Abstract: A preferred embodiment of the present invention includes a method and apparatus for allocating and using IP addresses in a network of client systems. More specifically, the present invention includes a router which monitors the assignments of IP addresses by a DHCP server. As each IP address is assigned, the router associates the assigned IP address with an trusted identifier which identifies the client system. Subsequently, if the router received a packet directed at the assigned IP address, the router forwards the packet to the client system having an trusted identifier associated with the destination address of the IP packet. Additionally, if the router receives a packet from a client system, it uses the trusted identifier of the client system to find IP addresses associated with the client system. If the source address of the IP packet is not included in the IP addresses associated with the client system, the packet is discarded.

Abstract: A preferred embodiment of the present invention includes a method and apparatus for routing an IP packets in a network of client systems. The router forwards IP packets between the client systems and the server systems. More specifically, the router can be pre-configured to include one or more "routes." Each route is a mapping between an IP address and a client system. The router may also learn route from other routers and by analysis of IP packets. Preferably, the routes known by the router are included in a route table. The router also monitors DHCP assignment of IP addresses to client systems within the network. When the DHCP assignment of an IP address is detected, the router creates a new route that associates the newly assigned IP address and the corresponding client system. The new route is marked so that it may only be overwritten by a subsequent DHCP assignment.

Abstract: A preferred embodiment of the present invention includes a method and apparatus for allocating and using IP addresses in a network of client systems. More specifically, the present invention includes a DHCP server that leases IP addresses to the client systems. The DHCP server works in combination with a secure DHCP relay agent and a secure IP relay agent. Broadcast DHCPREQUEST messages are forwarded to the DHCP server by the secure DHCP relay agent. Before forwarding, the secure DHCP relay agent embeds in each DHCPREQUEST message. The trusted identifier is an unforgeable object specifically associated with the client system sending the DHCPREQUEST message. When the DHCP server receives a DHCPREQUEST message, the DHCP server extracts the trusted identifier. The trusted identifier is then used by the DHCP server to prevent client systems from accessing the IP address leases of other client systems. The DHCP server also counts the number of IP addresses leases assigned to each trusted identifier.

Abstract: The present invention includes a method and apparatus for filtering IP packets based on events within a computer network. More specifically, the present invention includes a services management system, or SMS. The SMS manages network connections between a series of client systems and a router. An access network control server (ANCS) manages the configuration of the router. The SMS monitors activities or events that occur within the network. In response to these events, the SMS dynamically downloads filtering profiles to the ANCS. The ANCS then uses the downloaded filtering profiles to reconfigure the router. The router then uses the filtering rules to selectively discard or forward IP packets received from the client systems.

Abstract: A method and apparatus for controlling access to services within a computer network is provided. More specifically, the present invention includes a services management system, or SMS. The SMS manages network connections between a series of client systems and a router. An access network control server (ANCS) manages the configuration of the router. For each network user, the SMS maintains a profile of filtering rules. When the user accesses the network, the SMS downloads the user's filtering profiles to the ANCS. The ANCS then uses the downloaded filtering profiles to reconfigure the router. The router then uses the filtering rules to selectively forward IP packets originating from the user's host system and directed at the network services.