JP2017531878A - Simultaneous determination of mobile device and its user identification - Google Patents

Abstract

Intrusion detection mechanisms and digital information presented to the computer system (ie, transaction events such as accurate parameters of information, database queries, transaction ranges, etc.) of the area of the person presenting such information and / or events such as photographs A position identification mechanism associated with a physical feature.

Description

  The present invention relates generally to the field of security measures, and more particularly to network monitoring or computer intrusion detection systems or extrusion detection where digital information is tied to the physical characteristics of the event.

  Network administrators are constantly looking for security measures to prevent intruders from gaining unauthorized access to network resources. The trend of intruders, also considered as attackers, is to hack the wireless network by placing a wireless device near the wireless network in order to gain access to the internal network or to gain free Internet access .

  In addition, some computing environments require more security than others. For example, banks and government agencies have to monitor computer systems to find fraudulent transactions that take place within their networks. In addition, banks and government agencies need to maintain perimeters that must conduct and monitor confidential transactions. This is especially true for transactions generated by a trusted user in a trusted computer system. A trusted user has the privileges that are usually not available to a normal user or even a computer intruder that is needed to add, change or delete data. To maintain order, system administrators must have a number of security measures that either suppress information about privileged information events or respond or collect that information when an incident occurs.

  FIG. 1 shows a related art patent document 1 that is incorporated herein by reference and discloses an intrusion detection system (IDS). This intrusion detection system is limited to detecting elements in the network and identifying the target system that caused the intrusion. This intrusion detection concept is limited because there is no data to associate the device with the user and the physical area.

  Therefore, in the field of security measures, several detection procedures are being considered to prevent intruders from achieving their objectives without the punishment being properly identified during their tort. For example, some security measures used are computer surveillance, which generally includes the intrusion detection system and the physical location of the computer system, as well as camera surveillance, which typically includes methods for controlling the camera system and servo.

  Some official documents related to camera monitoring include motorized cameras, position encoders applicable to servos that move cameras, optical encoders, motor controllers with integrated circuits and methods to control motors, cameras to robots A system is described that moves to the desired position for engineering monitoring. For example, see Patent Literature 2, Patent Literature 3, Patent Literature 4, Patent Literature 5, Patent Literature 6, Patent Literature 7, Patent Literature 8, Patent Literature 9, Patent Literature 10, and Patent Literature 11.

  In addition, several wireless signal localization methods have been proposed for computer monitoring. For example, see Patent Document 12, Patent Document 13, and Patent Document 14.

  The shortcoming of US Pat. No. 6,057,834 corresponds to a specific method for determining signal position when the signal position includes an obstacle that may affect the readout of signal strength while providing incorrect identification of the signal position. It is not. Also, this patent document does not take into account signal fluctuations during pseudo-events that can change signal strength, such as changes in the physical configuration of the office. In other words, this patent document assumes a static and unchanging measurement landform with no obstacles.

  Patent Document 12 is directed to the restriction of RSSI (Received Signal Strength Indicator) measurement values with “ambiguity and compensation of gain change due to frequency”. This has the disadvantage that most environments must cope with ambiguity, in which case devices that do not belong to the manager of the environment cannot be changed to compensate for gain changes. One of the applications also discloses that the absolute position or distance need not be determined.

  U.S. Patent No. 6,057,033 seeks to overcome these limitations by adding a clustering algorithm to compensate for changes in signal strength. This case also has a drawback due to the clustering algorithm itself that clusters the signals based on the discriminating power of the distance measure. Sudden changes in the signal intensity profile, such as walking behind a wall or pillar, or changes in the environment can lead to false positives that are not captured by the clustering algorithm.

  Further, as mentioned, computer surveillance and camera surveillance link computer incidents to the computer terminal that initiated the transaction and the person performing the transaction. Such a determination requires tracing the operation to the user. A prior art that links a computer incident to a camera is US Pat.

