Verified device locations in a data network

US 7,606,938 B2
Filed: 02/28/2003
Issued: 10/20/2009
Est. Priority Date: 03/01/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

establishing a connection between a client device and a data network infrastructure;

receiving a first network physical location identifier concerning the client device from one or more trusted network devices within the data network infrastructure;

receiving a first device location identifier from the client device;

processing the first network physical location identifier and the first device location identifier to define a first trusted physical location for the client device associated with the established connection;

associating the first trusted physical location with the established connection;

providing the first trusted physical location to one or more network entry devices or central switching devices within the data network infrastructure, wherein at least one of the one or more network entry devices or central switching devices provide a plurality of connections for client devices on dedicated or shared media and are capable of switching and routing data;

switching or routing one or more data packets provided to or received from the client device, by at least one of the one or more network entry devices or central switching devices, based at least in part upon the first trusted physical location;

upon receiving either a second network physical location identifier concerning the client device from one or more trusted network devices within the data network infrastructure, or a second device location identifier from the client device,defining a second trusted physical location for the client device associated with the established connection by processing at least two of;

the first network physical location identifier, the first device location identifier, the second network physical location identifier, and the second device location identifier, wherein one of the at least two is the second network physical location identifier or the second device location identifier;

associating the second trusted physical location with the established connection;

providing the second trusted physical location to one or more network entry devices or central switching devices within the data network infrastructure, wherein at least one of the one or more network entry devices or central switching devices provide the plurality of connections for client devices on dedicated or shared media and are capable of switching and routing data; and

switching or routing one or more data packets to or from the client device, by at least one of the one or more network entry devices or central switching devices, based at least in part upon the second trusted physical location.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One or more trusted network devices within a data network infrastructure determine a physical location of a client device requesting access to the data network infrastructure. A trusted physical location is generated and associated with the client device. The approach can include determining whether a candidate network device is a trusted network device based on a likelihood that the candidate network device can be modified to provide false physical location data. The approach also can include determining a response for an access request by the client and controlling network resources provided to the client based on the trusted physical location.

291 Citations

19 Claims

1. A method comprising:
- establishing a connection between a client device and a data network infrastructure;
  
  receiving a first network physical location identifier concerning the client device from one or more trusted network devices within the data network infrastructure;
  
  receiving a first device location identifier from the client device;
  
  processing the first network physical location identifier and the first device location identifier to define a first trusted physical location for the client device associated with the established connection;
  
  associating the first trusted physical location with the established connection;
  
  providing the first trusted physical location to one or more network entry devices or central switching devices within the data network infrastructure, wherein at least one of the one or more network entry devices or central switching devices provide a plurality of connections for client devices on dedicated or shared media and are capable of switching and routing data;
  
  switching or routing one or more data packets provided to or received from the client device, by at least one of the one or more network entry devices or central switching devices, based at least in part upon the first trusted physical location;
  
  upon receiving either a second network physical location identifier concerning the client device from one or more trusted network devices within the data network infrastructure, or a second device location identifier from the client device,defining a second trusted physical location for the client device associated with the established connection by processing at least two of;
  
  the first network physical location identifier, the first device location identifier, the second network physical location identifier, and the second device location identifier, wherein one of the at least two is the second network physical location identifier or the second device location identifier;
  
  associating the second trusted physical location with the established connection;
  
  providing the second trusted physical location to one or more network entry devices or central switching devices within the data network infrastructure, wherein at least one of the one or more network entry devices or central switching devices provide the plurality of connections for client devices on dedicated or shared media and are capable of switching and routing data; and
  
  switching or routing one or more data packets to or from the client device, by at least one of the one or more network entry devices or central switching devices, based at least in part upon the second trusted physical location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 further comprising determining whether the network entry device or central switching device within the data network infrastructure is a trusted network device according to a probability that the network entry device or central switching device can be modified to provide false physical location data.
  - 3. The method of claim 1 further comprising limiting access to the data network infrastructure based, at least in part, upon the trusted physical location.
  - 4. The method of claim 1 wherein the one or more trusted network devices are each associated with a level of trust not less than a threshold.
  - 5. The method of claim 4 wherein the threshold depends on a type of request by the client device.
  - 6. The method of claim 1 wherein the trusted physical location is associated with a level of trust.
  - 7. The method of claim 6 further comprising determining the level of trust of the trusted physical location using levels of trust of the one or more trusted network devices.
  - 8. The method of claim 7 wherein determining the level of trust comprises determining the level of trust based on a method of communication between the data network infrastructure and the client device.
  - 9. The method of claim 1 further comprising policing network activities of the client device using the trusted physical location.
  - 10. The method of claim 1 further comprising determining a response for an access request by the client device using the trusted physical location.
  - 11. The method of claim 1 further comprising controlling network resources provided to the client device using the trusted physical location.
  - 12. The method of claim 11 wherein controlling network resources includes restricting access to the network resources.
  - 13. The method of claim 1 further comprising transmitting the trusted physical location to an emergency response authority.
  - 14. The method of claim 1 further comprising providing information to the client device using the trusted physical location.
  - 15. The method of claim 14 wherein providing information comprises selecting the information using the trusted physical location.

