Privacy and security enhanced internet geolocation

US 8,589,459 B1
Filed: 11/05/2012
Issued: 11/19/2013
Est. Priority Date: 11/02/2009
Status: Active Grant

First Claim

Patent Images

1. A method of determining a geographical location of a user network device communicating with a network site on a network having a master server and multiple slave servers, including a first slave server and a second slave server, the method comprising:

receiving, at the master server via the network, (i) messages sent from the user network device, each message including a user input character padded with k−

1 characters, where k equals a predefined message size, and (ii) a time stamp associated with each message and corresponding to the time that message was sent by the user network device to the master server;

stamping, at the master server, each of the received messages with a time stamp corresponding to the time of receipt of that message at the master server;

receiving, at the master server from the first slave server via the network, (i) the same messages, (ii) a time stamp associated with each message and corresponding to the time that message was sent by the user network device to the first slave server, and (iii) a time stamp corresponding to the time of receipt of that message at the first slave server;

receiving, at the master server from the second slave server via the network, (i) the same messages, (ii) a time stamp associated with each message and corresponding to the time that message was sent by the user network device to the second slave server, and (iii) a time stamp corresponding to the time of receipt of that message at the second slave server;

computing, at the master server based on the time stamps, the time taken to communicate the messages (i) from the user network device to the master server, (ii) from the user network device to the first slave server, and (iii) from the user network device to the second slave server; and

determining, at the master server, a geographic location of the user network device as a function of the computed times.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a security and privacy enhanced method for geolocation. The system works by creating a space called the N−4Tk space on top of the Internet by locating N geographically dispersed servers in the Internet and computing as the coordinate for any computing device on the Internet, its distance to the N servers. The distance is computed as the 4Tk distance which is the time taken by a message of size k to travel between two points at a particular time of day. The system can also be used iteratively where each iteration uses a different set of Slaves in order to close in on the user with finer granularity. Interesting benefits of the system include the difficulty for an attacker to misrepresent the location, and also while the system can hone in on a locale for the user it does not violate the user'"'"'s privacy.

Citations

20 Claims

1. A method of determining a geographical location of a user network device communicating with a network site on a network having a master server and multiple slave servers, including a first slave server and a second slave server, the method comprising:
- receiving, at the master server via the network, (i) messages sent from the user network device, each message including a user input character padded with k−
  
  1 characters, where k equals a predefined message size, and (ii) a time stamp associated with each message and corresponding to the time that message was sent by the user network device to the master server;
  
  stamping, at the master server, each of the received messages with a time stamp corresponding to the time of receipt of that message at the master server;
  
  receiving, at the master server from the first slave server via the network, (i) the same messages, (ii) a time stamp associated with each message and corresponding to the time that message was sent by the user network device to the first slave server, and (iii) a time stamp corresponding to the time of receipt of that message at the first slave server;
  
  receiving, at the master server from the second slave server via the network, (i) the same messages, (ii) a time stamp associated with each message and corresponding to the time that message was sent by the user network device to the second slave server, and (iii) a time stamp corresponding to the time of receipt of that message at the second slave server;
  
  computing, at the master server based on the time stamps, the time taken to communicate the messages (i) from the user network device to the master server, (ii) from the user network device to the first slave server, and (iii) from the user network device to the second slave server; and
  
  determining, at the master server, a geographic location of the user network device as a function of the computed times.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, further comprising:
    - transmitting, from the master server to the network site, the determined geographic location of the user network device.
  - 3. The method according to claim 1, wherein:
    - the geographic location of the user network device is also determined as a function of the particular time of day at which each of the messages is sent by the user network device;
      
      the computed time taken to communicate messages (i) from the user network device to the master server is an average of the time taken to communicate each of the messages to the master server, (ii) from the user network device to the first slave server is an average of the time taken to communicate each of the messages to the first slave server, and (iii) from the user network device to the second slave server is an average of the time taken to communicate each of the messages to the second slave server; and
      
      each user input character is a character of either a UserID or a CAPTCHA.
  - 4. The method according to claim 1, further comprising:
    - determining, at the master server, a risk score based on previously determined geographic locations of the user network device or of the user.
  - 5. The method according to claim 4, wherein:
    - the risk score is determined based on previously determined geographic locations associated with the particular time of day at which the messages are sent by the user network device.
  - 6. The method according to claim 1, further comprising:
    - determining, at the master server, that abnormal delays in communications exist between the user network device and substantially all the servers; and
      
      adjusting the determined geographic location based on the determined delays.
  - 7. The method according to claim 1, further comprising:
    - detecting time between user keystrokes to input the characters; and
      
      determining whether or not the detected time corresponds to an anomalous pattern.
  - 8. The method according to claim 1, wherein the messages are first messages and the multiple slave servers also include a third slave server and a fourth slave server, the method further comprising:
    - receiving, at the master server via the network, (i) second messages sent from the user network device, each second message including a user input character padded with k−
      