  Patent document 15 has several drawbacks. The first drawback is that it corresponds to wired communication, but the description does not provide means corresponding to the position of the wired device. Another drawback is that this mechanism pulls out the camera image with a notification that a potential network intrusion has been detected, and security personnel may manually move the camera. The current description limits the system because security personnel need to move the camera and the system does not perform all operations zooming to a specific target. As described above, the restriction is based on a signal detection method in which the detection device plays a role of identifying the approximate physical position.

  Therefore, there is a need in the art for a method for accurately identifying intruders and / or computer physical locations.

US Pat. No. 5,557,742 US Pat. No. 6,830,388 US Pat. No. 4,074,179 US Pat. No. 4,491,776 U.S. Pat. No. 4,540,925 US Pat. No. 4,319,134 US Pat. No. 4,899,048 US Pat. No. 6,081,091 US Pat. No. 4,876,494 U.S. Pat. No. 4,925,312 US Pat. No. 6,882,901 US Patent Application Publication No. 2003/0232598 US Patent Application Publication No. 2006/0281473 US Pat. No. 7,570,213 US Patent Application Publication No. 2009/0125981

  The purpose of the present invention is to link the presented digital information (ie transactional events such as the exact parameters of information, database queries, transaction scope, etc.) to the computer system by the physical characteristics of the event such as the photographer presenting the information. That is. An exemplary embodiment can be divided into several components to create the whole:

  Network monitoring, computer intrusion detection system or extrusion detection that basically refers to the method of detecting computer events and the ability to analyze them.

  A method of physically locating a computer (desktop, laptop, PDA, etc.) such as RSSI of a radio signal, or means for detecting a location such as signal propagation time. These represent things that belong to the network and allow information to be relayed wirelessly to several points within the depicted physical environment to obtain specific coordinates. The coordinates are stored in an intrusion detection system.

  A calibration mapping system that stores signals looking for information in the storage system. The system further stores static computer systems such as servers and other computing systems as well as static information of obstacles such as walls and pillars.

  A supervised learning algorithm that learns predictions to average readouts in a calibration mapping system and includes examples of extreme variations that the environment may provide.

  A computer that applies the rules in the intrusion detection system and a camera monitoring system that takes a picture of a person or object in the terminal device.

  A servo system that moves the camera to the desired coordinates stored in the intrusion detection system.

  A system that converts the desired coordinates and moves the servo system to the desired coordinates.

  An image processing system in which an arbitrary input image, such as a photo or video frame, is compared to an image in a grid location store. Using image processing techniques, both images are compared to see if a scene change has occurred.

  Another aspect of the preferred embodiment is to provide at least two different processes for computer location and intruder identification. These two processes are divided as follows.

  ・ Process of fixed terminal device (desktop computer)

  ・ Process of non-fixed terminal devices (laptops, notebooks, tablet PCs, PDAs)

  The main difference between the two processes is the coordinate determination within the physical boundaries of the network. The fixed terminal process performs a coordinate search before being activated on the network. The non-fixed terminal process needs to determine the physical coordinates of the mobile terminal in “real time”.

  One aspect of the preferred embodiment is to provide a wireless intrusion detection configuration and a location identification configuration, where the intruder attempts to gain access to a wireless network of which the intrusion detection configuration is a part without authorization. Determine what you did. The location identification configuration identifies at least the first approximate physical location of the intruder when the attacker attempts to access the wireless network. The position identification configuration is configured to communicate the first approximate physical position to a monitoring mechanism that monitors the first approximate physical position. The image is processed to identify the “real-time” physical location of the intruder.

  The invention itself is best understood both in terms of its construction and its mode of operation, and additional objects and advantages thereof will become apparent from the following detailed description of the preferred embodiments taken in conjunction with the accompanying drawings.

  As the term “invention” is used herein, the term “invention” includes “inventions”, ie, a plurality of “inventions”. By stating “invention”, applicant does not admit that this application contains any patentable and non-obviously distinguishable invention in any way, and applicant does not Claim that patentable and non-obvious distinct inventions may be included. Thereby, the applicant claims that the disclosure of this application may include multiple inventions, and that if there are multiple inventions, those inventions are patentable and not obvious to others .

