Determination of spoofing of a unique machine identifier

US 9,313,221 B2
Filed: 01/31/2012
Issued: 04/12/2016
Est. Priority Date: 01/31/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, at an administrative device, current browsing information from an edge network device, the received current browsing information associated with a media access control (MAC) address of an end user device;

sending, by the administrative device, an acknowledgment request to the end user device;

determining, by the administrative device, if an acknowledgement is received from the end user device in response to the acknowledgement request;

if the acknowledgement is not received at the administrative device from the end user device;

determining, based on a comparison of the received current browsing information with stored historical information associated with the MAC address of the end user device, whether the MAC address of the end user device has been spoofed.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, an edge network device may monitor a network service that is provided at a network service device. Information related to the monitored network service may be temporarily stored at the edge network device and transmitted to a remote network device. In one embodiment, an administrative device may compare current extracted information with stored historical information to determine if a unique machine identifier of an end user device has been spoofed.

18 Citations

View as Search Results

19 Claims

1. A method, comprising:
- receiving, at an administrative device, current browsing information from an edge network device, the received current browsing information associated with a media access control (MAC) address of an end user device;
  
  sending, by the administrative device, an acknowledgment request to the end user device;
  
  determining, by the administrative device, if an acknowledgement is received from the end user device in response to the acknowledgement request;
  
  if the acknowledgement is not received at the administrative device from the end user device;
  
  determining, based on a comparison of the received current browsing information with stored historical information associated with the MAC address of the end user device, whether the MAC address of the end user device has been spoofed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the current browsing information is stored in the edge network device, wherein the edge network device is a wireless access point directly connected to the end user device.
  - 3. The method of claim 1, wherein receiving current information from the edge network device includes:
    - receiving current information identifying a service the end user device has accessed.
  - 4. The method of claim 1, wherein receiving current information from the edge network device includes:
    - receiving current information identifying a physical location of the end user device.
  - 5. The method of claim 1, further comprising:
    - performing remediation if it is determined the MAC address of the end user device has been spoofed.
  - 6. The method of claim 5, wherein performing remediation includes at least one of denying network access to the end user device, restricting a portion of network access to the end user device, and issuing an alert that address of the end user device has been spoofed.
  - 7. The method of claim 1, wherein the edge network device stores a table including a plurality of entries, wherein each entry of the plurality of entries includes browsing information uniquely associated with one of a plurality of MAC addresses.
  - 8. The method of claim 1, wherein each of the plurality of MAC addresses uniquely identifies one of a plurality of end user devices, wherein each of the plurality of end user devices has directly connected to the edge network device.

9. An apparatus, comprising:
- a memory, storing a set of instructions; and
  
  a processor, to execute the stored set of instructions, the processor to;
  
  receive, from an edge network device, current browsing information associated with a media access control (MAC) address of an end user device;
  
  send an acknowledgment to an end user device;
  
  determine whether an acknowledgement is received from the end user device in response to the acknowledgement request;
  
  if the acknowledgement is not received from the end user device;
  
  compare the current browsing information associated with the unique machine identifier to historical information associated with the MAC address of the end user device to determine, based on a result of the comparison, whether the MAC address of the end user device has been spoofed.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The apparatus of claim 9, the processor further to:
    - at least one of deny network access to the end user device, restrict a portion of network access to the end user device, and issue an alert that address of the end user device has been spoofed if it is determined that the MAC address of the end user device has been spoofed.
  - 11. The apparatus of claim 9, further comprising:
    - a receiver to periodically receive information from an edge network device, the information being associated with the MAC address of the end user device.
  - 12. The apparatus of claim 9, wherein when the processor is to compare current information with historical information, the processor is further to determine if the comparison result exceeds a predetermined threshold thereby determining the MAC address of the end user device has been spoofed.
  - 13. The apparatus of claim 9, wherein the current browsing information is stored in the edge network device.
  - 14. The apparatus of claim 9, wherein the edge network device is a wireless access point directly connected to the end user device.

15. A non-transitory computer-readable medium, storing a set of instructions, executable by a processor, to perform a method comprising:
- receiving, at an administrative network device, current browsing information from an edge network device, the received current browsing information associated with a media access control (MAC) address of an end user device;
  
  sending, by the administrative network device, an acknowledgment request to the end user device;
  
  determining, by the administrative network device, if an acknowledgement is received from the end user device in response to the acknowledgement request;
  
  if the acknowledgement is not received at the administrative network device from the end user device;
  
  determining, based on a comparison of the received current browsing information with stored historical information associated with the MAC address of the end user device, whether the MAC address of the end user device has been spoofed.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the current browsing information is stored in the edge network device.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the edge network device is a wireless access point directly connected to the end user device.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the edge network device stores a table including a plurality of entries, wherein each entry of the plurality of entries includes browsing information uniquely associated with one of a plurality of MAC addresses.
  - 19. The non-transitory computer-readable medium of claim 18, wherein each of the plurality of MAC addresses uniquely identifies one of a plurality of end user devices, wherein each of the plurality of end user devices has directly connected to the edge network device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Black, Chuck A, Ford, Daniel E
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US14/372,517
Publication Number

US 20140359763A1
Time in Patent Office

1,533 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 43/10   Active monitoring, e.g. hea...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1466   Active attacks involving in...

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/126   Anti-theft arrangements, e....

Determination of spoofing of a unique machine identifier

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Determination of spoofing of a unique machine identifier

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others