Determination of Spoofing of a Unique Machine Identifier

US 20140359763A1
Filed: 01/31/2012
Published: 12/04/2014
Est. Priority Date: 01/31/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving current information from an edge network device, the received current information associated with a media access control (MAC) address of an end user device;

comparing the received information with stored historical information associated with the MAC address of the end user device; and

determining, based on the c parison, if the MAC address of the end user device has been spoofed.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, an edge network device may monitor a network service that is provided at a network service device. Information related to the monitored network service may be temporarily stored at the edge network device and transmitted to a remote network device. In one embodiment, an administrative device may compare current extracted information with stored historical information to determine if a unique machine identifier of an end user device has been spoofed.

16 Citations

View as Search Results

15 Claims

1. A method, comprising:
- receiving current information from an edge network device, the received current information associated with a media access control (MAC) address of an end user device;
  
  comparing the received information with stored historical information associated with the MAC address of the end user device; and
  
  determining, based on the c parison, if the MAC address of the end user device has been spoofed.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein receiving current information from the edge network device includes:
    - receiving current information relating to browsing information of the end user device.
  - 3. The method of claim 1, wherein receiving current information from the edge network device includes:
    - receiving current information identifying a service the end user device has accessed.
  - 4. The method of claim 1, wherein receiving current information from the edge network device includes:
    - receiving current information identifying a physical location of he end user device.
  - 5. The method of claim 1, further comprising:
    - performing remediation if it is determined the MAC address of the end user device has been spoofed.
  - 6. The method of claim 5, wherein performing remediation includes at least one of denying network access to the end user device, restricting a portion of network access to the end user device, and issuing an alert that address of the end user device has been spoofed.
  - 7. The method of claim 1, wherein determining if the MAC address of the end user device has been spoofed further includes:
    - sending an acknowledgment request to a spoof protection module on the end user device;
      
      determining if an acknowledgement is received in response to the acknowledgement request; and
      
      determining the MAC address of the end user device has been spoofed if an acknowledgement is not received.

8. An apparatus, comprising:
- a memory, storing a set of instructions; and
  
  a processor, to execute the stored set of instructions, the processor to;
  
  analyze historical and current information associated with a unique machine identifier of an end user device;
  
  compare current information associated with the unique machine identifier to historical information associated with the unique machine identifier analyzed by the analyzer to determine, based on a result of the comparison, if the unique machine identifier of the end user device has been spoofed.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The apparatus of claim 8, the processor further to:
    - send an acknowledgment request requesting acknowledgement of a spoof protection module to the end user device;
      
      determine if an acknowledgement is received in response to the acknowledgement request; and
      
      determine that the unique machine identifier of the end user device has been spoofed if an acknowledgement is not received.
  - 10. The apparatus of claim 8, the processor further to:
    - at least one of deny network access to the end user device, restrict a portion of network access to the end user device, and issue an alert that address of the end user device has been spoofed if it is determined that the unique machine identifier has been spoofed.
  - 11. The apparatus of claim 8, further comprising:
    - a receiver to periodically receive information from an edge network device, the information being associated with the unique machine identifier of the end user device.
  - 12. The apparatus of claim 8, wherein when the processor is to compare current information with historical information, the processor is further to determine if the comparison result exceeds a predetermined threshold thereby determining the unique machine identifier of the end user device has been spoofed.

13. A non-transitory computer-readable medium, storing a set of instructions, executable by a processor, to perform a method to:
- receive, at an edge network device, a request from an end user device;
  
  extract information related to the request;
  
  associate the extracted information with a unique machine identifier of the end user device;
  
  store, in a storage, the extracted information; and
  
  transmit the received request to a remote network device for processing.
- View Dependent Claims (14, 15)
- - 14. The non-transitory computer-readable medium of claim 13, the method further to:
    - transmit the stored extracted information associated with the unique machine identifier to an administrative network device; and
      
      remove the stored extracted information from storage.
  - 15. The non-transitory computer-readable medium of claim 13, wherein the extracted information is at least one of browsing information of the end user device, information identifying a service to be accessed by the end user device, and a physical location of the end user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Black, Chuck A., Ford, Daniel E.

Granted Patent

US 9,313,221 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 43/10   Active monitoring, e.g. hea...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1466   Active attacks involving in...

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/126   Anti-theft arrangements, e....

Determination of Spoofing of a Unique Machine Identifier

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Determination of Spoofing of a Unique Machine Identifier

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others