      1 characters, and (ii) a time stamp associated with each second message and corresponding to the time that message was sent by the user network device to the master server;
      
      stamping, at the master server, each of the received second messages with a time stamp corresponding to the time of receipt of that message at the master server;
      
      receiving, at the master server from the third slave server via the network, (i) the same second messages, (ii) a time stamp associated with each second message and corresponding to the time that message was sent by the user network device to the third slave server, and (iii) a time stamp corresponding to the time of receipt of that message at the third slave server;
      
      receiving, at the master server from the fourth slave server via the network, (i) the same second messages, (ii) a time stamp associated with each second message and corresponding to the time that message was sent by the user network device to the fourth slave server, and (iii) a time stamp corresponding to the time of receipt of that message at the fourth slave server;
      
      computing, at the master server based on the time stamps associated with the second messages, the time taken to communicate the second messages (i) from the user network device to the master server, (ii) from the user network device to the third slave server, and (iv) from the user network device to the fourth slave server; and
      
      determining, at the master server, a more accurate geographic location of the user network device as a function of the computed times taken to communicate the second messages.

9. A method of determining a geographical location of a user network device communicating with a network site on a network having a master server and multiple slave servers, including a first slave server and a second slave server, the method comprising:
- receiving, at the master server via the network, (i) messages sent from first slave server via the user network device, each message including k characters, where k equals a predefined message size, (ii) a time stamp associated with each message and corresponding to the time that message was sent by the first slave server to the master server, and (iii) a time stamp corresponding to the time of receipt of that message at the user network device;
  
  receiving, at the master server via the network, (i) the same messages sent from second slave server via the user network device, (ii) a time stamp associated with each message and corresponding to the time that message was sent by the second slave server to the master server, and (iii) a time stamp corresponding to the time of receipt of that message at the user network device;
  
  stamping, at the master server, each of the received messages with a time stamp corresponding to the time of receipt of that message at the master server;
  
  computing, at the master server based on the time stamps, the time taken to communicate the messages (i) from the first slave server to the user network device, (ii) from the first slave server to the master server, (iii) from the second slave server to the user network device, and (iii) from the second slave server to the master server; and
  
  determining, at the master server, a geographic location of the user network device as a function of the computed times.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method according to claim 9, further comprising:
    - transmitting, from the master server to the network site, the determined geographic location of the user network device;
      
      wherein the messages sent from the first and the second slave servers are encrypted messages, and the time stamps corresponding to the times those messages were sent by the first and the second slave servers to the master server, are encrypted time stamps.
  - 11. The method according to claim 9, wherein:
    - the geographic location of the user network device is also determined as a function of the particular time of day at which each of the messages is sent by the first and the second slave servers; and
      
      the computed time taken to communicate messages (i) from the first slave server is an average of the time taken to communicate each of the messages from the first slave server to the user network device and to the master server, and (ii) from the second slave server is an average of the time taken to communicate each of the messages from the second slave server to the user network device and to the master server.
  - 12. The method according to claim 9, further comprising:
    - determining, at the master server, a risk score based on previously determined geographic locations of the user network device or of the user.
  - 13. The method according to claim 12, wherein:
    - the risk score is determined based on previously determined geographic locations associated with the particular time of day at which the messages are sent by the first and the second slave servers.
  - 14. The method according to claim 9, further comprising:
    - determining, at the master server, that abnormal delays in communications exist between the user network device and substantially all the servers; and
      
      adjusting the determined geographic location based on the determined delays.
  - 15. The method according to claim 9, wherein the messages are first messages and the multiple slave servers also include a third slave server and a fourth slave server, the method further comprising:
    - receiving, at the master server via the network, (i) second messages sent from third slave server via the user network device, each second message including k characters, (ii) a time stamp associated with each second message and corresponding to the time that message was sent by the third slave server to the master server, and (iii) a time stamp corresponding to the time of receipt of that message at the user network device;
      
      receiving, at the master server via the network, (i) second messages sent from fourth slave server via the user network device, each second message including k characters, (ii) a time stamp associated with each second message and corresponding to the time that message was sent by the fourth slave server to the master server, and (iii) a time stamp corresponding to the time of receipt of that message at the user network device;
      
      stamping, at the master server, each of the received second messages with a time stamp corresponding to the time of receipt of that message at the master server;
      
      computing, at the master server based on the time stamps, the time taken to communicate the second messages (i) from the third slave server to the user network device, (ii) from the third slave server to the master server, (iii) from the fourth slave server to the user network device, and (iv) from the fourth slave server to the master server; and
      
      determining, at the master server, a geographic location of the user network device as a function of the computed times taken to communicate the second messages.

