Method and arrangement relating to communications systems
First Claim
1. A method of detecting a non-authorized client station accessing a host station in a communications network, which comprises connecting devices in a route between said client station and the host station, each client station, host station and at least some of said connecting devices being provided with a unique identity, the method comprising the steps of executing a first verification, and after approving said first verification, controlling a route, including the steps of:
- retrieving, at the host station, the unique identity of each of said devices in said route, by propagating an identity inquiry, said identity comprising the unique IP address of said device;
collecting an identity inquiry response message, including the identity of at least each device having a unique identity;
comparing each unique identity of each device included in said response message with a list of approved identities stored at a database associated with the host station; and
rejecting or accepting the access, based on the comparison result.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention relates to a method and arrangement for detecting and/or tracking a non-authorised client station (11, 20) when accessing a host station (10, 21) in a communications network (12), which also comprises connecting devices (13-17, 22-28) in a route between said client station and host station (10, 21), each client station (11, 20), host station (10, 21) and at least some of said connecting devices (13-17, 22-28) being provided with a unique identity, the method comprising the steps of executing a first verification. The method in case of approved said first verification includes further step of route control comprising: retrieving the unique identity of each of said devices in said route, by propagating an identity inquiry, collecting an identity inquiry response message, including the identity of at least each device having a unique identity, comparing each unique identity of each device and/or station included in said response message with a list of approved identities, and rejecting or accepting the access, based on the comparison result.
-
Citations
17 Claims
-
1. A method of detecting a non-authorized client station accessing a host station in a communications network, which comprises connecting devices in a route between said client station and the host station, each client station, host station and at least some of said connecting devices being provided with a unique identity, the method comprising the steps of executing a first verification, and after approving said first verification, controlling a route, including the steps of:
-
retrieving, at the host station, the unique identity of each of said devices in said route, by propagating an identity inquiry, said identity comprising the unique IP address of said device;
collecting an identity inquiry response message, including the identity of at least each device having a unique identity;
comparing each unique identity of each device included in said response message with a list of approved identities stored at a database associated with the host station; and
rejecting or accepting the access, based on the comparison result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
retrieving the unique identity of each of said devices in said route arranging a database for said client station for storing the connection route by, and including the identity of each device having a unique identity sent by each device having an identity and arranged to response in the database.
-
-
5. The method of claim 4, wherein the identity of each device is collected by propagating an identity requirement and collecting the identity requirement response message.
-
6. The method of claim 4, further comprising the step of arranging a list including said identities received in said response message, said identity list constituting a route list and comparing said list with a list of approved route list.
-
7. The method of claim 2, wherein said comparison of the client station identity by a list of known approved clients, is carried out before the route control.
-
8. The method of claim 2, wherein said comparison of the client station identity by a list of known approved clients, is carried out after the route control.
-
9. The method of claim 1, wherein said communications network is a computer network.
-
10. The method of claim 9, wherein said unique identity is an IP address of the client station, host station and at least some of said connecting devices.
-
11. The method of claim 1, wherein said communications network is Internet.
-
12. The method of claim 1, wherein that said communications network is an Interanet/Extranet.
-
13. The method of claim 1, further comprising the step of generating an alarm signal in case of rejection.
-
14. The method of claim 1, further comprising the step of executing a trace procedure in case of rejection.
-
15. The method of claim 1, wherein an error message inquiry is send to each or all devices, asking for identity conflict errors and/or other errors.
-
16. The method of claim 1, further comprising the step of denying access in case of a failure first verification.
-
17. The method of claim 1, further comprising the step of tracing said non-authorised client station.
Specification
-
- Resources
-
Current AssigneeTelefonaktiebolaget LM Ericsson
-
Original AssigneeTelefonaktiebolaget LM Ericsson
-
InventorsLarsson, Martin
-
Primary Examiner(s)Geckil, Mehmet B.
-
Application NumberUS09/105,667Time in Patent Office1,061 DaysField of Search709/229, 709/224, 709/225, 709/217, 709/219, 709/226, 709/220, 370/356, 380/23, 380/25, 714/4, 713/202, 713/201US Class Current709/229CPC Class CodesG06F 21/31 User authenticationG06F 21/554 involving event detection a...H04L 63/1416 Event detection, e.g. attac...
