a receiving LAN address contained in the communication data propagating through the transmission line. The communication apparatus has a judging unit for judging, based on a transmitting network address contained in the communication data taken in by the take-in unit and the communication regulation information within the communication regulation information storing unit, whether or not a communication data transmitting unit is a communication terminal permitted to communicate. A supplying unit of the apparatus of the present invention supplies the terminal with only a content of the communication data transmitted by the terminal judged as the communication terminal permitted to communicates
That is, the communication apparatus according to the first aspect of the present invention corresponds to an apparatus known as a network interface card, and is combined with a terminal to constitute a communication terminal. The communication apparatus according to the first aspect, when it takes in the communication data (packet) addressed to the communication apparatus itself, to start with, determines whether or not the communication data is communication data from the communication terminal permitted to communicate on the basis of a transmitting network address contained in the communication data and internally stored communication regulation information for classifying terminals into a communication terminal permitted to communicate and a communication terminal not permitted to communicate in accordance with the network address. Then, only when the communication data is the one from the communication terminal permitted to communicate, the terminal to which the communication apparatus is connected is supplied with the same communication data.
Therefore, in the LAN constructed using present communication apparatuses, the communication data supplied to each terminal can be restricted by setting the communication regulation information having a proper content to each communication apparatus. Accordingly, a test and a conference etc can take place under such a condition that communication data given from others excluding the persons concerned are not received by the terminals (a content of the communication data is not displayed in the termi
Caldwell Andrew
Fujitsu Limited
Helfgott & Karas P.C.
Maung Zarni
LandOfFree
Network interface that prevents MAC or IP address spoofing... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network interface that prevents MAC or IP address spoofing..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network interface that prevents MAC or IP address spoofing... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2467666