  In addition, the purpose of the attached summary is generally that the U.S. Patent and Trademark Office and the Office, and in particular, scientists, engineers, and those skilled in the art who are not familiar with patent or legal terms or predicates, from a broad search, may To be able to quickly determine the essence and key points of The abstract does not define the invention of this application as specified by the claims, and does not limit the scope of the invention in any way.

  The following drawings should be read with reference to the detailed description. Similar numbers refer to similar elements. The drawings, which are not necessarily to the same scale, illustrate embodiments of the present invention and are not intended to limit the scope of the present invention.

1 illustrates an intrusion detection system (ID) described in prior art US Pat. No. 5,557,742. FIG. It is a figure which shows the physical connection between fixed terminal devices. It is a figure which shows the relevant information relevant to an intrusion detection system. It is a figure which shows the relevant information relevant to an intrusion detection system. It is a figure which shows the structure of the database in an intrusion detection system. It is a figure which shows three access points (triangulation) used in order to determine the position of a fixing device. It is a flowchart of an actual detection process. It is a flowchart of an actual detection process. It is a figure which shows the example of a detection of the non-fixed terminal device based on the principle of this invention. FIG. 6 is a diagram of application data (OSI reference layer 7) that can be analyzed by the intrusion detection system according to the principles of the present invention. It is a figure which shows the intrusion detection system containing the input mechanism based on the principle of this invention. FIG. 6 illustrates tracking of a non-fixed source as a location target. It is a figure which shows arrangement | positioning of the some communication cell containing a cellular antenna, a mobile telephone, and a business building. FIG. 6 illustrates an exemplary embodiment of an application that matches a cell phone to an identified building to alert a system computer. It is a figure which shows communication with a mobile telephone and a cellular antenna. 1 illustrates an example wireless communication infrastructure of a building. FIG.

  FIG. 2 discloses a first embodiment relating to a physical fixed terminal device in a computer network. The fixed terminal device is an intrusion detection device 1, switches 3 and 11, a computer system 9, user input devices 13, 16 and 20, a server 5, a database 7, and cameras 18, 15 and 22. Device and electrical connections such as wires 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21 and the like.

  FIG. 3 discloses a second embodiment related to a wireless non-fixed terminal device in a computer network. Non-fixed terminal devices include the security device 1, switches 3 and 11, a ping server 33 that provides wireless signals 26, 27, and 28, user input devices 13, 16, and 20, and cameras 18, 15, and 22. It includes an image acquisition device and electrical connections such as wires 29, 30, 31, 32, etc.

1. Preparatory Phase The preparatory work trains a region or system in which a calibration mapping system or digital map and a local region signal strength model for the network are defined, for example, as shown in FIGS. In a preferred embodiment (fixed and non-fixed terminal devices), training is performed within a range setting area defined in the calibration mapping, and the calibration mapping is performed in a wireless network (eg, IEEE 802.11 or “ A set of access points (APs) or physical user input devices that may include "Bluetooth"). A range-setting area means not only a small coverage area, but also one that is predefined to be within the boundaries of the system. The AP is usually separated from the network for security and manages only communications for the location functions of the preferred first and second embodiments. An alternative set of APs provides communication for non-fixed devices. An access point that manages the location function according to location divides the area into spaces, which are stored in the calibration mapping. Other sub-elements such as obstacles can be stored on the calibration mapping. Calibration mapping is performed and the signal is sampled at each grid point defined in the calibration map and stored in the database in fields as shown in FIGS. 4-5B. For example, the fields used for data storage are selected from computer name, property number, media access control (MAC) address, internet protocol (IP) address, user name, index, computer type, grid ID, and the like. Alternative scenarios demonstrate physical changes in the environment and tag exceptions where supervised learning algorithms such as supervised neural networks and other supervised learning algorithms can identify the various scenarios presented in the training set Can be executed.

  The process of identifying physical changes using a monitored algorithm consists of training the algorithm to handle exceptions such as redistribution of moving elements within the limited space being monitored. Movable objects include, for example, office movable walls that may absorb signal strength. By sampling the different configurations of the embodiments, storing them in a database, and tracing the monitored learning algorithm to identify signal strength conditions under environmental change conditions, clear physical change information is entered. The

  An additional step is to store a picture of the grid location to serve as a baseline for the image processing algorithm.