16. A system comprising:
- a client device;
  
  a data network infrastructure;
  
  wherein the system is configured to perform operations comprising;
  
  establishing a connection between the client device and the data network infrastructure;
  
  receiving a first device location identifier from the client device;
  
  processing the first network physical location identifier and the first device location identifier to define a first trusted physical location for the client device associated with the established connection;
  
  associating the first trusted physical location with the established connection;
  
  providing the first trusted physical location to one or more network entry devices or central switching devices within the data network infrastructure, wherein at least one of the one or more network entry devices or central switching devices provide a plurality of connections for client devices on dedicated or shared media and are capable of switching and routing data; and
  
  switching or routing one or more data packets provided to or received from the client device, by at least one of the one or more network entry devices or central switching devices, based at least in part upon the first trusted physical location;
  
  upon receiving either a second network physical location identifier concerning the client device from one or more trusted network devices within the data network infrastructure, or a second device location identifier from the client device,defining a second trusted physical location for the client device associated with the established connection by processing at least two of;
  
  the first network physical location identifier, the first device location identifier, the second network physical location identifier, and the second device location identifier, wherein one of the at least two is the second network physical location identifier or the second device location identifier;
  
  associating the second trusted physical location with the established connection;
  
  providing the second trusted physical location to one or more network entry devices or central switching devices within the data network infrastructure, wherein at least one of the one or more network entry devices or central switching devices provide the plurality of connections for client devices on dedicated or shared media and are capable of switching and routing data; and
  
  switching or routing one or more data packets provided to or received from the client device, by at least one of the one or more network entry devices or central switching devices, based at least in part upon the second trusted physical location.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16, wherein the system is further configured to perform operations comprising determining whether the network entry device or central switching device within the data network infrastructure is a trusted network device according to a probability that the network entry device or central switching device can be modified to provide false physical location data.
  - 18. The system of claim 16, wherein the system is further configured to perform operations comprising limiting access to the data network infrastructure based, at least in part, upon the trusted physical location.
  - 19. The system of claim 16, wherein the system is further configured to perform operations comprising policing network activities of the client device using the trusted physical location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Enterasys Networks Incorporated (Extreme Networks, Inc.)
Inventors
Harrington, David, Frattura, David, Graham, Richard W., Roese, John J.
Primary Examiner(s)
Abdullahi, Salad
Assistant Examiner(s)
Todd, Gregory G

Application Number

US10/377,181
Publication Number

US 20030217137A1
Time in Patent Office

2,426 Days
Field of Search

4554561-4566, 709/220, 709/223, 709/225, 709/229, 709238-244, 701213-216, 701300-302
US Class Current

709/242
CPC Class Codes

G01S 5/02   using radio waves using sat...

H04L 41/0213   Standardised network manage...

H04L 41/12   Discovery or management of ...

H04L 61/10   of different types

H04L 63/02   for separating internal fro...

H04L 63/0492   by using a location-limited...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/104   Grouping of entities

H04L 63/107   wherein the security polici...

H04L 63/126   the source of the received ...

H04L 67/04   specially adapted for termi...

H04L 67/51   Discovery or management the...

H04L 67/52   specially adapted for the l...

H04L 67/63   Routing a service request d...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

H04W 4/20   Services signaling; Auxilia...

H04W 4/50 : Service provisioning or rec...

H04W 64/00 : Locating users or terminals...

H04W 8/26 : Network addressing or numbe...

Y10S 707/99932 : Access augmentation or opti...

Y10S 707/99939 : Privileged access

View All

Verified device locations in a data network

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

291 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Verified device locations in a data network

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

291 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links