Apparatus and methods for content management and account linking across multiple content delivery networks
US-2018262810-A1 · Sep 13, 2018 · US
Security gateway for a regional/home network
US10917787B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10917787-B2 |
| Application number | US-201315038404-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 20, 2013 |
| Priority date | Dec 20, 2013 |
| Publication date | Feb 9, 2021 |
| Grant date | Feb 9, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, devices and methods to protect a regional network (e.g., home network) by monitoring devices connected to and attempting to connect to the regional network. Monitoring includes assessing and addressing security concerns regarding devices attempting to or available to connect to the regional network as well as monitoring configurations and activity of connected devices. Devices to monitor include: computers, Personal Digital Assistants (PDAs), laptops, tablets, home appliances, smartphones, smart televisions, and any other type of device in the logical proximity of the regional network.
First claim
Opening claim text (preview).
We claim: 1. A machine-readable storage device or storage disk comprising instructions that, when executed by a programmable device, cause the programmable device to at least: passively monitor network transmissions of a first network for a connection attempt by a first device to connect to the first network; identify, based on the connection attempt, a new IP address that is not among a plurality of IP addresses associated with respective ones of a plurality of devices connected to the first network, the new IP address associated with the first device; initiate a communication to a mobile subscriber device via a second network, the communication including an identity of the first device associated with the new IP address and device profiling information determined based on the new IP address, the communication initiated based on a determination as to whether the first device has previously connected to the first network, the communication to request authorization from the mobile subscriber device to allow connection of the first device to the first network, wherein the identity of the first device is determined using at least one of (i) a transport control protocol fingerprinting technique, or (ii) a hypertext transfer protocol fingerprinting technique; receive a response to the communication from the mobile subscriber device via the second network, the response based on the identity and device profiling information included in the communication that was initiated to the mobile subscriber device, the response including one or more parameters to configure the first device to operate with the first network; and allow the connection of the first device to the first network based on the response from the mobile subscriber device received via the second network, the response to authorize the connection. 2. The machine-readable storage device or storage disk of claim 1 , wherein the second network includes a cellular network. 3. The machine-readable storage device or storage disk of claim 1 , wherein the first network and the second network are not in direct communication with each other. 4. The machine-readable storage device or storage disk of claim 1 , wherein the first network and second network are each in communication with an operator network. 5. The machine-readable storage device or storage disk of claim 1 , wherein the first network is not protected with a network password. 6. The machine-readable storage device or storage disk of claim 1 , further including instructions that, when executed by the programmable device, cause the programmable device to profile the first device after the connection to the first network to determine attributes of the first device. 7. The machine-readable storage device or storage disk of claim 1 , further including instructions that, when executed by the programmable device, cause the programmable device to perform network protection functions for the first network, the network protection functions including one or more of: threat reputation protection, botnet protection, malware protection, parental control protection, and intrusion prevention. 8. The machine-readable storage device or storage disk of claim 1 , further including instructions that, when executed by the programmable device, cause the programmable device to: establish a secure communication connection to an operator network; and provide information about a plurality of devices connected to the first network to a device at the operator network, the information including endpoint security configurations for ones of the plurality of devices connected to the first network. 9. The machine-readable storage device or storage disk of claim 8 , further including instructions that, when executed by the programmable device, cause the programmable device to: obtain, via the secure communication connection to the operator network, information pertaining to available updates of endpoint security configurations for one or more of the plurality of devices connected to the first network; and initiate a second communication to the mobile subscriber device including information about the available updates. 10. The machine-readable storage device or storage disk of claim 9 , further including instructions that, when executed by the programmable device, cause the programmable device to: obtain a second response to the second communication, the second response to indicate an update request for one or more of the plurality of devices connected to the first network; and initiate an update of the endpoint security configuration corresponding to updates identified in the second response. 11. The machine-readable storage device or storage disk of claim 9 , wherein the first network includes at least one of: a home wireless network, an office wireless network, and a wireless network supporting a group or organization. 12. A system to monitor connections and connection attempts to a first network, the system comprising: a network interface to connect to the first network; memory including executable instructions; and a processor to execute the instructions to at least: detect a connection attempt by a first device to connect to the first network; identify, based on the connection attempt, a new IP address that is not among a plurality of IP addresses associated with respective ones of a plurality of devices connected to the first network, the new IP address associated with the first device; initiate a communication to a mobile subscriber device via a second network, the communication including an identity of the first device associated with the new IP address and device profiling information determined based on the new IP address, the communication initiated based on a determination as to whether the first device has previously connected to the first network, the communication to request authorization from the mobile subscriber device to allow connection of the first device to the first network, wherein the identity of the first device is determined using at least one of (i) a transport control protocol fingerprinting technique or (ii) a hypertext transfer protocol fingerprinting technique; receive a response to the communication from the mobile subscriber device via the second network, the response based on the identity and device profiling information included in the communication that was initiated to the mobile subscriber device, the response including one or more parameters to configure the first device to operate with the first network; and allow the connection of the first device to the first network based on the response from the mobile subscriber device received via the second network, the response to authorize the connection. 13. The system of claim 12 , wherein the second network includes a cellular network. 14. The system of claim 12 , wherein the first network and the second network are not in direct communication with each other. 15. The system of claim 12 , wherein the first network and the second network are each in communication with an operator network. 16. The system of claim 12 , wherein the first network is not protected with a network password. 17. The system of claim 12 , wherein the processor is to profile the first device after the connection to the first network to determine attributes of the first device. 18. The system of claim 12 , wherein the processor is to perform one or more of: threat reputation protection, botnet protection, malware protection, parental control protection, and intrusion prevention. 19. The system of
Assignees
Inventors
Classifications
- H04L63/0876Primary
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
adapted for operation in multiple networks {or having at least two operational modes}, e.g. multi-mode terminals · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10917787B2 cover?
- Systems, devices and methods to protect a regional network (e.g., home network) by monitoring devices connected to and attempting to connect to the regional network. Monitoring includes assessing and addressing security concerns regarding devices attempting to or available to connect to the regional network as well as monitoring configurations and activity of connected devices. Devices to monit…
- Who is the assignee on this patent?
- Mcafee Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0876. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 09 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).