  A viable embodiment that demonstrates the image processing algorithm is that it can execute an efficient image processing algorithm based on the assumptions of the acquired scene. For example, most indoor spaces include a straight boundary. This information can be used to encode scenes and scene changes utilizing efficient image processing. FIG. 6A shows an indoor scene. The figure shows that most elements are straight. An efficient algorithm for expressing such a scene is the Hough transform. FIG. 6B shows the Hough transform. The purpose of the Hough transform is in this example to identify line segments in the image.

  FIG. 7 illustrates a process for using a Hough transform in an executable embodiment. The algorithm first obtains the Hough transform of the image. The next step is to extract the pixel line size and extract the ratio of the line size to the total image size. If the line falls below a certain threshold, the line is deleted. This eliminates possible background noise. A line is encoded as a feature vector by using the start and end points of the line. The line pixels are stored in order from left to right and from top to bottom so as to maintain the order of the positions in the image. The feature vector also includes a vector tag, which is a label where possible embodiments have changed or have not changed. Another embodiment may be more granular as it changes with the addition of pillars, walls, and the like. Both images and feature vectors are stored in the database. The image scene then has the desired noise (this noise represents a change in the environment and is distinguished from line noise, which is an insignificant line, which can disrupt the monitored algorithm with unnecessary details in the scene) May be resampled by adding noise in the form of additional elements (movable walls, movable columns) added to the scene. After the necessary images have been taken and stored in the database, the next stage of the process takes place, all relevant feature vectors of the scene are extracted from the database, and the monitored learning algorithm is trained. A possible embodiment of the supervised learning algorithm is a neutral network with two output nodes that classify the scene as changing or non-changing. A supervised learning algorithm is trained by data and can be used to detect future changes in the scene.

Setting the Boundary Range As shown in FIG. 8, special sampling of the space is performed at the boundary of a desired region in the range setting region 50. The range setting area 50 represents the boundary of the desired confined sector where the computer system should be. The range setting area 50 can also represent the inner boundary as well as the outer boundary of the space. If the user is detected at the border of the grid area, the signal may be terminated and a special warning may be issued to the system.

2. Physical determination of the fixed terminal device The physical determination of the fixed terminal device is assumed to be a non-wireless device connected to a wired network, as shown in FIG. It does not require a wireless compatible device) and consists of connecting a wireless compatible device connected to a fixed device. After the device is connected, the wireless device communicates with the intrusion detection system and enters relevant information as shown in FIG. This information enters a database in the intrusion detection system as can be seen in FIG. After the information is stored, the system samples the signal to determine the physical location of the fixed device. Information from the sampling signal is stored in parallel with previously collected information, as can be seen in FIG.

  The position is determined as a function of the received signal strength value collected from the communication between the wireless device attached to the fixed device and the AP. With a minimum of three access points, triangulation can be used to determine the position of the fixation device within each drawn space as shown in FIG. If the coverage area is quite large and the device has a high temporal resolution, an alternative embodiment for measuring signal strength can be used, consisting of positioning the server at the same location as the access point. Instead of measuring signal strength, an alternative embodiment sends a “ping command” from a server co-located with the access point to determine the time response from the fixed device to the server that controls the access point. At the same time, the speed at which the signal travels can be calculated by the following equation:

  v = λf

  Here, v is velocity, λ is wavelength, and f is frequency. From the speed and time, the distance from the “ping” server to the fixed device can be determined. The same information is stored in the same manner as the main embodiment as shown in FIGS. 4-5B.

3. Network Detection Environment An intrusion detection system such as that shown in FIG. 1 of US Pat. No. 5,557,742, incorporated herein by reference, is limited to detecting elements in the network. Intrusion detection in this embodiment includes additional information relating to individual fixed computers as well as an additional database containing the physical locations of those computers within the local area network. Furthermore, the intrusion detection system in the preferred embodiment is capable of analyzing application data (OSI reference layer 7 in FIG. 9). An example of a preferred embodiment would be a rule-based IDS or behavior IDS that can be configured to examine the payload (data) of network traffic as it flows through the network. Another example is host intrusion detection configured to send an email alert to an improved network intrusion detection (NIDS) engine that passes received data indicating file changes. Preferred embodiments such as rule-based NIDS can be configured based on predefined rules. Such a rule may be a database (including a threshold rule for accessing information in an accounting database) access rule described in hexadecimal code in the data layer. Another example of a rule is access to various computer resources on a network or host-based intrusion detection program that sends information to a centralized network intrusion detection system.

