Method and system for tracing missing network devices using hardware fingerprints

US 7,181,195 B2
Filed: 02/14/2002
Issued: 02/20/2007
Est. Priority Date: 02/14/2002
Status: Active Grant

First Claim

Patent Images

1. A method for determining a position of an electronic device within a wide area network including the electronic device and additionally including first and second network elements, said method comprising:

distributing a tracing tool to the first network element within said wide area network;

detecting a physical separation of said electronic device and an associated user;

determining identifying indicia of said electronic device, wherein said identifying indicia are automatically transmifted by said electronic device during communication on the wide area network between said electronic device and the second network element;

the first network element monitoring traffic on said wide area network utilizing said tracing tool, wherein said monitoring includes;

in response to detecting said physical separation, the first network element intercepting data of said communication on the wide area network between said electronic device and said second network element, said data including said identifying indicia; and

determining a physical position of said electronic device within said wide area network in response to an interception of said identifying indicia.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When a piece of network equipment is determined to be stolen or missing, a hardware tracing tool mounted within the network detects the distinctive hardware fingerprints of the missing hardware within Internet traffic and extracts the device'"'"'s IP address to trace the location of the missing equipment. As Internet messages or data packets cross through servers containing the tracing tool, the data packets are decompiled to retrieve unique identifier indicia (hardware fingerprints), such as a computer'"'"'s MAC address, for example. The extracted fingerprints are then compared with fingerprints stored in a database of missing hardware using a hashing or mapping function, and the server system is alerted to a match. The IP address of the device transmitting the matching indicia is then extracted to determine the location of the missing or stolen network hardware. In this way, a method of tracing missing network hardware is provided that does not increase the cost of network equipment or unnecessarily effect network bandwidth.

70 Citations

View as Search Results

18 Claims

1. A method for determining a position of an electronic device within a wide area network including the electronic device and additionally including first and second network elements, said method comprising:
- distributing a tracing tool to the first network element within said wide area network;
  
  detecting a physical separation of said electronic device and an associated user;
  
  determining identifying indicia of said electronic device, wherein said identifying indicia are automatically transmifted by said electronic device during communication on the wide area network between said electronic device and the second network element;
  
  the first network element monitoring traffic on said wide area network utilizing said tracing tool, wherein said monitoring includes;
  
  in response to detecting said physical separation, the first network element intercepting data of said communication on the wide area network between said electronic device and said second network element, said data including said identifying indicia; and
  
  determining a physical position of said electronic device within said wide area network in response to an interception of said identifying indicia.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein determining said identifying indicia of said electronic device comprises:
    - identifying data transmitted by said electronic device prior to said physical separation utilizing a portion of said wide area network; and
      
      extracting said identifying indicia from data transmitted by said electronic device prior to said physical separation.
  - 3. The method of claim 1, wherein determining said identifying indicia of said electronic device comprises determining a media access control (MAC) address of said electronic device.
  - 4. The method of claim 1, wherein determining said identifying indicia of said electronic device comprises:
    - determining said identifying indicia utilizing at least one of a set including a hostname and an Internet Protocol (IP) address within data transmitted by said electronic device prior to said physical separation utilizing a portion of said wide area network.
  - 5. The method of claim 1, wherein:
    - said method further comprises causing data specifying said identifying indicia to be stored within a database associated with said first network element prior to said physical separation, anddetermining said identifying indicia of said electronic device comprises determining said identifying indicia utilizing said database.
  - 6. The method of claim 1, said method further comprising generating a notification indicating said physical position of said electronic device for a responsible party associated with said electronic device.
  - 7. The method of claim 1, wherein said distributing comprises distributing said tracing tool to a plurality of network elements within said wide area network.
  - 8. The method of claim 7, wherein said distributing further comprises distributing said tracing tool to a plurality of Internet protocol routers within said wide area network.
  - 9. The method of claim 1, wherein determining said physical position of said electronic device within said wide area network in response to said interception of said identifying indicia comprises:
    - transmitting a link tracing message between said electronic device and said first network element;
      
      identifying a third network element coupled between said electronic device and said first network element in response to a transmission of said link tracing message; and
      
      determining said physical position of said electronic device utilizing an identity of said third network element coupled between said electronic device and said first network element.

