Data processing: measuring – calibrating – or testing – Measurement system – Dimensional determination
Reexamination Certificate
2002-05-16
2004-10-12
Hoff, Marc S. (Department: 2857)
Data processing: measuring, calibrating, or testing
Measurement system
Dimensional determination
C702S188000, C702S189000
Reexamination Certificate
active
06804624
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field of the Invention
This invention relates to communication networks. More particularly, it relates to monitoring and analyzing any communications network, whether public, private, value add, Internet, or any combination thereof, for the purpose of determining the location of remote devices attached or attaching to that network.
2. Background Art
Managers of information systems for public and private enterprises are required to provide ever-increasing network access to their information systems for remote users. As the business requirement for remote connection to information systems across private and public networks grows, difficulties in maintaining security and adequate performance increase in lock step.
Security
In the current art, security is achieved by means of smart cards, physical verification, passwords, encryption, and fire walls. Smart card security works much in the way that a particular-key opens a particular lock. Physical possession of the card enables the user to operate a remote workstation and access applications on a server. Physical verification security is implemented by means of requiring the of scanning of physiological characteristics of a user (such as the iris of the eye or a thumb print) and requiring that these scanned characteristics match stored values in order for further use of the system to be allowed. Password security for systems and applications requires a user to enter a valid user ID together with a corresponding password consisting of a confidential alphanumeric sequence before access to the resource is allowed. Encryption security works by having a device at each side of a connection encode all transmitted data and decode all received data according to an algorithm set by an encryption key. Without the proper, matched encryption key, the two sides cannot communicate. Firewall security is implemented by network connected devices that examine packets and determine whether to allow the packets to pass depending on whether the origin device and application are allowed to communicate with the target device and application.
While each of these security techniques is effective, none is foolproof. A smart card, password, or encryption key can be stolen or replicated. Physiological scans can compromised by subversion of the database or by mimicry, or the person with the required physical characteristics can be kidnaped and coerced into connecting to the system. And fire walls can be bypassed by mimicry or subversion of the router's tables. For these reasons, organizations often use a plurality of these techniques in combination to protect their proprietary systems.
In many cases, an organization can expect that a particular user will be connecting to a particular application from a particular location or set of locations, and not from certain other locations. As an example, there are foreign countries that the Department of State of the United States either discourages or forbids citizens of the United States to visit. So it might be very unusual for access to certain computer systems in the United States to be allowed from those countries. Or, a secured application might be intended to be accessed by staffs only in a few secured locations, and from nowhere else. Moreover, an organization might want to record the actual location of all users accessing a particular application simply as an audit point and as a means of assisting in identifying who actually was connected. Such proof of connection might serve a purpose similar to the use of video recording equipment at automatic teller machines and other such facilities.
Aside from use of fire walls, the security techniques noted above do not generally apply to public-access systems, such as web sites. For example, anyone can access the IBM Corporation web site to obtain product information without requiring a thumb print, password, encryption key, or smart card. General public access to web sites is desirable as an inducement to increase business. However, as with all open-to-the-general-public systems, some visitors have malevolent intent, such as to disrupt the web site (e.g., DoS, or denial of service attacks) or to break into proprietary systems by using the publically accessible system as an entry point. It would thus be useful to be able to determine the actual location of remote users of both secured-private and open-public computer systems in order to facilitate identification of possible interlopers for security purposes. Such identification can be used either to prevent the interlopers from gaining access to the systems or to assist with the identification of interlopers after the fact, since the current security arts of passwords, encryption, physiological scanning, smart cards, and fire walls cannot always be employed, and when they are employed, they are not foolproof. Moreover, none of these methods can be used readily for after the fact location or identification of interlopers.
Performance
In addition to enabling implementation of new forms of system security, knowing the distance between systems can enable intelligent allocation of resources as well as dynamic tuning for the purpose of improving performance. Currently, in cases in which a service can be provided by multiple resources, systems either allocate a resource for a particular connection based upon round robin alternation (e.g., various implementations of router and communication controller link selection), a table entry (e.g., System Network Architecture class of service subarea route selection), or else on the basis of transmission of a test packet to each possible server, with the first server responding being the one selected for the connection (e.g., token ring network source route bridge path selection, and IBM Network Dispatcher's server selection software). Another resource optimization technique is exemplified by OSPF (Open Shortest Path First) router path selection, which selects network paths on the basis of least number of hops, end-to-end. While OSPF uses a least number of hops algorithm, this does not imply that the path with the least physical distance is selected, because physical distance is not known and is not a consideration.
For currently available work-allocation schemes for network attached devices, no method is available that computes physical distance, so physical distance is not currently a consideration in connection setup algorithms. The ability to calculate physical distance and apply the result to connection setup would be beneficial for at least the following reasons:
(1) Public Application Service Providers (ASPs) provide geographically dispersed web services by means of computer servers located at diverse points at the edge of the Internet. For ASP providers, it would be desirable to know the physical distance between each available server and each connecting user at least to be able to consider physical proximity in the determination of which server will be selected for each connection.
(2) Private application services intended for use only within an organization are increasingly being dispersed over multiple machines because of regulatory requirements (such as SEC requirements for brokerage services to be backed up at another site within four hours of a disaster) or simple business prudence. Once an organization creates backup facilities, it is often prudent to run applications at each service point rather than leave one dormant as a standby. This is because hardware and software problems are unrecognizable in a dormant system, and trying to bring up a recovery system in the face of a disaster while trying to deal with previously undiagnosed hardware and software problems is a major impediment to recovery. With increasing use of technology in which data is mirrored across remote datacenters (such as IBM's Geographically Dispersed Parallel Sysplex technology) it is becoming more common to find one application (for example, order entry) running on physically distant machines. In all cases in which users may connect to identical s
Beckstrand Shelley M.
Bluestone Randall J.
Hoff Marc S.
Suarez Felix
LandOfFree
System and method for determining the location of remote... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for determining the location of remote..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for determining the location of remote... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3289089