  FIG. 10 shows a preferred embodiment. FIG. 10 shows an IDS including an input mechanism 40. The input mechanism 40 may be a sniffer that blocks all traffic in the allocated network area connected to the network. The desired positioning of the intrusion detection device is located in the middle of the threatened target system 5 communication stream and the originator of the attack (arbitrary user input devices 13, 16, 20), as shown in FIG. The input signal is sent to a processing engine such as the behavior or rules engine 41 where the blocked traffic is classified as suspicious and non-suspicious. The output of IDS 42 is received and sent to processing engine 43 based on IP information that matches information database 46 that includes the tables shown in FIGS. 4-5B. The information stored in the database 46 associated with the table disclosed in FIG. 4 tells the system which user is responsible for the alert designation system. The alarm collected by the input mechanism 40 includes information such as an IP address and a MAC address that are used in query matching to the database. This information is also sent to an access point or LAN router, and the information is retrieved from the telecommunication device to determine the location of the system.

4). Detection process The position is determined depending on whether it is wired or wireless. A wired computer system is defined using the computer type field of the table included in FIG. Information is taken from the table database 46 of FIG. 5 and passed to the processing engine 43. The engine then queries the database 46 for the table shown in FIG. 5A showing the static information for the wired computer. The reliability of the grid information depends on the specific system configuration of the switching element to which the computer is connected. Such a switching element 3 in FIG. 4 should not allow the user to connect the computer cable to other physical switching drop locations.

  For wireless systems, computers are identified using the computer type field of the table included in FIG. Information is taken from the table in the database 46 of FIG. 4 and passed to the processing engine 43. The processing engine already has wireless identification means based on the IP information and MAC address of the computer system. The system queries the signal strength of such devices from the access points 13, 16, 20 according to FIG. The access point relays this information to the processing engine 43. The access point relays this information to the processing engine 43 present in the computer system 9 of FIG. The system then determines the position of the system by sampling sequentially from three access points. The intensity of the system is then averaged and compared to the grid reading stored in database 45 that stores the table shown in FIG. 5B. Next, the best match is determined by the approximating means. The information is then passed to the monitored learning algorithm, which uses the input information plus its training information to determine the grid position. Both the approximation criteria and the algorithm output are used to determine the final grid location where the system is located.

  An alternative embodiment includes sending a ping command from the access point to determine the time it takes to acquire a signal from the source machine to the destination machine and vice versa. In this case, the process is average, the time can be compared to the average time stored in the database, and then the triangulation can be used to obtain the physical position of the signal. If the processing engine is pre-configured to enforce boundary limits (people are in the grid), the processing engine will keep all registered IPs in the system (eg, all active IPs in the network) The access point is periodically pulled at specified intervals for the DHCP client database.

5. Interface with Servo Controller and Camera The physical position is matched to the closest camera based on the physical position of the target and camera list. Based on position, camera type, lens and other relevant information, the system may have to adjust the camera angle by a servo mechanism. If there is a servo for positioning the camera, the preferred embodiment obtains the camera servo based on the camera selected from the camera list. The preferred embodiment then adjusts the camera servo so that the field of view of the camera is directed at the coordinates of the fixed device. After the camera field of view is directed to the physical coordinates of the fixation device, a picture is taken.

