IP based security applications using location, port and/or device identifier information

US 7,873,985 B2
Filed: 07/08/2003
Issued: 01/18/2011
Est. Priority Date: 01/08/2002
Status: Active Grant

First Claim

Patent Images

1. A security method for use in a communication system, the security method comprising:

receiving an IP packet including a source address and a destination address;

obtaining physical location information indicating a location of a user device which is a source of said IP packet prior to delivery of the packet to the destination address, and wherein said obtaining physical location information indicating the location of the user device further includes performing a database lookup operation to retrieve a geographic location corresponding to an edge router and port information obtained from said edge router; and

determining, as a function of the obtained physical location information, an action to be taken, wherein determining an action to be taken includes;

comparing the obtained physical location information to information listing physical locations authorized to obtain access to a service for which security is to be provided.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for determining, in a reliable manner, a port, physical location and/or device identifier, such as a MAC address, associated with a device using an IP address and for using such information, e.g., to support one or more security applications is described. Supported security applications include restricting access to services based on the location of a device seeking access to a service, determining the location of stolen devices, and verifying the location of the source of a message or other IP signal, e.g., to determine if a prisoner is contacting a monitoring service from a predetermined location.

Citations

19 Claims

1. A security method for use in a communication system, the security method comprising:
- receiving an IP packet including a source address and a destination address;
  
  obtaining physical location information indicating a location of a user device which is a source of said IP packet prior to delivery of the packet to the destination address, and wherein said obtaining physical location information indicating the location of the user device further includes performing a database lookup operation to retrieve a geographic location corresponding to an edge router and port information obtained from said edge router; and
  
  determining, as a function of the obtained physical location information, an action to be taken, wherein determining an action to be taken includes;
  
  comparing the obtained physical location information to information listing physical locations authorized to obtain access to a service for which security is to be provided.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The security device of claim 1, wherein said service is one of a banking service, video on demand service and a music on demand service.
  - 3. The security method of claim 1, further comprising:
    - dropping said packet when said comparing does not result in a match between the obtained physical location information and the information listing physical locations authorized to obtain access to the service.
  - 4. The security method of claim 1, wherein said service is one of a banking service, video on demand service and a music on demand service.
  - 5. The security method of claim 1, further comprising:
    - forwarding said packet to the destination address when said comparing results in a match between the obtained physical location information and the information listing physical locations authorized to obtain access to the service.

6. A security method for use in a communication system, the security method comprising:
- receiving an IP packet including a source address and a destination address;
  
  obtaining physical location information indicating a location of a user device which is a source of said IP packet prior to delivery of the packet to the destination address, including transmitting a location information request message including the source address of the received IP packet and receiving, in response to said transmitted location information request message, information corresponding to the location of the user device;
  
  determining, as a function of the obtained physical location information, an action to be taken, anddetermining the location of the user device from edge router information and port information obtained from an edge router identified by said edge router information, and wherein determining the location of the user device includes performing a database lookup operation to retrieve a geographic location stored in association with said edge router information and said port information.

7. A security method for use in a communication system, the security method comprising:
- (a) receiving an IP packet including a source address and a destination address;
  
  (b) obtaining physical location information indicating a location of a user device which is a source of said IP packet, by;
  
  (i) transmitting a location information request message including the source address of the received IP packet,(ii) receiving in response to said transmitted location information request message, information corresponding to the location of the user device determined from edge router information indicating an edge router corresponding to said source address and port information obtained from said edge router;
  
  and(c) comparing a received device identifier to a list of device identifiers corresponding to stolen devices,and(d) when said comparing indicates a match between the received device identifier and a device identifier on said list, taking an action involving use of said obtained physical location information.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The security method of claim 7, wherein said device identifier is a MAC address.
  - 9. The method of claim 7, wherein said taking an action involving use of said obtained physical location information includes:
    - generating a message indicating detection of a stolen device when said comparing step detects a match between the received device identifier and a device identifier in said list of device identifiers corresponding to stolen devices.
  - 10. The method of claim 9, wherein said generated message includes information indicating a geographic location where the identified stolen device is being used.
  - 11. The method of claim 10, wherein said geographic location is a post office address.

12. A security device for use in a communication system in which IP packets are transmitted, the device comprising:
- means for receiving an IP packet including a source address and a destination address;
  
  means for obtaining physical location information indicating a location of a user device which is a source of said IP packet prior to delivery of the packet to the destination address, wherein said obtaining means includes means for performing a database lookup operation to retrieve a geographic location stored in association with edge router information and port information obtained from an edge router identified by said edge router information;
  
  means for determining, as a function of the obtained physical location information, an action to be taken;
  
  a database of physical location information listing physical locations authorized to obtain access to said service; and
  
  wherein said determining means includes a comparator for comparing the obtained physical location information to information listing physical locations authorized to obtain access to a service for which security is to be provided.
- View Dependent Claims (13)
- - 13. The security device of claim 12, further comprising:
    - means for dropping said packet when said comparing does not result in a match between the obtained physical location information and the information listing physical locations authorized to obtain access to the service.

14. A location verification method, the method comprising;
- receiving an IP packet including a source address and a destination address;
  
  determining from said source address, edge router information corresponding to said source address, and port information obtained from an edge router identified by said edge router information, a physical location from which said IP packet was sent prior to delivery of the packet to the destination address;
  
  comparing the determined physical location to an expected physical location of the source of said IP packet; and
  
  determining a reporting error when said determined physical location does not match the expected physical location.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The location verification method of claim 14, further comprising:
    - transmitting a message including information on the determined reporting error to a law enforcement authority.
  - 16. The location verification method of claim 15, further comprising:
    - determining if said IP packet was sent at a predetermined time during which a location reporting message was scheduled to be transmitted.
  - 17. The location verification method of claim 15, further comprising:
    - including the determined physical location in said message.
  - 18. The location verification method of claim 17, further comprising:
    - identifying the device transmitting said IP packet from a MAC address determined from a database associating said MAC address with said source address.

19. A location verification method, the method comprising;
- receiving an IP packet including a source address wherein said IP packet is transmitted from a bracelet worn by a parolee and wherein said IP packet includes parolee identification information;
  
  determining from said source address, edge router information corresponding to said source address, and port information obtained from an edge router identified by said edge router information, a physical location from which said IP packet was sent;
  
  comparing the determined physical location to an expected physical location of the source of said IP packet;
  
  determining a reporting error when said determined physical location does not match the expected physical location;
  
  transmitting a message including information on the determined reporting error to a law enforcement authority;
  
  including the determined physical location information in said message;
  
  identifying a device transmitting said IP packet from a MAC address determined from a database associating said MAC address with said source address; and
  
  including in said message information obtained from said IP packet identifying the parolee.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Services Corporation (Verizon Communications Inc.)
Inventors
Baum, Robert T.
Primary Examiner(s)
Lipman; Jacob

Application Number

US10/616,449
Publication Number

US 20040111640A1
Time in Patent Office

2,751 Days
Field of Search

726/2, 726/29, 726/9
US Class Current

726/2
CPC Class Codes

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 61/5014   using dynamic host configur...

H04L 63/1408   by monitoring network traff...

H04L 63/1466   Active attacks involving in...

IP based security applications using location, port and/or device identifier information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

IP based security applications using location, port and/or device identifier information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links