SYSTEM AND METHOD FOR PREVENTING HEADER SPOOFING

US 20100175122A1
Filed: 01/08/2009
Published: 07/08/2010
Est. Priority Date: 01/08/2009
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, at an session border controller (SBC), a message from a network element, wherein the message is a request for network access and the message comprises a first source information;

identifying, at the session border controller (SBC), an identifier associated with the network element, wherein the identifier corresponds to a second source information;

replacing, at the session border controller (SBC), the first source information in the message received from the network element with the second source information corresponding to the identifier of the network element; and

transmitting, from the session border controller (SBC), the message with the second source information to a proxy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for preventing spoofing including a receiver at a session border controller (SBC) configured to receive a message from a network element, wherein the message is a request for network access and the message comprises a first source information. The system and method may also include one or more processors at the session border controller (SBC) configured to identify an identifier associated with the network element, wherein the identifier corresponds to a second source information, and to replace the first source information in the message received from the network element with the second source information corresponding to the identifier of the network element. The system and method may also include one or more databases configured to store the second source information. The system and method may also include a transmitter at the session border controller (SBC) configured to transmit the message with the second source information to a service provider proxy for granting network access. In another embodiment, network access may be denied in the event it is determined that the first source information in the message received from the network element with the second source information corresponding to the identifier of the network element are different.

47 Citations

View as Search Results

21 Claims

1. A computer-implemented method, comprising:
- receiving, at an session border controller (SBC), a message from a network element, wherein the message is a request for network access and the message comprises a first source information;
  
  identifying, at the session border controller (SBC), an identifier associated with the network element, wherein the identifier corresponds to a second source information;
  
  replacing, at the session border controller (SBC), the first source information in the message received from the network element with the second source information corresponding to the identifier of the network element; and
  
  transmitting, from the session border controller (SBC), the message with the second source information to a proxy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 17)
- - 2. The method of claim 1, wherein the message is a Session Initiation Protocol (SIP) message.
  - 3. The method of claim 1, wherein the first source information is encoded in a header portion of the message.
  - 4. The method of claim 1, wherein the first source information the second source information comprise domain information.
  - 5. The method of claim 1, wherein identifying the identifier comprises using one or more translation rules of the session border controller (SBC) to determine the second source information corresponding to the identifier of the network element.
  - 6. The method of claim 5, wherein at least the one or more translation rules and the second source information are stored in one or more databases.
  - 7. The method of claim 1, wherein the identifier is at least one of a vLAN tag, an Internet Protocol (IP) address, a remote party ID, and a P-Asserted-Identity (PAI).
  - 8. The method of claim 1, wherein replacing the first source information with the second source information in the message is automatic.
  - 9. The method of claim 1, wherein the proxy is a service provider proxy configured to grant or deny network access.
  - 10. A computer readable media comprising code to perform the acts of the method of claim 1.
  - 17. The method of claim 5, wherein at least the one or more translation rules and the second source information are stored in one or more databases.

11. A computer-implemented system, comprising:
- a receiver configured to receive a message from a network element, wherein the message is a request for network access and the message comprises a first source information;
  
  one or more processors configured to identify an identifier associated with the network element, wherein the identifier corresponds to a second source information, and to replace the first source information in the message received from the network element with the second source information corresponding to the identifier of the network element;
  
  one or more databases configured to store the second source information; and
  
  a transmitter configured to transmit the message with the second source information to a proxy for granting network access.

12. A computer-implemented method, comprising:
- receiving, at a session border controller (SBC), a message from a network element, wherein the message is a request for network access and the message comprises a first source information;
  
  identifying, at the session border controller (SBC), a identifier associated with the network element, wherein the identifier corresponds to a second source information; and
  
  deny network access in the event it is determined that the first source information in the message received from the network element with the second source information corresponding to the identifier of the network element are different.
- View Dependent Claims (13, 14, 15, 16, 18, 19, 20)
- - 13. The method of claim 12, wherein the message is a Session Initiation Protocol (SIP) message.
  - 14. The method of claim 12, wherein the first source information is encoded in a header portion of the message.
  - 15. The method of claim 12, wherein the first source information the second source information comprise domain information.
  - 16. The method of claim 12, wherein identifying the identifier comprises using one or more translation rules of the session border controller (SBC) to determine the second source information corresponding to the identifier of the network element.
  - 18. The method of claim 12, wherein the identifier is at least one of a vLAN tag, an Internet Protocol (IP) address, a remote party ID, and a P-Asserted-Identity (PAI).
  - 19. The method of claim 12, wherein denying network access further comprises coordinating with a service provider proxy.
  - 20. A computer readable media comprising code to perform the acts of the method of claim 12.

21. A computer-implemented system, comprising:
- a receiver configured to receive a message from a network element, wherein the message is a request for network access and the message comprises a first source information;
  
  one or more processors configured to identify a identifier associated with the network element, wherein the identifier corresponds to a second source information, and to deny network access in the event it is determined that the first source information in the message received from the network element with the second source information corresponding to the identifier of the network element are different.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Corporate Resources Group LLC (Verizon Communications Inc.)
Inventors
BALLARD, STEPHEN R.

Application Number

US12/350,881
Publication Number

US 20100175122A1
Time in Patent Office

Days
Field of Search
US Class Current

726/12
CPC Class Codes

H04L 63/1466   Active attacks involving in...

H04L 63/1483   service impersonation, e.g....

H04L 69/22   Parsing or analysis of headers

SYSTEM AND METHOD FOR PREVENTING HEADER SPOOFING

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR PREVENTING HEADER SPOOFING

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links