6). Image processing to ensure that the instrument has selected the correct coordinates If the object is distorting the signal and different grids detect the same signal strength, the system can perform the reverse calibration step. In the forward step, calibration is performed by taking signal samples at one particular point in the grid map. If there is noise, the training algorithm is trained. However, this does not exclude the possibility of grid position being modified by placing temporary walls (such as office spaces with small rooms) that may modify signal strength. The reverse calibration step consists of an image calibration of the position where the calibration photo is compared with the original stored image of the position. Both images may be thresholded. This creates a region that is tagged and compared with the baseline photo. An additional step is used by applying edge detection techniques to detect the boundaries of newly placed walls and other large obstacles that may distort the signal using algorithms such as transformations. The instrument then stores that information and sends a signal with a large correction of position, thereby eliminating the need to acquire a new sample of the signal to recalibrate the system. This new calibration may be added to the learning algorithm to adjust for new parameters.

Alternative Embodiment An alternative embodiment consists of having a non-fixed source as a location target. When rules are applied from an intrusion detection system, the system obtains computer information and begins to detect the network for the location of non-fixed devices. This is done in real time because the target is moving along the drawn space. In order to track non-fixations within a large local area network (such as a building), the depicted space may take the form of a local space such as a room x with N access points as shown in FIG. Good. In order to place a non-fixed device within a specified local space, the system may sample all signal strengths from the device. Alternatively, embodiments assist in the localization of non-stationary devices by using a “trace route” or similar process to find the AP used as the transmission of communications and thus localizing the closest camera.

Additional elements The system can also be determined by tracking the position of the computer system when the computer system is within a predetermined area of the grid. If a computing system is outside a predetermined boundary of the grid, the computing system can be configured to be outside the authority boundary and the communication link may be stopped. This exception can be enforced by this embodiment even when within the perimeter of device reception and transmission within the perimeter. The preferred embodiment is useful for detecting suspicious computer transactions and their originators. The preferred embodiment should not be construed as the only embodiment, as the embodiment can be supplemented with biostatistics, log files, etc. for additional object information. Another means of finding a computer in a closed environment such as a local area network may be a radio frequency identifier. The system may be integrated with a motion sensor of a conventional monitoring system. The system may be extended to track the user after being acquired by the camera. Other uses include open “hot spots” that intruders use as anonymous spaces to commit “digital vandalism”.

  Another embodiment of the invention is intrusion detection performed using a mobile device. Mobile networks distributed throughout the terrestrial area are called cells. FIG. 12 shows an arrangement of a plurality of communication cells 201, each communication cell including at least a mobile network distributed throughout the terrestrial area. Communication cell 201 includes cellular antennas 204, 205, 206, a cell or mobile phone 203 positioned in cell 202, and a business building 207. The cellular antenna 204 detects the position of the mobile phone 203 in the cell 202. When the mobile phone moves from cell 202 to an adjacent cell, the mobile phone is detected by cellular antennas in other cells. The mobile phone 203 may move to an adjacent cell where only the cellular antenna 205 is present, or may move to an adjacent cell where the cellular antenna 206 and the business building 207 are present. When the mobile phone 203 approaches the cellular antenna 205, the system remains in idle mode. As soon as the mobile phone moves to an adjacent cell where the cellular antenna 206 is located, it issues a warning on the system that the mobile phone is approaching a building 207 located on the same cell as the cell tower 206.

  Intrusion detection includes a set of intrusions or computer software or mobile applications that are stored on the mobile device or mobile phone 203 and configured or adjusted to complete or perform some tasks. The mobile application 210 may be downloaded from a predetermined source (network provider server) or pre-installed on the mobile device 203 by a network provider or system administrator. Application software is used to create a unique mobile identifier as needed. FIG. 13 illustrates one preferred embodiment of a mobile phone 203 that uses the application 210 to match the mobile phone 203 with the identified building 207 and alert the system computer 208. The building 207 is linked to the mobile phone 203 by the mobile application 210 having the location identifier 211. Further, the mobile phone 203 is stored in advance in the system computer 208 in order to match the information of the system computer or the intrusion detection device 208, application software information such as GPS coordinates where the mobile phone 203 is located, and the position of the building by the identifier 211. The unique mobile identification (which can be created by application software) is used. Alternatively, the location of the application 210 may be on the computer 208, in which case all information relating the mobile phone 203 to the building 207 is stored. It is important to understand that an intrusion detection device stores and records data and further measures signal strength as described above. An image of an area covered by an intrusion detection device and an antenna (ie, a cell) may also be acquired using an imaging device that is at least dynamically directed, such as a satellite image, and the area is stored in advance in a database. May be stored as a map. The map includes current area structures such as buildings, streets, and other physical elements.