10. A system for determining a position of an electronic device within a wide area network including the electronic device and at least an additional second network element, said system comprising:
- a hardware fingerprint server to determine identifying indicia of said electronic device, wherein said identifying indicia are automatically transmitted by said electronic device during communication on the wide area network between said electronic device and the second network element;
  
  a monitoring server to detect a physical separation of said electronic device and an associated user and further to monitor traffic on said wide area network, wherein said monitoring server includes;
  
  an intercept module, responsive to a detection of said physical separation, to intercept data of said communication on said wide area network between said electronic device and said second network element, said data including said identifying indicia; and
  
  a tracing server to determine a physical position of said electronic device within said wide area network in response to an interception of said identifying indicia at said intercept module.
- View Dependent Claims (11, 12, 13)
- - 11. The system of claim 10, wherein said hardware fingerprint server is configured to:
    - identify data transmitted by said electronic device prior to said physical separation utilizing a portion of said wide area network; and
      
      extract said identifying indicia from said data transmitted by said electronic device prior to said physical separation.
  - 12. The system of claim 10, wherein said identifying indicia of said electronic device comprises a media access control (MAC) address of said electronic device.
  - 13. The system of claim 10, wherein said monitoring server is distributed among a plurality of network elements within said wide area network.

14. A machine-readable medium having embodied therein program code executable by a machine, wherein said program code causes said machine to perform a method for determining a position of an electronic device within a wide area network including the electronic device and additionally including first and second network elements, said method comprising:
- detecting a physical separation of said electronic device and an associated user;
  
  determining identifying indicia of said electronic device, wherein said identifying indicia are automatically transmitted by said electronic device during communication on the wide area network between said electronic device and the second network element;
  
  the first network element monitoring traffic on said wide area network at said first network element utilizing a tracing tool, wherein said monitoring comprises;
  
  in response to detecting said physical separation, the first network element intercepting data of said communication on the wide area network between said electronic device and said second network element, said data including said identifying indicia; and
  
  determining a physical position of said electronic device within said wide area network in response to an interception of said identifying indicia.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The machine-readable medium of claim 14, wherein said method includes distributing said tracing tool to a plurality of Intenet Protocol routers within said wide area network.
  - 16. The machine-readable medium of claim 14, wherein determining said identifying indicia of said electronic device comprises:
    - identifying data transmitted by said electronic device prior to said physical separation utilizing a portion of said wide area network; and
      
      extracting said identifying indicia from said data transmitted by said electronic device prior to said physical separation.
  - 17. The machine-readable medium of claim 14, wherein determining said identifying indicia of said electronic device comprises determining a media access control address of said electronic device.
  - 18. The machine-readable medium of claim 14, wherein determining said physical position of said electronic device within said wide area network in response to said interception of said identifying indicia comprises:
    - transmitting a link tracing message between said electronic device and said first network element;
      
      identifying a third network element coupled between said electronic device and said first network element in response to a transmission of said link tracing message; and
      
      determining said physical position of said electronic device utilizing an identity of said third network element coupled between said electronic device and said first network element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rakuten Group, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Kumhyr, David Bruce, Booth, Yvonne Watters
Primary Examiner(s)
APPIAH, CHARLES NANA

Application Number

US10/076,335
Publication Number

US 20030153328A1
Time in Patent Office

1,832 Days
Field of Search

4554561-4567, 455/435.1, 455/556.1, 455/577, 455/414.1, 455/404.1, 455/404.2, 455/410, 455/411, 455/458, 455/459, 455/457, 340/5.8, 340/539.13, 340/539.11, 340/539.19, 340/539.25, 3405733-5734, 340/539.4, 709/218, 709/219, 709/217, 709/224, 709/229, 709/200, 709/214, 709/202, 701/207, 701/203, 701/213, 713/200, 713/201, 713/193, 713/194
US Class Current

455/411
CPC Class Codes

G06F 21/88   Detecting or preventing the...

H04W 12/126   Anti-theft arrangements, e....

H04W 12/63   Location-dependent; Proximi...

Method and system for tracing missing network devices using hardware fingerprints

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for tracing missing network devices using hardware fingerprints

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links