16. A server for determining a geographical location of a user network device communicating with a network site on a network having multiple other servers, including a first server and a second server, the server comprising:
- a port operable to receive, via the network, (A) messages sent from the user network device, each message including a user input character padded with k−
  
  1 characters, where k equals a predefined message size, and a time stamp associated with each message and corresponding to the time that message was sent by the user network device to the master server, (B) the same messages sent from the first slave server, a time stamp associated with each message and corresponding to the time that message was sent by the user network device to the first slave server, and a time stamp corresponding to the time of receipt of that message at the first slave server, and (C) the same messages from the second slave server, a time stamp associated with each message and corresponding to the time that message was sent by the user network device to the second slave server, and a time stamp corresponding to the time of receipt of that message at the second slave server; and
  
  a processor, including memory with executable logic, operable to (A) stamp each of the received messages with a time stamp corresponding to the time of receipt of that message, (B) compute, based on the time stamps, the time taken to communicate the messages (i) from the user network device to the master server, (ii) from the user network device to the first slave server, and (iii) from the user network device to the second slave server, and (C) determine a geographic location of the user network device as a function of the computed times.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The server according to claim 16, wherein:
    - the processor is further operable to direct transmission of the determined geographic location of the user network device to the network site.
  - 18. The server according to claim 16, wherein each user input character is a character of either a UserID or a CAPTCHA, and the processor is further operable to:
    - determine the geographic location of the user network device also as a function of the particular time of day at which each of the messages is sent by the user network device; and
      
      compute the time taken to communicate messages (i) from the user network device to the master server by averaging the time taken to communicate each of the messages to the master server, (ii) from the user network device to the first slave server by averaging the time taken to communicate each of the messages to the first slave server, and (iii) from the user network device to the second slave server by averaging the time taken to communicate each of the messages to the second slave server.
  - 19. The server according to claim 16, the processor is further operable to:
    - determine a risk score based on previously determined geographic locations of the user network device or of the user associated with the particular time of day at which the messages are sent by the user network device;
      
      determine that abnormal delays in communications exist between the user network device and substantially all the servers; and
      
      adjust the determined geographic location based on the determined delays.
  - 20. The server according to claim 16, wherein the messages are first messages and the multiple other servers also include a third slave server and a fourth slave server, wherein:
    - the port is further operable to receive, via the network, (A) second messages sent from the user network device, each second message including a user input character padded with k−
      
      1 characters, and a time stamp associated with each second message and corresponding to the time that message was sent by the user network device to the master server, (B) the same second messages from the third other server, a time stamp associated with each second message and corresponding to the time that message was sent by the user network device to the third other server, and a time stamp corresponding to the time of receipt of that message at the third other server, and (C) the same second messages from the fourth other server, a time stamp associated with each second message and corresponding to the time that message was sent by the user network device to the fourth other server, and (iii) a time stamp corresponding to the time of receipt of that message at the fourth other serverthe processor is further operable to (A) stamp each of the received second messages with a time stamp corresponding to the time of receipt of that message, (B) compute, based on the time stamps, the time taken to communicate the second messages (i) from the third other server to the user network device, (ii) from the third other server to the server, (iii) from the fourth other server to the user network device, and (iv) from the fourth other server to the server, and (C) determine a more accurate geographic location of the user network device as a function of the computed times taken to communicate the second messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Payfone Incorporated
Original Assignee
Ravi Ganesan
Inventors
Ganesan, Ravi
Primary Examiner(s)
Hussain, Tauqir

Application Number

US13/669,123
Time in Patent Office

379 Days
Field of Search

709/208, 455/466
US Class Current

708/208
CPC Class Codes

G06F 16/9537   Spatial or temporal depende...

H04L 41/12   Discovery or management of ...

H04L 43/0858   One way delays

H04L 43/106   using time related informat...

H04L 51/222   using geographical location...

H04L 63/107   wherein the security polici...

H04L 63/1483   service impersonation, e.g....

H04L 69/28   Timers or timing mechanisms...

Privacy and security enhanced internet geolocation

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy and security enhanced internet geolocation

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links