  FIG. 14 shows communication with the cellular antenna 206 of the mobile phone 203 by the signal 211. The signal is transmitted from cellular antenna 206 to wide area network (WAN) equipment 212. The WAN device 212 then transmits the transmission control protocol / Internet protocol along with the information from the mobile phone 203 including the basic mobile phone identifier and information from the application 210, such as the GPS coordinates where the mobile phone 203 is located and the location of the building by the identifier 211. Send a (TCP / IP) message. Information from the WAN device 212 is transmitted to the router 213. The router 213 transmits information to the server 208 for information processing. The information from the application 210 includes the GPS coordinates where the mobile phone 203 is located and the location of the building by the identifier 211. The server 208 processes the information of the position identifier 211 and refers to the position identifier in the database 215. The database 215 acquires the GPS position of the position identifier 211 corresponding to the building 207. Next, the computer 208 matches the GPS position of the building 207 with the GPS position of the mobile phone 203. If the GPS position of the mobile phone 203 is in the cell 202, the information is dropped. When the GPS information of the mobile phone 203 is in the same cell as the building 207, the system relays a flag message to the mobile phone 203 to increase the communication frequency of the GPS information by the application 210. When the mobile phone enters the outer perimeter 216 corresponding to the range setting area 50, the application switches from the mobile phone communication system to local area network wireless communication of the building 207, which may be WIFI or other local area wireless communication.

  FIG. 15 shows the wireless communication infrastructure of the building 207. The communication of the outer perimeter 216 and the communication of the inner perimeter 217 are received by the wireless antennas 218, 219 and 220. These antennas perform triangulation and signal strength comparisons as described above. When the mobile phone 203 passes from the outer perimeter 216 to the inner perimeter 217, the communication of the mobile phone 203 is filtered through the intrusion detection device 221 corresponding to the intrusion detection device 208.

  In an alternative embodiment, all GPS location processing may be performed within the mobile phone 203 instead of using the computer server 208.

  The present invention is not limited to the exact configuration described above. Although the present invention has been described as having a preferred design, alterations, modifications, variations and other uses and applications of the present invention will become apparent after reviewing this specification in conjunction with the accompanying drawings. It should be understood that it will be apparent to those skilled in the art without substantially departing from. Accordingly, all such changes, modifications, variations and other uses and applications that do not depart from the spirit and scope of the invention are intended to be embraced by the invention as defined by the following claims and their legal equivalents. is there. In the claims, where there are means-plus-function terms, the structures described herein to perform the described functions and equivalent structures as well as structural equivalents are intended to be covered.

  All patents, patent applications and publications mentioned herein, and declarations attached to this specification, in some cases, are hereby incorporated by reference as if set forth in their entirety. All or substantially all of the components disclosed in such patents may be used in embodiments of the invention and equivalents thereof, patents, patent applications and publications incorporated herein by reference. The details within may be considered in litigation to incorporate the applicant's options as a further limitation within the claims that patentably distinguish any amended claim from any applied prior art.

DESCRIPTION OF SYMBOLS 1 Intrusion detection apparatus 2,4,6,8,10,12,14,15,17,19,21 Electric wire 3,11 Switch 5 Server 7 Database 9 Computer system 13, 16, 20 User input device 18, 15, 22 camera

Claims (12)

A network security system,
An intrusion detection device configured to detect suspicious network traffic based on predetermined criteria;
Application software including a first set of instructions, a second set of instructions, and a third set of instructions, wherein the first set of instructions includes processing to identify global position satellite coordinates, Two sets of instructions include processing to provide at least a first position identifier, and the third set of instructions includes processing to send the global position coordinates and the position identifier to the intrusion detection device;
A mobile device including a first database and an arithmetic mechanism, wherein the application software is stored in the first database, and the first to third instructions are executed by the arithmetic mechanism And
A plurality of radio signal generators distributed over a network, wherein each of the plurality of radio signal generators is associated with a specific region in the network and generates a variable signal, the plurality of radio signal generators Is measured by the intrusion detection device and recorded in the database, the intrusion detection device maps the intensity of each of the variable signals with coordinates in each of the specific regions, and A mapping is recorded in the database,
At least one imaging device dynamically oriented;
With
Each of the imaging devices is configured to acquire an image of the specific area associated with each of the wireless signal generation devices,
The database is configured to store the predetermined criteria and images of each of the specific regions;
Network security system.   The intrusion detection device is configured to periodically map the intensity of each of the variable signals and detect a change in a physical configuration of each of the specific regions in response to the change in the intensity. Item 4. The network security system according to Item 1.   The network security system according to claim 1, wherein the intrusion detection device acquires a position of the mobile device in response to identification of suspicious traffic.   The network security system according to claim 3, wherein the position is acquired based on the coordinates recorded in the database and the information provided from the mobile device. A wireless network security system,
An intrusion detection device configured to interrupt wireless network traffic and detect suspicious network traffic based on predetermined criteria;
Application software including a first set of instructions, a second set of instructions, and a third set of instructions, wherein the first set of instructions includes processing for identifying global position satellite coordinates, Two sets of instructions include processing to provide at least a first position identifier, and the third set of instructions includes processing to send the global position coordinates and the position identifier to the intrusion detection device;
A first database and a mobile device including a calculation mechanism, wherein the application software is stored in the first database, and the first to third sets of instructions are executed by the calculation mechanism. ,
A plurality of radio signal generators distributed over a network, wherein each of the plurality of radio signal generators is associated with a specific region in the network and generates a signal; Each intensity is continuously measured by the intrusion detection device, and the intrusion detection device continuously maps the intensity of each of the signals with coordinates in each of the specific regions, and the mapping is stored in the database. Recorded,
At least one imaging device dynamically oriented;
Here, the imaging device is configured to acquire an image of the specific area associated with each of the wireless signal generation devices and the structure,
The intrusion detection device maps the physical region of the specific region with the corresponding coordinates using the dynamically oriented imaging device;
The mapping is recorded in the database;
A database configured to store the predetermined criteria, the measured signal strength, and an image of each region;
With
Wireless network security system. The predetermined criteria includes a list of global position coordinates and position identifiers;
The list includes the first location identifier;
The wireless network security system according to claim 5. The intrusion detection device obtains an initial position of the mobile device in response to the identification of the suspicious traffic;
The wireless network security system according to claim 5. Obtaining the initial location includes identifying at least one of the plurality of wireless signal generators previously used to identify the suspicious traffic;
The wireless network security system according to claim 7. The intrusion detection device acquires the initial position by sampling all signal intensities from the plurality of radio signal generation devices,
The wireless network security system according to claim 7. The initial position is obtained based on the coordinates recorded in the database.
The wireless network security system according to claim 7. The dynamically oriented imaging device is activated to acquire an image of the intruder;
The wireless network security system according to claim 10. A wireless network security system,
An intrusion detection device configured to interrupt wireless network traffic and detect suspicious network traffic based on predetermined criteria;
Application software including a first set of instructions, a second set of instructions, and a third set of instructions, wherein the first set of instructions includes processing for identifying global position satellite coordinates, Two sets of instructions include processing to provide at least a first position identifier, and the third set of instructions includes processing to send the global position coordinates and the position identifier to the intrusion detection device;
A first database and a mobile device including a calculation mechanism, wherein the application software is stored in the first database, and the first to third sets of instructions are executed by the calculation mechanism. ,
A plurality of radio signal generators distributed over a network, wherein each of the plurality of radio signal generators is associated with a specific region in the network and generates a signal; Each intensity is continuously measured by the intrusion detection device, and the intrusion detection device continuously maps the intensity of each of the signals with coordinates in each of the specific regions, and the mapping is stored in the database. Recorded,
A database configured to store the predetermined criteria, the measured signal strength, and the image of each region;
With
The intrusion detection device includes the corresponding coordinates recorded in the database together with a first map of a physical area of the specific area,
Wireless network security system.

Images